Saturday, September 5, 2009

Getting your location using iPhone with no GPS

One of the main big features in iPhone 3G that was not shipped with its ancestor iPhone 2G is GPS support. You can determine your location using GPS satellites.
It is known that although very accurate, GPS has some drawbacks. It needs a lot of time to connect to the satellites, in the order of tens of seconds. It won't work indoors as well. Moreover, it is banned in Egypt, Syria and North Korea!
Update: It is not banned anymore in Egypt.

So can one determine his location without the aid of GPS technology? The answer is Yes. This can be done by identifying nearby GSM cell towers and query a database that stores their location. So lets divide the rest of this post into 2 parts:


Identifying nearby GSM cell towers

Doing this on the iPhone was a bit tricky. Actually it was a challenge for us at eSpace to get such information. I will list here the challenges we met and how we managed to solve them:
  1. There is no official SDK for iPhone OS 1.x. This was the easiest challenge to solve. Everybody uses iphone-dev for building the iPhone toolchain. Most of the header files in the toolchain are generated by class-dump! This is a tool that takes a binary framework (library) as an input and emits some Objective-C code in a header file that represents symbols in the library. Its idea is as simple as using nm to query symbol names and some extra code to wrap this info in Objective-C syntax.
  2. Even in the non-official toolchain, there is not a word on how to deal with telephony features like calls and text messaging. Thanks to CellStumbler, we used it to get cell information. It is a tool that exploits CoreTelephony framework functionality. CoreTelephony.h is also generated with class-dump.
  3. CellStumbler is very fragile, if you do simple edits in it, it may crash! The guys say it is toolchain bugs! Just keep this in mind if you need to modify it. Be aware that server connection callback never get called, so keep on retrieving cell information until you get something useful.
  4. Because CellStumbler is that fragile, we left the code untouched in its major parts, we just changed the part that outputs results. We then called the binary from a shell and parsed its output to get useful nearby cell information.

Querying a database for cell location

Google used to have a secret API for this. It is called My Location. This is the API it uses in Maps. Unfortunately, at the time of our development, the API was secret, we had to sniff upon packets to/from Google Maps to know what happens under the hood and replays it. Now this API is open to developers, thanks Google.


Read more...