Can anyone point me in the right direction for cellular phone protocols? Is there an equivalent to ARP poisoning techniques for cellular? The protocols all are pretty complicated, so I figure there is no point in reinventing the wheel.

Damn, I don't think I've ever been so terrified by a website, nor intrigued. Err, especially the bill of rights? hmm. Its not like

Honestly, I'm more interested in making really advanced prank calls by manipulating the ATM cells, that and using MitM concept to funnel traffic through my phone.

Encrypted yes, but not very advanced. I was just reading that the G3 network is still using symmetric encryption for backwards compatability, and that the SIM card holds the ticket. I'm sure the social engineers out there can convince people to let them 'borrow your SIM card for a moment', but im sure there is a way in.

anywhere I should look into how phones are identified on the network?

thanks. i'll look into that.

ATM cells are really small (about 48 bytes) but have a Virtual Channel and Virtual Path indicator in the header. But maybe going that low isn't all that necessary up front.

and prank calls are just the 'public face' of this idea. you can pass out a program with instructions on how to spoof a phone number, but those that know will be able to use it for alot more (for example, tunneling sensitive information through the audio signal of a phone conversation that is inserted and extracted using phase vocoding synthesis techniques, which then can be routed through various phones to avoid tracing). and of course, there will be little instruction (ie none) shipped with the app.