Skip to content

Latest commit

 

History

History
75 lines (59 loc) · 3.69 KB

README.md

File metadata and controls

75 lines (59 loc) · 3.69 KB

QCA Spectral Scan

An RF spectrum analyzer app for Android phones using only built-in hardware. The project is based on Qualcomm SoCs. Given Qualcomm's acquisition of Atheros, we think that their Wi-Fi modules share similarities with the Atheros ath series. This project has involved reverse engineering the QCA driver and has undergone a preliminary implementation to enable spectral scanning with Qualcomm-based smartphones.

Requirements

This app requires an Android phone with the following:

  • Android 7 or above (tested on Google Pixel 5 with Android 11 and Android 14)
  • Root access (e.g. using Magisk)
  • Qualcomm qcacld-3.0 driver

Installation

Download the APK file built by GitHub Actions from the Releases page and install it using adb install.

Alternatively, build the app on a Linux system with JDK 17 (or above) and Android SDK 34 by running ./gradlew assembleDebug, which produces an APK file at app/build/outputs/apk/debug/app-debug.apk. The following third-party dependencies will be downloaded during the build process:

  • libsu will be downloaded by Gradle.
  • libnl will be downloaded by CMake, built from source, and included in the app as shared libraries.
  • hostapd will be downloaded by CMake, though this app only uses its qca-vendor.h header file.

Usage

Many Qualcomm chips' spectral scan feature can only cover a 40 MHz range centered at the frequency of the current Wi-Fi channel. Therefore, it's better to run this app with hotspot enabled and "Turn off hotspot automatically" disabled. The app will then periodically switch the channel of the hotspot to cover different frequency ranges. If enabling hotspot before launching the app doesn't work, try enabling hotspot after launching the app instead.

This app shows a spectrogram on the screen, where brighter colors indicate higher FFT magnitudes. This app also employs a simple algorithm to detect Bluetooth transmission and estimate its strength. The following are screenshots of the app in the presence of frequency sweeps and Bluetooth transmission, respectively (click on either to view a screen recording):

Frequency Sweeps Bluetooth Transmission
A screenshot of the app in the presence of frequency sweeps. A screenshot of the app in the presence of Bluetooth transmission.

A short click on the screen pauses or resumes the scanning, while a long click shows a configuration dialog:

The configuration dialog shown on long click. The configuration dialog for AP frequencies.

Contact

If you have any questions about this project, contact [email protected] or [email protected].