Iridium Hacking

46 views

Formal Metadata

Title
Iridium Hacking
Subtitle
Please don't sue us
Title of Series
Number of Parts
85
Author
Sec
Schneider
License
CC Attribution 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Chaos Computer Club e.V.
Release Date
2015
Language
English

Content Metadata

Subject Area
Abstract
Listening to satellites and decoding is fun. We show how you can do it with an Software Defined Radio and some spare time. And we show what interesting stuff you can expect to find.
Loading...
Presentation of a group Software Telecommunication Term (mathematics) Computer hardware Bit Hacker (term)
Web page Message passing Computer network
Satellite Satellite Link (knot theory) Multiplication sign Computer-generated imagery Cellular automaton Chaos (cosmogony) Bit Estimator Message passing Telecommunication Simplex algorithm Computer network Pole (complex analysis) Physical system
Satellite Musical ensemble NP-hard Satellite Trail Duplex (telecommunications) Ring (mathematics) Chaos (cosmogony) Software-defined radio Chaining Frequency Digital signal processing Hacker (term) Spectrum (functional analysis)
Server (computing) Satellite NP-hard Multiplication sign Chaos (cosmogony) Bit Water vapor Mereology Fast Fourier transform Web 2.0 Plane (geometry) Telecommunication Whiteboard Block (periodic table)
Information Direction (geometry) Connectivity (graph theory) Sheaf (mathematics) Chaos (cosmogony) Bit Line (geometry) Mereology Power (physics) Chaining Word Word Telecommunication Personal digital assistant Telecommunication Sheaf (mathematics) Uniqueness quantification Software protection dongle Subtraction
Revision control Wiki Mobile Web Telecommunication Mobile Web Electronic visual display Chaos (cosmogony) Bit Web browser Software-defined radio Cartesian closed category Physical system
Pairwise comparison Digital filter Telecommunication Patch (Unix) Mobile Web Chaos (cosmogony) Ultraviolet photoelectron spectroscopy
Digital filter Chaos (cosmogony) Software-defined radio Power (physics) Wiki Message passing Frequency Blog Telecommunication Histology Cuboid Moving average FAQ Physical system
Batch processing Musical ensemble Mobile Web Chaos (cosmogony) Software-defined radio Software-defined radio Telecommunication Computer configuration Right angle Moving average Pairwise comparison Software protection dongle Subtraction
Satellite Web page Batch processing Software-defined radio Chaos (cosmogony) Bit Ring (mathematics) Software-defined radio Proper map Chaining Goodness of fit Message passing Software Telecommunication Hacker (term) Noise Whiteboard Pairwise comparison
Mobile Web Musical ensemble Slide rule Asynchronous Transfer Mode Information Chaos (cosmogony) Bit Interface (computing) Average Area Revision control Plane (geometry) Doppler-Effekt Software Telecommunication Internetworking Kolmogorov complexity Data transmission
Satellite Area Slide rule Shift operator Multiplication sign Horizon Chaos (cosmogony) Inclined plane Bit Online help Software-defined radio Line (geometry) Mereology Disk read-and-write head Frequency Plane (geometry) Telecommunication String (computer science) Hill differential equation Reading (process)
Point (geometry) Frame problem Standard deviation Greatest element Duplex (telecommunications) Code Bit rate Table (information) Bit rate Telecommunication Internetworking Message passing Error message Subtraction Formal grammar Musical ensemble Vorwärtsfehlerkorrektur Link (knot theory) Information Interleaving Code Chaos (cosmogony) Bit Symbol table Message passing Personal digital assistant Addressing mode Order (biology) System programming Hill differential equation Codec Physical system Convolutional code
Email Polynomial NP-hard Numerical digit Generating function Binary code Chaos (cosmogony) Bit Number Solomon (pianist) Mathematics Telecommunication Personal digital assistant Internetworking Computer worm
Satellite Web page Statistics Confidence interval Multiplication sign Cellular automaton Home page GSM-Software-Management AG Number Chaining Frequency Telecommunication String (computer science) Code Message passing Position operator Units of measurement Link (knot theory) Information Cellular automaton Fitness function Chaos (cosmogony) Bit Line (geometry) Ring (mathematics) Message passing Arithmetic mean Equation Separation axiom
Satellite Slide rule Game controller Computer file Multiplication sign GSM-Software-Management AG Parsing Bit rate Software-defined radio Streaming media Frequency Telecommunication Linker (computing) Hacker (term) Utility software Energy level Message passing Subtraction Multiplication Key (cryptography) File format Projective plane Sampling (statistics) Chaos (cosmogony) Software-defined radio Streaming media Bit Frame problem Word Message passing Sample (statistics) Software Personal digital assistant Gotcha <Informatik> Row (database)
Point (geometry) Statistics Computer file Confidence interval Code Multiplication sign Binary code Parsing Bit rate Streaming media Function (mathematics) Mereology Fast Fourier transform Theory Frequency Phase space Bit rate Telecommunication Mehrprozessorsystem Hacker (term) Phase transition Utility software Scripting language Communications protocol Message passing Subtraction Multiplication File format Sampling (statistics) Chaos (cosmogony) Streaming media Bit Mereology Parsing Symbol table Electronic signature Fast Fourier transform Message passing Phase transition Noise Module (mathematics) Communications protocol Data type Asynchronous Transfer Mode
Point (geometry) Computer file Code Multiplication sign Software-defined radio Mereology Fast Fourier transform Tracing (software) Word Medical imaging Telecommunication Well-formed formula Code Uniqueness quantification Software testing Message passing Firmware Multiplication Process (computing) Projective plane Chaos (cosmogony) Bit Set (mathematics) Repository (publishing) Order (biology) Ideal (ethics) Communications protocol Row (database)
Slide rule Statistics System call Service (economics) Code Multiplication sign Software-defined radio Mereology Raw image format Word Latent heat Cryptography Regular graph Mathematics Telecommunication Linker (computing) Computer network Oval Uniqueness quantification Software framework Communications protocol Message passing Physical system Link (knot theory) Demo (music) Key (cryptography) Projective plane Shared memory Code Chaos (cosmogony) Software-defined radio Message passing Word Internetworking Telecommunication Software testing Ideal (ethics) Communications protocol Physical system Laptop
Radical (chemistry) Message passing Hacker (term) Chaos (cosmogony) Computer font Raw image format Window 2 (number)
Satellite Point (geometry) Web page Multiplication sign Moment (mathematics) Horizon 1 (number) Chaos (cosmogony) Open set Message passing Goodness of fit Telecommunication Computer network Charge carrier Error message
Satellite Point (geometry) Axiom of choice Service (economics) Multiplication sign Cartesian coordinate system Usability Band matrix Bit rate Internetworking Artistic rendering Business model Normal (geometry) Right angle
Chaining Web page Message passing Demo (music) Information Bit Software maintenance
Point (geometry) Dialect Email Spacetime Process (computing) Code Auto mechanic Computer Coprocessor Power (physics) Fraction (mathematics) Message passing Uniform resource locator Centralizer and normalizer Hacker (term) Subtraction Address space
Satellite Point (geometry) Frequency Batch processing Algorithm Computer hardware Basis (linear algebra) Mereology Spectrum (functional analysis) Power (physics) Physical system
Web page Mobile Web Wiki Radical (chemistry) Internetworking Encryption Design by contract Software-defined radio
Satellite Point (geometry) Service (economics) Product (category theory) Information Multiplication sign Scientific modelling Moment (mathematics) Bit Entire function Number Video game Linker (computing) Personal digital assistant Synchronization Ideal (ethics) Cycle (graph theory) Physical system
Point (geometry) Trail Service (economics) Multiplication sign Streaming media Number 2 (number) Subset Revision control Bit rate Bus (computing) Normal (geometry) Analytic continuation Bounded variation Communications protocol
Message passing Cartesian closed category Bit Physical system
hello everyone this presentation will be an update on what we did in the last half a year regarding iridium - many of you know probably we have been sidetracked by some other shiny new toy and which means that we had a few months in the beginning of this year to actually continue working on iridium and then kinda had to quit to get this other thing done so therefore this presentation I'll try to talk a bit more about the details we didn't talk about Congress and we have a few new things actually terms of hardware and software okay so I'm going to skip quickly over the stuff we already covered at Congress and
generally it's called this talk is about the Iridium pager network was our main goal at the Congress to get some paging messages from iridium decoded and that worked kind of okay we just dissected a
pager and had to look at it but really was just special chips nothing to find about one of them said Calypso which is kind of what you expect in the gsm handset from somewhere in the 2000s but it seems like the calypso chip inside this device doesn't have much to do with the gsm calypso so what's kind of a dead
end oh yeah it's a calypso and iridium
satellite now the original idea about
the iridium network and why to look at it is it's a simplex system and the Iridium satellite just sends data down
to you you don't have an uplink at least for the patreon messages so the Iridium system doesn't really know where you are and it just has to kind of guess where you are you have to give it a rough estimate maybe and which is interesting
if you want to receive messages and don't want to be tracked at the same time it's 66 active satellites and
low-earth orbit which makes it nice to receive them because they have a rather strong signal because the near to us or think about 600 kilometers so with rather inexpensive equipment you can already receive them and we'll touch on that a little bit later in the presentation okay
frequency wise it's around 1.6 gigahertz slightly below GSM in the frequency spectrum sorry yeah back at the Congress
we told of you hey this RF stuff it's not that hard it's really more kind of a myth that it's hard and we just got into it and we gave you the radios to basically dive into it also so you're all satellite hackers by now you have the equipment go have fun with it go have fun with our tool chain and at the
beginning we start with some archaeology oh that doesn't work really well we
tried of the USRP that worked a little bit better but we still didn't get anything with the antenna we had we
bought really expensive stuff to get something going and we spent like 200 300 euros on things and we went to the
roof and got our first signals in the
FFT which is nice cool there's something to decode at least something to work on and if you look at the waterfall we have
TSE our challenge up right now I think the web server is broken but in general you're also looking for signals for example in the water for anyone maybe who has taken part of that has seen these signals crawling through in a waterfall and we have some very slow signals going on here but if you Rea down there quite fast and even if you zoom in a lot I mean you only have like 8 milliseconds long signals and you have to spot them that basically was what took us the most time here you have a
packet it's a preamble just to carry or just some a pure tone in the signal and that's fact but now it's because you can detect that easily and you can just look at the power in the signal and detect the signal and then a part in the packet comes which is unique and we take on that in our tool chain to continue decoding the stuff and here
you can see a little bit of the modulation so you have PPS K and you can see that the blue and the red line they go together and you can an RF signal you can decompose into two components to work with them easily and of course the two components can go differently or can't they can go together if they go together in this case you can transmit less information but it's easier to decode but that's the unique word with your radio and later on the to go in two different directions and that's then it contains a little bit more information that's actually where the data section is located with iridium at the Congress we showed you some set up and we just took an RTL SDR stepped on a low-noise amplifier and got to some antenna from Mauser which is some electronics distributor and put it onto a little metallic plate and that kind of works okay it's lot of you know you have to get these components and you have to solve them together and it's like a big setup so we proofed that stuff a little bit if
you take a nail rtl-sdr and just modify it a little bit and take a GPS antenna active GPS antenna the most cost efficient cost efficient setup you can have we optimize the toolchain also a little bit it's more efficient then you can actually run it on a Raspberry Pi so if you take a recipe by version to put on an LCD display at a battery and an RTL SDR you have your mobile pager system Pedro receiver right there on our wiki let's see and you switch to the web browser
if this is the the wiki of the new CCC
and we have some some comparisons array
of antennas active versus passive which you can get commercial antennas or how to modify GPS antennas it's actually quite easy you basically just remove a filter from a GPS antenna you just open it and then basically all right there's
just a a big filter in the middle voices
and if you remove this filter your GPS
antenna suddenly becomes an active Iridium antenna and with a slight modification on on rtl-sdr which is also
documented in the wiki and it's basically just adding a a small coil and
adding a SMA connector on the side you can get your RTLS you have to supply some power to the to the GPS antenna and you get a very good signal actually out of that stuff so what you can build with just a little metal box and you put the RTL stick in there in a modified GPS antenna it's this thing it's just very small iridium and receiver you just plug it into your notebook or tuck it into an Raspberry Pi and it will give you a quite good signal to receive brilliant pager messages so the system is mobile
and actually did you skip on that oh
yeah and you just had a battery you have
a mobile receiver set up and with right
at camp now like an hour ago we tested different options for receivers so we had the RTL SDR with the active antenna and we had a radio batch with a passive Iridium antenna so just take a radio badge you solo honest SMA connector and you get a Casa Fontana it's just off the shelf iridium antenna you can get them at malls or digi-key or something like that
you just screw this thing on and you get
a really nice reception it's actually a quite good Iridium receiver and even with the on board PCB antenna here you can just use that and still receive satellites iridium satellites actually and we tested it we did let it run for out half an hour and if the PCB antenna you get around 22% of all the packets that you can receive with a proper Iridium antenna and if you just look for example for the ring alert channel you get around 35% of the packets which are accountable that you can also get with a quite good RTL SDR or the noise iridium patch antenna and as the pager message channel is a little bit stronger you get even like 50% of all the messages on the paging channel just with your batch and your onboard antenna so by now you just load your software onto your PC you attach the radio badge and you can start receiving iridium pager messages or other kind of iridium messages so happy hacking with that and sack later on is going to show you how to actually run the tool chain and get something about that stuff and yeah so I'll go over to
sack and he's going to talk a bit more about the software about this picture this is on a plane you can even with the mobile Raspberry Pi version and a battery receive anywhere in the world so we're not going to talk about the software this is also a quick rehash
from the from the from the Congress talk we try to find stuff about the Iridium information and I think this slide is really really great because it's it was on the internet without any thing and this it's Marcus confidential and it said radio on the receiver is probably beyond the reach of all but most to determine the adversaries I kind of like this that if I read something like this I think hmmm maybe I can do it yeah this is some the first packets we
received on iridium where you can see the frequency shift as the satellite goes over your head as it goes towards you the free you see that a higher frequency and the deficit goes away from you you see the lower frequency and this is part of the the reason why the the uranium slide talks about difficulty receiving because when the reading was built like 20 years ago it was difficult to capture this but it was software-defined radio just say ok give me all the frequencies at once and just in the received signal search for the Iridium afterwards the the lines with less incline which are less steep our satellites that are not going directly over you but like the plane next to you over the horizon hello yeah this is when we were decoding stuff and you do the dpsk or QPSK demodulation and get lots of bits and you spend some quite some time staring at it and you see some areas well mostly one and
mostly zero but that didn't help us and we spent quite a lot of time trying to
find out how the information is encoded and this was what last year took us took
us I think three months to find out that a lot of documentation on the internet we found spoke about a codec of K equals seven rate is 3/4 forward error correcting code which was all wrong hand
sending messages with different messages to ourselves we finally found out at one point that is not a not that code but just the T scrambling just put the bits in a different order and then you started to see in this case we sent ourselves a message consisting of peas and you can kind of spot them at the bottom in the message and the there there's some stuff
in between and that is supposedly a checksum and we the first checksum we try it which fit the amount of bits it takes is a BCH checksum which needs a generator polynomial which is a in this case a 12-digit number a binary number which can just be you can just prove false and skip all the math at this and find out that yes indeed this is a BCH checksum with 1897 s generator polynomial and if you know what it's used you find we found one document on the on the internet talking about this kind of checksum yeah also the
each 32 bits are divided into payload and checksum and I on the Congress we
showed more about the bits separate bits but we are further on and the final tool in our tool chain tries to go decode these messages as much as possible these are the Patriot channel messages decoded like the first line is statistics which time it was received and with what confidence our decoder and at what frequency it received it and then you see the L okay means that the lead out the the Patriot channel messages have a fixed fit string at the end of the message which tells you that the packet is complete and you received it correctly and it was okay then there is a another fixed string which tells you okay this is message on the paging channel and there's not much information in it is like the the cell and the spot beam of the satellite that is actually sending it to you and then there is an increasing number which is has to do with the with the latitude of the satellite how high above the equator it is we did not reverse the number two back to the value but it's not an interesting the stuff we found out since Congress as we successfully decoded the Ring a large channel which is partly similar to what GSM does some people from osmocon helped us very much with that and it contains all the usual informations of which satellite it is which cell it is the position where the
satellite currently is like latitude and longitude and the altitude but that's not I don't know which unit this is in the satellites also transmitted in every other packet the position where it's spot theme supposedly hits the earth so you could just use an Iridium receiver to know where on the earth you are because it sends you hey I think you are here if you receive this and then this is a paging message which pages one iridium phone with a timsy of whatever and tells it okay I have a message for you this phone and then this phone this is not for a pager this is for phone and the phone connects back to the to the satellite it says okay I'm here I'm listening give me your message and then the satellite sends its the message on our much narrower beam directly to the phone so you will see lots of paging messages but you will only see majors for messages for that phone if you're really close to it and there's not fully
decoded other packet format which we call data frames and the only thing we know is that there is a link control word which is quite similar to GSM and we can decode and verify that checksum correctly and the rest is still bits that have not been decoded we were trying to do that when we got sidetracked with the radio project so why I skip this so you are probably all want to do it yourself with your radio badge and this is I'm going to give a quick overview of the software we wrote basically you just record the signal in your raw recording your detect where your signal is you cut it out into pieces mix it down to the baseband try the bps keq QPSK demodulation on it get a bit stream and then you need to some parcel decoder to make sense of all those bits to get the messages you saw in previous slide we just recording as depending on what kind of SDR you have every SDR has some kind of command line utility to record streams for the hacker for the radio you use hacker if to transfer tool if you have an RTL SDR you stat line and that the last thing is for use our piece we are all doing that to stand out in this case because later on I'll show you the tool which just doesn't do it was temporary files just usually do is in a pipe so you just started and at the end you get the messages that it just receives the only interesting thing maybe is the the use RP command line has a problem because the user our PD utility also writes some diagnostic messages to standard out and you need some file descriptor trickery to get rid of that so they detect the detector just searches to samples the stream of samples from the SDR and it calculates Ross for F of T each millisecond and tries to look at the F F key and says okay here's a signal because it's more the FFT is higher than in the previous few samples that kotas all you to schneider and then it grabs that chunk of the and passes it on to the next utility it also is able to detect that there is more than one peak at the same time and grab that chunk multiple times so if there are two iridium signals at the same time at different frequencies it can decode it that way this is the
sample picture in the upper picture in the waterfall you see there multiple signals at the same time that's probably because you can see can see multiple satellites at the same time if your setup is sensitive enough you can see neighboring satellites also and then the next utility which grabs that modulated to the baseband and as a filtering step so the signals in you have to signal clear in the middle and the other signals are on a lower level so it can be demo decoded yeah that's it that's
the second utility which uses a fine-grained FFT to find the exact start of the signal because the other utilities further on really like to start at the signal start and don't have any noise in front of it and mixes it down to the basement it also does something which is in theory not necessary it rotates the phase of the signal so the signal also always starts at the same point in in the phase space which is if you use proper code for the demodulation it would not matter but since I wrote it quickly it's necessary at this point yet the modulator is a homegrown QPSK D modulator which just looks at signal and tries to D go to signature symbols it also outputs a confidence rating for each signal for each symbol it decodes so at the end it can say okay I think 99% of those symbols are correct which is a good value and if it starts to drop below 80% you can probably just forget it and throw it away so all these utilities you don't have to call them my hand you use the script called multiprocessing and it requires also the the center frequency at the rate at which you recorded the samples and then you need to try tell it which format the samples are in because the hack RF the 8 rtl-sdr and the use RP all use different type types to represent the samples the hacker of an RTL use both 8-bit but one uses signed and one uses unsigned that doesn't really matter but you need to do it correctly and that outputs the the bit stream of each packet it decodes you could just pipe it to the next utility the parser which tries to make sense of the bits but in reality you might want to just write it to a file so you can look at the bits multiple times if you want to see how there was an interesting message I want to look at it again yeah so that's the that's the parser which which does whatever we know because whatever we already know about the protocol if you want to add something up to about the protocol you need to do it there it has some special modes like - all for output format message which just parses the whole file for pager messages and tries to reassemble them because they are transmitted in in in parts of up to three parts when it throws away all the others there's also some
statistics modes which tell you about the about the packet statistics and not decoding the the rest yeah so this is all the utilities they're all in our
github repository you can call them the the to command lines to start the recording and to start the multi processing that I just showed you will be in readme file shortly after the talk because I had to change something there I will add them there and then you can just use your radio plug it in starters command line and see what what you get here the timeline of our project was we started about a year ago and it took us at least a month to find the signal in the FFT so don't get if you if you try to look at something in SDR don't get discouraged too quickly if you can't even see the signal we knew it had to be there and it kept looking for it and our main problem was that it was a so short and canoe radio was the f50 was too slow to reliably pick it up and then we spent quite some time finding the the encoding and there was the talk there was a osmocon meet up in the end of March where we met some really nice people from osmocon and some of them helped us looking at more of the stuff we spent quite some time trying to give decode disassemble this p chip which had
parts of the iridium formula from a protocol implemented and I can tell you looking at this p disassembly is no fun than some kind of out of order execution that drives you mad and in at May 1st some guy what was his name Peter Peter dumb guy DITA bought raqqa test set somewhere which is test set to test iridium handsets and we had a nice evening nice nice day playing with it sending signals from an Iridium phone to the test set and back so we could get clean traces of via traffic and then look at the test set what it was supposed to send to the handset so we could decode the protocol just match it up and look for a point he also looked at the firmware image of this thing and got even more information about about the checksums for us which we are really grateful for that helped the code process Phylon and I must admit since then we have kind of lingered a bit because we were busy with the radio which was
totally secretly a project to get 4500 iridium receivers into the word yeah we have some statistics about the Pedro message is the same as the Congress the only changes there was one guy in Germany who sent about 16% of all the written pager messages they stopped so if you now listen for Patriot messages you have to wait a bit longer because the amount of messages dropped by his share by 16% yeah there's still more to do if anyone is interested in playing with it there's still more of the protocol to understand there's more services within the Iridium framework like short burst data and raw eggs and the some aircraft communication stuff which we haven't even touched yet that if if anyone wants to join in we would be grateful there's still a lot to do there's a no that's I changed that slide that's from Congress I'm sorry the SDR workshop we we do plan some kind of SDR workshop maybe later today but check the check the wiki for that we have some equipment if you want to play with SDR stuff like a network analyzer and all the code is on github check the link there is still there's a document called the Iridium system specification which would answer a lot of our questions but it's restricted and we could not find it if anyone happens to come across this document we still want it and we will not ask questions and we have our GPG keys down there if you want to send it to you to us and that concludes my part of the talk but we have a live demo I want to just show you how easy it is to receive something and this I have my my own badge with this radium antenna which Schneider bought where did you buy it a cheeky the G key and I the some friendly person soldier than SMA connector to my badge for me because I did not have time to do it
you and just a second
we're good oh I probably need a bigger font
you why doesn't this work you
you you to just use the command line showed you like get the hacker if - I need to turn it on fast to get the sandals and pipe it into there and then we start it and then hopefully the tent is not and then you can get your so these are the first messages these are not decoded just the raw signals and I'm just writing in detail fire we can use a a second terminal window
Oh oh why doesn't the resizing work on this desktop really strange uhh you you I think we were at a half and it's we can wrap out any error messages and these are whatever came down from the from the from the air which are just pager message channels telling the the pagers that everything is okay and
probably that no messages because you see all zeros that no messages are there for any pages currently going down and did I have anything else so this computes our talk thank you we have we have some time for questions if you have any questions now would be the time five okay if you have any questions go to the microphones ask your questions um hello Kaufman hello I'm regarding finding very short signal bursts in the FFT have you tried gr44 no I have been told that I should try it but I did not at the time we started I did not know about it and at the moment I did not have the time to look into it but I was told it was very good for that yeah you should try it you can see like the carrier loading in LTE signals or stuff like that yes T&T did some very good work with GL phosphoric so really great - yes actually we have to thank a lot the Osmo come guys TNT dieter horizon and Steve and they are very helpful and the nice team really great guys I have to say I have to show you this nice antenna that horizon built which is because the rhythm is also a circular polarized is a special made for radium and I think it looks really nice and whoever was at the opening talk probably can't think of a second use for this one questions well your last chance to ask something be courageous come to the microphone ask your questions about uranium then I hope you all have fun with that is someone I have a very very naive and trivial question because I do not know much about this satellite network so you told us there are 66 settler satellites up there and earth what is their date of how many years they are supposed to exist basically how many what do you think could people use it in 10 years or 20 years what you presented here I mean at at the current point as far as I remember most of the satellites are actually past there we wanted to replace them date but as you maybe noticed that iridium went bankrupt some time a few years ago and got bought by some other company which is as far as I can tell mostly the US Department of Defense and they have been talking about iridium next quite a lot which involves sending up new satellites to replace the failing ones but as far as I can tell they I
have still have not sent up any new satellites but they're planning to replace them as they fail if you look at some rendering of the satellites you see at least at one spot there's two satellites really close to each other which is because as far as we know both of the satellites have some kind of defect and they try to keep up the service by having two half functioning satellites next to each other so they're running out of satellites and have to replace them thanks did that answer your question basically yes and so legally is it is it legal to use it I mean you told its DoD in the end but I mean do they care if people use it we are not using it we're just listening to it you can go out and buy a rhythm phone and pay for it use it as a normal satellite phone and that is of course legal I'm not sure if that was with your question you
please when to make a new datian with more interesting things at the congress right yeah we skipped over some of the stuff because we wanted we assumed that maybe you I mean are you going to show even more stuff at the next guy the next Congress yeah we are planning to as we leave the camp at least I am planning to look into more of this iridium stuff and if you find out more interesting stuff we it will be presented at Congress definitely excellent please go ahead yes for our William next they've been talking about it for a long time and they're still talking about it and yeah we are still waiting for them to do anything about it it looks like they are doing some marketing PR and they simply want people to believe it's going to arrive like next year or next year or next year all the time as for internet usage you probably shouldn't spend too much time on it because it's really slow so if we slow and pretty much no one uses it it's too slow to be used you get like a few little bits per second it's unusable for anything which is current okay it depends on your application I mean if you want something which doesn't have a does need a directional antenna doesn't need to look at a specific point in the sky works everywhere then iridium might be your choice or also it depends on there are bundling services where they bundle different channels together so you have a larger bandwidth and I guess it's more a question of the business model at that point and how you sell the stuff yeah definitely I simply meant that you might not see is that many packets you might be in able to reverse-engineer them but
that still might be interesting yeah definitely if you can there is data coming on please from the other side hey guys thank you for the great talk this might be a little bit of a naive question because I don't know anything about it but with a tool chain that you offer is it possible to read the iridium messages in in clear text yes they are not encrypted okay so these are like these examples that you showed us in your live demo these are just normal these are just maintenance messages or informations to pages we did not show any page on messages during this talk okay so basically I just have to wait a
little bit more like longer when a proper message occurs I can decode it right yes okay thanks guys please so now that you've distributed or thousands iridium receivers to all the people here what is
the mechanism by which we all set these up in our hacker spaces and you capture the majority of iridium traffic for the whole planet that's clearly the idea right an antenna and radio with an SMA connector and some computer to run the stuff on a Raspberry Pi 2 is just beefy enough to do it are you going to be running something to collect all of these messages from different locations III I had put my email address on if you sent me an email we can coordinate us we're really interested but we have not built a central collection thing yet because the radios are quite new we have one or two outposts but those are running manually at the point because with this many receivers distributed around the planet surely we could receive at least yeah a large fraction so if you plan to set up like a receiver at your hacker space totally send us an email and we will coordinate the passing of the data and see what interesting things emerge in different regions of the world thank you Thanks please from
this side hello thank you very much now that we have all these badges that have a processor inside have you thought the idea of integrating your code here is it possible does it have the processing power that's a good question so at that point you might be limited by the
processing power on the badge to take up or to pick up the little signals in a complete spectrum I mean what we do under PC is number-crunching the whole thing and just look at okay where's some activity and then just look at this part look at this part look at this part and obviously the original iridium receivers or pagers they tractor satellites attract their frequency and they know exactly when to listen for them so if you create an algorithm to do that I'm pretty sure that the batch is powerful enough to be a standalone Iridium pager yes thank you but not with the current tools please
it's very clear that by basis of the Iridium system they did not think about this being correct at any point is there a realistic of great scenario for them that does not include replacing all hardware on earth the original system is kind of discontinued it's not that easy
to get a new contract for an Iridium pager they are kind of phasing it out there is a short burst data stuff it is much more complex and I suspect there might be some encryption on it we have not looked at it and modern pages they're all standalone things that do internet and paging stuff on it and they use short burst data for everything so they are migrating away from this but there are still a lot of pages out there and I would still expect at any any data and
spirit of iridium is unencrypted unless the handset or the mobile terminal you're using is special and actually it does some encryption but who knows okay thank you and I can interject something if you want to play with your badges we are running also an SDR contest if you look at the radio wiki you'll find a
link to the contest which encourages you to try different things on your radio and run around or to camp at a little bit maybe after the Sun Goes Down you just should all just look into it that's really fun I hope please hey sorry I maybe can add
a little bit of information that might help answer some of the previous questions and regarding service life that's totally correct most of satellites already behind their product life cycles and since the leo system not a GU system unfortunately can replay some one by one we essentially have to replace the entire system next-gen as correctly pointed out before is economically unfeasible at this point in time at least there's no commercial business case those entire sync depends on whether the u.s. DoD will fund it or not in the next in the very near future and at the moment it looks bad and second you had the question about altitude I believe from the numbers I've seen that should be easy altitude in kilometers above sea we wgs84 idealized Earth's model I yeah I think I tried this to plot this once and it did not completely match up but I don't really
remember that Iran 700 kilometers yes yes but it's the numbers had greater variation than I expected them to as the spares do of course fly higher or lower but well different different topic and the last one was yeah right data and one of the previous guys here said correctly
is that hardly anyone uses in normal data service because it delivers only 2.4 kilobits per second um I just might add they are actually only two data services on Iridium's that are worth talking about at this point in time it's either the Maritim version where they use channel bundling to yields at least half way acceptable data rates that you can use for anything if you have continuous stream of data and the other thing is of course SBT short bus date short burst data and that's really used for a lot of things especially free tracking that I think would be something really interesting to look into our future research and about the aircraft traffic stuff we have to talk yes so the the thing is that I mean you have you have to start somewhere and get some idea on how this stuff works and protocol is working
we started with pager messages I mean they're really the simplest thing to get into and they're quite strong and if ever you look into such a system as iridium you get to know a little bit about more of its details and you start to make more sense about the stuff which made no sense before so you have to slowly go forward and poke a little bit around to see where you go and obviously interest is in SPD for sure and we'll have to see where this will lead yes so if mmm it's yeah
yeah your question seems to be on sir so if no one else wants to ask something or have a comment on it then I really would like to thank you guys for this excellent talk you
Loading...
Feedback

Timings

  676 ms - page object

Version

AV-Portal 3.10.1 (444c3c2f7be8b8a4b766f225e37189cd309f0d7f)
hidden