Hva er programvaredefinert radio?

Programvaredefinert radio (SDR) er en teknologi som bruker programvare for å håndtere radiofrekvenser, noe som gjør det enklere å manipulere og analysere radiosignaler.

Hvordan kan jeg spore fly og skip?

Du kan spore fly og skip ved å bruke programvaredefinert radio og spesifikke frekvenser for automatisk identifikasjonssystem (AIS) for skip og automatisk avhengig overvåking (ADS-B) for fly.

Er det ulovlig å hacke satellitter?

Ja, hacking av satellitter eller andre radiosignaler uten tillatelse er ulovlig og kan føre til alvorlige straffer.

RTL-SDR er en billig USB-dongle som kan brukes til å motta og analysere radiosignaler over et bredt spekter av frekvenser.

Hvordan lager jeg en antenne for SDR?

Du kan lage en enkel dipole antenne ved å bruke to aluminiumspoler og en koaksialkabel, tilpasset til den frekvensen du ønsker å motta.

Hva er Doppler-effekten?

Doppler-effekten er endringen i frekvensen av en bølge i forhold til en observatør som beveger seg i forhold til kilden til bølgen.

Hva er NOAA-satellitter?

NOAA-satellitter er meteorologiske satellitter som overvåker værforhold og samler data om atmosfæren.

Hvordan kan jeg dekode signaler fra satellitter?

Du kan dekode signaler fra satellitter ved å bruke spesifik programvare som WXtoImg eller NOAA ATP, avhengig av signaltypen.

Hva er en Yagi-antenne?

En Yagi-antenne er en type retningsbestemt antenne som brukes til å forbedre signalmottak i en bestemt retning.

SDR Sharp er en populær programvare for Windows som brukes til å motta og analysere radiosignaler med SDR.

BSIDES CPT 2019 - Hacking satellites with Software Defined Radio (SDR) - Gerard de Jong

00:44:52

https://www.youtube.com/watch?v=gMwciWchH3Q

摘要

TLDRForedraget fokuserer på hacking av satellitter ved hjelp av programvaredefinert radio (SDR). Foredragsholderen deler sin erfaring med å spore skip og fly i sanntid uten internett, og demonstrerer hvordan man kan manipulere signaler fra enheter som bilnøkler. Det diskuteres også hvordan man lager antenner og bruker programvare for å dekode signaler fra satellitter som NOAA. Foredraget advarer om de juridiske konsekvensene av hacking og oppfordrer til ansvarlig bruk av teknologi. Det avsluttes med spørsmål fra publikum om emnet.

心得

🔍 Lær hvordan du sporer fly og skip i sanntid uten internett.
💻 Oppdag hvordan programvaredefinert radio fungerer.
📡 Lag dine egne antenner for SDR-prosjekter.
⚖️ Vær oppmerksom på de juridiske konsekvensene av hacking.
📊 Forstå Doppler-effekten og dens betydning for signalanalyse.
🌐 Utforsk NOAA-satellitter og deres data.
🛠️ Bruk SDR Sharp for å analysere radiosignaler.
📡 Lær om Yagi-antennens design og bruk.
📈 Få innsikt i hvordan du dekoder satellittsignaler.
🔧 Eksperimenter med signalmanipulering og -analyse.

时间轴

00:00:00 - 00:05:00
Introduksjon til hacking av satellitter med programvaredefinert radio, inkludert sporing av skip og fly uten internett.
00:05:00 - 00:10:00
Historisk perspektiv på videoproduksjon og radioamatørvirksomhet, samt introduksjon av programvaredefinert radio som ble populært med Kickstarter-prosjekter.
00:10:00 - 00:15:00
Presentasjon av RTL-SDR dongler og deres bruksområder, inkludert signalanalyse av fjernkontroller og mulige sikkerhetsproblemer.
00:15:00 - 00:20:00
Diskusjon om regulering av elektromagnetisk spektrum og viktigheten av amatør radio-lisenser for hobbyister.
00:20:00 - 00:25:00
Forklaring av Raspberry Pi og dens begrensninger i sending, samt advarsler om å unngå forstyrrelser i andre frekvenser.
00:25:00 - 00:30:00
Demonstrasjon av replay-angrep med RTL-SDR og Raspberry Pi, samt muligheten for brute-force angrep på enkle fjernkontroller.
00:30:00 - 00:35:00
Presentasjon av hvordan man kan spore skip og fly ved hjelp av SDR-teknologi, inkludert bruk av spesifikke programvarer og antenner.
00:35:00 - 00:44:52
Avslutning med diskusjon om satellitter, inkludert NOAA-satellitter og hvordan man kan dekode signaler fra dem.

显示更多

思维导图

视频问答

Hva er programvaredefinert radio?
Programvaredefinert radio (SDR) er en teknologi som bruker programvare for å håndtere radiofrekvenser, noe som gjør det enklere å manipulere og analysere radiosignaler.
Hvordan kan jeg spore fly og skip?
Du kan spore fly og skip ved å bruke programvaredefinert radio og spesifikke frekvenser for automatisk identifikasjonssystem (AIS) for skip og automatisk avhengig overvåking (ADS-B) for fly.
Er det ulovlig å hacke satellitter?
Ja, hacking av satellitter eller andre radiosignaler uten tillatelse er ulovlig og kan føre til alvorlige straffer.
Hva er en RTL-SDR?
RTL-SDR er en billig USB-dongle som kan brukes til å motta og analysere radiosignaler over et bredt spekter av frekvenser.
Hvordan lager jeg en antenne for SDR?
Du kan lage en enkel dipole antenne ved å bruke to aluminiumspoler og en koaksialkabel, tilpasset til den frekvensen du ønsker å motta.
Hva er Doppler-effekten?
Doppler-effekten er endringen i frekvensen av en bølge i forhold til en observatør som beveger seg i forhold til kilden til bølgen.
Hva er NOAA-satellitter?
NOAA-satellitter er meteorologiske satellitter som overvåker værforhold og samler data om atmosfæren.
Hvordan kan jeg dekode signaler fra satellitter?
Du kan dekode signaler fra satellitter ved å bruke spesifik programvare som WXtoImg eller NOAA ATP, avhengig av signaltypen.
Hva er en Yagi-antenne?
En Yagi-antenne er en type retningsbestemt antenne som brukes til å forbedre signalmottak i en bestemt retning.
Hva er SDR Sharp?
SDR Sharp er en populær programvare for Windows som brukes til å motta og analysere radiosignaler med SDR.

查看更多视频摘要

即时访问由人工智能支持的免费 YouTube 视频摘要！

字幕

自动滚动:

00:00:04
see us welcome today we're going to be
00:00:06
hacking satellites with software-defined
00:00:07
radio you might find somebody
00:00:11
interesting what you're gonna learn
00:00:12
today who has a gate that does this when
00:00:14
you press a button one of these have
00:00:16
your a key will you take them out we
00:00:18
might play with them in a moment so I'm
00:00:20
going to teach you how to do something
00:00:21
bad with that if you're worried about
00:00:24
where ships are if you ever go to the
00:00:26
sea I'm gonna show you how to track
00:00:27
where those things are in real time no
00:00:29
internet same thing with planes I'll
00:00:31
show you how to track planes so the next
00:00:33
time you're picking up a friend at the
00:00:34
airport you'll know if it's delayed if
00:00:36
your flight is delayed you don't need an
00:00:37
internet connection or worry about Wi-Fi
00:00:39
you can just figure out when that's
00:00:40
gonna happen and of course we're gonna
00:00:41
mess around with some signals from some
00:00:44
satellites so let that animation
00:00:47
complete I just want to put the brakes
00:00:48
on here if you do stupid stuff you're a
00:00:50
dolt and you can go to prison I will
00:00:52
show you many and interesting new ways
00:00:54
of going to prison if you're if you're
00:00:55
looking at doing that today and then
00:00:58
this talk is really just about my
00:01:00
journey and what I've been learning
00:01:01
about so I'm quite new in the security
00:01:03
field I don't work in the security field
00:01:05
I have I'm a software developer I work
00:01:07
for a bank so yeah this is still about
00:01:10
what I've been messing around with so
00:01:11
I'm going to show you the stuff that's
00:01:12
worked for me and what hasn't worked for
00:01:13
me and if you've got any ideas about
00:01:15
stuff you think I should try or when a
00:01:18
chat about do come to me afterwards we
00:01:20
can chat about that so a little bit of
00:01:22
history where does this come from who
00:01:23
here makes videos okay some of you might
00:01:26
not put us up because you make other
00:01:28
kinds of videos for the Internet so
00:01:30
about 10 years ago if you wanted to or
00:01:32
not 10 maybe even 20 years ago if you
00:01:34
wanted to make any kind of high-class
00:01:35
video production you need a rig pretty
00:01:37
much like this right with IP custom a
00:01:39
laser pointer but anyway if some DVDs
00:01:41
done there's a little bit more modern
00:01:42
but anyway you need a lot of equipment
00:01:44
but today most youtubers are doing
00:01:45
something like this and similarly my
00:01:48
late father was a radio amateur and I
00:01:50
grew up thinking that all men have a
00:01:51
Radio Shack full of crap like this and
00:01:54
and that was just normal but no in fact
00:01:57
today and I'll show you how and why it's
00:02:00
pretty much just as simple to mess
00:02:01
around with software-defined radio so
00:02:03
how is that possible there was a
00:02:04
Kickstarter and surely yes this was
00:02:06
possible before but I think it really
00:02:08
kicked off in 2014 with a Kickstarter
00:02:10
for this called the hack or if one does
00:02:13
anyone have one someone someone persons
00:02:15
go on two peoples got one awesome so
00:02:17
started by a guy called
00:02:18
Michael Osmond it's a little bit maybe
00:02:20
twice the size of a raspberry pie and
00:02:22
works anywhere between one megahertz up
00:02:24
to six gigahertz it can both send and
00:02:27
transmit so we say Rx and TX
00:02:29
it's got a cool ARM chip in it and it
00:02:31
only costs 10,000 Rance that's right
00:02:33
folks only ten grands some people you
00:02:35
see some people are getting better deals
00:02:36
than when I was looking but you have to
00:02:39
chat to those people afterwards yeah
00:02:42
what speaking of speaking of meanwhile
00:02:44
who wants to guess what this is
00:02:46
it's the rollout of digital terrestrial
00:02:48
television and I don't know why South
00:02:50
Africa is blue because why is it blue
00:02:53
they say it's launched but whatever and
00:02:56
it's um created this whole market
00:02:57
speaking of China they produce these
00:02:59
awesome chips these real Tex RTL 2832
00:03:02
use which going little dongles like this
00:03:04
and here's one I've got another one
00:03:07
there as well and they operate anywhere
00:03:09
between 25 megahertz and 1.6 gigahertz
00:03:12
they're the read-only which is fine you
00:03:14
can give yourself into less trouble
00:03:15
we'll chat about how you get into
00:03:17
trouble there if you really want to they
00:03:19
use this trip of course then you cost
00:03:20
about 300 bucks so that's really not bad
00:03:22
up to about 500 and there's a whole new
00:03:25
blog so many of the stuff that I'm going
00:03:26
to be chatting about comes from this
00:03:28
website OTO sto comm so even more crazy
00:03:31
things are posted up here so that's
00:03:33
that's a really good source and then
00:03:35
there are much nicer ones like this one
00:03:37
that's got an iminium on it so you can
00:03:38
work at high frequencies for longer so
00:03:42
that's what that looks like that's what
00:03:43
that terrible sound was earlier I was
00:03:45
messing around with that I was trying to
00:03:46
get my mic on the rtl-sdr to show you
00:03:48
that but I couldn't control the volume
00:03:49
so sorry about those folks ears but it's
00:03:52
pretty much the same thing just a little
00:03:53
bit more expensive and there are
00:03:54
hundreds of these kinds of devices
00:03:56
coming out they're available and things
00:03:58
like micro robotics communicates that
00:04:00
we're all setting them now for around
00:04:01
500 bucks there's an S buy devices
00:04:04
another nice option and when it comes to
00:04:06
the kind of software for those windows
00:04:08
forgot which crowd i've got here today
00:04:11
but anyway if you are a Windows user
00:04:13
this is normally how you'll get things
00:04:14
going so a spy makes some of these
00:04:16
devices you can just download their
00:04:19
software over there you guys know how to
00:04:20
click download so once you've got that
00:04:22
going what I like about s bi is they
00:04:24
actually give you a link this little
00:04:26
batch file over here is going to
00:04:27
download the drivers for your rtl-sdr
00:04:30
which is pretty cool
00:04:31
and once you've got that installed this
00:04:33
is just how you'll get an rtl-sdr going
00:04:35
in Windows you open this little program
00:04:36
called Zadok it's going to patch a
00:04:38
driver before you install that this is
00:04:41
what generally what it looks like you go
00:04:43
this is all real time I haven't sped
00:04:44
this up because I'm far too lazy then 10
00:04:47
turn and it's installed successfully and
00:04:49
then you can start a program called SDR
00:04:52
shop which in my experience is one of
00:04:53
the more popular versions that people
00:04:54
are using out there so this is what it
00:04:56
looks like and you're just going to have
00:04:58
to go to settings and select your USB
00:05:00
device over there so if you've got that
00:05:01
going that's it so this is very much
00:05:05
what the spectrum is looking like and
00:05:07
this is called the waterfall down here
00:05:09
so you can just pick up that's just
00:05:10
normal radio station at 104 megahertz
00:05:12
and this is where we can start playing
00:05:15
with one of those key fobs if you've got
00:05:16
these on so if you've got one now not
00:05:19
all of them I like this yes they are
00:05:20
rolling codes and French and coding and
00:05:22
everything else but most property
00:05:23
developers are cheap and like buying
00:05:25
cheap stuff so if I was just messing
00:05:28
around with one of these as well
00:05:29
so you use RTL SDR these things run and
00:05:32
I think it's 405 megahertz so let's look
00:05:34
what I recorded over 403 550 there we go
00:05:37
and play over there to record that and
00:05:40
if you press that button you'll see that
00:05:43
little code over there so that's fun
00:05:46
let's go do some signal analysis
00:05:48
actually bought the part that you attach
00:05:50
to your gate to actually flip the the
00:05:52
reader over there to open everything up
00:05:53
this Brown thing is the antenna and well
00:05:57
how does it work you press the button
00:05:58
there's some sound bump and a little LED
00:06:01
goes so what's fun about this is you can
00:06:04
record that using some of the recording
00:06:07
stuff down here and there's a little bit
00:06:10
just like audio recording 16-bit PCM see
00:06:13
that and it's exactly the same
00:06:15
experience you're just going to record
00:06:16
this there we go we've got that and now
00:06:19
let's go see what that signal looks like
00:06:20
inside so who uses audacity for audio
00:06:24
and stuff like that you use that full
00:06:26
for this as well well you can at least
00:06:27
so if I open this up on audacity in
00:06:30
Windows and I did this all through a
00:06:31
virtual machine in my defense which
00:06:33
caused me problems you will see about
00:06:34
later but anyway that's the signal that
00:06:36
I recorded and if we zoom in there
00:06:39
there's no any press that I'm doing this
00:06:41
with my thumb alive there's no one
00:06:43
impressed
00:06:44
notice that these things it sends the
00:06:46
signal a quite a couple of times and if
00:06:51
you look at that that's I think that's
00:06:52
Manchester encoding I can't remember
00:06:53
what this is called actually but that
00:06:56
looks like a code and if you had to open
00:06:59
up your I want to call it a dongle
00:07:02
because I use Apple computers but
00:07:03
forgive me on that yes so see those dip
00:07:07
switches are there that's how you set
00:07:08
that static code and you'll notice very
00:07:11
probably expected for this audience
00:07:13
correlation between these are over here
00:07:15
so that's an interesting new way of
00:07:17
going to jail if you want to open up
00:07:19
things will record these in effect when
00:07:20
I was messing around this I noticed that
00:07:22
I was getting signals when I hadn't
00:07:23
pressed the button and it was my
00:07:25
neighbors coming home and and stuff like
00:07:27
that and you'll be surprised how often
00:07:28
it's a static code that keeps being
00:07:29
reused so let's talk about why we get
00:07:31
into trouble when we mess around with
00:07:33
the electromagnetic spectrum on the back
00:07:35
of your phone you will normally have
00:07:37
something like this so the FCC is from
00:07:39
the states and EC is from the UK and
00:07:42
these guys regulate what part of the
00:07:45
spectrum who can use or you can use
00:07:47
which part and you know different
00:07:49
parties have paid different amounts for
00:07:50
people to be allowed to use different
00:07:52
parts of the spectrum so it's sort of
00:07:54
policed so Akasa
00:07:55
is the south african version of that i
00:07:57
believe this is the one for China and
00:07:59
Malaysia and one of them here I can't
00:08:00
remember it's for New Zealand and this
00:08:03
is a nice graph just to show you where
00:08:04
all the different parts so allocated so
00:08:06
this is normally where normal broadcast
00:08:08
radio would be sitting the kind of stuff
00:08:10
you listen to in your car if we go over
00:08:12
to 2.4 gigahertz that's a Wi-Fi and
00:08:15
Bluetooth and all those good things that
00:08:16
say that's kind of a unlicensed it's
00:08:18
free for us to use and going over to
00:08:20
this side we've got 890 what was this oh
00:08:23
yes aeronautical mobile stuff so we're
00:08:26
going to miss around some planes a
00:08:27
little bit later on this side
00:08:29
satellites fit in there in this 137
00:08:32
make-ahead range it's a little bit tight
00:08:34
and then all the way on that side this
00:08:37
is where those key fobs so your car
00:08:38
remote and all those different things
00:08:39
sitting here so that's quite fun and if
00:08:41
you do want to extend this a little bit
00:08:43
further I would very much recommend
00:08:45
getting an amateur radio license who
00:08:46
hears a radio an okay more than I've had
00:08:49
before you guys the guys who would like
00:08:50
being referred to by yours eros whatever
00:08:52
call signs okay I'm not a radio ham yet
00:08:54
I have accepted Dominic White's
00:08:56
challenge to
00:08:57
do my both my parents already owned our
00:08:58
ham so a big pardon yes I am doing it
00:09:02
it's just taking long and how I'm doing
00:09:04
it is is we prepared say let's say
00:09:07
there's a corpse up you can do practice
00:09:09
exams even so recommend that to to
00:09:11
anyone interested I'm who here has a
00:09:13
Raspberry Pi who does not what is wrong
00:09:16
with you why don't you have a raspberry
00:09:18
pie okay for those of you don't know
00:09:19
what a raspberry pie is credit
00:09:21
card-sized computer about Yohai 600
00:09:23
bucks
00:09:24
cool it alarm processor and did you know
00:09:26
this its TX only as far about as far as
00:09:30
I've been able to find out anywhere
00:09:32
between 5 kilohertz and and 1.5
00:09:34
gigahertz which is actually quite
00:09:35
impressive and guy you've got this going
00:09:37
created something called ARP ITX
00:09:40
very fine piece of software in the way
00:09:41
you get this going and I'll show you why
00:09:43
you shouldn't do it just like this yet
00:09:45
but anyway if you look at your general
00:09:47
input/output GPIO headers if you attach
00:09:50
just a little lead on to GPIO 7 which I
00:09:53
think correct me if I'm wrong is the one
00:09:55
useful pulse width modulation on motors
00:09:58
you can use that to broadcast stuff but
00:10:01
I warn you please do not do this because
00:10:03
a Raspberry Pi is a digital device so it
00:10:06
thinks in ones and zeros and that
00:10:08
normally gets broadcast as a bit of a
00:10:09
square wave and those of you who
00:10:11
remember your high school computer
00:10:13
science and for other computer science
00:10:15
what I'm saying
00:10:15
physical science and when we broadcast
00:10:18
things we want to use nice sine waves
00:10:19
I'll show you why in a moment because of
00:10:21
this harmonics problem but because we
00:10:22
can use constructive interference and
00:10:24
destructive interference to create
00:10:26
different waveforms and and if we add
00:10:28
some more app we can make square waves
00:10:30
the same thing is true in Reverse which
00:10:33
causes this terrible problem so if
00:10:35
you're gonna be using a Raspberry Pi to
00:10:36
transmit any of these things that
00:10:38
whatever you're broadcasting is going to
00:10:39
be sort of reflected on different parts
00:10:42
of the spectrum as well and you're going
00:10:43
to start breaking people's baby monitors
00:10:45
and setting all kinds of people and the
00:10:47
worst part is you're telling them
00:10:48
exactly where you are by broadcasting
00:10:50
that signal so so you've been warned and
00:10:53
it caster will come after you but it's
00:10:55
fine there are these things called
00:10:56
bandpass filters so this is what you
00:10:57
should use and essentially all this does
00:11:00
is it it cuts off the frequency on
00:11:02
either side so that those harmonics
00:11:04
don't end up in other parts of the
00:11:05
spectrum where you cause trouble for
00:11:06
people very cheap buy them from China I
00:11:09
haven't bothered yet
00:11:10
but I'll show you why it's cool and wow
00:11:12
you can do this everything leaks
00:11:14
electromagnetic radiation we'll chat
00:11:15
about that in a second so if we wanted
00:11:17
to turn our key fob into one of these or
00:11:20
rather the other way around we could do
00:11:21
a replay attack with something like this
00:11:22
so what I've done is I've attached that
00:11:24
RTL dongle to our 3 PI over here that's
00:11:28
the antenna part over here and I can SSH
00:11:31
into my PI you guys all know how to do
00:11:33
that and from the command line I love
00:11:35
this kind of audience where I can do
00:11:36
this and our TL menu is a nice piece of
00:11:39
software so I can go back to that for
00:11:40
you can see I had before and I'm just
00:11:44
choosing an input in that output
00:11:45
frequency and I want them both to be the
00:11:46
same because I'm doing a replay attack
00:11:48
here attack anyway so while that rants
00:11:51
cool it's busy recording a signal so
00:11:53
that I can go to my dongle and I can go
00:11:56
and oh is it shaking because it's
00:11:58
playing there we go should we get that
00:12:00
going cool and then I can run it again
00:12:03
so from the menu I can just replay what
00:12:05
I've recorded so I'm basically just
00:12:06
recording something and then playing it
00:12:07
back I want you to notice something I've
00:12:10
not attached to anything here it's just
00:12:12
the normal electromagnetic leakage from
00:12:14
this thing which you can see is
00:12:15
certified it's still leaking enough for
00:12:18
me to be able to trip this relay so
00:12:21
that's pretty cool if you think about it
00:12:22
you could just go and plug this thing
00:12:24
into a battery pack and connect it just
00:12:26
press it up against the receiver and you
00:12:29
should get enough leakage for this thing
00:12:30
to work so that's a little playing on
00:12:33
this can work as a transponder mode as
00:12:35
well basically just a repeater and a few
00:12:37
other cool hacks so that's a more
00:12:39
interesting way to go to jail but can
00:12:42
you do a brute-force attack so I thought
00:12:44
about this and there are only 12
00:12:45
switches and never even got to positions
00:12:46
so the total amount of combinations that
00:12:49
this thing can have is only 2 to the
00:12:51
power of 12 which is 4096 combinations
00:12:53
that's not too bad for brute force at
00:12:54
all so if you were to write a piece of
00:12:57
software like this which I just called
00:13:00
brute force you could just transmit I
00:13:01
had to speed this up for every single
00:13:03
code for all these static things and and
00:13:06
you could run through all of them and
00:13:08
pump there that stun factor didn't have
00:13:10
to wait for it
00:13:11
meanwhile Koha so I I thought about I
00:13:17
started this on github and then I took
00:13:19
it off when I realized I'd I'm not
00:13:21
worried about people stealing things
00:13:22
from your home I'm worried about your
00:13:23
dogs getting out
00:13:24
and stuff like that so so yeah maybe I
00:13:28
need some oh yes and so the last time I
00:13:30
did this at ex-con in Joburg I called
00:13:32
skulk came over to me and showed me how
00:13:33
he's using this who has Robo guards at
00:13:35
home okay I want do you know what a Robo
00:13:38
guard is this is a this is a South
00:13:41
African product so what they've got its
00:13:43
- I suppose that like PIR sensors
00:13:46
essentially and you've got two beans
00:13:48
that it makes so that you can so that
00:13:50
your dog doesn't trip it or you know I
00:13:52
want to say airplane for some reason no
00:13:55
it will not be tripped by an aeroplane
00:13:56
you know birds or or anything and
00:13:59
anything else in your garden won't trip
00:14:01
it off but if someone hops into your
00:14:02
garden and this thing can can pick it up
00:14:04
and they work at 433 megahertz so this
00:14:06
is some Scots code which he was kind
00:14:08
enough to share with me where what he's
00:14:10
doing is he's written his own
00:14:11
implementation yes it's still connected
00:14:13
to his alarm but now he can connect it
00:14:15
to his Raspberry Pi and see when his
00:14:18
garden services are there if his kids
00:14:20
are playing outside and in if certain
00:14:21
hours where he's not expecting anyone
00:14:23
else to be in his yard it can let him
00:14:25
know and that's why he's got these
00:14:27
tamper and checking flags and everything
00:14:29
else and that's just how he runs it with
00:14:31
rtl-sdr it's a really really cool thing
00:14:33
and let's chat about antennas so when
00:14:36
you buy these dongles you get one of
00:14:37
these things which is of course one of
00:14:40
the simplest antenna types you can get
00:14:41
called a dipole so you can make this
00:14:44
yourself with a coat hanger if you like
00:14:45
this is just a piece of coax and when
00:14:49
you open that up it's got shielding a
00:14:50
core and I love saying dielectric
00:14:52
insulator for some reason it makes me
00:14:54
sound very intelligent but it's it's
00:14:55
just plastic
00:14:56
and yes I'm incorrectly labeling these
00:14:59
ground and VCC because that makes more
00:15:01
sense to me personally but anyway if you
00:15:03
just attach two aluminium poles onto
00:15:05
this you have made a dipole they're that
00:15:06
easy to make and you can tell them to
00:15:09
different kinds of frequencies so and
00:15:10
how does this work well as the
00:15:12
electromagnetic waves pass by they are
00:15:14
inducing a current or a potential
00:15:16
voltage between these two different
00:15:18
poles and polarization is an important
00:15:21
thing you'll hear about a lot when you
00:15:22
mess around with this stuff who wants to
00:15:24
guess yes this is vertical or horizontal
00:15:26
polarization how did I miss that up and
00:15:29
vertical polarization point is basically
00:15:32
if you want to chair to someone the
00:15:33
polarizations need to match but things
00:15:35
get complicated with satellites with
00:15:36
circular polarization
00:15:38
which we'll chat about in a second
00:15:39
because that gets a lot of fun anyway so
00:15:42
um I can chat about antennas for a very
00:15:44
long time I just have one thing I want
00:15:46
to get out of here you will know about
00:15:47
yagi antennas
00:15:48
please start calling them yahudah
00:15:51
antennas because it is mr. Udo who had
00:15:53
the greater contribution to the creation
00:15:55
of this antenna then yagi that's the
00:15:57
only thing I want to change about that
00:15:58
and if you want to make your own how
00:16:00
long should these things run or how long
00:16:02
should your things be
00:16:04
that's always going to be proportional
00:16:05
to your wavelength so just how long that
00:16:08
wave is over time and your antenna needs
00:16:10
to be half that all right so if you're
00:16:13
making these yourself quickly we'll talk
00:16:15
about the half wavelength and the
00:16:16
quarter wavelength and for the sake of
00:16:17
our antenna we're going to talk about
00:16:18
the total length and the element length
00:16:20
of our dipole and you're not going to
00:16:23
sound smart at any conference and less
00:16:24
you include some mathematics so for the
00:16:26
purposes of this talk we are going to
00:16:29
state the very well-known fact that
00:16:31
wavelength equals the velocity of
00:16:32
whichever medium through which something
00:16:35
is traveling divided by its frequency in
00:16:37
which case this will be the speed of
00:16:39
light because it's radio waves of course
00:16:40
which we can approximate to three times
00:16:42
a to the well three times a to the power
00:16:43
of ten meters per second so if we want
00:16:45
you to know what the length should be to
00:16:47
pick up a signal at a hundred megahertz
00:16:49
100 megahertz is just 100 times 10 to
00:16:52
the power of six so those two zeros can
00:16:53
just fall in there and notice that now I
00:16:56
can cancel out 10 to the power of eight
00:16:58
divided by 10 to the power of eight
00:17:00
leaving with only three meters and
00:17:01
that's how easy it is to figure out how
00:17:03
long your antenna dipole should be half
00:17:05
that remember yeah anyway okay so
00:17:16
apparently I've got that wrong and you
00:17:17
need to come to me afterwards to show me
00:17:19
how to fix that for my talk I'm very
00:17:20
welcome and open to feedback okay thanks
00:17:23
so so for those of you at home you can
00:17:25
ignore the last five seconds of this and
00:17:27
we'll fix it in post ok and and I also
00:17:33
approximated the speed of light which
00:17:34
motivates it some people I'm sorry okay
00:17:36
let's talk about tracking ships so this
00:17:38
is what the ocean looks like and it's
00:17:40
always clearance always comment no it's
00:17:41
not sometimes it looks like this and
00:17:43
then it also gets dark so it can be
00:17:45
scary and that's why on ships they have
00:17:47
things like this which help you track
00:17:48
other
00:17:49
why do I keep wanting to say airplanes
00:17:51
and other ships you could you could
00:17:53
track aeroplanes as well you'd need some
00:17:55
different equipment we'll chat about
00:17:56
that in a second
00:17:56
anyway they use a system called a is
00:17:59
automatic identification system and
00:18:01
because I'm a software guy I like to
00:18:03
think of them as datagrams don't call
00:18:04
them datagrams I just like doing that
00:18:06
but yes they'll they'll come with
00:18:08
something similar to I don't know what
00:18:10
anyway yes you get this MSI maritime
00:18:15
mobile service identity number you get a
00:18:17
navigation status with cool words like
00:18:19
anchor and underweight a rate of turn so
00:18:22
which where the ship's pointed I suppose
00:18:23
speed in knots and in latitude longitude
00:18:25
and it runs 160 1.9 you don't care about
00:18:30
the actual numbers you can get those and
00:18:31
post later anyway if you want to make an
00:18:33
antenna for this you'll need it's
00:18:35
probably wrong now but anyway I I went
00:18:39
and did this and I made 44 centimeter
00:18:41
dipoles so I was down at why do I keep
00:18:44
wanting to say can't spare this is down
00:18:46
by the VNA water friend and if you look
00:18:47
out there there are ships out there so
00:18:49
we can figure out where they are what
00:18:51
they are what they're doing so this is
00:18:54
SDR sharp running in a virtual machine
00:18:56
and you'll already notice I lie to you
00:18:58
there are actually two types of a is a
00:19:00
s1 and s2 and they make these little
00:19:01
chips just go back and play this one I
00:19:04
go and make these little chips that you
00:19:05
can pick up and in Windows there's
00:19:08
something called ship plotter
00:19:09
that you can use with a virtual audio
00:19:11
cable through a virtual machine which
00:19:13
caused problems for me that you'll see a
00:19:15
little bit later but this is generally
00:19:16
how you would do this on a Windows box
00:19:17
you can record these signals and then
00:19:20
you should be able to see all these
00:19:21
ships but this doesn't work so well on a
00:19:24
Mac and I was wondering what was the
00:19:25
problem with this and all my virtual
00:19:27
cables and virtual machines so when I
00:19:29
opened up cubic SDR and I could still
00:19:32
see these coming through and then we're
00:19:33
coming through even clearer and I could
00:19:35
record them as well and by the way yes
00:19:37
GQ Rx is a perfectly good alternative
00:19:39
that works on Linux I have nothing
00:19:41
against GQ rx person who spoke to me
00:19:43
about it at the last conference cool so
00:19:46
so I could record these which was fine
00:19:48
and then I could go back into Windows
00:19:50
and take the WAV file from this using
00:19:52
this thing called s Mon which could at
00:19:54
least tell me something about these
00:19:55
files and the interesting thing I had to
00:19:57
do I experiment a lot but if you bring
00:19:58
it down to 8-bit audio select telephone
00:20:00
line quality it seems to work so I mean
00:20:03
I've got
00:20:03
of arras over here but there was
00:20:04
definitely some data India where it
00:20:06
could find some stuff so if I go then
00:20:08
and take that same audio file and I put
00:20:10
that into ship plotter this is more the
00:20:12
experience you'll use if you have a
00:20:13
Windows machine which is useless to this
00:20:15
audience because I don't think anyone
00:20:16
here has one but anyway yes that's what
00:20:20
it looks like and then you can see your
00:20:22
ships pretty cool huh
00:20:24
no internet no hands yeah and and if you
00:20:28
plot that on a nicer piece of software
00:20:29
from the Mac App Store Jerry this is
00:20:31
what it looks like and how these things
00:20:33
work let's talk about how you can build
00:20:35
your own flight radar as well has anyone
00:20:37
done this before okay this is a lot of
00:20:40
fun this is a lot of fun who knows what
00:20:41
type of plane this is no guesses
00:20:45
it's a Boeing yes it's a Boeing triple7
00:20:49
it's a Boeing triple7 it's got 31
00:20:52
antennas on you and we're going to go
00:20:53
through every single one I'm kidding
00:20:55
we'll just go through one and and that's
00:20:57
for for something called ATS B so that's
00:21:00
your automatic dependent surveillance
00:21:01
broadcast very similar to a is but
00:21:03
designed for aircraft so how this works
00:21:06
and yeah I just thought of some problems
00:21:09
with this thing but there's more coming
00:21:10
up all the time anyway
00:21:12
aircraft generally know where they are
00:21:14
or should not generally know exactly
00:21:16
where they are thanks to technologies
00:21:17
like GPS and they can and the idea of a
00:21:20
DSP is that you broadcast that to other
00:21:22
aeroplanes and and by the way none of
00:21:24
this stuff is illegal it is a really
00:21:25
good idea that everyone knows where
00:21:26
aeroplanes are in the sky at all times
00:21:30
so yes they broadcast that down to two
00:21:33
ground stations so that air traffic
00:21:34
control can use this stuff and of course
00:21:36
to to other aircraft in the sky as well
00:21:39
through something called ATS be in and
00:21:41
if you do find yourself in the cockpit
00:21:43
of one of these planes right next to the
00:21:44
seat on this side is where you would put
00:21:47
this in I can't remember which YouTube
00:21:49
video I stole this from so I probably
00:21:51
owes someone some credit I've completely
00:21:55
forgotten I think it's captain Joe or
00:21:57
something like that but anyway what
00:21:58
you've put in there is a score code this
00:22:00
would be issued to you by aircraft
00:22:01
traffic control and you'll pop it in
00:22:03
before you get going and then I can't
00:22:06
recall which airport this is exactly but
00:22:09
yes this is the view that aircraft
00:22:10
traffic control normally have that blue
00:22:12
little part there's the runway where
00:22:14
everything is landing and you can see
00:22:15
here we've got score codes
00:22:16
and and flight numbers there's some
00:22:18
Dutch Airlines care them going and this
00:22:21
is normally in traditionally done
00:22:22
through what they call primary and
00:22:23
secondary surveillance radar which are
00:22:25
these dish things that are normally
00:22:26
hidden in big domes at the airports that
00:22:28
we normally visit but in South Africa
00:22:31
our Civil Aviation Authority is very
00:22:32
much pushing for the implementation of a
00:22:35
DSB - as they say replace legacy less
00:22:37
effective and more expensive primary
00:22:40
surveillance radar and monopole
00:22:41
secondary surveillance radar so these
00:22:46
80s speed datagrams
00:22:47
I'm a software guy remember I have that
00:22:50
score code in there the flight number
00:22:51
which in my experience is never
00:22:52
populated for some reason you altitude
00:22:55
how high you are your airspeed longitude
00:22:56
latitude surf course this broadcasts at
00:22:59
ten ninety and you need a much shorter
00:23:01
antenna only seven centimeters am I
00:23:04
wrong about that you're nodding okay
00:23:05
cool yeah okay and we use this a piece
00:23:08
of software called dump 1090 available
00:23:11
in github because I like open source
00:23:12
things and if you want to set this up in
00:23:14
your raspberry pi like I do same setup
00:23:16
except you hop in the command line you
00:23:18
guys know how to clone github
00:23:20
repositories let's skip that one but
00:23:22
when you run this after you've made it
00:23:24
you need to add on this interactive mode
00:23:26
otherwise it just starts streaming stuff
00:23:28
into the console and that - - net will
00:23:29
be important so I did this at the
00:23:31
airport
00:23:32
in the slow lounge my wife was not
00:23:34
amused at all with what I was doing and
00:23:38
you can see we've got an essay a flight
00:23:40
I've got it s if R if R as if our flight
00:23:43
over they a big question mark flight
00:23:44
they don't know where they're going
00:23:46
interesting part about this is a lot of
00:23:48
them have no speed and no longer - you
00:23:50
know latitude and I imagine this is
00:23:52
because a lot of planes are parked but
00:23:54
they leave the a DSB transponders on so
00:23:56
they keep transmitting but they don't
00:23:58
have a location or I've got excellent
00:24:00
range and they're all parked at point
00:24:01
Nemo so so that's that's really what
00:24:05
this looks like and if you want to that
00:24:07
- - net allows you to add on if you just
00:24:10
use local host in this instance but
00:24:12
anyway you can just go plot this using
00:24:15
Google Maps you do need to go register
00:24:17
to get your own Google Maps API key and
00:24:19
then fix it in the JavaScript code to
00:24:20
get this working
00:24:21
but yes here I've got three different
00:24:23
planes and you'll recognize there is our
00:24:25
T in Johannesburg so lots of fun um who
00:24:28
does the flight from flight who uses
00:24:30
flat rail
00:24:30
twenty four at all so there's this whole
00:24:33
community thing yeah lots of planes
00:24:34
being tracked by up by these guys and
00:24:36
you can contribute data yourself so if
00:24:38
you live in a remote area or somewhere
00:24:40
interesting
00:24:40
they've got a whole guide where you can
00:24:42
use a Raspberry Pi in one of these
00:24:43
dongles and contribute data by just
00:24:46
running this as sudo just grabbing
00:24:48
commands that start with sudo off the
00:24:49
internet and putting them into your
00:24:50
Raspberry Pi yes
00:24:53
I'm sure it's safe but anyway yeah this
00:24:57
this goes and pulls down and install and
00:24:58
and sits whole thing up and so this
00:25:01
presents new and interesting
00:25:02
opportunities for us to go to jail um
00:25:05
none of what I've spoken about is
00:25:07
authenticated or encrypted at all and
00:25:10
who remembers much earlier this year
00:25:12
Gatwick Airport was shut down for more
00:25:14
than a day I think millions of flights
00:25:17
were redirected now I've got a friend
00:25:18
who who owns a company that does like if
00:25:22
you want to charter a plane from one
00:25:24
country to another or do private flights
00:25:26
and medical flights and stuff like that
00:25:27
so he's not an aircraft traffic control
00:25:29
he does his company does all the ground
00:25:31
handling and I had some very interesting
00:25:32
discussions with him about how you could
00:25:34
cause more interesting problems with us
00:25:35
and I assume what would happen if on
00:25:38
let's say a prefers for whatever reason
00:25:41
goodness I'm so nervous with you in the
00:25:43
room about this
00:25:44
i I'm so gonna end up on a do not fly
00:25:47
list I'm a Dutch citizen as well so we
00:25:50
can't work together so but anyway yes if
00:25:53
on April 1st you had to put in so here's
00:25:56
the thing about school codes any school
00:25:57
code that starts with seven is a major
00:25:59
emergency okay I think seven thousand
00:26:03
means that plane is definitely hijacked
00:26:04
seven thousand six hundred probably
00:26:07
means that you you disagreeing you try
00:26:10
and remember this is that anything with
00:26:12
seven is bad the best one that starts
00:26:15
with seven I don't know which one this
00:26:16
is but it says that your your all your
00:26:18
radio communications are out
00:26:20
so I'm landing aircraft traffic control
00:26:22
please get everyone out of the way so I
00:26:24
said what would happen if I had to
00:26:25
create you know a seven thousand school
00:26:27
code and then in the same way that I can
00:26:29
create any transmitter using a Raspberry
00:26:30
Pi I could just attach it to Ross the
00:26:32
two I haven't thought through very well
00:26:34
but anyway let's attach it to a battery
00:26:36
bank go to the airport close to where
00:26:39
they're picking up these ADSP signals
00:26:41
leave it in the trash run away
00:26:43
oh I'm so worried about this suddenly
00:26:46
but anyway yes if this thing were it if
00:26:48
we then broadcast a fake like a ghost
00:26:50
airplane and you could fly this plane
00:26:52
all over the place all straight through
00:26:53
the aircraft traffic control tower and I
00:26:56
said what would happen and they said
00:26:57
well they would bail and run so I
00:27:02
haven't helped him get a day off work
00:27:03
yet because he doesn't actually work in
00:27:05
the tower but I mean like I don't think
00:27:07
these folks are thinking about the types
00:27:09
of problems that you guys are thinking
00:27:10
about in this software security space so
00:27:12
I thought thinking what could you do at
00:27:14
ATS be DDoS attack so who recognize this
00:27:17
this recognizes this Airport sorry
00:27:22
captain no it's not Cape Town it's way
00:27:25
too big this is Dubai International
00:27:26
Airport it's quite sandy here and the
00:27:29
reason I've chosen this one is because
00:27:30
it's one of the biggest connecting where
00:27:33
like connecting flights come through and
00:27:35
this causes massive massive problems
00:27:37
with diversions and everything else if
00:27:39
one of these airports had to go down
00:27:40
they will redirect any and all flights
00:27:42
coming in to anywhere else all right
00:27:45
so you don't need to hit a large amount
00:27:47
of airports you just need to hit a
00:27:49
couple of like you know JFK Heathrow
00:27:52
sheikah Paul and you can cause absolute
00:27:55
chaos with this sort of thing and
00:27:57
because if you're an aircraft traffic
00:27:59
control and you're just seeing a couple
00:28:00
of planes was what's your day can it be
00:28:02
like when this happens right and the
00:28:05
problem here really is that that you
00:28:07
know your your normal radar the whole
00:28:09
reason why these these airports can't
00:28:11
even operate the way they do is because
00:28:12
they're using a DSP they're not using
00:28:14
radar anymore because it doesn't give
00:28:16
them to the resolution they can't see
00:28:17
height or or anything else so they're
00:28:19
becoming very dependent on this kind of
00:28:21
thing and there's no security around
00:28:22
this stuff but yes like I said I am NOT
00:28:25
the first one to chat about this at all
00:28:27
for more than I think it's more than
00:28:29
five years we've been complaining about
00:28:30
security problems in there so if you
00:28:32
play in this field and yeah please
00:28:34
please let us know so of course you guys
00:28:37
actually came here to talk about
00:28:38
satellites so let's get into that and
00:28:39
this is Noah the u.s. is National
00:28:43
Oceanic and Atmospheric Administration
00:28:44
along blah-dee-blah but these guys exist
00:28:46
because of the Titanic this is not
00:28:50
running my theory but they started
00:28:52
tracking icebergs so they're quite all
00:28:53
the institution and they've got some
00:28:54
nice weather satellites like this one
00:28:57
I don't know which exactly this one is
00:28:59
there's a couple of NOAA satellites
00:29:00
three of them are in orbit at the moment
00:29:02
and they're in the East they go like
00:29:05
think of the most fax machines just go
00:29:07
over the earth from pole to pole all the
00:29:09
time they're there in Pearl all but and
00:29:10
they've got some different names so the
00:29:14
u.s. uses NORAD IDs to identify
00:29:15
everything because you're interested in
00:29:17
knowing what is and potential nuclear
00:29:19
missile and what is not and you can
00:29:20
probably tell us more about that while
00:29:22
the rest of us use these international
00:29:23
codes which tell us what data was
00:29:25
launched and some more information and
00:29:27
these things are quite here it's like
00:29:29
heavier than my car and I travel 28,000
00:29:32
kilometers per hour which is quite
00:29:33
impressive and they circumnavigate the
00:29:35
world every hundred and two minutes and
00:29:37
the view you're going to get from any
00:29:40
cameras on these things is from 850
00:29:42
kilometers above so you're not going to
00:29:44
get Google Earth kind of stuff here just
00:29:46
warning you in advance so the NOAA
00:29:49
satellites operated to primary frequency
00:29:51
so do a lot more than just this but at
00:29:53
137 point 1 megahertz they use something
00:29:55
called automatic picture transmission
00:29:57
and then there's a high-resolution
00:29:58
version of that which I don't use
00:30:00
because I'm not steady enough to hold
00:30:02
the antenna and track the satellite as
00:30:04
it comes over so funny story about no.19
00:30:07
it fell over this must have been such a
00:30:10
bad day at work for these guys right 137
00:30:13
million dollars because the bolts
00:30:14
weren't properly attached I don't think
00:30:16
anyone got fired I don't know the whole
00:30:17
story but when I do this myself I get
00:30:21
the best signal from this one so they're
00:30:23
probably fixed some stuff I don't know
00:30:24
what did they call it percussive
00:30:26
maintenance yeah okay so any story about
00:30:30
noah 16 it it used to have only one
00:30:33
NORAD ID and now it has over 200 because
00:30:36
it blew up and no one knows exactly why
00:30:39
listen I'm so impressed with these
00:30:41
things I'm really not trying to make fun
00:30:43
of them I mean to get this stuff to work
00:30:44
in this environment is amazing
00:30:46
you know I imagine if your laptop
00:30:48
battery blew up and there were 200
00:30:51
pieces of laptop everywhere and those
00:30:53
are only the pieces or whatever going
00:30:54
down again oh those are only the parts
00:30:57
big enough for them to to see you know
00:31:00
the much small little paint flecks and
00:31:01
things so this is half a rant about
00:31:03
space garbage we'll see some of that in
00:31:04
a moment anyway how do we find
00:31:06
satellites these tons of software to do
00:31:08
this orbiter on is something you'll see
00:31:10
recommended quite
00:31:10
but it's got quite a crap in confusing
00:31:12
do I probably perfect for when it was
00:31:14
written which feels like the 90s so I'm
00:31:16
gonna skip over this one so let's not
00:31:18
worry about that this is a much nicer
00:31:19
version called G predict so there's no
00:31:22
nineteen over there and I can select
00:31:24
that one and get some more information
00:31:25
around when it's going to be coming up
00:31:27
over so till the date and the time
00:31:30
around when you can expect that
00:31:32
satellite to come around again the one
00:31:33
I'd like is into y ou so this is the
00:31:35
website and you can use that one ten
00:31:38
minutes for e anyway we'll try go
00:31:41
through this a little bit faster but
00:31:42
this is how you can find when a
00:31:43
satellites going to you come over so put
00:31:45
in your coordinates of where you eye
00:31:46
picks it up from your IP address so it's
00:31:48
quite easy and I'll tell you when that
00:31:49
satellites going to come around so it'll
00:31:50
be in the sky for about 10 minutes as it
00:31:53
comes over no you can't see it oh guy
00:31:57
called chores recommended a very cool
00:31:58
alternative of this called Celeste rec
00:32:00
so speaking about space junk check this
00:32:01
out there's a lot of stuff up there and
00:32:05
anyway there's a search function down at
00:32:06
the bottom that you can chase use that
00:32:08
you can use to find some of these things
00:32:10
and if you're a developer there's
00:32:11
something called ory kit if you're a
00:32:13
Java programmer you can automate a
00:32:15
couple of stuff there's also a command
00:32:16
line version of G predict that I
00:32:19
wouldn't recommend too much but anyway
00:32:21
well we have to make some internal
00:32:22
modifications to get this going so to
00:32:23
deal with circular polarization will go
00:32:25
for 120 degree change over there 437
00:32:29
megahertz we need to do 54 centimeter
00:32:31
long element lengths and you point that
00:32:33
thing north-south so so literally this
00:32:35
is what I had that's my balcony up where
00:32:38
I live in Pretoria and it was pretty
00:32:40
much something like this just a little
00:32:42
bit longer and you sit out there at half
00:32:44
past 4:00 in the morning waiting for
00:32:46
satellites to come over and you'll see
00:32:47
in this waterfall this is cubic SDR
00:32:49
again there's something happening over
00:32:51
here as this thing comes over and a
00:32:53
little bit later you can see signals
00:32:56
improving and I hope this doesn't hurt
00:32:58
anyone's ears because there is an audio
00:32:59
section a little bit later but notice
00:33:01
how this ATP signal is coming in and
00:33:03
notice how it's just bent a little bit
00:33:05
who wants to guess why that is
00:33:07
it's the Doppler effect absolutely so
00:33:10
this thing is moving so quickly that the
00:33:12
frequency shifts ever so slightly
00:33:13
because of the speed at which it's
00:33:14
moving which is really interesting do
00:33:16
you want to hear what the sounds like
00:33:17
this might be super loud I'm sorry if it
00:33:19
is wait it's maybe better that you don't
00:33:24
hear it
00:33:25
they're probably turned it off but
00:33:26
anyway how do you decode this well like
00:33:27
I told you this thing's like a fax
00:33:29
machine so these were the old number
00:33:31
satellites some of the first were the
00:33:32
satellites you had out there so you use
00:33:34
something called automatic picture
00:33:35
transmission and everyone will tell you
00:33:37
to use WX to image which I used in a
00:33:40
virtual machine but could not install
00:33:41
and it didn't work out really well for
00:33:43
me so I switched to an open-source
00:33:45
version you'll see this thing break but
00:33:47
I'm a little bit worried about time so
00:33:49
we'll go forward on that what I
00:33:51
recommend is Noah ATP a very nice
00:33:53
website that shows you how all the
00:33:55
decoding of these signals can be done
00:33:57
and how you find the different wedges
00:33:59
for all that but in any case it's just a
00:34:00
project you can run so I did this on an
00:34:02
old Kali Linux box of mine so probably
00:34:05
appropriate for this audience I guess
00:34:06
but it comes a little gooey and you can
00:34:09
go for start and go grab so I did this
00:34:12
for for DEFCON initially so that's some
00:34:14
signal for no.19
00:34:16
choose an output file I'm just going to
00:34:18
call that DEFCON for one I'm typing
00:34:21
impressed
00:34:22
oh that jokes gotten old quickly all
00:34:24
right sorry and you start and this is in
00:34:27
real time I didn't speed this up there
00:34:30
we go
00:34:37
well Kali Linux everything is reduced
00:34:40
this is written what toroidal hora
00:34:43
that's yeah I only did this one time
00:34:46
I've actually put something else on that
00:34:48
machine because I know what you're all
00:34:49
thinking now who wants to see the
00:34:50
results yeah of course you do that's why
00:34:53
you came awesome so this was one of the
00:34:55
first ones I got okay so it's bad right
00:34:58
but but think about it I've got a signal
00:35:00
from space with a 300 round dongle and
00:35:03
the equivalent of a coat hanger I I was
00:35:06
very impressed with myself
00:35:07
and further pass has got much better
00:35:09
result so here you can see definitely
00:35:11
there's some clouds this and whether
00:35:12
there's something so what was the
00:35:14
problem
00:35:14
first of all occasion I just relied on
00:35:17
into IO using my IP but you need to be
00:35:20
quite specific about your your location
00:35:22
so that you can track the timing exactly
00:35:23
of when that satellite is going to rise
00:35:26
and set if you like line-of-sight is
00:35:28
also very important these signals do not
00:35:30
travel very well through buildings or
00:35:32
trees or anything else like that at all
00:35:34
and your antenna needs to meet much
00:35:36
better so
00:35:37
there's this website called technology
00:35:39
which I recommend they've got a very
00:35:40
cool cross dipole there's a whole
00:35:42
plethora of designs for these types of
00:35:44
antennas out there so this is by no
00:35:46
means the only one but less hacky burn
00:35:48
the thing I was using and you can filter
00:35:51
out some stuff which I'm going to skip
00:35:52
over and they're the results start
00:35:53
looking much better much better who can
00:35:57
tell me what's wrong with this image yes
00:36:02
because we're running out of time it's
00:36:04
upside down because these things are
00:36:06
moving you know north to south and south
00:36:07
north and you never know which way it's
00:36:08
it's really moving so and what you're
00:36:11
looking at over there is some thermal
00:36:12
infrared and some near visible but it's
00:36:15
all black and white of course
00:36:16
shall we play with some Russian
00:36:17
satellites have a good time for that
00:36:19
cool so they've got something called
00:36:20
meteor em two satellites is actually a
00:36:23
two version two one and two the first
00:36:26
one I think didn't properly separate
00:36:28
from its booster so it's sort of tumbles
00:36:30
and then they turn it off and then it
00:36:32
turns itself on again and starts
00:36:33
broadcasting there's a whole thing about
00:36:35
if you go to rtl-sdr recommend this it's
00:36:37
like 30 different dead satellites that
00:36:39
they put in these graveyard orbits and
00:36:41
then they just turn on again but ya know
00:36:44
this is this is an actual functioning
00:36:45
one same deal twice as heavy and same
00:36:48
idea a little bit closer same ish
00:36:52
frequency and this is what it looks like
00:36:54
it's a digital signal this time and I
00:36:56
had a lot of trouble with this you've
00:36:57
got to demodulate this they use
00:36:59
something called LR PT or low rate
00:37:01
picture transmission it's digital it's
00:37:03
slow but that's what we'd expect and
00:37:05
Utrecht wires lock for the Doppler
00:37:07
effects so if you're doing this there's
00:37:08
a whole long tutorial about how to do
00:37:10
this but I like the open source stuff
00:37:11
and thought this is way too much work to
00:37:13
use all those Windows programs so I use
00:37:15
something called meteor D mod and when
00:37:18
you're running that and you've recorded
00:37:20
this WAV file using SDR shop which you
00:37:22
need a plugin for by the way to maintain
00:37:24
that to compensate for the Doppler
00:37:26
effect and the movement of this
00:37:27
satellite there you've got lock it's
00:37:30
busy getting some data and then you've
00:37:32
got to decode it which didn't work this
00:37:34
time so I struggled with that and I
00:37:36
couldn't figure out why which is a long
00:37:37
story won't get into but other people
00:37:39
have had very good results so someone
00:37:41
posted this on Twitter I forgot to
00:37:43
credit them but this cape turned down on
00:37:45
that side and you can see this is a
00:37:46
digital signal on that side so really
00:37:48
really nice stuff from the Russians
00:37:50
there
00:37:51
if you want to use ooh International
00:37:54
Space Station is another fun thing that
00:37:56
I've been trying to mess around with
00:37:57
won't get into too many of the details
00:37:59
of that but of course find out when it's
00:38:01
gonna come close to you and I did this
00:38:04
using a Raspberry Pi actually just using
00:38:06
rtl-sdr
00:38:07
software FM's so this is it's just a
00:38:10
command line you can record it it
00:38:11
creates a WAV file or an IQ file for you
00:38:13
so put in the frequency give it a nice
00:38:16
name let it run and you just set this up
00:38:19
while the International Space Station is
00:38:21
coming over and they use this whenever
00:38:23
they're doing any amateur radio talks or
00:38:25
anything else and I had these
00:38:26
expectations about them maybe
00:38:27
complaining about the food or each other
00:38:29
or maybe picking up something scandalous
00:38:31
they can say on the radio because
00:38:32
they're over Africa and not on the
00:38:34
northern hemisphere nothing like that
00:38:36
happened at all as they flew over this
00:38:38
is not a video they sent me I don't even
00:38:39
know where this is but it's the view of
00:38:42
where it comes from ctrl C to exit to
00:38:44
pick up that file and that's all I heard
00:38:48
sorry about that so what you need to do
00:38:51
is go to the amateur radio in on the
00:38:54
International Space Station website and
00:38:55
find out when they're going to be
00:38:57
talking okay
00:38:58
so sometimes I speak to schools or
00:39:00
community events and stuff like that and
00:39:02
you'll only hear one side of the
00:39:04
conversation because you're not going to
00:39:05
hear you know the people speaking up to
00:39:07
it you won't get that you'll only hear
00:39:09
that one half of the conversation at
00:39:11
least but yes and they also do these
00:39:13
weird kind of I almost think of them as
00:39:14
memorial plaques but they sent down slow
00:39:17
scan television images which looked like
00:39:19
this in SDR shop yeah a little bit
00:39:23
grainy but quite fun to do so other fun
00:39:26
things to try in conclusion who has been
00:39:30
to one of those terrible restaurants we
00:39:32
have in South Africa where they tie like
00:39:34
this thing to the waiter and the
00:39:36
weight-room I have to say and you can
00:39:38
call them with a button on the table
00:39:40
who's been to those am I the only one
00:39:42
has those that uses the same technology
00:39:45
that pagers use and you can really mess
00:39:46
around with that stuff so that's a fun
00:39:48
thing I might want to try you can spoof
00:39:51
something called ODS TMC which is a fun
00:39:54
way so this is the inside of my cart
00:39:57
uses TMC pro to be able to tell where
00:39:59
there's traffic so I know this is
00:40:01
encrypted in Europe I don't know if it's
00:40:02
encrypted in South Africa
00:40:04
but it might be a fun way to say that
00:40:06
every road you're driving on is busy and
00:40:07
everyone should get out of the way that
00:40:08
might be a fun thing to do you can
00:40:11
create your own cellular networks with
00:40:13
something called open BTS the semi count
00:40:16
cars is cool talk called drive it like
00:40:18
you stole it where he talks about how
00:40:20
you can basically defeat French encoding
00:40:23
and and all that was some cool jamming
00:40:25
techniques you can build your own Space
00:40:27
Telescope and and yeah like literally
00:40:30
listened to pulsars which is really cool
00:40:31
you can spoof or RFID tags and I don't
00:40:34
know about this one but it might be fun
00:40:37
they'll explain eatos later and this is
00:40:41
the coolest thing I found it's something
00:40:42
called SMB radio so remember how my
00:40:45
Raspberry Pi has a little bit of EMF
00:40:47
leakage so all computers have a little
00:40:48
bit of EMF leakage and there's a it's
00:40:51
actually one of the demos isn't
00:40:53
JavaScript I don't actually have an
00:40:54
old-timey radio that can go down to I
00:40:57
think it's only 5 kilohertz is the
00:40:59
frequency at which it can broadcast but
00:41:01
it literally uses the EMF leakage from
00:41:05
your system bus to play mary had a
00:41:08
little lamb it is incredibly cool so who
00:41:11
knows who this is very close I won't
00:41:18
keep you interested it's it's Harry
00:41:19
Hertz and and the last mission social me
00:41:21
leave you guys with us they were
00:41:22
chatting to him many many years ago not
00:41:24
on an iPhone and when he does he's the
00:41:26
guy who discovered radio waves that's
00:41:28
why we talk about Hertz as the only SI
00:41:31
unit with our s in it because it's
00:41:32
someone's name and when they awesome
00:41:35
what the point of this was at all
00:41:36
there's nothing whatsoever he was very
00:41:37
impressed that he'd found a way to prove
00:41:39
Maxwell's equations of electromagnetic
00:41:41
induction and they'll swim about any
00:41:43
applications is it nothing I guess
00:41:45
and if you think about the applications
00:41:47
of radio and Wi-Fi and everything else
00:41:49
that we use today that's maybe a point
00:41:52
to make so if we think today about what
00:41:53
we do with the cloud we've basically
00:41:55
taken computer infrastructure to find it
00:41:57
via software and called it the cloud so
00:41:59
you can hop on to GCP or anything and
00:42:01
maker and VM what could you do a
00:42:04
software-defined radio and it's
00:42:06
interesting AWS is is doing this this
00:42:08
cool ground station network so you can
00:42:10
imagine creating your own points around
00:42:13
where I might have totally out of time
00:42:16
it's two minutes okay we'll just close
00:42:18
this up you can imagine as your
00:42:20
satellite is maybe moving across across
00:42:22
the planet as it moves close to that AWS
00:42:25
ground station with that data sand you
00:42:27
can spin up in an instance of a server
00:42:28
that could download that information
00:42:30
process it pass it along
00:42:31
and you don't need your own ground
00:42:33
stations for anything at all so I'm
00:42:35
completely out of fuel I've got some
00:42:36
credits for some of the guys who've
00:42:39
worked with me on this the O ex-con guys
00:42:41
who gave me some advice on this stuff
00:42:43
thank you to foreign aid Bank for doing
00:42:45
my flights and stuff I'm speaking at
00:42:47
your conference on the 31st probably I
00:42:50
don't know next year at Def Con
00:42:53
and that is me you guys can follow me on
00:42:55
Twitter thank you very much that's me
00:43:01
okay they have allowed me to questions
00:43:07
so not all of you at once please only
00:43:09
okay gentleman in the back with the
00:43:11
incredible beard you should have seen me
00:43:13
at Movember Hey okay first of all the
00:43:19
question is when am I getting my ham
00:43:21
license and what am I playing with Qi so
00:43:22
100 and so I'm thinking maybe next year
00:43:26
when exams are in April next year I
00:43:29
think will probably be the next
00:43:30
opportunity okay so that's that's what
00:43:33
I'm going for I'm slowly going up on on
00:43:36
we prepare and what do you say it was
00:43:38
Q&A what 100 what is that oh yes oh
00:43:54
so I've got the content for my next talk
00:43:56
yeah I'm sure we probably don't have the
00:44:08
audio from all of that but that sounds
00:44:09
incredible okay and and someone okay
00:44:11
awesome
00:44:12
one more question right so the question
00:44:20
is what other plans around encrypting
00:44:21
air traffic data I have no idea okay
00:44:25
I I did have this idea that you know
00:44:27
let's put blockchain on it and and of
00:44:28
course no but you know it could be I
00:44:33
don't know you know I think that I don't
00:44:37
know I don't know I should know but I
00:44:40
don't that's terribly embarrassing thank
00:44:42
you
00:44:42
all right no that's all for me you guys
00:44:44
thank you very much Cheers

标签

satellitter
programvaredefinert radio
hacking
signalsporing
antennedesign
Doppler-effekt
NOAA
flysporing
skipssporing
SDR Sharp