Call Us: 
Table of Contents
2 What is Cell Tower Triangulation? 1
2.1 Cell Tower Triangulation 1
3 How to find the location with GSM cells 4
3.1 Discover how to find the coordinate from the GSM cells!! 4
5.2 Specifications for GPRS Data 9
5.3 Specifications for SMS via GSM/GPRS 9
5.5 Specifications for voice 9
6 Execution Command AT+CNETSCAN 10
7 Descriptions of Network Parameters 11
8 Results using Termite 3.2 Terminal Software 11
9 How to Calculate the positions and Draw map 12
10 Triangulation Algorithm (Python) 13
GSM Triangulation
Triangulation is a method/process by which the location of a radio transmitter can be determined by measuring either the radial distance, or the direction, of the received signal from two or three different points for locating a mobile phone. Triangulation is sometimes used in cellular communications/mobile network to pinpoint the geographic position of a user.
In Triangulation method, it uses radio towers closes to your phones for the triangulation. Your phone will emit a roaming signal to a nearby radio tower. The location of your phone is determined through how strong the signal is sent to each of the receiving radio tower. The number that is being used by the mobile phone can easily be obtained by contacting the operator network and they will identify which radio towers is receiving the strongest signal from that particular number of the mobile phone. The triangular method then is also used to determine which other radio towers is also receiving signal. By calculating the strength and weak signal, they can obtain a rough estimate of the mobile phone location.
So, how does the pinpointing of mobile users work and just how accurate is it?
There are two methods for pinpointing the location of cell phone users. Cell phones equipped with Global Positioning System (GPS) capability, use signals from satellites to pinpoint location very accurately. The second and less-accurate method is often called “Cell Tower Triangulation”, referring to how the cell towers, which receive a phone’s signal, may be used to calculate its geophysical location.
What is Cell Tower Triangulation?
Cell Tower Triangulation
Cell tower triangulation is similar to GPS tracking in many ways. Multiple towers are used to track the phone’s location by measuring the time delay that a signal takes to return back to the towers from the phone. This delay is then calculated into distance and gives an accurate location of the phone. Detecting which antenna of the tower the signal bounced off of can further refine the location. This gives a more specific location when used congruently with multiple towers calculated by multiple dishes on each tower.
Cell tower triangulation is also used to provide the phone with the best service by noting which tower it is closest to and using them to provide service. Cell tower triangulation provides the ability to track the historic location of the cell phone’s presence. It will then identify where the cell phone was when receiving/making calls, texting, emailing, etc.
In a best-case scenario, a cell phone’s signal may be picked up by three or more cell towers, enabling the “triangulation” to work. From a geometric/mathematical standpoint, if you have the distance to an item from each of three distinct points, you can compute the approximate location of that item in relation to the three reference points. This geometric calculation applies in the case of cell phones, since we know the locations of the cell towers which receive the phone’s signal, and we can estimate the distance of the phone from each of those antennae towers, based upon the lag time between when the tower sends a ping to the phone and receives the answering pingback.
In many cases, there may actually be more than three cell towers receiving a phone’s signal, allowing for even greater degrees of accuracy (although the pedantic side of me notes that the term “triangulation” is not really correct if you are using more than three reference points). In densely developed, urban areas, the accuracy of cell phone pinpointing is very high because there are typically more cell towers with their signal coverage areas overlapping. In cases where a cell user is inside large structures or underground, cell tower triangulation may be the only location pinpointing method since GPS signal may not be available.
For many cell tower networks, the pinpointing accuracy may be even greater, since directional antennae may be used on the tower, and thus the direction of the cell phone’s signal might be identifiable. With the signal direction plus the distance of the phone from the cell tower, accuracy might be pretty good, even with only two towers.
However, there are many places where there are fewer cell towers available, such as in the fringes of the cities and out in the country. If you have fewer than three cell towers available, pinpointing a mobile device can become a lot less precise. In cities where there are a lot more vertical structures, which can be barriers to cell phone broadcasting, and receiving, there have to be many, more cell towers distributed in order to have good service. In the countryside, there are relatively fewer cell towers and only a single one at a much greater distance may pick up a phone’s signal.
Those areas where a phone is only getting picked up by a single tower and if it’s equipped with only omnidirectional antennae, the accuracy becomes even less.
In rural areas, coverage of the cell tower can vary from about a quarter of a mile to several miles, depending upon how many obstacles could be blocking the tower’s signal.
How to find the location with GSM cells
Discover how to find the coordinate from the GSM cells!!
The radio mobile network is made up of a number of adjacent radio cells, each of which is characterized by an identifier consisting of four data: a progressive number (Cell ID), a code related to the area in which that given cell is (LAC, or Local Area Code), the code of national network to which the cell belongs (MCC, an acronym for Mobile Country Code), and finally the company code (MNC, or Mobile Network Code), which obviously identifies the phone company itself. For this reason, once a cell name and coordinates are known, and considering the maximum distance allowed between this cell and a phone before the phone connects to a new cell, it is possible to find out, approximately, the most distant position of the phone itself. For example, if the maximum distance has been determined to be one mile, the cell phone can be within a one-mile radius. It can be deduced that the more cells are found in each area, the more precisely one can determine where the phone is located (up to 200-350 feet).
To determine the coordinate, we use open cell_id and the maps show also the range of approximation.
You may have noticed that the antennas on a cell tower are always arranged in a triangle. There are some sound technical and economic reasons for this, but we won’t go into that here. But it does mean that a cell tower can tell from which of the three antenna arrays it is receiving a signal. Each of the three antenna arrays covers a 120° sector with the tower at its focus, and these sectors, by convention, are referred to as alpha, beta, and gamma – α, β, γ.
Within each sector, the tower can make a measurement of how far away the transmitting cell phone is. This is done by measuring signal strength and the round-trip signal time. For a lot of technical reasons, this is not a very accurate measurement, and the determined distance will have a reasonably significant error band.
Here is a diagram of a single cell tower showing concentric bands of distance from the tower, and the three “sectors”. The distance bands don’t stop at “6”, but this is just to give you the idea. Note that at six miles out, the arc of a sector is 12.6 miles long.
Here is how a single-tower location would work. The cell tower has determined that the signal is coming from the γ sector and that the origin of the signal is approximately 4 miles from the tower. This would place the caller within the yellow band, which you can see is 8.4 miles long and “about” ½ mile wide – an area of 4.2 sq. miles.
If the cell phone in question is also negotiating with a second cell tower at the same time (and this must be the case), the ability to locate the phone gets much better. Here is a diagram of the situation when the phone is 4 miles from the “orange” tower in the γ sector, and 5 miles from the “blue” tower in the α sector. This will place the phone in an oval (shown in red) whose center is the intersection of the swept areas of the two towers’ approximate distance bands.
If a third tower is brought into play, and the phone in question is determined to be 5 miles from the (third) “green” tower, this diagram shows that the area of location can be estimated even more closely. Keep in mind that the phone must be negotiating with all three towers at the same time.
In densely populated urban areas, the cell towers are close together, and a much closer estimation of phone location can be made than in a rural area, where the towers are far apart.
Some of the newest cell phones can actually report a GPS location, and this is quite accurate and does not rely on the cell towers at all.
Using cell tower triangulation (3 towers), it is possible to determine a phone location to within an area of “about” ¾ square mile.
Hardware Used
SIM800
USB-to-TTL’
SIM800 Specifications
General features
Quad-band 850/900/1800/1900MHz
GPRS multi-slot class 12/10
Bluetooth: Compliant with 3.0+EDR
Dimensions: 24.0*24.0*3.0mm
Weight: 3.14g
Control via AT commands (3GPP TS 27.007,27.005 and SIMCOM enhanced AT Commands)
Supply voltage range 3.4 ~ 4.4V
Low power consumption
Operation temperature: -40℃ ~85℃
GPRS mobile station class B
Compliant to GSM phase 2/2+
Class 4 (2 W @ 850/900MHz)
Class 1 (1 W @ 1800/1900MHz)
Specifications for GPRS Data
GPRS class 12: max. 85.6 kbps (downlink/uplink)
PBCCH support
Coding schemes CS 1, 2, 3, 4
PPP-stack
CSD up to 14.4 kbps
USSD
Nontransparent mode
Specifications for SMS via GSM/GPRS
Point to point MO and MT
SMS cell broadcast
Text and PDU mode
Software features
0710 MUX protocol
Embedded TCP/UDP protocol
FTP/HTTP
MMS
E-MAIL
DTMF
Jamming Detection
Audio Record
TTS (optional)
Embedded AT (optional)
Specifications for voice
Tricodec
Half rate (HR)
Full rate (FR)
Enhanced Full Rate (EFR)
AMR
Half rate (HR)
Full rate (FR)
Hands-free operation (Echo suppression)
Interfaces
68 SMT pads including:
Analog audio interface
PCM interface(optional)
SPI interface (optional)
RTC backup
Serial interface
USB interface
Interface to external SIM 3V/1.8V
Keypad interface
GPIO
ADC
GSM Antenna pad
Bluetooth Antenna pad
Compatibility
AT cellular command interface
Certifications
CE
GCF
FCC
TA
CTA
CCC
ROHS
REACH
ANATEL
A-TICK
Execution Command AT+CNETSCAN
AT+CNETSCAN command perform a net survey to show all the cell information
Response
If format’s value is 0:
Operator:"<Network_Operator_name>",MCC:<MCC>,MNC:<MNC>,Rxlev:<Rxlev>,Cellid:<CellID>,Arfcn:<Arfcn>[<CR><LF> Operator:"<Network_Operator_name2>",MCC:<MCC2>,MNC:<MNC2>,Rxlev:<Rxlev2>,Cellid:<CellID2>,Arfcn:<Arfcn2>[…]] |
If format’s value is 1:
Operator:"<Network_Operator_name>",MCC:<MCC>,MNC:<MNC>,Rxlev:<Rxlev>,Cellid:<CellID>,Arfcn:<Arfcn>,Lac:<Lac>,Bsic:<Bsic >[<CR><LF> Operator:"<Network_Operator_name2>",MCC:<MCC2>,MNC:<MNC2>,Rxlev:<Rxlev2>,Cellid:<CellID2>,Arfcn:<Arfcn2>,Lac:<Lac2>,Bsic:<Bsic2>[…]] |
OK
Descriptions of Network Parameters
<Network_Operator_name> Long format alphanumeric of the network operator. |
<MCC> Mobile country code. |
<MNC> Mobile network code. |
<Rxlev> Recieve level, in decimal format. |
<CellID> Cell identifier, in hexadecimal format. |
<Arfcn> Absolute radio frequency channel number, in decimal format. |
<Lac> Location area code, in hexadecimal format. |
<Bsic> Base station identity code, in hexadecimal format. |
Results using Termite 3.2 Terminal Software
WE get the following responses from GSM module 800 after sending the Execution Command AT+CNETSCAN
The output of Terminal is listed and arranged systematically in below table.
Operators | MCC | MNC | RXl | CELL ID (HEX) | CELL ID DECIMAL | ARFCN | LAC(HEX) | LAC (DECIMAL) | BSIC | LAT | LONG |
Spice telecom | 404 | 44 | 48 | 32DD | 13021 | 15 | 514 | 1300 | 3B | 12.954366 | 77.694103 |
Spice telecom | 404 | 44 | 41 | 2942 | 10562 | 16 | 514 | 1300 | 38 | 12.948838 | 77.695289 |
Spice telecom | 404 | 44 | 40 | 32DF | 13023 | 25 | 514 | 1300 | 0F | 12.953097 | 77.689468 |
Spice telecom | 404 | 44 | 29 | 32E8 | 13032 | 18 | 514 | 1300 | 22 | 12.952558 | 77.696156 |
Spice telecom | 404 | 44 | 25 | 27A7 | 10151 | 24 | 514 | 1300 | 27 | 12.956038 | 77.680652 |
Bharat Karnataka | 404 | 71 | 42 | 2875 | 10357 | 74 | 09CE | 2510 | 10 | 12.954797 | 77.696468 |
Bharat Karnataka | 404 | 71 | 33 | 275E | 10078 | 75 | 09CE | 2510 | 16 | 12.951517 | 77.693764 |
Bharat Karnataka | 404 | 71 | 32 | 27B9 | 10169 | 73 | 09CE | 2510 | 20 |
|
|
Hutch Karnataka | 404 | 86 | 37 | 221C | 8732 | 723 | 7C3A | 31802 | 23 |
|
|
Hutch Karnataka | 404 | 86 | 34 | 3D19 | 15641 | 662 | 7C3A | 31802 | 26 |
|
|
Hutch Karnataka | 404 | 86 | 33 | C258 | 49752 | 724 | 7C3A | 31802 | 15 |
|
|
Docomo | 405 | 34 | 32 | 5FAB | 24491 | 763 | 4A38 | 19000 | 01 |
|
|
Docomo | 405 | 34 | 29 | 9062 | 36962 | 760 | 4A38 | 19000 | 14 |
|
|
Aircel | 405 | 803 | 29 | 689F | 26783 | 709 | 048A | 1162 | 21 |
|
|
Aircel | 405 | 803 | 25 | 689D | 26781 | 706 | 048A | 1162 | 3E |
|
|
Reliance Comm. | 405 | 10 | 29 | A3C1 | 44921 | 687 | 274E | 10062 | 29 |
|
|
Airtel | 404 | 45 | 51 | 3B61 | 15201 | 56 | 61E5 | 25061 | 09 |
|
|
Airtel | 404 | 45 | 34 | 3B63 | 15203 | 54 | 61E5 | 25061 | 39 |
|
|
Airtel | 404 | 45 | 29 | EDD3 | 60883 | 50 | 61E5 | 25061 | 3D |
|
|
Airtel | 404 | 45 | 29 | 3B62 | 15202 | 52 | 61E5 | 25061 | 01 |
|
|
How to Calculate the positions and Draw map
Cell tower’s coordinates are represented as x & y i.e. tx and ty also called latitude and Longitude
Signal Strength of Each Tower is represented by s and signal strength Ratio represented by sr in our case S is RXL signal receive level, you can see in above table.
The signal strength ratio for each tower can be calculated as ratio = signal strength/(total, combined signal strength):
Finally, coordinates can be calculated individually by multiplying each tower’s coordinate by its signal strength ratio and adding them together.
Triangulation Algorithm (Python)
Google location service is no more free and expects to provide payment details in terms of credit card.
import requests url = "https://us1.unwiredlabs.com/v2/process.php" payload = "{\"token\": \"0baef160915ec5\",\"radio\": \"gsm\",\"mcc\": 404,\"mnc\": 44,\"cells\": [{\"lac\": 1300,\"cid\": 10151}]}" response = requests.request("POST", url, data=payload) print(response.text) |
We have chosen https://opencellid.org for GSM location access and plots are created using Google Map and OpenStreetMap.
runfile('C:/Users/LDRA_new1/call.py', wdir='C:/Users/LDRA_new1')
{"status":"ok","balance":99,"lat":12.955606,"lon":77.680626,"accuracy":502}
runfile('C:/Users/LDRA_new1/call.py', wdir='C:/Users/LDRA_new1')
{"status":"ok","balance":98,"lat":12.955606,"lon":77.680626,"accuracy":502}
# import the library import gmplot import folium import pandas as pd
tx1 = 77.694103; tx2 = 77.695289; tx3 = 77.689468; tx4 = 77.696156; tx5 = 77.680652; tx6 = 77.696468; tx7= 77.693764;
ty1 = 12.954366; ty2 = 12.948838; ty3 = 12.953097; ty4 = 12.952558; ty5 = 12.956038; ty6 = 12.954797; ty7 = 12.951517; s1 =48 s2 =41 s3 =40 s4 =29 s5 =25 s6 =42 s7 =33
sr1 = s1 / (s1 + s2 + s3 + s4 + s5 + s6 + s7); sr2 = s2 / (s1 + s2 + s3 + s4 + s5 + s6 + s7); sr3 = s3 / (s1 + s2 + s3 + s4 + s5 + s6 + s7); sr4 = s4 / (s1 + s2 + s3 + s4 + s5 + s6 + s7); sr5 = s5 / (s1 + s2 + s3 + s4 + s5 + s6 + s7); sr6 = s6 / (s1 + s2 + s3 + s4 + s5 + s6 + s7); sr7 = s7 / (s1 + s2 + s3 + s4 + s5 + s6 + s7);
longitude = ((tx1 * sr1) + (tx2 * sr2) + (tx3 * sr3) + (tx4 * sr4) + (tx5 * sr5) + (tx6 * sr6) + (tx7 * sr7)); latitude = ((ty1 * sr1) + (ty2 * sr2) + (ty3 * sr3) + (ty4 * sr4) + (ty5 * sr5) + (ty6 * sr6) + (ty7 * sr7)); print (longitude,latitude)
latitude_list = [12.954366,12.948838,12.953097,12.952558,12.956038,12.954797,12.951517,latitude] longitude_list =[77.694103,77.695289,77.689468,77.696156,77.680652,77.696468,77.693764,longitude]
gmap.scatter( latitude_list, longitude_list, '# FF0000',size = 40, marker = False)
gmap.draw( "D:\\google-map.html" )
# Make a data frame with dots to show on the map data = pd.DataFrame({ 'lat':[12.954366,12.948838,12.953097,12.952558,12.956038,12.954797,12.951517,latitude], 'lon':[77.694103,77.695289,77.689468,77.696156,77.680652,77.696468,77.693764,longitude], 'name':['Cell Tower 1','Cell Tower 2','Cell Tower 3','Cell Tower 4','Cell Tower 5','Cell Tower 6', 'Cell Tower 7', 'Triangulated Position'] }) data
m = folium.Map(location=[latitude, longitude], tiles="OpenStreetMap", zoom_start=80)
for i in range(0,len(data)): folium.Marker([data.iloc[i]['lat'], data.iloc[i]['lon']], popup=data.iloc[i] ['name']).add_to(m)
m.save('D:\\folium_map.html') |
Output: 77.69284187984498 12.952955321705428
Triangulation results using open cell_id
Go to https://unwiredlabs.com/api
{ "token": "0baef160915ec5", "radio": "gsm", "mcc": 404, "mnc": 44, "cells": [{ "lac": 1300, "cid": 13021, "signal": 48 },{ "lac": 1300, "cid": 10562, "signal": 41
},{ "lac": 1300, "cid": 13023, "signal": 40 },{ "lac": 1300, "cid": 13032, "signal": 29 },{ "lac": 1300, "cid": 10151, "signal": 25 }], "address": 1 } |
{ "status": "ok", "balance": 97, "lat": 12.952645, "lon": 77.693824, "accuracy": 524, "address": "1st Cross Road, Ashwath Nagar, Marathahalli Ward, Mahadevapura Zone, Bengaluru, Bangalore Urban, Karnataka, 560037, India" } |
References
https://www.geeksforgeeks.org/python-plotting-google-map-using-gmplot-package/
https://python-graph-gallery.com/288-map-background-with-folium/
Hey, like this? Why not share it with a buddy?
All Rights Reserved © RadioJitter.com
