The Mobile System and Networking Laboratory at University of Pittsburgh regularly releases open-source software and makes a practice of releasing source codes with our published papers. The platforms running our software span from software-defined radios and embedded systems to mobile OS such as Android.


TransFi: a software solution to fine-grained custom wireless PHY signal emulation with commodity WiFi

New wireless physical-layer designs are the key to improving wireless network performance. Adopting these new designs, however, requires modifications on wireless hardware and is difficult on commodity devices. This difficulty results in slow adoption of new wireless PHY techniques, and is also the major reason for the gap between lab prototypes and actual wireless systems in use. To avoid such hardware modification, one approach is to selectively transmit a commodity wireless signal that best approximates to the target signal in the newPHY design. However, since each commodity wireless hardware can only produce a finite number of fixed PHY signal waveforms, this method is too coarse-grained to precisely approximate to the target signal that may arbitrarily appear in custom wireless PHY, and will result in large and uncontrollable approximation error when transmitting high-speed data frames. Instead, we envision that this constraint of commodity wireless hardware can be removed by fine-grained emulation, which mixes multiple commodity wireless signals with adaptively selected amplitudes and phases on the air. Based on this insight, we developed TransFi, a software technique that enables custom wireless PHY functionalities on commodity WiFi transmitters. The TransFi software computes the commodity WiFi's MAC payload based on the target signal being emulated, and passes the computed MAC payloads to the WiFi PHY layer to produce the target signal. More specifically, it considers the target signal in each wireless symbol as a custom point on the complex plane, and selects a set of commodity QAM constellation points whose geometric mixture matches the custom point. Each selected QAM constellation point is then reversely computed to the MAC payload of one MIMO stream, by mimicking the WiFi data decoding process. This artifact implements our work published in MobiSys 2022.

For more details, please check


A side channel attack on Qualcomm Snapdragon mobile GPUs via GPU performance counters

Malicious attacks against smartphones have recently become a major technical concern. Mobile hardware attacks exploit unintended information leakage from system hardware, and are hence difficult to eliminate as hardware upgrade cannot be easily done on commodity devices. While most existing hardware eavesdropping attacks on smartphones mainly focus on CPU and on-board sensors, our work presents a new eavesdropping attack targeting onmobile GPUs that allows an unprivileged attacker to precisely infer the user's credential inputs through the on-screen keyboard. Our basic rationale is the explicit correlation between user inputs and screen display on smartphones: on one hand, user inputs are always reflected into screen display as visible feedback; on the other hand, display contents are always rendered by GPU, and GPU is solely used for graphics rendering in most cases. Based on this rationale, we found that GPU performance counters (PCs) in certain categories reflect the amount of screen display changes at the granularity of individual pixels. This explicit and fine correlation allows direct eavesdropping without any ambiguity. This artifact implements our work published in ASPLOS 2022.

For more details, please check


A generic resource sharing framework between remote mobile systems

Remote resource access across mobile systems augments local mobile devices' capabilities, but is challenging due to the heterogeneity of mobile hardware. Instead of tackling with the low-layer drivers, I/O stacks and data access interfaces of individual hardware, we developed a software framework that exploits the existing OS services as the interface for remote resource access. This framework is implemented as a middleware in Android OS, and supports generic sharing of various hardware (GPS, accelerometer, audio speaker, camera) between remote mobile devices. It can be migrated to diverse types of devices, including smartphones, tablets and smartwatches, with minimum modifications. This software implements our work published in INFOCOM 2017.

For more details, please check


A high-throughput wireless side channel design

To prevent delay-sensitive traffic from experiencing excessive queueing delay in congested wireless links, we developed a prototype system over USRP, which implements a high-throughput wireless side channel exclusively for delay-sensitive traffic. Our system is built based on our 802.11a reference design, and encodes the side channel data as patterned interference over data frames in the main channel. This software implements our work published in MobiHoc 2016.

The source code is available at


A system tool for evaluating wireless link scheduling protocols

Built on our 802.11a reference design over GNURadio/USRP, we developed a system tool that allows researchers to conveniently implement their wireless link scheduling protocols and evaluate the efficient and overhead of these protocols. This tool dynamically adapts the wireless link rates to up-to-date channel conditions. Once the link rate changes at a wireless device, it automatically reschedules wireless transmissions at this device and notify its neighbors with the new link rate. The overhead of scheduling is then measured as the number of such notification frames being sent. This software implements our work published in ICNP 2016.

The source code is available at


Fine-grained mobile code offload

Existing techniques of mobile code offload transmit too many memory contexts that are irrelevant to the execution of offloaded codes to the cloud. We developed software, as a building block of Android OS framework, to precisely identify and efficiently migrate only the relevant memory contexts to the cloud. Our software identifies the memory contexts that may be accessed by a program method through offline parsing of application executables. The parsing results will then be utilized by run-time code execution to screen the thread stack and memory heap. This software implements our work published in INFOCOM 2015.

Software is available at


802.11a PHY and MAC reference design for GNURadio/USRP

The existing few open-source 802.11 reference designs for the GNURadio/USRP software-defined radio (SDR) platform are discretionary and user unfriendly. We developed a complete 802.11a reference design that includes fully functional PHY and MAC layers over the latest GNURadio platform. It implements several mainstream rate adaptation algorithms such as Minstrel and AARF, from which instructions of link rates are directly transferred to the PHY module and applied to subsequent modulation and frame encoding.

The source code is available at