- Inspect a SIM card. Use a USB SIM reader and PySIM (open source). Read your old SIMs. You will see the IMSI, SPN (carrier name), preferred PLMN list, SMS center address, and ICCID. The actual key is not extractable (it lives in tamper-resistant memory inside the SIM chip), but everything else is.
- Receive Iridium pager bursts. Get an SDR (HackRF, RTL-SDR with upconverter) and gr-iridium. Tune to 1626 MHz. You will see brief bursts as satellites pass overhead. Demodulating the public traffic is educational and legal as a passive receiver.
- Build a LoRa point-to-point. Two cheap LoRa modules (RFM95, $10 each), two Arduinos. Send "Hello" between them. Try with line-of-sight from a hilltop: 50+ km is achievable with SF12.
- Run a GPS receiver in raw mode. Cheap u-blox modules expose pseudoranges and ephemerides. Write Python to compute your position from raw measurements (matches the worked example above). You will appreciate why the real solver does sequential Kalman filtering instead of LSQ.
- Explore cellular spectrum with GnuRadio. Plot 700 MHz, 1800 MHz, 2.4 GHz, 5 GHz Wi-Fi. Watch frame timing in LTE downlink. Decode SIB1 broadcasts using srsRAN.
- Spin up a private LoRaWAN. ChirpStack network server, a single gateway, half a dozen The Things Network sensors. You can monitor your house's temperature for under $100 of hardware and zero cellular bill.
- Build a satellite ground station. RTL-SDR, helical or QFH antenna, gpredict for orbit prediction. Receive NOAA APT weather images at 137 MHz, AMSAT FM repeaters, ISS amateur-radio downlinks.
section 6 of 82 min read