Welcome to band.radio!

This site is intended to be a repository for all of my projects concerning radio frequency (RF) technology i.e. amateur radio (HF/VHF/UHF, DMR), software defined radios, 3GPP wireless network standards such as LTE, NR. I have also written several gudies & articles, including 3GPP standards, Qualcomm Modem-RF systems, where I go in depth on how they’re used in commercial networks.

How to enable NR-DC on Qualcomm Modem-RF X65 equipped equipped UEs Link
How to enable 2xNR-CA (TDD+TDD, TDD+FDD, FDD+FDD) on Qualcomm Modem-RF X53,X60,X65 equipped equipped UEs Link
How to enable 3xNR-CA (TDD+FDD+FDD, TDD+TDD+FDD) on Qualcomm Modem-RF X65 equipped equipped UEs Link
How to enable 3xNR-CA (FDD+FDD+FDD) on Qualcomm Modem-RF X65 equipped equipped UEs Link
How to enable VoNR on Qualcomm Modem-RF X52,X53,X55,X60,X65 equipped UEs Link
How to enable Rel16 NR features on Qualcomm Modem-RF X65 equipped UEs Link
How to enable NR-SA on Qualcomm Modem-RF X52,X53,X55,X60,X65 equipped UEs coming soon
How to disable thermal mitigation on X52,X53,X55,X60,X65 equipped UEs Link
How to enable additional NAS security capabilities on X52,X53,X55,X60,X65 equipped UEs Link
Understanding Q-RxLevMin & parameter bypass in lab scenarios Link
Understanding p-max/p-NR-FR1 & parameter bypass in lab scenarios Link
Understanding the Qualcomm 0xB826 packet Link
How to enable Qualcomm Diagnostic Mode on commercial UEs Link
How to compile & configure BladeRF with srsLTE Link
How to repair Qualcomm Modem-RF equipped devices coming soon
How to unlock the bootloader on commercial UEs Link
How to read/write to the NAND flash on Qualcomm Modem-RF equipped devices coming soon
List of early c-band site licenses (Verizon Wireless) Link
AT&T mmWave coverage maps Link
Demonstration of VoNR on T-Mobile US’ live commercial NR-SA n71 network Link

Reverse engineering of Qualcomm Modem-RF firmware to uncover new use cases and capabilities
Ongoing participation in the CellMapper project, to create a crowdsourced database of LTE & NR commercial network deployments. My participation includes running the CellMapper application on several commercial handsets to contribute to these detailed maps of wireless networks. Information collected includes RSRP, SINR, RSRQ, channel width, EARFCN/ARFCN (frequency), PLMN (MCC-MNC); signal trails and eNB/gNB tower locations (both calculated and manually located).
DMR: QSOs, programming of handheld DMR radios (i.e. TYT MD-380) for access to NEDECN, SkyWarn, other amateur VHF DMR repeaters.
Obtain 0xB826 packets from commercial UEs and contribute my results to crowdsourced project cacombos.com
BladeRF SDR with Ubuntu 20.04 LTS running srsLTE.

A licensed amateur radio technician and radio hobbyist. I also hold a GMRS radio station license (462 to 467 MHz). Currently employed as a senior network security engineer in the United States.
Current interests: new FCC bandplans i.e. Digital Dividend (600 MHz), c-band (3.7 - 4.2 GHz), CBRS (3.55 - 3.7 GHz). Aforementioned bands are of interest due to their novel use in commercial telecommunications networks using the 3GPP 5G NR (New Radio) standard. I’m also interested in TDMA (digital) DMR services in the 70cm amateur radio band (420 - 450 MHz), and analogue voice services in the 2m, 70cm, 33cm amateur bands.

Crowdsourced LTE & NR carrier aggregation combo database: Link
Crowdsourced LTE & NR commercial network deployment map: Link
List of UEs supporting 600 MHz LTE & NR bands: Link
U.S. Frequency Allocations Chart (NTIA): Link Mirror
FCC band plans: Link
Amateur Radio band plan (AARL): Link
UE radio access capabilities standard (3GPP TS 38.306 version 16.5.0 Release 16 rev 5): Link Mirror
UE radio access capabilities standard (3GPP TS 38.306 version 15.3.0 Release 15 rev 14): Link Mirror