Im mostly active on twitter on handle @uber_security if you want to share experience. I have several related posts using gpssim.
Here some suggestions. Make an small faradaycage that fits the hackrf unit and an gps unit. Use hack_transfeer at say 443mhz (safe band) and send gpssim at that frequency. Use an rtlsdr or like unit and verify _no_ signal get out of the cage. Then test at gps freq keeping things somewhat safe. Try viewing tx as an loaded weapon, and having good rutines are healthy. Ie, I newer have antenna connected while setting up sw etc. Note the legal aspect of jamming. Might I ask you try something simpler like say an jam/replay attack towards carkeys ? Very useful learning before aiming at critical infrastructure ;-) Your ways seems to be "glitch it" and see what's happen, rather that the moral legal stuff. How you going to measure/note results? Find an forum/env to share ideas at least before you try :-) Don't let me moral you down tho. Sendt fra min iPhone > Den 8. nov. 2016 kl. 14.02 skrev Mark Lachniet <m...@lachniet.com>: > > Thank you Ulf and Adam for taking pity on me and giving me so much actionable > advice. I'll give the Kalibrate / PPM adjustment ideas a whirl. > > Geesh, those attenuators are expensive at $45 ea. In the mean time I'll use > the crappiest antenna I can find (or none?) and make sure the amp is turned > off to minimize the chance of an airplane falling on my head. Or maybe my > wife will FINALLY agree to let me Faraday the basement. I must have enough > old tinfoil helmets around to do that by now :) > To get around the cell tower triangulation and crowd-sourced hotspots, even I > wouldn't be so bold as to try to jam them but I do wonder what would happen > to navigation systems if there were an overwhelming number of hotspots and > towers appearing that it couldn't figure out. Like flooding an old switch > with too many MAC addresses, maybe it would just give up on those 2 crutches > and revert to the spoofed signal? Or possibly try to find hotspots that > geolocate to your supposed location and replay those to give it supplemental > false proof? Might be worth trying, though the results would probably vary > by implementation. Might be an interesting test of various code. Who > knows, might find something interesting security-wise. > -Mark > >> On 11/8/2016 6:57 AM, Ulf Bertilsson wrote: >> I use patched hackrf_transfeer that support ppm correction. >> >> Works just fine with gps spoofing. >> >> Sendt fra min iPhone >> >> Den 7. nov. 2016 kl. 23.14 skrev Adam Blanquart <ablanqu...@gmail.com>: >> >>> Mark, >>> >>> The best ones you can find for a low price are, ironically, ones that are >>> synchronized via GPS. Of course, if you're working on spoofing GPS - >>> that's not going to help. The good news is that the HackRF can actually be >>> calibrated via software to increase the accuracy enough to fool _most_ GPS >>> devices. Check out Wang Kang's "kalibrate" for HackRF, it should help you >>> get up and running. Again, this will work for most GPS devices; phones can >>> be a bit trickier since they also use triangulation and crowd-sourced Wifi >>> mapping to establish location. >>> >>> If the software doesn't work out for you - the cheapest way is to attach a >>> more accurate TCXO directly to your HackRF. Check out Takuji Ebinuma's >>> TCXO modification- it's a part of his gps-sdr-sim project, which you can >>> use for the actual spoofing. I've made this modification to my hackRF and >>> it works great! I do have a portapack, however, and had to solder directly >>> to the bottom of the board. It still fits in the case :) >>> >>> As you are probably already aware, you need to VERY careful when spoofing >>> GPS, whitehat or not. It's become such an integral part of our lives that >>> messing with it can have serious consequences. I use a small antenna >>> (linked below) along with a 20dB attenuator. >>> >>> - Adam Blanquart (overflow) >>> >>> Kalibrate for hackRF >>> https://github.com/scateu/kalibrate-hackrf. >>> >>> gpr-sdr-sim >>> https://github.com/osqzss/gps-sdr-sim >>> >>> TCXO mod >>> https://github.com/osqzss/gps-sdr-sim/commit/d8eab7ede71168d131f3803d84d9bf8dbb34f4df >>> >>> Antenna >>> http://www.digikey.com/product-search/en?keywords=TS.07.0113 >>> >>> In-Line 20dB Attenuator: >>> http://www.digikey.com/product-search/en/rf-if-and-rfid/attenuators/3539493?k=H12150-ND >>> >>> That should get you going in the right direction (no pun intended). I got >>> into the SDR world because I was interested in GPS spoofing, so if you have >>> any other questions, feel free to give me a shout... >>> >>> >>> >>>> On Mon, Nov 7, 2016 at 11:00 AM, Mark Lachniet <m...@lachniet.com> wrote: >>>> Who knew it would be so obscure. I guess everyone is using nice desktop >>>> sized clock signal generators? >>>> >>>> I really want one that will run on 12v DC current if possible. >>>> Potentially to make a HackRF/Pineapple/TXCO clock combo that could run on >>>> the 12v of a car after I stuff it in the dashboard out of sight. Maybe >>>> even with a cell phone/CAM+OBDii add-on for remotely fiddling with car >>>> telemetry. It would be hilarious to prank someone so their car shuts down >>>> whenever they get near the local police department and then have their >>>> in-car GPS tell them they were at Starbucks or something. (white hat PoC >>>> of course, no I would never actually do this to anyone in production >>>> except maybe myself in an empty parking lot for yucks) >>>> >>>> -Mark >>>> >>>>> On 11/7/2016 12:10 PM, Kevin Maxson wrote: >>>>> I bought two of them. Neither worked. The seller didn't speak much >>>>> English, couldn't give me specs, couldn't tell me a pin out. They offered >>>>> to refund $8 of my $35. >>>>> >>>>> You want them? All yours. >>>>> >>>>> ./kevin >>>>> 📱 >>>>> >>>>> On Nov 7, 2016, at 10:58 AM, justin.broos <justin.br...@gmail.com> wrote: >>>>> >>>>>> Ebay, Amazon have one that ultimately ships from some Chinese >>>>>> manufacturer off of aliexpress / alibaba . The plug in module is $20 >>>>>> iirc. The description claims to output a 1ppm 10mhz source but no info >>>>>> about the tcxo is listed so who knows; I have equipment at work that >>>>>> could measure but don't have the knowledge of setting it up. If you do >>>>>> opt for this route, it would be interesting to know if the module works >>>>>> as advertised as I'm still on the fence to buy it . >>>>>> >>>>>> >>>>>> >>>>>> Sent from my T-Mobile 4G LTE Device >>>>>> >>>>>> -------- Original message -------- >>>>>> From: Mark Lachniet <m...@lachniet.com> >>>>>> Date: 11/3/16 13:04 (GMT-07:00) >>>>>> To: hackrf-dev@greatscottgadgets.com >>>>>> Subject: [Hackrf-dev] Current, reasonably priced external clock? >>>>>> >>>>>> Hello all, my apologies for asking a question that I know has been asked >>>>>> in months past, but it has been long enough that there might be new >>>>>> options, and some of the previous answers seemed more towards >>>>>> development than plug-n-play. >>>>>> >>>>>> I'm very new to SDR (and radio in general) and just learning the ropes. >>>>>> I was trying to do a PoC on the GPS spoofing using my HackRF and had >>>>>> limited success. I got my Nuvi to >>>>>> lock in randomly a little bit but no >>>>>> real love. I read that another person needed the external clock in >>>>>> order to get good results. I'd like >>>>>> to buy a simple and inexpensive one >>>>>> that is fairly plug-n-play. Can anyone recommend a specific model and >>>>>> vendor to purchase from that doesn't require such tasks as soldering? >>>>>> >>>>>> I've got a nice long list of other questions but as I'm new and ignorant >>>>>> I'll hold onto those for a while on the off chance I can figure them out >>>>>> and appear less needy in the long run :) >>>>>> >>>>>> Thank you for your time and consideration, >>>>>> Mark >>>>>> >>>>>> _______________________________________________ >>>>>> HackRF-dev mailing list >>>>>> HackRF-dev@greatscottgadgets.com >>>>>> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev >>>>>> _______________________________________________ >>>>>> HackRF-dev mailing list >>>>>> HackRF-dev@greatscottgadgets.com >>>>>> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev >>>> >>>> >>>> _______________________________________________ >>>> HackRF-dev mailing list >>>> HackRF-dev@greatscottgadgets.com >>>> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev >>>> >>> >>> >>> >>> -- >>> ADAM BLANQUART | ablanqu...@gmail.com | >>> _______________________________________________ >>> HackRF-dev mailing list >>> HackRF-dev@greatscottgadgets.com >>> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev >> >> >> _______________________________________________ >> HackRF-dev mailing list >> HackRF-dev@greatscottgadgets.com >> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev > > _______________________________________________ > HackRF-dev mailing list > HackRF-dev@greatscottgadgets.com > https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
_______________________________________________ HackRF-dev mailing list HackRF-dev@greatscottgadgets.com https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
