WEBVTT
99:59:59.999 --> 99:59:59.999
silent 30C3 preroll titles
99:59:59.999 --> 99:59:59.999
applause
99:59:59.999 --> 99:59:59.999
Travis Goodspeed: First I need to apologize
for typesetting this in OpenOffice.
99:59:59.999 --> 99:59:59.999
I know that the text looks
like a ransome note.
99:59:59.999 --> 99:59:59.999
But that's what happens
when you don't use LaTex.
99:59:59.999 --> 99:59:59.999
I'd also like to give a shoutout call,
Mallnarf (?) is here, and our
99:59:59.999 --> 99:59:59.999
Dinosaur rock band.
laughs, applause
99:59:59.999 --> 99:59:59.999
We are a Christian rock band - we are
called 'Jesus lives in the ISS', and
99:59:59.999 --> 99:59:59.999
we know that he's always watching us,
but we think that it's easier for him
99:59:59.999 --> 99:59:59.999
to hear our prayers when he's, you
know, in an orbit that passes over us.
99:59:59.999 --> 99:59:59.999
So we need this orbital tracking
to know when to pray!
99:59:59.999 --> 99:59:59.999
As I'm sure you can guess I'm not
recognized as a legal minority religion
99:59:59.999 --> 99:59:59.999
in Germany. I'd also like to thank Skytee
and Fabienne (?)(?)(?) and Adami Lori
99:59:59.999 --> 99:59:59.999
and Jim (?)(?)(?) for some
prior satellite tracking work,
99:59:59.999 --> 99:59:59.999
and the skuby crew (?) at Dartmouth
College for all sorts of fun
99:59:59.999 --> 99:59:59.999
whenever I bounce out there.
This is the mission patch
99:59:59.999 --> 99:59:59.999
of the Southern Appalachians Space Agency.
99:59:59.999 --> 99:59:59.999
applause and cheers
99:59:59.999 --> 99:59:59.999
This was drawn by Scot Biben and there are
a few pieces of my people's native culture
99:59:59.999 --> 99:59:59.999
that I need to point out here. On the
right the little Dinosaur type thing
99:59:59.999 --> 99:59:59.999
with it's finger going out, you might
call him E.T. but we call these things
99:59:59.999 --> 99:59:59.999
'buggers'. They're like this tall, and
they're green and that's why the man
99:59:59.999 --> 99:59:59.999
on the left has a shotgun.
laughter
99:59:59.999 --> 99:59:59.999
Because he doesn't want to be abducted.
You got a satellite dish in the middle,
99:59:59.999 --> 99:59:59.999
and it's sitting on sinter blocks because
that's also a piece of my people's
99:59:59.999 --> 99:59:59.999
native culture. There's a moonshine still
in the background. That's kind of like
99:59:59.999 --> 99:59:59.999
Waldcubbet (?) You make it at home, and
from corn. And then there's the mountain...
99:59:59.999 --> 99:59:59.999
A piece, it looks like there are snowpeaks
on those mountain tops. But our mountains
99:59:59.999 --> 99:59:59.999
aren't tall enough to have snow. These are
actually that we've blown off the leads
99:59:59.999 --> 99:59:59.999
in the mountains, for coal mining.
Which is another piece of my people's
99:59:59.999 --> 99:59:59.999
native culture. And at the top, in space
you can see the ISS, and you can see
99:59:59.999 --> 99:59:59.999
a banana, and you can see what I think is
a bulb. This is to signify space trash.
99:59:59.999 --> 99:59:59.999
I mean there's a lot of stuff up there.
And, you know' it's symbolism that matters
99:59:59.999 --> 99:59:59.999
in these things, you know? At BerlinSides,
in May of 2012 I did a lecture on
99:59:59.999 --> 99:59:59.999
reverse engineering the SPOT Connect. The
SPOT Connect is a litte hockey puck type thing
99:59:59.999 --> 99:59:59.999
– this is what it looks like. And these
things are great. It weighs a bit more
99:59:59.999 --> 99:59:59.999
than your cell phone, but it runs off of
a couple of batteries, it connects
99:59:59.999 --> 99:59:59.999
to your phone via Bluetooth. Originally
these were emergency locator beacons.
99:59:59.999 --> 99:59:59.999
So if you're going hiking...
Have any of you seen the movie where
99:59:59.999 --> 99:59:59.999
the guy has to cut off his arm with a dull
knife? If you're hiking and you don't want
99:59:59.999 --> 99:59:59.999
allow you to tweet, and make Facebook posts.
laughs, laughter
99:59:59.999 --> 99:59:59.999
the same experience, you buy one of these
things. And then there's an emergency button
99:59:59.999 --> 99:59:59.999
you can push, that transmits your GPS
coordinates via satellite to rescue workers.
99:59:59.999 --> 99:59:59.999
But that was boring, so they had to add
social media. laughs, laughter
99:59:59.999 --> 99:59:59.999
So in addition to keeping you from chewing
off your own arm this device will also
99:59:59.999 --> 99:59:59.999
The idea is as you're running – here I'm
crossing the Schuylkill River in Philadelphia
99:59:59.999 --> 99:59:59.999
and the Android phone on the left is
making a post. And I did an article
99:59:59.999 --> 99:59:59.999
on reverse-engineering the Bluetooth
side of these things. Because... I use
99:59:59.999 --> 99:59:59.999
a weird brand of phone that Microsoft
killed off, and I'm terribly bitter about it.
99:59:59.999 --> 99:59:59.999
But I also figured out the physical layer.
And that's what this diagram shows.
99:59:59.999 --> 99:59:59.999
This transmits 1.6125 GHz. And it
sends a pseudo-random stream, so
99:59:59.999 --> 99:59:59.999
each one of these zeros is a long chunk
where it's bouncing back and forth
99:59:59.999 --> 99:59:59.999
between 2 different frequencies And
the same for the ones. But the way
99:59:59.999 --> 99:59:59.999
that the pattern works is that it switches
the signal whenever it is going from
99:59:59.999 --> 99:59:59.999
the 0 signal to the 1 signal. And
internally, there are these little pops
99:59:59.999 --> 99:59:59.999
that you can actually identify on
a Software Defined Radio recording.
99:59:59.999 --> 99:59:59.999
And this is how you can reverse-engineer
the signal that the SPOT Connect is
99:59:59.999 --> 99:59:59.999
sending up to its satellite network.
99:59:59.999 --> 99:59:59.999
Everything is clear text on this.
And it's completely unencrypted.
99:59:59.999 --> 99:59:59.999
It just has your serial number, your GPS
coordinates, and a bit of ASCII text.
99:59:59.999 --> 99:59:59.999
If you listen on this frequency and you
have the correct recording software
99:59:59.999 --> 99:59:59.999
you can actually watch all of the SPOT
Connect messages that are transmitting up
99:59:59.999 --> 99:59:59.999
from your location. And this would be
great except that this is designed for
99:59:59.999 --> 99:59:59.999
hiking in areas where there's no cell
phone service. So having an antenna
99:59:59.999 --> 99:59:59.999
on the uplink frequency is kind of
useless. You know you would actually
99:59:59.999 --> 99:59:59.999
have to go out to a national park, find
some guy who is about to chew his arm off,
99:59:59.999 --> 99:59:59.999
and then you could listen to his uplink
where he is like tweeting: "Hey I'm gonna
99:59:59.999 --> 99:59:59.999
chew my arm off", you know?
laughter
99:59:59.999 --> 99:59:59.999
So that's great as a proof of concept,
but it's not really anything practical.
99:59:59.999 --> 99:59:59.999
The current state of that was that I knew
the protocol and I could sniff the uplinks.
99:59:59.999 --> 99:59:59.999
But I wanted to sniff the downlinks. So
it's easy for me to get the thing that
99:59:59.999 --> 99:59:59.999
goes up to the satellite. But what I wanted
was what comes down from the satellite.
99:59:59.999 --> 99:59:59.999
And that requires a satellite dish. But
a geo-stationary dish isn't good enough
99:59:59.999 --> 99:59:59.999
because the satellites that run this
network – there are a lot of them,
99:59:59.999 --> 99:59:59.999
it's called the Globalstar network.
They fly really low across the earth,
99:59:59.999 --> 99:59:59.999
and they fly across the earth in very
tight, very fast orbits. So they move
99:59:59.999 --> 99:59:59.999
from horizon to horizon in 15 to 20
minutes. Which means that you either need
99:59:59.999 --> 99:59:59.999
like a sweat shop army of kids trying to
aim the satellite dish as it's going across.
NOTE Paragraph
99:59:59.999 --> 99:59:59.999
Or you need to make
it computer-controlled.
99:59:59.999 --> 99:59:59.999
Stepping back from the SPOT Connect for
a little bit, and discussing some prior research.
99:59:59.999 --> 99:59:59.999
Adam Laurie did some work with
geostationary satellites. These are
99:59:59.999 --> 99:59:59.999
the satellites that stay in one position
in the sky. He gave 2 sets of talks
99:59:59.999 --> 99:59:59.999
– one in 2008 and the second in 2010.
And he used a DVB-S card connected
NOTE Paragraph
99:59:59.999 --> 99:59:59.999
to a satellite dish with a diseqc motor,
so that it could move the satellite dish
99:59:59.999 --> 99:59:59.999
left and right, in order to scan a region
of the horizon. His tool is publicly
99:59:59.999 --> 99:59:59.999
available, it's called satmap. You
can grab it at this URL. And then
99:59:59.999 --> 99:59:59.999
after he finds a signal, he has a feed
scanner. Normally when you use
99:59:59.999 --> 99:59:59.999
Satellite TV you provider gives you
a listing of the frequencies, and
99:59:59.999 --> 99:59:59.999
your provider gives you an exact orbital
position to aim your satellite dish at.
99:59:59.999 --> 99:59:59.999
But Adam's tool allows you to scan to see
which frequencies are in use, and which
99:59:59.999 --> 99:59:59.999
protocols are in use, once you've correctly
aimed your dish. And he also describes
99:59:59.999 --> 99:59:59.999
a technique for moving your dish left and
right while doing this in order to identify
99:59:59.999 --> 99:59:59.999
where the satellites are. This recording
here is from a re-implementation
99:59:59.999 --> 99:59:59.999
that I made of Adam's work, in order to
catch up with it. In this diagram the x-axis
99:59:59.999 --> 99:59:59.999
shows the azimuth, that shows how far left
or right my satellite dish has moved.
99:59:59.999 --> 99:59:59.999
And then the y-axis shows the frequency.
And all of these dots are strong signals.
99:59:59.999 --> 99:59:59.999
So every vertical bar in which you see
chunks of frequencies, that's a satellite.
99:59:59.999 --> 99:59:59.999
But these stay in the same position. So
it's easy for me to repeat this experiment.
99:59:59.999 --> 99:59:59.999
It's easy for me to re-run it, and to find
the same satellites in the same position.
99:59:59.999 --> 99:59:59.999
It's easy to debug this. But it can't move
in elevation. This diagram is actually
99:59:59.999 --> 99:59:59.999
a very small slice of the sky. We're
looking at a single line, maybe
99:59:59.999 --> 99:59:59.999
10 degrees across. Maybe only 5 degrees
across. So hacking Ku-band
99:59:59.999 --> 99:59:59.999
– the television satellites – has the
advantage that you can use cheap
99:59:59.999 --> 99:59:59.999
standardized hardware. I bought one of
these DVB-S cards in Mauerpark, in Berlin
99:59:59.999 --> 99:59:59.999
for 3 Euro. You can use standardized
disecq motors, you can buy them at
99:59:59.999 --> 99:59:59.999
a satellite TV shop. TV signals come with
video feeds, so you can actually see
99:59:59.999 --> 99:59:59.999
pictures. There was a scandal ca.
4..5 years ago, where they were finding
99:59:59.999 --> 99:59:59.999
drone [control] feeds that were being
bounced across these satellites.
99:59:59.999 --> 99:59:59.999
In the nineties it was very popular to
listen to the sort of unedited sections
99:59:59.999 --> 99:59:59.999
of interviews, when people would be
interviewed over a satellite, before
99:59:59.999 --> 99:59:59.999
Skype and such things became options.
And there are also networking signals here
99:59:59.999 --> 99:59:59.999
using TCP/IP packets. So you can actually
turn your DVB-S card into promiscuous
99:59:59.999 --> 99:59:59.999
ethernet adapter, and start sniffing
all of the traffic that comes across.
99:59:59.999 --> 99:59:59.999
This is also a great way to get free
downlink bandwidth. Because you can just
99:59:59.999 --> 99:59:59.999
flood packets at an address that, you know,
will be routed to you, or several addresses,
99:59:59.999 --> 99:59:59.999
and then you sniff it out as the legitimate
receiver ignores them. But it also has
99:59:59.999 --> 99:59:59.999
some disadvantages. It only works with
geostationary satellites. If the satellite
99:59:59.999 --> 99:59:59.999
is not staying in the same position
relative to the ground then you can't
99:59:59.999 --> 99:59:59.999
track it. Your dish also moves very
slowly. And it only moves left and right.
99:59:59.999 --> 99:59:59.999
It won't move up and down. And you're
limited to standardized signals.
99:59:59.999 --> 99:59:59.999
While it's great that you get video and
TCP/IP you're never going to get anything
99:59:59.999 --> 99:59:59.999
weird. You're not gonna get any mobile
data, you're not going to get any
99:59:59.999 --> 99:59:59.999
Brazilian truck-drivers – we will get to
those in a bit. laughs
99:59:59.999 --> 99:59:59.999
I misspoke, you actually will get Brazilian
truck-drivers in this. So I bought
99:59:59.999 --> 99:59:59.999
a satellite dish. One of the best things
about living in America is that you can
99:59:59.999 --> 99:59:59.999
buy industrial hardware cheap as dirt
on ebay. I know things aren't likely
99:59:59.999 --> 99:59:59.999
used to being a cat XXXX by human children
anymore. But this satellite dish here
99:59:59.999 --> 99:59:59.999
on the left – the one in the radome –
that's my dish. And to the right,
99:59:59.999 --> 99:59:59.999
that's the boat that it came from.
99:59:59.999 --> 99:59:59.999
applause
99:59:59.999 --> 99:59:59.999
This came from a military ship.
But the dish itself is also available
99:59:59.999 --> 99:59:59.999
for civilian use on very large yachts. The
dish itself is a Felcom 81 and it was
99:59:59.999 --> 99:59:59.999
intended for use with a network called
Inmarsat. Imarsat allows for
99:59:59.999 --> 99:59:59.999
telephone connections, and also data
connections when you're on a boat.
99:59:59.999 --> 99:59:59.999
So if the crew wants to call home
or wants to go to AOL Keywords
99:59:59.999 --> 99:59:59.999
or whatever was popular back when
this was common they could do that.
99:59:59.999 --> 99:59:59.999
And the dish was desgined to sit
at the very top of a ships' mast.
99:59:59.999 --> 99:59:59.999
The reason why is that at the top of
the mast there aren't any obstructions
99:59:59.999 --> 99:59:59.999
– it has a clear view of the sky in all
directions. But there's a complication
99:59:59.999 --> 99:59:59.999
with being on the top of the mast. Which
is that the ship is rocking beneath you
99:59:59.999 --> 99:59:59.999
and you're moving more than the rest the
ship. So they have stepper motors for
99:59:59.999 --> 99:59:59.999
azimuth, elevation and tilt. And then
they have spinning gyroscopes.
99:59:59.999 --> 99:59:59.999
Back before the iPhone there was this dark,
dark time when gyroscopes actually spun.
99:59:59.999 --> 99:59:59.999
And this is the sort of gyroscope that
it has. It actually has 4 of them so
99:59:59.999 --> 99:59:59.999
that it can measure its movement. And then
it has a control computer. So the idea is
99:59:59.999 --> 99:59:59.999
that the dish itself can be moved while
remaining absolutely stable with regard to
99:59:59.999 --> 99:59:59.999
the gyroscopes. So it compensates for
the rocking of the ship beneath it as it's
99:59:59.999 --> 99:59:59.999
targeting a stationary satellite.
In America this costs 250 Dollars, but
99:59:59.999 --> 99:59:59.999
it's electronics equipment. So while you
think that would only be a 180 Euro
99:59:59.999 --> 99:59:59.999
it's more like 2500. And that's before
import duties and it being impounded.
99:59:59.999 --> 99:59:59.999
We also have this lovely culture in which
people love excuses to use their trucks.
99:59:59.999 --> 99:59:59.999
So the guy that I bought this from offered
to deliver it to my home from the 200 dollars.
99:59:59.999 --> 99:59:59.999
It was an 11 hour drive. But if you wanted
this you'd have to bring it back in your
99:59:59.999 --> 99:59:59.999
carry-on luggage, and it could be awkward.
I got this dish and I decided I had to do
99:59:59.999 --> 99:59:59.999
something with it. So I created the
Southern Appalachians Space Agency.
99:59:59.999 --> 99:59:59.999
I'm from the state of Tennessee, formerly
known as the State of Franklin until
99:59:59.999 --> 99:59:59.999
North Carolina invaded us. It's ok,
I know Europeans suck at history.
99:59:59.999 --> 99:59:59.999
laughs
laughter
99:59:59.999 --> 99:59:59.999
Now I'm trying to think of how to show
you on a map where Tennessee is
99:59:59.999 --> 99:59:59.999
without having a map but, you know, it's
okay I know you suck at geography and
99:59:59.999 --> 99:59:59.999
we forget (?)
99:59:59.999 --> 99:59:59.999
From audience: It's very
near Texas, to the north.
99:59:59.999 --> 99:59:59.999
Travis: Texas is our first colony. But
it's actually a decent drive to the east.
99:59:59.999 --> 99:59:59.999
Due east (?). You don't
actually have to go anyways.
99:59:59.999 --> 99:59:59.999
So what I did was I took these motors
which were designed to be able to move
99:59:59.999 --> 99:59:59.999
the satellite dish to compensate
for the rocking the ship and
99:59:59.999 --> 99:59:59.999
I re-purposed them to track through
the sky while the ground is stable.
99:59:59.999 --> 99:59:59.999
We don't have very many earthquakes in
Tennessee. The last one that we had
99:59:59.999 --> 99:59:59.999
made rivers run the wrong direction. But
it's okay – it's a geography thing. So
99:59:59.999 --> 99:59:59.999
this allows me to track things that
are moving through the sky. But it
99:59:59.999 --> 99:59:59.999
doesn't actually matter where they're
moving in the sky because that's
99:59:59.999 --> 99:59:59.999
just a software problem. So in addition to
tracking objects that are in low-earth orbit
99:59:59.999 --> 99:59:59.999
by a software patch I can also track things
that are in deep space. It's not much harder
99:59:59.999 --> 99:59:59.999
to track deep space probes or stars than
it is to track items in low-earth orbit.
99:59:59.999 --> 99:59:59.999
And then I added a software defined radio
which allows me to record a signal now
99:59:59.999 --> 99:59:59.999
and demodulate it later. Which is necessary
if you intend to reverse-engineer a signal.
99:59:59.999 --> 99:59:59.999
Because a lot of the downlinks from these
satellites are completely non... completely
99:59:59.999 --> 99:59:59.999
undocumented. And being able to tune in to
the right frequency is only half of it.
99:59:59.999 --> 99:59:59.999
You also need a recording of sufficient
quality that you can reverse-engineer
99:59:59.999 --> 99:59:59.999
after the fact. We are sort of spoiled by
software defined radios. When doing
99:59:59.999 --> 99:59:59.999
software defined radio work we usually
have a very good signal to work from.
99:59:59.999 --> 99:59:59.999
So having high quality signals for later
reverse-engineering is necessary.
99:59:59.999 --> 99:59:59.999
I really wanted to be able to identify
undocumented downlinks for low-earth orbit
99:59:59.999 --> 99:59:59.999
in the same way that we already do this
for geo-stationary orbit, using tools
99:59:59.999 --> 99:59:59.999
like the ones that Adam Loria and Jin XXX
made. So I built a software framework
99:59:59.999 --> 99:59:59.999
as a collection of Python daemons. And
these run across a home area network
99:59:59.999 --> 99:59:59.999
in my house. There's a Beaglebone inside
of the Radome. And an x86 server
99:59:59.999 --> 99:59:59.999
in the house. Or AMD64, whatever the kids
call it these days. And then I used Postgres
99:59:59.999 --> 99:59:59.999
for coordination. So that all of these
daemons can talk to each other without...
99:59:59.999 --> 99:59:59.999
without me really caring which machine
they're on. So for maintenance I can have
99:59:59.999 --> 99:59:59.999
my laptop pretending to be the dish,
99:59:59.999 --> 99:59:59.999
and can have stepper motors on my desk,
and I can watch them spin, and I can even
99:59:59.999 --> 99:59:59.999
make a model of the dish and swap these
components in and out without the rest of
99:59:59.999 --> 99:59:59.999
the network being confused. This also
allows for sequal (?) injec... attacks to
99:59:59.999 --> 99:59:59.999
physically move my dish. Which is why the
Sassin (?) network is not on one of those
99:59:59.999 --> 99:59:59.999
fancy WEB 2.0 things. Because of you could
inject, say, update targets at Namical's (?)
99:59:59.999 --> 99:59:59.999
Voyager 1. Then my dish would physically
move and start tracking Voyager 1
99:59:59.999 --> 99:59:59.999
through the sky. Voyager 2 doesn't
actually come into the sky because of
99:59:59.999 --> 99:59:59.999
my position in the Northern hemisphere.
So, it's okay, I know you suck at geography.
99:59:59.999 --> 99:59:59.999
But Voyager 1 is going up, and Voyager 2
is going down. There's a Realtek
99:59:59.999 --> 99:59:59.999
Software Defined Radio for the radio
reception. Although these things
99:59:59.999 --> 99:59:59.999
are garbage. So I'm in the process of
replacing this for the HackRF. There's
99:59:59.999 --> 99:59:59.999
also an EiBot board for motor control.
We'll get back to that in a minute.
99:59:59.999 --> 99:59:59.999
And there's an Inertial Measurement Unit
from Vectornerve (?) which actually measures
99:59:59.999 --> 99:59:59.999
using the fancy MEMS gyroscopes and
a MEMS compass how I'm moving.
99:59:59.999 --> 99:59:59.999
This isn't accurate enough to target the
dish, so instill (?) the counting steps
99:59:59.999 --> 99:59:59.999
to move the dish. But it is accurate
enough to tell me when my belts
99:59:59.999 --> 99:59:59.999
have broken. Or when I'm up
against the physical obstruction.
99:59:59.999 --> 99:59:59.999
This is skytee helping me out with the
dish. He's zip-tying it. Because, you know
99:59:59.999 --> 99:59:59.999
we know everything about duct tape where
I come from, but we know nothing
99:59:59.999 --> 99:59:59.999
about zip ties. So I had to bring in
a German engineer.
99:59:59.999 --> 99:59:59.999
laughter
99:59:59.999 --> 99:59:59.999
We call him a Gerry wigger (?) but, you know...
99:59:59.999 --> 99:59:59.999
This is the satellite dish itself. And you
can sort of see in this photograph
99:59:59.999 --> 99:59:59.999
where we've strapped on the equipment.
There's like an embillica (?) cord. Or more
99:59:59.999 --> 99:59:59.999
like a spinal column that actually runs up
the back of the dish. So we just added
99:59:59.999 --> 99:59:59.999
new cables onto that line. And then
zip-tied them in place. And skytee came up
99:59:59.999 --> 99:59:59.999
with all these crazy ideas like that
we should use chains and zip-ties
99:59:59.999 --> 99:59:59.999
to make sure that the cables don't tear
themselves out. And that worked
99:59:59.999 --> 99:59:59.999
tremendoudly well in practice. So, as this
thing spins around by the original design
99:59:59.999 --> 99:59:59.999
there's a ring connector that all of the
signals go through. That all of the
99:59:59.999 --> 99:59:59.999
networking goes through. That all of the
rest goes through. And that worked
99:59:59.999 --> 99:59:59.999
in the nineties because it had no reason
to send anything faster than 9600 baud.
99:59:59.999 --> 99:59:59.999
But with the modern signals going across
it - I need 100MBit/s or even GB ethernet.
99:59:59.999 --> 99:59:59.999
That's not enough. I need more than
2 wires. So there's a cable that comes
99:59:59.999 --> 99:59:59.999
across it, and then I rely on the
software to keep it from wrapping
99:59:59.999 --> 99:59:59.999
that cable around itself. So it can only
move, say, 400 degrees around.
99:59:59.999 --> 99:59:59.999
But that's still more than a full circle.
So by stopping halfway and moving back
99:59:59.999 --> 99:59:59.999
I can prevent it from getting stacked (?).
We've got the Beaglebone on the left,
99:59:59.999 --> 99:59:59.999
in the middle there's a USB hub, and
on the right is the motor controller.
99:59:59.999 --> 99:59:59.999
The Beaglebone runs Debian Linux. And
takes care of sending the software defined
99:59:59.999 --> 99:59:59.999
radio recordings over the network. It also
takes care of updating the motor positions
99:59:59.999 --> 99:59:59.999
to be the ones that the database declares
should be current. The stepper motors
99:59:59.999 --> 99:59:59.999
themselves are the originals that the dish
was designed with. And they're running
99:59:59.999 --> 99:59:59.999
to an EiBot Board. The EiBot board was
intended for plotting on Easter eggs
99:59:59.999 --> 99:59:59.999
laughs
I feel, you know... is that neat?
99:59:59.999 --> 99:59:59.999
laughs
applause
99:59:59.999 --> 99:59:59.999
So you can actually aim a satellite dish
that's as tall as you are, with of these
99:59:59.999 --> 99:59:59.999
fancy motors using less sophisticated
equipment than what's used
99:59:59.999 --> 99:59:59.999
in a 3D printer. Don't panic, though.
It's a hell of a lot more reliable
99:59:59.999 --> 99:59:59.999
than a 3D printer. But we needed
some sort of backup. In addition
99:59:59.999 --> 99:59:59.999
to the inertial measurement unit telling
us when the device had snagged itself.
99:59:59.999 --> 99:59:59.999
It would also help to have a visual
queue. Because the satellite dish
99:59:59.999 --> 99:59:59.999
sits in Tennessee, and while I love my
home town, and, you know I'm very
99:59:59.999 --> 99:59:59.999
proud of being Tennesseean it's also
a long way to travel when you need
99:59:59.999 --> 99:59:59.999
to re-orient the dish. Using an
accelerometer it's easy enough
99:59:59.999 --> 99:59:59.999
to correct the elevation. Because you can
use the accelerometer as a level, and
99:59:59.999 --> 99:59:59.999
you can use that to tell how high up the
dish is pointing, at an absolute scale.
99:59:59.999 --> 99:59:59.999
But the compass isn't very accurate. So
instead, as a backup we have a webcam
99:59:59.999 --> 99:59:59.999
that's taped to the top. Taping
is my people's native culture.
99:59:59.999 --> 99:59:59.999
We have it taped to the top, and then
it's pointing backwards. So this gives us
99:59:59.999 --> 99:59:59.999
like a rear view camera, from the
dish's position. So as the dish sits
99:59:59.999 --> 99:59:59.999
inside of its radome... - junk cars in the XXX
are also my people's native tradition!
99:59:59.999 --> 99:59:59.999
So the dish sits there next to my
brother's Toyota Supra. And that thing,
99:59:59.999 --> 99:59:59.999
you know, that thing flies as soon as it
gets an engine put back in it. So it is -
99:59:59.999 --> 99:59:59.999
sits there and it's moving. But externally
you can't see where it is. Which means
99:59:59.999 --> 99:59:59.999
that I can't call my family in Tennessee
and blackmail them into - yet again -
99:59:59.999 --> 99:59:59.999
looking at my dish to tell where it's
pointed. There are bolts that hold this
99:59:59.999 --> 99:59:59.999
down. It takes half an hour to remove the
lid, another half an hour to put it back on.
99:59:59.999 --> 99:59:59.999
So instead we took the radome...
that's Frank, he's my cat.
99:59:59.999 --> 99:59:59.999
Give a "Cheers!" for Frank!
99:59:59.999 --> 99:59:59.999
applause and cheers
99:59:59.999 --> 99:59:59.999
Yeah, we had such a great time with Frank.
And we never knew that she was pregnant.
99:59:59.999 --> 99:59:59.999
If you happen to need kittens and wanna
pay the custom's fees I'll hook you up!
99:59:59.999 --> 99:59:59.999
So then we took tape and ran tape down the
edges of the radome, and then marked it.
99:59:59.999 --> 99:59:59.999
So from the markings you can tell
which clock position the back
99:59:59.999 --> 99:59:59.999
of the satellite dish is pointing at. So
if you point the dish towards 12:00
99:59:59.999 --> 99:59:59.999
you know that you're roughly at 6:00,
so you know that it's pointing South.
99:59:59.999 --> 99:59:59.999
And then you can sort of scan the sky
for a stationary target, and navigate
99:59:59.999 --> 99:59:59.999
off of that, to recover your position.
Software-wise... Remember,
99:59:59.999 --> 99:59:59.999
the whole thing runs through Postgres,
so I just tunnel the Postgres over SSH,
99:59:59.999 --> 99:59:59.999
and then I wrote a Python client that
displays the satellite positions and
99:59:59.999 --> 99:59:59.999
the satellite state in PiGame (?). This is
intended for making those games (?)
99:59:59.999 --> 99:59:59.999
really see the rabbit. And the rabbit
jumps on the other rabbit. But it... works!
99:59:59.999 --> 99:59:59.999
And it works perfectly well enough
to target the dish. Because all that
99:59:59.999 --> 99:59:59.999
this software has to do is plot the
positions of the satellites, and
99:59:59.999 --> 99:59:59.999
give orders back to the database when
I click on a satellite, or click on a position.
99:59:59.999 --> 99:59:59.999
It can also display stars. So the red
items are satellites which are not selected.
99:59:59.999 --> 99:59:59.999
The green item is Ghost3 (?) which is
the satellite that I'm targeting. And then
99:59:59.999 --> 99:59:59.999
the white items are stars in the sky. Now
this is a plot in which the azimuth is
99:59:59.999 --> 99:59:59.999
on the X axis, and the elevation is on the
Y axis. But I can also arrange it into
99:59:59.999 --> 99:59:59.999
a polar plot. Which sort of gives me an
upside-down view of the satellite dish
99:59:59.999 --> 99:59:59.999
looking at the sky. I doubt you can read
it, but just above the green circle
99:59:59.999 --> 99:59:59.999
in the center, that's Polaris which is the
North star. It's also weird because,
99:59:59.999 --> 99:59:59.999
you know, working on this, you know,
I thought that I got really good at astronomy
99:59:59.999 --> 99:59:59.999
until I realized that I only knew what the
stars looked like during the day.
99:59:59.999 --> 99:59:59.999
laughter
laughs
99:59:59.999 --> 99:59:59.999
And it being PiGame (?) you can actually
run it on a mobile device. So the same client
99:59:59.999 --> 99:59:59.999
that runs on my laptop can also run
on my Nokia N900. laughs
99:59:59.999 --> 99:59:59.999
applause
99:59:59.999 --> 99:59:59.999
A significant portion of the GUI client for
this was written while stuck on the U-Bahn,
99:59:59.999 --> 99:59:59.999
connected over 3G, SSH through, and just
using emacs on the phone. laughter
99:59:59.999 --> 99:59:59.999
laughs
applause
99:59:59.999 --> 99:59:59.999
If you're one of those people who needs to
complain about the N900 being too old,
99:59:59.999 --> 99:59:59.999
it also runs on the N9. And then,
99:59:59.999 --> 99:59:59.999
you can take the data out of this, and run it through scientific software. In addition of the software defined radio recordings themselves being dumped out to a text file or a binary file on disk you can also dump out things like the received signal strength indicators (RSSI). So this is a screenshot in which I'm identifying different satellites that I've seen in the sky. Based upon their downlink signal peaks. You can see the noise floor there, at the bottom, and then there's a rather strong signal on the left. And a weaker neverware (?) signal on the right.
99:59:59.999 --> 99:59:59.999
The daemons that build this up... you need an orbit prediction daemon.
99:59:59.999 --> 99:59:59.999
Because you need to know where the satellites are, and where they're going, and where they will be by the time you get to them. You need to update the orbits themselves.
99:59:59.999 --> 99:59:59.999
LEO satellites are described in TLE files. These are called 'Two Line Entry'. And they're called Two Line Entry because they're three lines long. laughter
99:59:59.999 --> 99:59:59.999
But this format isn't incredibly accurate for satellites that correct their orbit. So you need a daemon that grounds the new files from spacetrack and this is just a matter of a recursive
99:59:59.999 --> 99:59:59.999
you also need motor control because you need to move the dish physically to
99:59:59.999 --> 99:59:59.999
and then you need radio daemons to
99:59:59.999 --> 99:59:59.999
and then after that you start to take software recorderings of that
99:59:59.999 --> 99:59:59.999
So for orbit prediction i began with a DOS program that had been ported to Unix called predict. This works but it's garbage. It only supports 20 stars
99:59:59.999 --> 99:59:59.999
because it's designed for astronomy photographers that want to take pictures of things
99:59:59.999 --> 99:59:59.999
because otherwise you have to set an alarm clock for the half-hour pass where you can record them.
99:59:59.999 --> 99:59:59.999
So i managed to track every single item in geostat orbit this thick ring here is the clarke-bell of all geostationary satellites as viewed from my northern hemisphere [?]
99:59:59.999 --> 99:59:59.999
All IPC is running through this PostreSQL
99:59:59.999 --> 99:59:59.999
you then send it simple commands, like SM,3000,500,-400
99:59:59.999 --> 99:59:59.999
And then it will count that out, and send me back an OK. If i want to disable the motors, i'll send them em,0,0
99:59:59.999 --> 99:59:59.999
EM,1,1 will enable both motors in 1/16s
99:59:59.999 --> 99:59:59.999
You can see the motors themselves with the belts and the geartrains. This thing on the right would probably be illegal for me to turn on
99:59:59.999 --> 99:59:59.999
The belts and stuff need to be measured to figure out what the reduction is
99:59:59.999 --> 99:59:59.999
the IMU unit , this vectornav vn100 is a
99:59:59.999 --> 99:59:59.999
it costs 500$ which was more than all of the other components together.
99:59:59.999 --> 99:59:59.999
Now for position calculation, the elevation itself comes from the IMU. The azimuth
99:59:59.999 --> 99:59:59.999
so the accelerometer will drift while the compass will be confused by the magnetic fields while the
99:59:59.999 --> 99:59:59.999
and the IMU will be come of a backup how to make it reliable, but at the moment the position
99:59:59.999 --> 99:59:59.999
The radio daomens. The first is a spectrum analyzer. It just measures the strength of the frequency
99:59:59.999 --> 99:59:59.999
the downlink recorder dumps the IQ values
99:59:59.999 --> 99:59:59.999
directly to an NFS share.
99:59:59.999 --> 99:59:59.999
Client GUI is PyGame
99:59:59.999 --> 99:59:59.999
Also notes these faint blue lines are positions where i saw particularly strong signals
99:59:59.999 --> 99:59:59.999
I'm running out of time by these markers. Does this mean we skip Q&A or that I get kicked off of stage?
99:59:59.999 --> 99:59:59.999
It takes SDR, it can provide maps of used different satellites in the sky.
99:59:59.999 --> 99:59:59.999
I'd also like to make other ground stations. The software that I wrote should be portable
99:59:59.999 --> 99:59:59.999
Another way that you can do it, the way that it's traditionally done to track stationary satellites is with a YAGI antenna
99:59:59.999 --> 99:59:59.999
This is my van, my van is amazing. applause
99:59:59.999 --> 99:59:59.999
Thanks to nick farr. I had a bit to much too drink in
99:59:59.999 --> 99:59:59.999
But you want a news-van. And I said Hell yes, I want a news van!
99:59:59.999 --> 99:59:59.999
But most importantly, it does SECAM
99:59:59.999 --> 99:59:59.999
This is the control panel,
and that's my talk!
99:59:59.999 --> 99:59:59.999
applause
99:59:59.999 --> 99:59:59.999
Herald: Thank you so much. There
actually is time for Q&A now.
99:59:59.999 --> 99:59:59.999
Travis: Well, first I'd like to introduce
you to my cat. If we could go back
99:59:59.999 --> 99:59:59.999
to the prior image. This is Frank! We
didn't know it at that time, but
99:59:59.999 --> 99:59:59.999
Frank was not dead when this picture was
taken. If you'd like kittens get in touch.
99:59:59.999 --> 99:59:59.999
Okay. Are there any questions?
99:59:59.999 --> 99:59:59.999
Question: Great talk. What's the most
interesting signal you decoded so far?
99:59:59.999 --> 99:59:59.999
Travis: At the moment I'm sort of stuck
at the L band range. Because of filters
99:59:59.999 --> 99:59:59.999
that I have yet to remove. So everything
gets attenuated, and becomes annoyingly
99:59:59.999 --> 99:59:59.999
quiet outside of the 1.5..1.6 -ish range.
The Globalstar network is what I'm most
99:59:59.999 --> 99:59:59.999
interested in targeting next. I cam't wait
to see what people are tweeting
99:59:59.999 --> 99:59:59.999
while they should be enjoying nature.
99:59:59.999 --> 99:59:59.999
Herald: Is there a question
from the internet?
99:59:59.999 --> 99:59:59.999
Signal Angel: Yeah, the internet has
many questions. So first one was:
99:59:59.999 --> 99:59:59.999
Is there really no authentication or
encryption on the Q band IP services?
99:59:59.999 --> 99:59:59.999
So you can just spoof at will? And can the
birds see the physical leakage and of
99:59:59.999 --> 99:59:59.999
the source accurately enough to find who
is spoofing?
99:59:59.999 --> 99:59:59.999
Travis: I'm not an expert in Ku band. The...
for the downlink the bird has no clue
99:59:59.999 --> 99:59:59.999
as to the location of the dish. Because
you're only listening. They can roughly
99:59:59.999 --> 99:59:59.999
figure out your geographic area because...
they need to figure out where
99:59:59.999 --> 99:59:59.999
the spot beam is going. So they might know
whether you're in, say, Germany or
99:59:59.999 --> 99:59:59.999
in France. But they won't know whether
you're in Heidelberg or Mannheim.
99:59:59.999 --> 99:59:59.999
They do have forms of authentication for
many satellite networks. Satellite TV
99:59:59.999 --> 99:59:59.999
is one of the best-protected network
services. Because of the satellite wars
99:59:59.999 --> 99:59:59.999
in the 90's. In which TV pirates would
fight back and forth with smart card
99:59:59.999 --> 99:59:59.999
designers. But there are also many
unencrypted links. And there are...
99:59:59.999 --> 99:59:59.999
because of standard protocols those
are particularly easy to find in Ku band.
99:59:59.999 --> 99:59:59.999
Question: You've been talking about
using RTLSDR from osmocom.
99:59:59.999 --> 99:59:59.999
And you were talking about your spectrum
analysis program. Is this one working
99:59:59.999 --> 99:59:59.999
with RTLSDR?
99:59:59.999 --> 99:59:59.999
Travis: So... RTLSDR... so I'm using
the RTLSDR not the osmo-sdr.
99:59:59.999 --> 99:59:59.999
Which are separate. The spectrum
analyzer is working with the RTLSDR.
99:59:59.999 --> 99:59:59.999
My complaint about the RTLSDR is that
when you have a strong signal next to
99:59:59.999 --> 99:59:59.999
a weak signal the weak signal is
utterly useless for interpretation.
99:59:59.999 --> 99:59:59.999
Question: Okay. Thank you.
99:59:59.999 --> 99:59:59.999
Herald: Another question
from the internet?
99:59:59.999 --> 99:59:59.999
Signal Angel: Okay, next question from the
internet is: how do you record the radio signal
99:59:59.999 --> 99:59:59.999
from the dish, at what sampling rate?
99:59:59.999 --> 99:59:59.999
Travis: The RTLSDR samples at 2 million
samples per second. As soon as I switch it
99:59:59.999 --> 99:59:59.999
over to the HackRF, well, we're having
20 million samples per second.
99:59:59.999 --> 99:59:59.999
The sampling rate can be reduced once
the bandwidth of the signal is known.
99:59:59.999 --> 99:59:59.999
For radio (?) storage. And the recordings
can also be compressed.
99:59:59.999 --> 99:59:59.999
But it's still a hell of a lot of storage.
99:59:59.999 --> 99:59:59.999
Herald: Any other questions?
99:59:59.999 --> 99:59:59.999
Signal Angel: The internet
has more questions...
99:59:59.999 --> 99:59:59.999
Herald: Okay...
99:59:59.999 --> 99:59:59.999
Signal Angel: Did you look into obtaining
a capacity of IBAN with copper (?), as used
99:59:59.999 --> 99:59:59.999
for the rotary gentries in CT scanners?
Those can apparently transmit contactless
99:59:59.999 --> 99:59:59.999
several GBytes per
second, bi-directionally.
99:59:59.999 --> 99:59:59.999
Travis: I've not looked into those.
It seemed better to have an Umbellaco (?)
99:59:59.999 --> 99:59:59.999
cable and to be careful not to snap it.
99:59:59.999 --> 99:59:59.999
The whole thing was done for a budget
of less than 2000 Dollars, and can be
99:59:59.999 --> 99:59:59.999
recreated for less than a budget of 1000
[Dollars]. And they... so we tried to avoid
99:59:59.999 --> 99:59:59.999
fancy parts. The local radio shack loved
us because we'd swing in and buy all sorts
99:59:59.999 --> 99:59:59.999
of crazy stuff. As soon as we told them
that we wanted the satellite dish to
99:59:59.999 --> 99:59:59.999
dance Gangnam style...
laughs
99:59:59.999 --> 99:59:59.999
laughter
99:59:59.999 --> 99:59:59.999
Thank you Carnaugh(?)
99:59:59.999 --> 99:59:59.999
applause
99:59:59.999 --> 99:59:59.999
silent postroll titles
99:59:59.999 --> 99:59:59.999
subtitles created by c3subtitles.de
in the year 2017. Join, and help us!