Skip to content
A smart jamming proof of concept for mobile equipments that could be powered with Modmobmap tool
Branch: master
Clone or download
Pull request Compare This branch is even with Synacktiv-contrib:master.

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.


A smart jamming proof of concept for mobile equipments that could be powered with Modmobmap

For more information, this little tool has been presented during SSTIC rump 2018:


You should be warned that Jamming is illegal and you're responsible for any damages when using it on your own.


  • a radio devices that is enabled to transmit signal (HackRF, USRP, bladeRF, and so on.)
  • GNU Radio installed
  • Modmobmap to perform automatic smartjamming:


Manual jamming

If you have a HackRF or any device compatible with osmocom drivers, you can directly run the code provided in GRC/ as follows:

$ python GRC/

For those who want to use another device like USRP, edit the GNU Radio block schema GRC/jammer_gen.grc:

$ gnuradio-companion GRC/jammer_gen.grc

Then you can configure the central frequency with the WX GUI to target a frequency. But this tool has also a feature to do it automatically.

Automatic smartjamming

To automate jamming, you can first get a list of we the Modmobmap that saves a JSON file after monitoring surrounding cells in a precise location. This JSON file looks as follows:

$ cat cells_<generated timestamp>.json 
    "****-***50": {
        "PCI": "****", 
        "PLMN": "208-01", 
        "TAC": "50****", 
        "band": 3, 
        "bandwidth": "20MHz", 
        "eARFCN": 1850, 
        "type": "4G"
    "7-***": {
        "PLMN": "208-20", 
        "arfcn": 1018, 
        "cid": "***", 
        "type": "2G"
    "****:-****12": {
        "PLMN": "208-1", 
        "RX": 10712, 
        "TX": 9762, 
        "band": 1, 
        "type": "3G"

After generating this file containing cells to jam, you can launch the RPC client that communicate with GRC/ as follows:

$ python -f cells_<generated timestamp>.json

Then leverage the gain for transmission and you should observe that a lot of noise is overflowing the targeted cells with gaussian noise.

Jamming session

Please note that the delay between each targeted cell can be set with a provided arguments '-d' (see arguments helper).

You can’t perform that action at this time.