Hva er programvaredefinert radio?

Programvaredefinert radio (SDR) er en teknologi som bruker programvare for å håndtere radiofrekvenser, noe som gjør det enklere å manipulere og analysere radiosignaler.

Hvordan kan jeg spore fly og skip?

Du kan spore fly og skip ved å bruke programvaredefinert radio og spesifikke frekvenser for automatisk identifikasjonssystem (AIS) for skip og automatisk avhengig overvåking (ADS-B) for fly.

Er det ulovlig å hacke satellitter?

Ja, hacking av satellitter eller andre radiosignaler uten tillatelse er ulovlig og kan føre til alvorlige straffer.

RTL-SDR er en billig USB-dongle som kan brukes til å motta og analysere radiosignaler over et bredt spekter av frekvenser.

Hvordan lager jeg en antenne for SDR?

Du kan lage en enkel dipole antenne ved å bruke to aluminiumspoler og en koaksialkabel, tilpasset til den frekvensen du ønsker å motta.

Hva er Doppler-effekten?

Doppler-effekten er endringen i frekvensen av en bølge i forhold til en observatør som beveger seg i forhold til kilden til bølgen.

Hva er NOAA-satellitter?

NOAA-satellitter er meteorologiske satellitter som overvåker værforhold og samler data om atmosfæren.

Hvordan kan jeg dekode signaler fra satellitter?

Du kan dekode signaler fra satellitter ved å bruke spesifik programvare som WXtoImg eller NOAA ATP, avhengig av signaltypen.

Hva er en Yagi-antenne?

En Yagi-antenne er en type retningsbestemt antenne som brukes til å forbedre signalmottak i en bestemt retning.

SDR Sharp er en populær programvare for Windows som brukes til å motta og analysere radiosignaler med SDR.

BSIDES CPT 2019 - Hacking satellites with Software Defined Radio (SDR) - Gerard de Jong

00:44:52

https://www.youtube.com/watch?v=gMwciWchH3Q

Sintesi

TLDRForedraget fokuserer på hacking av satellitter ved hjelp av programvaredefinert radio (SDR). Foredragsholderen deler sin erfaring med å spore skip og fly i sanntid uten internett, og demonstrerer hvordan man kan manipulere signaler fra enheter som bilnøkler. Det diskuteres også hvordan man lager antenner og bruker programvare for å dekode signaler fra satellitter som NOAA. Foredraget advarer om de juridiske konsekvensene av hacking og oppfordrer til ansvarlig bruk av teknologi. Det avsluttes med spørsmål fra publikum om emnet.

Punti di forza

🔍 Lær hvordan du sporer fly og skip i sanntid uten internett.
💻 Oppdag hvordan programvaredefinert radio fungerer.
📡 Lag dine egne antenner for SDR-prosjekter.
⚖️ Vær oppmerksom på de juridiske konsekvensene av hacking.
📊 Forstå Doppler-effekten og dens betydning for signalanalyse.
🌐 Utforsk NOAA-satellitter og deres data.
🛠️ Bruk SDR Sharp for å analysere radiosignaler.
📡 Lær om Yagi-antennens design og bruk.
📈 Få innsikt i hvordan du dekoder satellittsignaler.
🔧 Eksperimenter med signalmanipulering og -analyse.

Linea temporale

00:00:00 - 00:05:00
Introduksjon til hacking av satellitter med programvaredefinert radio, inkludert sporing av skip og fly uten internett.
00:05:00 - 00:10:00
Historisk perspektiv på videoproduksjon og radioamatørvirksomhet, samt introduksjon av programvaredefinert radio som ble populært med Kickstarter-prosjekter.
00:10:00 - 00:15:00
Presentasjon av RTL-SDR dongler og deres bruksområder, inkludert signalanalyse av fjernkontroller og mulige sikkerhetsproblemer.
00:15:00 - 00:20:00
Diskusjon om regulering av elektromagnetisk spektrum og viktigheten av amatør radio-lisenser for hobbyister.
00:20:00 - 00:25:00
Forklaring av Raspberry Pi og dens begrensninger i sending, samt advarsler om å unngå forstyrrelser i andre frekvenser.
00:25:00 - 00:30:00
Demonstrasjon av replay-angrep med RTL-SDR og Raspberry Pi, samt muligheten for brute-force angrep på enkle fjernkontroller.
00:30:00 - 00:35:00
Presentasjon av hvordan man kan spore skip og fly ved hjelp av SDR-teknologi, inkludert bruk av spesifikke programvarer og antenner.
00:35:00 - 00:44:52
Avslutning med diskusjon om satellitter, inkludert NOAA-satellitter og hvordan man kan dekode signaler fra dem.

Mostra di più

Mappa mentale

Video Domande e Risposte

Hva er programvaredefinert radio?
Programvaredefinert radio (SDR) er en teknologi som bruker programvare for å håndtere radiofrekvenser, noe som gjør det enklere å manipulere og analysere radiosignaler.
Hvordan kan jeg spore fly og skip?
Du kan spore fly og skip ved å bruke programvaredefinert radio og spesifikke frekvenser for automatisk identifikasjonssystem (AIS) for skip og automatisk avhengig overvåking (ADS-B) for fly.
Er det ulovlig å hacke satellitter?
Ja, hacking av satellitter eller andre radiosignaler uten tillatelse er ulovlig og kan føre til alvorlige straffer.
Hva er en RTL-SDR?
RTL-SDR er en billig USB-dongle som kan brukes til å motta og analysere radiosignaler over et bredt spekter av frekvenser.
Hvordan lager jeg en antenne for SDR?
Du kan lage en enkel dipole antenne ved å bruke to aluminiumspoler og en koaksialkabel, tilpasset til den frekvensen du ønsker å motta.
Hva er Doppler-effekten?
Doppler-effekten er endringen i frekvensen av en bølge i forhold til en observatør som beveger seg i forhold til kilden til bølgen.
Hva er NOAA-satellitter?
NOAA-satellitter er meteorologiske satellitter som overvåker værforhold og samler data om atmosfæren.
Hvordan kan jeg dekode signaler fra satellitter?
Du kan dekode signaler fra satellitter ved å bruke spesifik programvare som WXtoImg eller NOAA ATP, avhengig av signaltypen.
Hva er en Yagi-antenne?
En Yagi-antenne er en type retningsbestemt antenne som brukes til å forbedre signalmottak i en bestemt retning.
Hva er SDR Sharp?
SDR Sharp er en populær programvare for Windows som brukes til å motta og analysere radiosignaler med SDR.

Visualizza altre sintesi video

Ottenete l'accesso immediato ai riassunti gratuiti dei video di YouTube grazie all'intelligenza artificiale!

Sottotitoli

Scorrimento automatico:

00:00:04
see us welcome today we're going to be
00:00:06
hacking satellites with software-defined
00:00:07
radio you might find somebody
00:00:11
interesting what you're gonna learn
00:00:12
today who has a gate that does this when
00:00:14
you press a button one of these have
00:00:16
your a key will you take them out we
00:00:18
might play with them in a moment so I'm
00:00:20
going to teach you how to do something
00:00:21
bad with that if you're worried about
00:00:24
where ships are if you ever go to the
00:00:26
sea I'm gonna show you how to track
00:00:27
where those things are in real time no
00:00:29
internet same thing with planes I'll
00:00:31
show you how to track planes so the next
00:00:33
time you're picking up a friend at the
00:00:34
airport you'll know if it's delayed if
00:00:36
your flight is delayed you don't need an
00:00:37
internet connection or worry about Wi-Fi
00:00:39
you can just figure out when that's
00:00:40
gonna happen and of course we're gonna
00:00:41
mess around with some signals from some
00:00:44
satellites so let that animation
00:00:47
complete I just want to put the brakes
00:00:48
on here if you do stupid stuff you're a
00:00:50
dolt and you can go to prison I will
00:00:52
show you many and interesting new ways
00:00:54
of going to prison if you're if you're
00:00:55
looking at doing that today and then
00:00:58
this talk is really just about my
00:01:00
journey and what I've been learning
00:01:01
about so I'm quite new in the security
00:01:03
field I don't work in the security field
00:01:05
I have I'm a software developer I work
00:01:07
for a bank so yeah this is still about
00:01:10
what I've been messing around with so
00:01:11
I'm going to show you the stuff that's
00:01:12
worked for me and what hasn't worked for
00:01:13
me and if you've got any ideas about
00:01:15
stuff you think I should try or when a
00:01:18
chat about do come to me afterwards we
00:01:20
can chat about that so a little bit of
00:01:22
history where does this come from who
00:01:23
here makes videos okay some of you might
00:01:26
not put us up because you make other
00:01:28
kinds of videos for the Internet so
00:01:30
about 10 years ago if you wanted to or
00:01:32
not 10 maybe even 20 years ago if you
00:01:34
wanted to make any kind of high-class
00:01:35
video production you need a rig pretty
00:01:37
much like this right with IP custom a
00:01:39
laser pointer but anyway if some DVDs
00:01:41
done there's a little bit more modern
00:01:42
but anyway you need a lot of equipment
00:01:44
but today most youtubers are doing
00:01:45
something like this and similarly my
00:01:48
late father was a radio amateur and I
00:01:50
grew up thinking that all men have a
00:01:51
Radio Shack full of crap like this and
00:01:54
and that was just normal but no in fact
00:01:57
today and I'll show you how and why it's
00:02:00
pretty much just as simple to mess
00:02:01
around with software-defined radio so
00:02:03
how is that possible there was a
00:02:04
Kickstarter and surely yes this was
00:02:06
possible before but I think it really
00:02:08
kicked off in 2014 with a Kickstarter
00:02:10
for this called the hack or if one does
00:02:13
anyone have one someone someone persons
00:02:15
go on two peoples got one awesome so
00:02:17
started by a guy called
00:02:18
Michael Osmond it's a little bit maybe
00:02:20
twice the size of a raspberry pie and
00:02:22
works anywhere between one megahertz up
00:02:24
to six gigahertz it can both send and
00:02:27
transmit so we say Rx and TX
00:02:29
it's got a cool ARM chip in it and it
00:02:31
only costs 10,000 Rance that's right
00:02:33
folks only ten grands some people you
00:02:35
see some people are getting better deals
00:02:36
than when I was looking but you have to
00:02:39
chat to those people afterwards yeah
00:02:42
what speaking of speaking of meanwhile
00:02:44
who wants to guess what this is
00:02:46
it's the rollout of digital terrestrial
00:02:48
television and I don't know why South
00:02:50
Africa is blue because why is it blue
00:02:53
they say it's launched but whatever and
00:02:56
it's um created this whole market
00:02:57
speaking of China they produce these
00:02:59
awesome chips these real Tex RTL 2832
00:03:02
use which going little dongles like this
00:03:04
and here's one I've got another one
00:03:07
there as well and they operate anywhere
00:03:09
between 25 megahertz and 1.6 gigahertz
00:03:12
they're the read-only which is fine you
00:03:14
can give yourself into less trouble
00:03:15
we'll chat about how you get into
00:03:17
trouble there if you really want to they
00:03:19
use this trip of course then you cost
00:03:20
about 300 bucks so that's really not bad
00:03:22
up to about 500 and there's a whole new
00:03:25
blog so many of the stuff that I'm going
00:03:26
to be chatting about comes from this
00:03:28
website OTO sto comm so even more crazy
00:03:31
things are posted up here so that's
00:03:33
that's a really good source and then
00:03:35
there are much nicer ones like this one
00:03:37
that's got an iminium on it so you can
00:03:38
work at high frequencies for longer so
00:03:42
that's what that looks like that's what
00:03:43
that terrible sound was earlier I was
00:03:45
messing around with that I was trying to
00:03:46
get my mic on the rtl-sdr to show you
00:03:48
that but I couldn't control the volume
00:03:49
so sorry about those folks ears but it's
00:03:52
pretty much the same thing just a little
00:03:53
bit more expensive and there are
00:03:54
hundreds of these kinds of devices
00:03:56
coming out they're available and things
00:03:58
like micro robotics communicates that
00:04:00
we're all setting them now for around
00:04:01
500 bucks there's an S buy devices
00:04:04
another nice option and when it comes to
00:04:06
the kind of software for those windows
00:04:08
forgot which crowd i've got here today
00:04:11
but anyway if you are a Windows user
00:04:13
this is normally how you'll get things
00:04:14
going so a spy makes some of these
00:04:16
devices you can just download their
00:04:19
software over there you guys know how to
00:04:20
click download so once you've got that
00:04:22
going what I like about s bi is they
00:04:24
actually give you a link this little
00:04:26
batch file over here is going to
00:04:27
download the drivers for your rtl-sdr
00:04:30
which is pretty cool
00:04:31
and once you've got that installed this
00:04:33
is just how you'll get an rtl-sdr going
00:04:35
in Windows you open this little program
00:04:36
called Zadok it's going to patch a
00:04:38
driver before you install that this is
00:04:41
what generally what it looks like you go
00:04:43
this is all real time I haven't sped
00:04:44
this up because I'm far too lazy then 10
00:04:47
turn and it's installed successfully and
00:04:49
then you can start a program called SDR
00:04:52
shop which in my experience is one of
00:04:53
the more popular versions that people
00:04:54
are using out there so this is what it
00:04:56
looks like and you're just going to have
00:04:58
to go to settings and select your USB
00:05:00
device over there so if you've got that
00:05:01
going that's it so this is very much
00:05:05
what the spectrum is looking like and
00:05:07
this is called the waterfall down here
00:05:09
so you can just pick up that's just
00:05:10
normal radio station at 104 megahertz
00:05:12
and this is where we can start playing
00:05:15
with one of those key fobs if you've got
00:05:16
these on so if you've got one now not
00:05:19
all of them I like this yes they are
00:05:20
rolling codes and French and coding and
00:05:22
everything else but most property
00:05:23
developers are cheap and like buying
00:05:25
cheap stuff so if I was just messing
00:05:28
around with one of these as well
00:05:29
so you use RTL SDR these things run and
00:05:32
I think it's 405 megahertz so let's look
00:05:34
what I recorded over 403 550 there we go
00:05:37
and play over there to record that and
00:05:40
if you press that button you'll see that
00:05:43
little code over there so that's fun
00:05:46
let's go do some signal analysis
00:05:48
actually bought the part that you attach
00:05:50
to your gate to actually flip the the
00:05:52
reader over there to open everything up
00:05:53
this Brown thing is the antenna and well
00:05:57
how does it work you press the button
00:05:58
there's some sound bump and a little LED
00:06:01
goes so what's fun about this is you can
00:06:04
record that using some of the recording
00:06:07
stuff down here and there's a little bit
00:06:10
just like audio recording 16-bit PCM see
00:06:13
that and it's exactly the same
00:06:15
experience you're just going to record
00:06:16
this there we go we've got that and now
00:06:19
let's go see what that signal looks like
00:06:20
inside so who uses audacity for audio
00:06:24
and stuff like that you use that full
00:06:26
for this as well well you can at least
00:06:27
so if I open this up on audacity in
00:06:30
Windows and I did this all through a
00:06:31
virtual machine in my defense which
00:06:33
caused me problems you will see about
00:06:34
later but anyway that's the signal that
00:06:36
I recorded and if we zoom in there
00:06:39
there's no any press that I'm doing this
00:06:41
with my thumb alive there's no one
00:06:43
impressed
00:06:44
notice that these things it sends the
00:06:46
signal a quite a couple of times and if
00:06:51
you look at that that's I think that's
00:06:52
Manchester encoding I can't remember
00:06:53
what this is called actually but that
00:06:56
looks like a code and if you had to open
00:06:59
up your I want to call it a dongle
00:07:02
because I use Apple computers but
00:07:03
forgive me on that yes so see those dip
00:07:07
switches are there that's how you set
00:07:08
that static code and you'll notice very
00:07:11
probably expected for this audience
00:07:13
correlation between these are over here
00:07:15
so that's an interesting new way of
00:07:17
going to jail if you want to open up
00:07:19
things will record these in effect when
00:07:20
I was messing around this I noticed that
00:07:22
I was getting signals when I hadn't
00:07:23
pressed the button and it was my
00:07:25
neighbors coming home and and stuff like
00:07:27
that and you'll be surprised how often
00:07:28
it's a static code that keeps being
00:07:29
reused so let's talk about why we get
00:07:31
into trouble when we mess around with
00:07:33
the electromagnetic spectrum on the back
00:07:35
of your phone you will normally have
00:07:37
something like this so the FCC is from
00:07:39
the states and EC is from the UK and
00:07:42
these guys regulate what part of the
00:07:45
spectrum who can use or you can use
00:07:47
which part and you know different
00:07:49
parties have paid different amounts for
00:07:50
people to be allowed to use different
00:07:52
parts of the spectrum so it's sort of
00:07:54
policed so Akasa
00:07:55
is the south african version of that i
00:07:57
believe this is the one for China and
00:07:59
Malaysia and one of them here I can't
00:08:00
remember it's for New Zealand and this
00:08:03
is a nice graph just to show you where
00:08:04
all the different parts so allocated so
00:08:06
this is normally where normal broadcast
00:08:08
radio would be sitting the kind of stuff
00:08:10
you listen to in your car if we go over
00:08:12
to 2.4 gigahertz that's a Wi-Fi and
00:08:15
Bluetooth and all those good things that
00:08:16
say that's kind of a unlicensed it's
00:08:18
free for us to use and going over to
00:08:20
this side we've got 890 what was this oh
00:08:23
yes aeronautical mobile stuff so we're
00:08:26
going to miss around some planes a
00:08:27
little bit later on this side
00:08:29
satellites fit in there in this 137
00:08:32
make-ahead range it's a little bit tight
00:08:34
and then all the way on that side this
00:08:37
is where those key fobs so your car
00:08:38
remote and all those different things
00:08:39
sitting here so that's quite fun and if
00:08:41
you do want to extend this a little bit
00:08:43
further I would very much recommend
00:08:45
getting an amateur radio license who
00:08:46
hears a radio an okay more than I've had
00:08:49
before you guys the guys who would like
00:08:50
being referred to by yours eros whatever
00:08:52
call signs okay I'm not a radio ham yet
00:08:54
I have accepted Dominic White's
00:08:56
challenge to
00:08:57
do my both my parents already owned our
00:08:58
ham so a big pardon yes I am doing it
00:09:02
it's just taking long and how I'm doing
00:09:04
it is is we prepared say let's say
00:09:07
there's a corpse up you can do practice
00:09:09
exams even so recommend that to to
00:09:11
anyone interested I'm who here has a
00:09:13
Raspberry Pi who does not what is wrong
00:09:16
with you why don't you have a raspberry
00:09:18
pie okay for those of you don't know
00:09:19
what a raspberry pie is credit
00:09:21
card-sized computer about Yohai 600
00:09:23
bucks
00:09:24
cool it alarm processor and did you know
00:09:26
this its TX only as far about as far as
00:09:30
I've been able to find out anywhere
00:09:32
between 5 kilohertz and and 1.5
00:09:34
gigahertz which is actually quite
00:09:35
impressive and guy you've got this going
00:09:37
created something called ARP ITX
00:09:40
very fine piece of software in the way
00:09:41
you get this going and I'll show you why
00:09:43
you shouldn't do it just like this yet
00:09:45
but anyway if you look at your general
00:09:47
input/output GPIO headers if you attach
00:09:50
just a little lead on to GPIO 7 which I
00:09:53
think correct me if I'm wrong is the one
00:09:55
useful pulse width modulation on motors
00:09:58
you can use that to broadcast stuff but
00:10:01
I warn you please do not do this because
00:10:03
a Raspberry Pi is a digital device so it
00:10:06
thinks in ones and zeros and that
00:10:08
normally gets broadcast as a bit of a
00:10:09
square wave and those of you who
00:10:11
remember your high school computer
00:10:13
science and for other computer science
00:10:15
what I'm saying
00:10:15
physical science and when we broadcast
00:10:18
things we want to use nice sine waves
00:10:19
I'll show you why in a moment because of
00:10:21
this harmonics problem but because we
00:10:22
can use constructive interference and
00:10:24
destructive interference to create
00:10:26
different waveforms and and if we add
00:10:28
some more app we can make square waves
00:10:30
the same thing is true in Reverse which
00:10:33
causes this terrible problem so if
00:10:35
you're gonna be using a Raspberry Pi to
00:10:36
transmit any of these things that
00:10:38
whatever you're broadcasting is going to
00:10:39
be sort of reflected on different parts
00:10:42
of the spectrum as well and you're going
00:10:43
to start breaking people's baby monitors
00:10:45
and setting all kinds of people and the
00:10:47
worst part is you're telling them
00:10:48
exactly where you are by broadcasting
00:10:50
that signal so so you've been warned and
00:10:53
it caster will come after you but it's
00:10:55
fine there are these things called
00:10:56
bandpass filters so this is what you
00:10:57
should use and essentially all this does
00:11:00
is it it cuts off the frequency on
00:11:02
either side so that those harmonics
00:11:04
don't end up in other parts of the
00:11:05
spectrum where you cause trouble for
00:11:06
people very cheap buy them from China I
00:11:09
haven't bothered yet
00:11:10
but I'll show you why it's cool and wow
00:11:12
you can do this everything leaks
00:11:14
electromagnetic radiation we'll chat
00:11:15
about that in a second so if we wanted
00:11:17
to turn our key fob into one of these or
00:11:20
rather the other way around we could do
00:11:21
a replay attack with something like this
00:11:22
so what I've done is I've attached that
00:11:24
RTL dongle to our 3 PI over here that's
00:11:28
the antenna part over here and I can SSH
00:11:31
into my PI you guys all know how to do
00:11:33
that and from the command line I love
00:11:35
this kind of audience where I can do
00:11:36
this and our TL menu is a nice piece of
00:11:39
software so I can go back to that for
00:11:40
you can see I had before and I'm just
00:11:44
choosing an input in that output
00:11:45
frequency and I want them both to be the
00:11:46
same because I'm doing a replay attack
00:11:48
here attack anyway so while that rants
00:11:51
cool it's busy recording a signal so
00:11:53
that I can go to my dongle and I can go
00:11:56
and oh is it shaking because it's
00:11:58
playing there we go should we get that
00:12:00
going cool and then I can run it again
00:12:03
so from the menu I can just replay what
00:12:05
I've recorded so I'm basically just
00:12:06
recording something and then playing it
00:12:07
back I want you to notice something I've
00:12:10
not attached to anything here it's just
00:12:12
the normal electromagnetic leakage from
00:12:14
this thing which you can see is
00:12:15
certified it's still leaking enough for
00:12:18
me to be able to trip this relay so
00:12:21
that's pretty cool if you think about it
00:12:22
you could just go and plug this thing
00:12:24
into a battery pack and connect it just
00:12:26
press it up against the receiver and you
00:12:29
should get enough leakage for this thing
00:12:30
to work so that's a little playing on
00:12:33
this can work as a transponder mode as
00:12:35
well basically just a repeater and a few
00:12:37
other cool hacks so that's a more
00:12:39
interesting way to go to jail but can
00:12:42
you do a brute-force attack so I thought
00:12:44
about this and there are only 12
00:12:45
switches and never even got to positions
00:12:46
so the total amount of combinations that
00:12:49
this thing can have is only 2 to the
00:12:51
power of 12 which is 4096 combinations
00:12:53
that's not too bad for brute force at
00:12:54
all so if you were to write a piece of
00:12:57
software like this which I just called
00:13:00
brute force you could just transmit I
00:13:01
had to speed this up for every single
00:13:03
code for all these static things and and
00:13:06
you could run through all of them and
00:13:08
pump there that stun factor didn't have
00:13:10
to wait for it
00:13:11
meanwhile Koha so I I thought about I
00:13:17
started this on github and then I took
00:13:19
it off when I realized I'd I'm not
00:13:21
worried about people stealing things
00:13:22
from your home I'm worried about your
00:13:23
dogs getting out
00:13:24
and stuff like that so so yeah maybe I
00:13:28
need some oh yes and so the last time I
00:13:30
did this at ex-con in Joburg I called
00:13:32
skulk came over to me and showed me how
00:13:33
he's using this who has Robo guards at
00:13:35
home okay I want do you know what a Robo
00:13:38
guard is this is a this is a South
00:13:41
African product so what they've got its
00:13:43
- I suppose that like PIR sensors
00:13:46
essentially and you've got two beans
00:13:48
that it makes so that you can so that
00:13:50
your dog doesn't trip it or you know I
00:13:52
want to say airplane for some reason no
00:13:55
it will not be tripped by an aeroplane
00:13:56
you know birds or or anything and
00:13:59
anything else in your garden won't trip
00:14:01
it off but if someone hops into your
00:14:02
garden and this thing can can pick it up
00:14:04
and they work at 433 megahertz so this
00:14:06
is some Scots code which he was kind
00:14:08
enough to share with me where what he's
00:14:10
doing is he's written his own
00:14:11
implementation yes it's still connected
00:14:13
to his alarm but now he can connect it
00:14:15
to his Raspberry Pi and see when his
00:14:18
garden services are there if his kids
00:14:20
are playing outside and in if certain
00:14:21
hours where he's not expecting anyone
00:14:23
else to be in his yard it can let him
00:14:25
know and that's why he's got these
00:14:27
tamper and checking flags and everything
00:14:29
else and that's just how he runs it with
00:14:31
rtl-sdr it's a really really cool thing
00:14:33
and let's chat about antennas so when
00:14:36
you buy these dongles you get one of
00:14:37
these things which is of course one of
00:14:40
the simplest antenna types you can get
00:14:41
called a dipole so you can make this
00:14:44
yourself with a coat hanger if you like
00:14:45
this is just a piece of coax and when
00:14:49
you open that up it's got shielding a
00:14:50
core and I love saying dielectric
00:14:52
insulator for some reason it makes me
00:14:54
sound very intelligent but it's it's
00:14:55
just plastic
00:14:56
and yes I'm incorrectly labeling these
00:14:59
ground and VCC because that makes more
00:15:01
sense to me personally but anyway if you
00:15:03
just attach two aluminium poles onto
00:15:05
this you have made a dipole they're that
00:15:06
easy to make and you can tell them to
00:15:09
different kinds of frequencies so and
00:15:10
how does this work well as the
00:15:12
electromagnetic waves pass by they are
00:15:14
inducing a current or a potential
00:15:16
voltage between these two different
00:15:18
poles and polarization is an important
00:15:21
thing you'll hear about a lot when you
00:15:22
mess around with this stuff who wants to
00:15:24
guess yes this is vertical or horizontal
00:15:26
polarization how did I miss that up and
00:15:29
vertical polarization point is basically
00:15:32
if you want to chair to someone the
00:15:33
polarizations need to match but things
00:15:35
get complicated with satellites with
00:15:36
circular polarization
00:15:38
which we'll chat about in a second
00:15:39
because that gets a lot of fun anyway so
00:15:42
um I can chat about antennas for a very
00:15:44
long time I just have one thing I want
00:15:46
to get out of here you will know about
00:15:47
yagi antennas
00:15:48
please start calling them yahudah
00:15:51
antennas because it is mr. Udo who had
00:15:53
the greater contribution to the creation
00:15:55
of this antenna then yagi that's the
00:15:57
only thing I want to change about that
00:15:58
and if you want to make your own how
00:16:00
long should these things run or how long
00:16:02
should your things be
00:16:04
that's always going to be proportional
00:16:05
to your wavelength so just how long that
00:16:08
wave is over time and your antenna needs
00:16:10
to be half that all right so if you're
00:16:13
making these yourself quickly we'll talk
00:16:15
about the half wavelength and the
00:16:16
quarter wavelength and for the sake of
00:16:17
our antenna we're going to talk about
00:16:18
the total length and the element length
00:16:20
of our dipole and you're not going to
00:16:23
sound smart at any conference and less
00:16:24
you include some mathematics so for the
00:16:26
purposes of this talk we are going to
00:16:29
state the very well-known fact that
00:16:31
wavelength equals the velocity of
00:16:32
whichever medium through which something
00:16:35
is traveling divided by its frequency in
00:16:37
which case this will be the speed of
00:16:39
light because it's radio waves of course
00:16:40
which we can approximate to three times
00:16:42
a to the well three times a to the power
00:16:43
of ten meters per second so if we want
00:16:45
you to know what the length should be to
00:16:47
pick up a signal at a hundred megahertz
00:16:49
100 megahertz is just 100 times 10 to
00:16:52
the power of six so those two zeros can
00:16:53
just fall in there and notice that now I
00:16:56
can cancel out 10 to the power of eight
00:16:58
divided by 10 to the power of eight
00:17:00
leaving with only three meters and
00:17:01
that's how easy it is to figure out how
00:17:03
long your antenna dipole should be half
00:17:05
that remember yeah anyway okay so
00:17:16
apparently I've got that wrong and you
00:17:17
need to come to me afterwards to show me
00:17:19
how to fix that for my talk I'm very
00:17:20
welcome and open to feedback okay thanks
00:17:23
so so for those of you at home you can
00:17:25
ignore the last five seconds of this and
00:17:27
we'll fix it in post ok and and I also
00:17:33
approximated the speed of light which
00:17:34
motivates it some people I'm sorry okay
00:17:36
let's talk about tracking ships so this
00:17:38
is what the ocean looks like and it's
00:17:40
always clearance always comment no it's
00:17:41
not sometimes it looks like this and
00:17:43
then it also gets dark so it can be
00:17:45
scary and that's why on ships they have
00:17:47
things like this which help you track
00:17:48
other
00:17:49
why do I keep wanting to say airplanes
00:17:51
and other ships you could you could
00:17:53
track aeroplanes as well you'd need some
00:17:55
different equipment we'll chat about
00:17:56
that in a second
00:17:56
anyway they use a system called a is
00:17:59
automatic identification system and
00:18:01
because I'm a software guy I like to
00:18:03
think of them as datagrams don't call
00:18:04
them datagrams I just like doing that
00:18:06
but yes they'll they'll come with
00:18:08
something similar to I don't know what
00:18:10
anyway yes you get this MSI maritime
00:18:15
mobile service identity number you get a
00:18:17
navigation status with cool words like
00:18:19
anchor and underweight a rate of turn so
00:18:22
which where the ship's pointed I suppose
00:18:23
speed in knots and in latitude longitude
00:18:25
and it runs 160 1.9 you don't care about
00:18:30
the actual numbers you can get those and
00:18:31
post later anyway if you want to make an
00:18:33
antenna for this you'll need it's
00:18:35
probably wrong now but anyway I I went
00:18:39
and did this and I made 44 centimeter
00:18:41
dipoles so I was down at why do I keep
00:18:44
wanting to say can't spare this is down
00:18:46
by the VNA water friend and if you look
00:18:47
out there there are ships out there so
00:18:49
we can figure out where they are what
00:18:51
they are what they're doing so this is
00:18:54
SDR sharp running in a virtual machine
00:18:56
and you'll already notice I lie to you
00:18:58
there are actually two types of a is a
00:19:00
s1 and s2 and they make these little
00:19:01
chips just go back and play this one I
00:19:04
go and make these little chips that you
00:19:05
can pick up and in Windows there's
00:19:08
something called ship plotter
00:19:09
that you can use with a virtual audio
00:19:11
cable through a virtual machine which
00:19:13
caused problems for me that you'll see a
00:19:15
little bit later but this is generally
00:19:16
how you would do this on a Windows box
00:19:17
you can record these signals and then
00:19:20
you should be able to see all these
00:19:21
ships but this doesn't work so well on a
00:19:24
Mac and I was wondering what was the
00:19:25
problem with this and all my virtual
00:19:27
cables and virtual machines so when I
00:19:29
opened up cubic SDR and I could still
00:19:32
see these coming through and then we're
00:19:33
coming through even clearer and I could
00:19:35
record them as well and by the way yes
00:19:37
GQ Rx is a perfectly good alternative
00:19:39
that works on Linux I have nothing
00:19:41
against GQ rx person who spoke to me
00:19:43
about it at the last conference cool so
00:19:46
so I could record these which was fine
00:19:48
and then I could go back into Windows
00:19:50
and take the WAV file from this using
00:19:52
this thing called s Mon which could at
00:19:54
least tell me something about these
00:19:55
files and the interesting thing I had to
00:19:57
do I experiment a lot but if you bring
00:19:58
it down to 8-bit audio select telephone
00:20:00
line quality it seems to work so I mean
00:20:03
I've got
00:20:03
of arras over here but there was
00:20:04
definitely some data India where it
00:20:06
could find some stuff so if I go then
00:20:08
and take that same audio file and I put
00:20:10
that into ship plotter this is more the
00:20:12
experience you'll use if you have a
00:20:13
Windows machine which is useless to this
00:20:15
audience because I don't think anyone
00:20:16
here has one but anyway yes that's what
00:20:20
it looks like and then you can see your
00:20:22
ships pretty cool huh
00:20:24
no internet no hands yeah and and if you
00:20:28
plot that on a nicer piece of software
00:20:29
from the Mac App Store Jerry this is
00:20:31
what it looks like and how these things
00:20:33
work let's talk about how you can build
00:20:35
your own flight radar as well has anyone
00:20:37
done this before okay this is a lot of
00:20:40
fun this is a lot of fun who knows what
00:20:41
type of plane this is no guesses
00:20:45
it's a Boeing yes it's a Boeing triple7
00:20:49
it's a Boeing triple7 it's got 31
00:20:52
antennas on you and we're going to go
00:20:53
through every single one I'm kidding
00:20:55
we'll just go through one and and that's
00:20:57
for for something called ATS B so that's
00:21:00
your automatic dependent surveillance
00:21:01
broadcast very similar to a is but
00:21:03
designed for aircraft so how this works
00:21:06
and yeah I just thought of some problems
00:21:09
with this thing but there's more coming
00:21:10
up all the time anyway
00:21:12
aircraft generally know where they are
00:21:14
or should not generally know exactly
00:21:16
where they are thanks to technologies
00:21:17
like GPS and they can and the idea of a
00:21:20
DSP is that you broadcast that to other
00:21:22
aeroplanes and and by the way none of
00:21:24
this stuff is illegal it is a really
00:21:25
good idea that everyone knows where
00:21:26
aeroplanes are in the sky at all times
00:21:30
so yes they broadcast that down to two
00:21:33
ground stations so that air traffic
00:21:34
control can use this stuff and of course
00:21:36
to to other aircraft in the sky as well
00:21:39
through something called ATS be in and
00:21:41
if you do find yourself in the cockpit
00:21:43
of one of these planes right next to the
00:21:44
seat on this side is where you would put
00:21:47
this in I can't remember which YouTube
00:21:49
video I stole this from so I probably
00:21:51
owes someone some credit I've completely
00:21:55
forgotten I think it's captain Joe or
00:21:57
something like that but anyway what
00:21:58
you've put in there is a score code this
00:22:00
would be issued to you by aircraft
00:22:01
traffic control and you'll pop it in
00:22:03
before you get going and then I can't
00:22:06
recall which airport this is exactly but
00:22:09
yes this is the view that aircraft
00:22:10
traffic control normally have that blue
00:22:12
little part there's the runway where
00:22:14
everything is landing and you can see
00:22:15
here we've got score codes
00:22:16
and and flight numbers there's some
00:22:18
Dutch Airlines care them going and this
00:22:21
is normally in traditionally done
00:22:22
through what they call primary and
00:22:23
secondary surveillance radar which are
00:22:25
these dish things that are normally
00:22:26
hidden in big domes at the airports that
00:22:28
we normally visit but in South Africa
00:22:31
our Civil Aviation Authority is very
00:22:32
much pushing for the implementation of a
00:22:35
DSB - as they say replace legacy less
00:22:37
effective and more expensive primary
00:22:40
surveillance radar and monopole
00:22:41
secondary surveillance radar so these
00:22:46
80s speed datagrams
00:22:47
I'm a software guy remember I have that
00:22:50
score code in there the flight number
00:22:51
which in my experience is never
00:22:52
populated for some reason you altitude
00:22:55
how high you are your airspeed longitude
00:22:56
latitude surf course this broadcasts at
00:22:59
ten ninety and you need a much shorter
00:23:01
antenna only seven centimeters am I
00:23:04
wrong about that you're nodding okay
00:23:05
cool yeah okay and we use this a piece
00:23:08
of software called dump 1090 available
00:23:11
in github because I like open source
00:23:12
things and if you want to set this up in
00:23:14
your raspberry pi like I do same setup
00:23:16
except you hop in the command line you
00:23:18
guys know how to clone github
00:23:20
repositories let's skip that one but
00:23:22
when you run this after you've made it
00:23:24
you need to add on this interactive mode
00:23:26
otherwise it just starts streaming stuff
00:23:28
into the console and that - - net will
00:23:29
be important so I did this at the
00:23:31
airport
00:23:32
in the slow lounge my wife was not
00:23:34
amused at all with what I was doing and
00:23:38
you can see we've got an essay a flight
00:23:40
I've got it s if R if R as if our flight
00:23:43
over they a big question mark flight
00:23:44
they don't know where they're going
00:23:46
interesting part about this is a lot of
00:23:48
them have no speed and no longer - you
00:23:50
know latitude and I imagine this is
00:23:52
because a lot of planes are parked but
00:23:54
they leave the a DSB transponders on so
00:23:56
they keep transmitting but they don't
00:23:58
have a location or I've got excellent
00:24:00
range and they're all parked at point
00:24:01
Nemo so so that's that's really what
00:24:05
this looks like and if you want to that
00:24:07
- - net allows you to add on if you just
00:24:10
use local host in this instance but
00:24:12
anyway you can just go plot this using
00:24:15
Google Maps you do need to go register
00:24:17
to get your own Google Maps API key and
00:24:19
then fix it in the JavaScript code to
00:24:20
get this working
00:24:21
but yes here I've got three different
00:24:23
planes and you'll recognize there is our
00:24:25
T in Johannesburg so lots of fun um who
00:24:28
does the flight from flight who uses
00:24:30
flat rail
00:24:30
twenty four at all so there's this whole
00:24:33
community thing yeah lots of planes
00:24:34
being tracked by up by these guys and
00:24:36
you can contribute data yourself so if
00:24:38
you live in a remote area or somewhere
00:24:40
interesting
00:24:40
they've got a whole guide where you can
00:24:42
use a Raspberry Pi in one of these
00:24:43
dongles and contribute data by just
00:24:46
running this as sudo just grabbing
00:24:48
commands that start with sudo off the
00:24:49
internet and putting them into your
00:24:50
Raspberry Pi yes
00:24:53
I'm sure it's safe but anyway yeah this
00:24:57
this goes and pulls down and install and
00:24:58
and sits whole thing up and so this
00:25:01
presents new and interesting
00:25:02
opportunities for us to go to jail um
00:25:05
none of what I've spoken about is
00:25:07
authenticated or encrypted at all and
00:25:10
who remembers much earlier this year
00:25:12
Gatwick Airport was shut down for more
00:25:14
than a day I think millions of flights
00:25:17
were redirected now I've got a friend
00:25:18
who who owns a company that does like if
00:25:22
you want to charter a plane from one
00:25:24
country to another or do private flights
00:25:26
and medical flights and stuff like that
00:25:27
so he's not an aircraft traffic control
00:25:29
he does his company does all the ground
00:25:31
handling and I had some very interesting
00:25:32
discussions with him about how you could
00:25:34
cause more interesting problems with us
00:25:35
and I assume what would happen if on
00:25:38
let's say a prefers for whatever reason
00:25:41
goodness I'm so nervous with you in the
00:25:43
room about this
00:25:44
i I'm so gonna end up on a do not fly
00:25:47
list I'm a Dutch citizen as well so we
00:25:50
can't work together so but anyway yes if
00:25:53
on April 1st you had to put in so here's
00:25:56
the thing about school codes any school
00:25:57
code that starts with seven is a major
00:25:59
emergency okay I think seven thousand
00:26:03
means that plane is definitely hijacked
00:26:04
seven thousand six hundred probably
00:26:07
means that you you disagreeing you try
00:26:10
and remember this is that anything with
00:26:12
seven is bad the best one that starts
00:26:15
with seven I don't know which one this
00:26:16
is but it says that your your all your
00:26:18
radio communications are out
00:26:20
so I'm landing aircraft traffic control
00:26:22
please get everyone out of the way so I
00:26:24
said what would happen if I had to
00:26:25
create you know a seven thousand school
00:26:27
code and then in the same way that I can
00:26:29
create any transmitter using a Raspberry
00:26:30
Pi I could just attach it to Ross the
00:26:32
two I haven't thought through very well
00:26:34
but anyway let's attach it to a battery
00:26:36
bank go to the airport close to where
00:26:39
they're picking up these ADSP signals
00:26:41
leave it in the trash run away
00:26:43
oh I'm so worried about this suddenly
00:26:46
but anyway yes if this thing were it if
00:26:48
we then broadcast a fake like a ghost
00:26:50
airplane and you could fly this plane
00:26:52
all over the place all straight through
00:26:53
the aircraft traffic control tower and I
00:26:56
said what would happen and they said
00:26:57
well they would bail and run so I
00:27:02
haven't helped him get a day off work
00:27:03
yet because he doesn't actually work in
00:27:05
the tower but I mean like I don't think
00:27:07
these folks are thinking about the types
00:27:09
of problems that you guys are thinking
00:27:10
about in this software security space so
00:27:12
I thought thinking what could you do at
00:27:14
ATS be DDoS attack so who recognize this
00:27:17
this recognizes this Airport sorry
00:27:22
captain no it's not Cape Town it's way
00:27:25
too big this is Dubai International
00:27:26
Airport it's quite sandy here and the
00:27:29
reason I've chosen this one is because
00:27:30
it's one of the biggest connecting where
00:27:33
like connecting flights come through and
00:27:35
this causes massive massive problems
00:27:37
with diversions and everything else if
00:27:39
one of these airports had to go down
00:27:40
they will redirect any and all flights
00:27:42
coming in to anywhere else all right
00:27:45
so you don't need to hit a large amount
00:27:47
of airports you just need to hit a
00:27:49
couple of like you know JFK Heathrow
00:27:52
sheikah Paul and you can cause absolute
00:27:55
chaos with this sort of thing and
00:27:57
because if you're an aircraft traffic
00:27:59
control and you're just seeing a couple
00:28:00
of planes was what's your day can it be
00:28:02
like when this happens right and the
00:28:05
problem here really is that that you
00:28:07
know your your normal radar the whole
00:28:09
reason why these these airports can't
00:28:11
even operate the way they do is because
00:28:12
they're using a DSP they're not using
00:28:14
radar anymore because it doesn't give
00:28:16
them to the resolution they can't see
00:28:17
height or or anything else so they're
00:28:19
becoming very dependent on this kind of
00:28:21
thing and there's no security around
00:28:22
this stuff but yes like I said I am NOT
00:28:25
the first one to chat about this at all
00:28:27
for more than I think it's more than
00:28:29
five years we've been complaining about
00:28:30
security problems in there so if you
00:28:32
play in this field and yeah please
00:28:34
please let us know so of course you guys
00:28:37
actually came here to talk about
00:28:38
satellites so let's get into that and
00:28:39
this is Noah the u.s. is National
00:28:43
Oceanic and Atmospheric Administration
00:28:44
along blah-dee-blah but these guys exist
00:28:46
because of the Titanic this is not
00:28:50
running my theory but they started
00:28:52
tracking icebergs so they're quite all
00:28:53
the institution and they've got some
00:28:54
nice weather satellites like this one
00:28:57
I don't know which exactly this one is
00:28:59
there's a couple of NOAA satellites
00:29:00
three of them are in orbit at the moment
00:29:02
and they're in the East they go like
00:29:05
think of the most fax machines just go
00:29:07
over the earth from pole to pole all the
00:29:09
time they're there in Pearl all but and
00:29:10
they've got some different names so the
00:29:14
u.s. uses NORAD IDs to identify
00:29:15
everything because you're interested in
00:29:17
knowing what is and potential nuclear
00:29:19
missile and what is not and you can
00:29:20
probably tell us more about that while
00:29:22
the rest of us use these international
00:29:23
codes which tell us what data was
00:29:25
launched and some more information and
00:29:27
these things are quite here it's like
00:29:29
heavier than my car and I travel 28,000
00:29:32
kilometers per hour which is quite
00:29:33
impressive and they circumnavigate the
00:29:35
world every hundred and two minutes and
00:29:37
the view you're going to get from any
00:29:40
cameras on these things is from 850
00:29:42
kilometers above so you're not going to
00:29:44
get Google Earth kind of stuff here just
00:29:46
warning you in advance so the NOAA
00:29:49
satellites operated to primary frequency
00:29:51
so do a lot more than just this but at
00:29:53
137 point 1 megahertz they use something
00:29:55
called automatic picture transmission
00:29:57
and then there's a high-resolution
00:29:58
version of that which I don't use
00:30:00
because I'm not steady enough to hold
00:30:02
the antenna and track the satellite as
00:30:04
it comes over so funny story about no.19
00:30:07
it fell over this must have been such a
00:30:10
bad day at work for these guys right 137
00:30:13
million dollars because the bolts
00:30:14
weren't properly attached I don't think
00:30:16
anyone got fired I don't know the whole
00:30:17
story but when I do this myself I get
00:30:21
the best signal from this one so they're
00:30:23
probably fixed some stuff I don't know
00:30:24
what did they call it percussive
00:30:26
maintenance yeah okay so any story about
00:30:30
noah 16 it it used to have only one
00:30:33
NORAD ID and now it has over 200 because
00:30:36
it blew up and no one knows exactly why
00:30:39
listen I'm so impressed with these
00:30:41
things I'm really not trying to make fun
00:30:43
of them I mean to get this stuff to work
00:30:44
in this environment is amazing
00:30:46
you know I imagine if your laptop
00:30:48
battery blew up and there were 200
00:30:51
pieces of laptop everywhere and those
00:30:53
are only the pieces or whatever going
00:30:54
down again oh those are only the parts
00:30:57
big enough for them to to see you know
00:31:00
the much small little paint flecks and
00:31:01
things so this is half a rant about
00:31:03
space garbage we'll see some of that in
00:31:04
a moment anyway how do we find
00:31:06
satellites these tons of software to do
00:31:08
this orbiter on is something you'll see
00:31:10
recommended quite
00:31:10
but it's got quite a crap in confusing
00:31:12
do I probably perfect for when it was
00:31:14
written which feels like the 90s so I'm
00:31:16
gonna skip over this one so let's not
00:31:18
worry about that this is a much nicer
00:31:19
version called G predict so there's no
00:31:22
nineteen over there and I can select
00:31:24
that one and get some more information
00:31:25
around when it's going to be coming up
00:31:27
over so till the date and the time
00:31:30
around when you can expect that
00:31:32
satellite to come around again the one
00:31:33
I'd like is into y ou so this is the
00:31:35
website and you can use that one ten
00:31:38
minutes for e anyway we'll try go
00:31:41
through this a little bit faster but
00:31:42
this is how you can find when a
00:31:43
satellites going to you come over so put
00:31:45
in your coordinates of where you eye
00:31:46
picks it up from your IP address so it's
00:31:48
quite easy and I'll tell you when that
00:31:49
satellites going to come around so it'll
00:31:50
be in the sky for about 10 minutes as it
00:31:53
comes over no you can't see it oh guy
00:31:57
called chores recommended a very cool
00:31:58
alternative of this called Celeste rec
00:32:00
so speaking about space junk check this
00:32:01
out there's a lot of stuff up there and
00:32:05
anyway there's a search function down at
00:32:06
the bottom that you can chase use that
00:32:08
you can use to find some of these things
00:32:10
and if you're a developer there's
00:32:11
something called ory kit if you're a
00:32:13
Java programmer you can automate a
00:32:15
couple of stuff there's also a command
00:32:16
line version of G predict that I
00:32:19
wouldn't recommend too much but anyway
00:32:21
well we have to make some internal
00:32:22
modifications to get this going so to
00:32:23
deal with circular polarization will go
00:32:25
for 120 degree change over there 437
00:32:29
megahertz we need to do 54 centimeter
00:32:31
long element lengths and you point that
00:32:33
thing north-south so so literally this
00:32:35
is what I had that's my balcony up where
00:32:38
I live in Pretoria and it was pretty
00:32:40
much something like this just a little
00:32:42
bit longer and you sit out there at half
00:32:44
past 4:00 in the morning waiting for
00:32:46
satellites to come over and you'll see
00:32:47
in this waterfall this is cubic SDR
00:32:49
again there's something happening over
00:32:51
here as this thing comes over and a
00:32:53
little bit later you can see signals
00:32:56
improving and I hope this doesn't hurt
00:32:58
anyone's ears because there is an audio
00:32:59
section a little bit later but notice
00:33:01
how this ATP signal is coming in and
00:33:03
notice how it's just bent a little bit
00:33:05
who wants to guess why that is
00:33:07
it's the Doppler effect absolutely so
00:33:10
this thing is moving so quickly that the
00:33:12
frequency shifts ever so slightly
00:33:13
because of the speed at which it's
00:33:14
moving which is really interesting do
00:33:16
you want to hear what the sounds like
00:33:17
this might be super loud I'm sorry if it
00:33:19
is wait it's maybe better that you don't
00:33:24
hear it
00:33:25
they're probably turned it off but
00:33:26
anyway how do you decode this well like
00:33:27
I told you this thing's like a fax
00:33:29
machine so these were the old number
00:33:31
satellites some of the first were the
00:33:32
satellites you had out there so you use
00:33:34
something called automatic picture
00:33:35
transmission and everyone will tell you
00:33:37
to use WX to image which I used in a
00:33:40
virtual machine but could not install
00:33:41
and it didn't work out really well for
00:33:43
me so I switched to an open-source
00:33:45
version you'll see this thing break but
00:33:47
I'm a little bit worried about time so
00:33:49
we'll go forward on that what I
00:33:51
recommend is Noah ATP a very nice
00:33:53
website that shows you how all the
00:33:55
decoding of these signals can be done
00:33:57
and how you find the different wedges
00:33:59
for all that but in any case it's just a
00:34:00
project you can run so I did this on an
00:34:02
old Kali Linux box of mine so probably
00:34:05
appropriate for this audience I guess
00:34:06
but it comes a little gooey and you can
00:34:09
go for start and go grab so I did this
00:34:12
for for DEFCON initially so that's some
00:34:14
signal for no.19
00:34:16
choose an output file I'm just going to
00:34:18
call that DEFCON for one I'm typing
00:34:21
impressed
00:34:22
oh that jokes gotten old quickly all
00:34:24
right sorry and you start and this is in
00:34:27
real time I didn't speed this up there
00:34:30
we go
00:34:37
well Kali Linux everything is reduced
00:34:40
this is written what toroidal hora
00:34:43
that's yeah I only did this one time
00:34:46
I've actually put something else on that
00:34:48
machine because I know what you're all
00:34:49
thinking now who wants to see the
00:34:50
results yeah of course you do that's why
00:34:53
you came awesome so this was one of the
00:34:55
first ones I got okay so it's bad right
00:34:58
but but think about it I've got a signal
00:35:00
from space with a 300 round dongle and
00:35:03
the equivalent of a coat hanger I I was
00:35:06
very impressed with myself
00:35:07
and further pass has got much better
00:35:09
result so here you can see definitely
00:35:11
there's some clouds this and whether
00:35:12
there's something so what was the
00:35:14
problem
00:35:14
first of all occasion I just relied on
00:35:17
into IO using my IP but you need to be
00:35:20
quite specific about your your location
00:35:22
so that you can track the timing exactly
00:35:23
of when that satellite is going to rise
00:35:26
and set if you like line-of-sight is
00:35:28
also very important these signals do not
00:35:30
travel very well through buildings or
00:35:32
trees or anything else like that at all
00:35:34
and your antenna needs to meet much
00:35:36
better so
00:35:37
there's this website called technology
00:35:39
which I recommend they've got a very
00:35:40
cool cross dipole there's a whole
00:35:42
plethora of designs for these types of
00:35:44
antennas out there so this is by no
00:35:46
means the only one but less hacky burn
00:35:48
the thing I was using and you can filter
00:35:51
out some stuff which I'm going to skip
00:35:52
over and they're the results start
00:35:53
looking much better much better who can
00:35:57
tell me what's wrong with this image yes
00:36:02
because we're running out of time it's
00:36:04
upside down because these things are
00:36:06
moving you know north to south and south
00:36:07
north and you never know which way it's
00:36:08
it's really moving so and what you're
00:36:11
looking at over there is some thermal
00:36:12
infrared and some near visible but it's
00:36:15
all black and white of course
00:36:16
shall we play with some Russian
00:36:17
satellites have a good time for that
00:36:19
cool so they've got something called
00:36:20
meteor em two satellites is actually a
00:36:23
two version two one and two the first
00:36:26
one I think didn't properly separate
00:36:28
from its booster so it's sort of tumbles
00:36:30
and then they turn it off and then it
00:36:32
turns itself on again and starts
00:36:33
broadcasting there's a whole thing about
00:36:35
if you go to rtl-sdr recommend this it's
00:36:37
like 30 different dead satellites that
00:36:39
they put in these graveyard orbits and
00:36:41
then they just turn on again but ya know
00:36:44
this is this is an actual functioning
00:36:45
one same deal twice as heavy and same
00:36:48
idea a little bit closer same ish
00:36:52
frequency and this is what it looks like
00:36:54
it's a digital signal this time and I
00:36:56
had a lot of trouble with this you've
00:36:57
got to demodulate this they use
00:36:59
something called LR PT or low rate
00:37:01
picture transmission it's digital it's
00:37:03
slow but that's what we'd expect and
00:37:05
Utrecht wires lock for the Doppler
00:37:07
effects so if you're doing this there's
00:37:08
a whole long tutorial about how to do
00:37:10
this but I like the open source stuff
00:37:11
and thought this is way too much work to
00:37:13
use all those Windows programs so I use
00:37:15
something called meteor D mod and when
00:37:18
you're running that and you've recorded
00:37:20
this WAV file using SDR shop which you
00:37:22
need a plugin for by the way to maintain
00:37:24
that to compensate for the Doppler
00:37:26
effect and the movement of this
00:37:27
satellite there you've got lock it's
00:37:30
busy getting some data and then you've
00:37:32
got to decode it which didn't work this
00:37:34
time so I struggled with that and I
00:37:36
couldn't figure out why which is a long
00:37:37
story won't get into but other people
00:37:39
have had very good results so someone
00:37:41
posted this on Twitter I forgot to
00:37:43
credit them but this cape turned down on
00:37:45
that side and you can see this is a
00:37:46
digital signal on that side so really
00:37:48
really nice stuff from the Russians
00:37:50
there
00:37:51
if you want to use ooh International
00:37:54
Space Station is another fun thing that
00:37:56
I've been trying to mess around with
00:37:57
won't get into too many of the details
00:37:59
of that but of course find out when it's
00:38:01
gonna come close to you and I did this
00:38:04
using a Raspberry Pi actually just using
00:38:06
rtl-sdr
00:38:07
software FM's so this is it's just a
00:38:10
command line you can record it it
00:38:11
creates a WAV file or an IQ file for you
00:38:13
so put in the frequency give it a nice
00:38:16
name let it run and you just set this up
00:38:19
while the International Space Station is
00:38:21
coming over and they use this whenever
00:38:23
they're doing any amateur radio talks or
00:38:25
anything else and I had these
00:38:26
expectations about them maybe
00:38:27
complaining about the food or each other
00:38:29
or maybe picking up something scandalous
00:38:31
they can say on the radio because
00:38:32
they're over Africa and not on the
00:38:34
northern hemisphere nothing like that
00:38:36
happened at all as they flew over this
00:38:38
is not a video they sent me I don't even
00:38:39
know where this is but it's the view of
00:38:42
where it comes from ctrl C to exit to
00:38:44
pick up that file and that's all I heard
00:38:48
sorry about that so what you need to do
00:38:51
is go to the amateur radio in on the
00:38:54
International Space Station website and
00:38:55
find out when they're going to be
00:38:57
talking okay
00:38:58
so sometimes I speak to schools or
00:39:00
community events and stuff like that and
00:39:02
you'll only hear one side of the
00:39:04
conversation because you're not going to
00:39:05
hear you know the people speaking up to
00:39:07
it you won't get that you'll only hear
00:39:09
that one half of the conversation at
00:39:11
least but yes and they also do these
00:39:13
weird kind of I almost think of them as
00:39:14
memorial plaques but they sent down slow
00:39:17
scan television images which looked like
00:39:19
this in SDR shop yeah a little bit
00:39:23
grainy but quite fun to do so other fun
00:39:26
things to try in conclusion who has been
00:39:30
to one of those terrible restaurants we
00:39:32
have in South Africa where they tie like
00:39:34
this thing to the waiter and the
00:39:36
weight-room I have to say and you can
00:39:38
call them with a button on the table
00:39:40
who's been to those am I the only one
00:39:42
has those that uses the same technology
00:39:45
that pagers use and you can really mess
00:39:46
around with that stuff so that's a fun
00:39:48
thing I might want to try you can spoof
00:39:51
something called ODS TMC which is a fun
00:39:54
way so this is the inside of my cart
00:39:57
uses TMC pro to be able to tell where
00:39:59
there's traffic so I know this is
00:40:01
encrypted in Europe I don't know if it's
00:40:02
encrypted in South Africa
00:40:04
but it might be a fun way to say that
00:40:06
every road you're driving on is busy and
00:40:07
everyone should get out of the way that
00:40:08
might be a fun thing to do you can
00:40:11
create your own cellular networks with
00:40:13
something called open BTS the semi count
00:40:16
cars is cool talk called drive it like
00:40:18
you stole it where he talks about how
00:40:20
you can basically defeat French encoding
00:40:23
and and all that was some cool jamming
00:40:25
techniques you can build your own Space
00:40:27
Telescope and and yeah like literally
00:40:30
listened to pulsars which is really cool
00:40:31
you can spoof or RFID tags and I don't
00:40:34
know about this one but it might be fun
00:40:37
they'll explain eatos later and this is
00:40:41
the coolest thing I found it's something
00:40:42
called SMB radio so remember how my
00:40:45
Raspberry Pi has a little bit of EMF
00:40:47
leakage so all computers have a little
00:40:48
bit of EMF leakage and there's a it's
00:40:51
actually one of the demos isn't
00:40:53
JavaScript I don't actually have an
00:40:54
old-timey radio that can go down to I
00:40:57
think it's only 5 kilohertz is the
00:40:59
frequency at which it can broadcast but
00:41:01
it literally uses the EMF leakage from
00:41:05
your system bus to play mary had a
00:41:08
little lamb it is incredibly cool so who
00:41:11
knows who this is very close I won't
00:41:18
keep you interested it's it's Harry
00:41:19
Hertz and and the last mission social me
00:41:21
leave you guys with us they were
00:41:22
chatting to him many many years ago not
00:41:24
on an iPhone and when he does he's the
00:41:26
guy who discovered radio waves that's
00:41:28
why we talk about Hertz as the only SI
00:41:31
unit with our s in it because it's
00:41:32
someone's name and when they awesome
00:41:35
what the point of this was at all
00:41:36
there's nothing whatsoever he was very
00:41:37
impressed that he'd found a way to prove
00:41:39
Maxwell's equations of electromagnetic
00:41:41
induction and they'll swim about any
00:41:43
applications is it nothing I guess
00:41:45
and if you think about the applications
00:41:47
of radio and Wi-Fi and everything else
00:41:49
that we use today that's maybe a point
00:41:52
to make so if we think today about what
00:41:53
we do with the cloud we've basically
00:41:55
taken computer infrastructure to find it
00:41:57
via software and called it the cloud so
00:41:59
you can hop on to GCP or anything and
00:42:01
maker and VM what could you do a
00:42:04
software-defined radio and it's
00:42:06
interesting AWS is is doing this this
00:42:08
cool ground station network so you can
00:42:10
imagine creating your own points around
00:42:13
where I might have totally out of time
00:42:16
it's two minutes okay we'll just close
00:42:18
this up you can imagine as your
00:42:20
satellite is maybe moving across across
00:42:22
the planet as it moves close to that AWS
00:42:25
ground station with that data sand you
00:42:27
can spin up in an instance of a server
00:42:28
that could download that information
00:42:30
process it pass it along
00:42:31
and you don't need your own ground
00:42:33
stations for anything at all so I'm
00:42:35
completely out of fuel I've got some
00:42:36
credits for some of the guys who've
00:42:39
worked with me on this the O ex-con guys
00:42:41
who gave me some advice on this stuff
00:42:43
thank you to foreign aid Bank for doing
00:42:45
my flights and stuff I'm speaking at
00:42:47
your conference on the 31st probably I
00:42:50
don't know next year at Def Con
00:42:53
and that is me you guys can follow me on
00:42:55
Twitter thank you very much that's me
00:43:01
okay they have allowed me to questions
00:43:07
so not all of you at once please only
00:43:09
okay gentleman in the back with the
00:43:11
incredible beard you should have seen me
00:43:13
at Movember Hey okay first of all the
00:43:19
question is when am I getting my ham
00:43:21
license and what am I playing with Qi so
00:43:22
100 and so I'm thinking maybe next year
00:43:26
when exams are in April next year I
00:43:29
think will probably be the next
00:43:30
opportunity okay so that's that's what
00:43:33
I'm going for I'm slowly going up on on
00:43:36
we prepare and what do you say it was
00:43:38
Q&A what 100 what is that oh yes oh
00:43:54
so I've got the content for my next talk
00:43:56
yeah I'm sure we probably don't have the
00:44:08
audio from all of that but that sounds
00:44:09
incredible okay and and someone okay
00:44:11
awesome
00:44:12
one more question right so the question
00:44:20
is what other plans around encrypting
00:44:21
air traffic data I have no idea okay
00:44:25
I I did have this idea that you know
00:44:27
let's put blockchain on it and and of
00:44:28
course no but you know it could be I
00:44:33
don't know you know I think that I don't
00:44:37
know I don't know I should know but I
00:44:40
don't that's terribly embarrassing thank
00:44:42
you
00:44:42
all right no that's all for me you guys
00:44:44
thank you very much Cheers

Tag

satellitter
programvaredefinert radio
hacking
signalsporing
antennedesign
Doppler-effekt
NOAA
flysporing
skipssporing
SDR Sharp