Thank you Ulf and Adam for taking pity on me and giving me so much
actionable advice. I'll give the Kalibrate / PPM adjustment ideas a whirl.
Geesh, those attenuators are expensive at $45 ea. In the mean time I'll
use the crappiest antenna I can find (or none?) and make sure the amp is
turned off to minimize the chance of an airplane falling on my head. Or
maybe my wife will FINALLY agree to let me Faraday the basement. I must
have enough old tinfoil helmets around to do that by now :)
To get around the cell tower triangulation and crowd-sourced hotspots,
even I wouldn't be so bold as to try to jam them but I do wonder what
would happen to navigation systems if there were an overwhelming number
of hotspots and towers appearing that it couldn't figure out. Like
flooding an old switch with too many MAC addresses, maybe it would just
give up on those 2 crutches and revert to the spoofed signal? Or
possibly try to find hotspots that geolocate to your supposed location
and replay those to give it supplemental false proof? Might be worth
trying, though the results would probably vary by implementation. Might
be an interesting test of various code. Who knows, might find something
interesting security-wise.
-Mark
On 11/8/2016 6:57 AM, Ulf Bertilsson wrote:
I use patched hackrf_transfeer that support ppm correction.
Works just fine with gps spoofing.
Sendt fra min iPhone
Den 7. nov. 2016 kl. 23.14 skrev Adam Blanquart <[email protected]
<mailto:[email protected]>>:
Mark,
The best ones you can find for a low price are, ironically, ones that
are synchronized via GPS. Of course, if you're working on spoofing
GPS - that's not going to help. The good news is that the HackRF can
actually be calibrated via software to increase the accuracy enough
to fool _most_ GPS devices. Check out Wang Kang's "kalibrate" for
HackRF, it should help you get up and running. Again, this will work
for most GPS devices; phones can be a bit trickier since they also
use triangulation and crowd-sourced Wifi mapping to establish location.
If the software doesn't work out for you - the cheapest way is to
attach a more accurate TCXO directly to your HackRF. Check out
Takuji Ebinuma's TCXO modification- it's a part of his gps-sdr-sim
project, which you can use for the actual spoofing. I've made this
modification to my hackRF and it works great! I do have a portapack,
however, and had to solder directly to the bottom of the board. It
still fits in the case :)
As you are probably already aware, you need to VERY careful when
spoofing GPS, whitehat or not. It's become such an integral part of
our lives that messing with it can have serious consequences. I use
a small antenna (linked below) along with a 20dB attenuator.
- Adam Blanquart (overflow)
Kalibrate for hackRF
https://github.com/scateu/kalibrate-hackrf
<https://github.com/scateu/kalibrate-hackrf>.
gpr-sdr-sim
https://github.com/osqzss/gps-sdr-sim
TCXO mod
https://github.com/osqzss/gps-sdr-sim/commit/d8eab7ede71168d131f3803d84d9bf8dbb34f4df
Antenna
http://www.digikey.com/product-search/en?keywords=TS.07.0113
<http://www.digikey.com/product-search/en?keywords=TS.07.0113>
In-Line 20dB Attenuator:
http://www.digikey.com/product-search/en/rf-if-and-rfid/attenuators/3539493?k=H12150-ND
That should get you going in the right direction (no pun intended).
I got into the SDR world because I was interested in GPS spoofing, so
if you have any other questions, feel free to give me a shout...
On Mon, Nov 7, 2016 at 11:00 AM, Mark Lachniet <[email protected]
<mailto:[email protected]>> wrote:
Who knew it would be so obscure. I guess everyone is using nice
desktop sized clock signal generators?
I really want one that will run on 12v DC current if possible.
Potentially to make a HackRF/Pineapple/TXCO clock combo that
could run on the 12v of a car after I stuff it in the dashboard
out of sight. Maybe even with a cell phone/CAM+OBDii add-on for
remotely fiddling with car telemetry. It would be hilarious to
prank someone so their car shuts down whenever they get near the
local police department and then have their in-car GPS tell them
they were at Starbucks or something. (white hat PoC of course, no
I would never actually do this to anyone in production except
maybe myself in an empty parking lot for yucks)
-Mark
On 11/7/2016 12:10 PM, Kevin Maxson wrote:
I bought two of them. Neither worked. The seller didn't speak
much English, couldn't give me specs, couldn't tell me a pin
out. They offered to refund $8 of my $35.
You want them? All yours.
./kevin
📱
On Nov 7, 2016, at 10:58 AM, justin.broos
<[email protected] <mailto:[email protected]>> wrote:
Ebay, Amazon have one that ultimately ships from some Chinese
manufacturer off of aliexpress / alibaba . The plug in module
is $20 iirc. The description claims to output a 1ppm 10mhz
source but no info about the tcxo is listed so who knows; I
have equipment at work that could measure but don't have the
knowledge of setting it up. If you do opt for this route, it
would be interesting to know if the module works as advertised
as I'm still on the fence to buy it .
Sent from my T-Mobile 4G LTE Device
-------- Original message --------
From: Mark Lachniet <[email protected] <mailto:[email protected]>>
Date: 11/3/16 13:04 (GMT-07:00)
To: [email protected]
<mailto:[email protected]>
Subject: [Hackrf-dev] Current, reasonably priced external clock?
Hello all, my apologies for asking a question that I know has
been asked
in months past, but it has been long enough that there might be
new
options, and some of the previous answers seemed more towards
development than plug-n-play.
I'm very new to SDR (and radio in general) and just learning
the ropes.
I was trying to do a PoC on the GPS spoofing using my HackRF
and had
limited success. I got my Nuvi to lock in randomly a little
bit but no
real love. I read that another person needed the external
clock in
order to get good results. I'd like to buy a simple and
inexpensive one
that is fairly plug-n-play. Can anyone recommend a specific
model and
vendor to purchase from that doesn't require such tasks as
soldering?
I've got a nice long list of other questions but as I'm new and
ignorant
I'll hold onto those for a while on the off chance I can figure
them out
and appear less needy in the long run :)
Thank you for your time and consideration,
Mark
_______________________________________________
HackRF-dev mailing list
[email protected]
<mailto:[email protected]>
https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
<https://pairlist9.pair.net/mailman/listinfo/hackrf-dev>
_______________________________________________
HackRF-dev mailing list
[email protected]
<mailto:[email protected]>
https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
<https://pairlist9.pair.net/mailman/listinfo/hackrf-dev>
_______________________________________________
HackRF-dev mailing list
[email protected]
<mailto:[email protected]>
https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
<https://pairlist9.pair.net/mailman/listinfo/hackrf-dev>
--
ADAM BLANQUART | [email protected] <mailto:[email protected]> |
_______________________________________________
HackRF-dev mailing list
[email protected]
<mailto:[email protected]>
https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
_______________________________________________
HackRF-dev mailing list
[email protected]
https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
_______________________________________________
HackRF-dev mailing list
[email protected]
https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
