Are there any benchmarks comparing it with the Nvidia Thor? It is much more available than spark, and performance might not be very different

I am working on "over the air" security tooling for NR 5G SA networks, by tampering with the lower layers of the cellular wireless protocols.

I am implementing both specific test cases and automatic vuln hunt (ie. Fuzzing).

It's complexity is not completely unnecessary. Scale is a huge bitch.

Networking between phones, without a common base station, is hard. Harder than WI-FI, because identity is managed centrally and the frecs in use require a license to name some "simple" problems. Cellular comms are not designed to handle this kind of scenario.

There has been some work to add inter device connectivity lately, to support many interesting use cases. You can find more looking for "sidelink" or "PC5", but you will not find many phones that implement it.

It seems to be mostly focused in vehicular use cases in V2V and V2X scenarios

They abandoning the UE development was a very sad moment.

Their code base is so much nicer than other projects, and somewhat easy to match with the standards. I am very happy user :)

Yes, is simple enough to get started if you have access to the required hardware. You might able to operate in the n41 band (2.4GHz, like wifi) even without a license.

Phones are nitpicky about network configuration (chippers, emergency calling and so on). I would recommend starting with a USB modem. Also setting your network PLMN to the 00101 (the testing one), as it usually gets preferencial treatment in UEs.

N41 isn't 2.4ghz. It's licensed 2.5ghz. You're thinking N46 which is unlicensed 5ghz.

LTE didn't allow for it to be used as primary carrier, but NR-SA I think does.

1.- You get a "nice PLMN" for the network and assign phone numbers (and manage key material) only after Ham Identification. DMR Style (at least here in Spain)

2.- Most of them will refuse to join any Private SA network that does not use SUCI and encryption (in my experience). If you have a "nice" PLMN, they will connect. What a "nice" PLMN is varies between modems, the testing PLMN is a safe bet :)

3.- Also gone down this rabbit hole. eSIMs must be signed by a GSMA authorized key, and they are picky. Osmocom people have relationship with someone that signs profiles for them (for pay). The crypto is quite straight forward to do offline, eSIM profile distribution not so much. Key propagation from generator to core network and final client (ue) would also be a challenge. Another option is using the testing certificate, it should remain active in most modems for certain PLMNs. I have yet to test this, but work gets in the way

There is a variety of open software and COTS hardware that could fully power this network. The client side is the hardest part, especially if you want a phone.

PC modems on a Linux machine are more manageable (But expensive, let's wait a few iterations on RedCap maybe). And SIMs with ADM keys can be purchased from different sources

I am curious about what kind of setup would be optimal to charge a LiOn array, instead of Lead-Acid. Taking into account the requirements of the project, every solar mppt charger for residential use is very over spec.

The typical "solar usb power banks" carry a very small solar cell, and probably don't bother implementing mppt. I am clueless on where to look for a mppt charger for sub 500W installations. Ideally, that supports LiOn to recycle old laptop batteries