https://github.com/drinkingc0ffee/rayhunter-enhanced
I added MCC/MNC Signal Metrics**: RSRP, RSRQ, SINR signal strength measurements to the QMDL parsing to help with using OpenCellID but the database is rubbish. As the Orbic doesn’t appear to support GPS I created a small Android app to capture GPS data and relay it via REST to the Orbic’s web server via REST API. (This requires whatever you are running it on is probably on the mobile hotspot). Fairly simple and generic (https://github.com/drinkingc0ffee/GPS2REST-Android).
The rayhunter fork includes GPS Integration
- External GPS support via REST API endpoints
- Mobile app compatibility (GPS2REST-Android)
- Per-scan GPS files with automatic timestamp correlation
Key QMDL/Cellular Analysis Enhancements Added: ** Modifications to LTE/4G serving cell, neighbor measurements, GSM/2G cell info, WCDMA/3G data, physical layer measurements **Added Cellular Parameter Extraction
- MCC/MNC (Mobile Country/Network Code)
- Cell ID, Physical Cell ID, eNodeB ID
- Location Area Code (LAC), Tracking Area Code (TAC)
- Signal strength (RSRP, RSRQ, SINR)
- Neighbor cell information
- PLMN data (Public Land Mobile Network)
https://github.com/drinkingc0ffee/GPS2REST-Android A fairly basic Android app that retrieves location data and sends the data to a REST endpoint. In the Orbic case http://192.168.1.1/api/v1/gps
https://github.com/drinkingc0ffee/rayhunter-enhanced Fork with added logging
The web interface supports downloading individual GPS logs for each session with the same timestamp as the qmdl and pcap files.
the proposed features vaguely make sense to me but the diff in that repo is entirely AI generated. that’s not necessarily bad but requires extra scrutiny. I as a layman have a hard time verifying that the qmdl parsing is correct. also there are no changes at all to the web UI or the API, forgot to push?
That’s odd. You might not see the GPS files in the UI if there are no generated logs. You can tell the version of the UI by looking for “System Information” “Rayhunter Version 0.4.1 - Enhanced” on the upper right hand side of the web UI. Lots of AI was not intended. I have been toying around with a few IDEs but I find that the models (Claide, GPT) can go on completely random tangents unrelated to the problem you are trying to solve. More than once I found them trying to generate bogus test data on their own. I checked the QMDL parsing manually. I used scat ( https://github.com/fgsect/scat) as a template.
On Sun, Jul 6, 2025 at 8:44 PM Markus Unterwaditzer < @.***> wrote:
okay, I didn’t run the code. when this post was published I only saw this commit and reviewed it: https://github.com/drinkingc0ffee/rayhunter-enhanced/commit/1871c840adbbf4deb41bccb65916d1e61aa021eb
I really like these ideas but I share untitakers concerns about AI generated code. I will have a look at this though. I’m not keen on having the mobile app be a part of this repo but I’m fine with it as a standalone repo, and if you get it in the app store I would definitely add it to the docs!
It would be really awesome if you could make a pull request with your changes so that we can review it and possibly merge some of them into main.
I shrunk up my edits to the codebase but you still might not like it. I wouldn’t recommend including the mobile app as part of the repo as well. I made it because I needed to get GPS data from somewhere. A single purpose app that gathers GPS and relays to REST fit the bill.
The only interface I added into rayhunter for GPS data is a REST API that accepts latitude and longitude parameters via GET or POST. It is accessed at http://192.168.1.1:8080/api/v1/gps/ and it feeds GPS data to the ndjson analysis as well as creates its own logfiles with Orbic generated UNIX timestamps and the GPS coordinates.
After the first day of traveling around NYC with the Orbic I found 3 towers performing 2G downgrades and one with a confirmed ISMI request . The data is basically useless without knowing the locations. Correlating the data with OpenCellID was difficult as the app was not capturing MCC, MNC, LAC/TAC. Yes the MCC is just going to be 310 for the US but OpenCellID doesn’t perform a lookup just on CellID alone. So I basically added parsing for all of the information that scat (https://github.com/fgsect/scat) can pull from QMDL files. I find that more information is always better when trying to detect an attacker. The assumption is that as long as you are carrying this device around you should expect that others can track your movements with both cellular and WiFi. I have considered adding a panic button feature to wipe the data if you are paranoid enough. I don’t suppose tapping SOS on the single button would be very practicable.
Cheers, -Brandon
On Wed, Jul 16, 2025 at 6:01 PM Cooper Quintin @.***> wrote: