9:59:59.000,9:59:59.000
silent 30C3 preroll titles
9:59:59.000,9:59:59.000
applause
9:59:59.000,9:59:59.000
Travis Goodspeed: First I need[br]to apologize for typesetting this
9:59:59.000,9:59:59.000
in OpenOffice. I know that the[br]text looks like a ransome note.
9:59:59.000,9:59:59.000
But that’s what happens[br]when you don’t use LaTex.
9:59:59.000,9:59:59.000
I’d also like to give a shoutout[br]call, mallnarf (?) is here,
9:59:59.000,9:59:59.000
and our Dinosaur rock band.
9:59:59.000,9:59:59.000
laughs, applause
9:59:59.000,9:59:59.000
We’re a Christian rock band – we’re[br]called ‘Jesus lives in the ISS’ and
9:59:59.000,9:59:59.000
we know that he is always watching us,[br]but we think that it’s easier for him
9:59:59.000,9:59:59.000
to hear our prayers when[br]he’s, you know, in an orbit
9:59:59.000,9:59:59.000
that passes over us. So we need to use[br]orbital tracking to know when to pray!
9:59:59.000,9:59:59.000
laughter
9:59:59.000,9:59:59.000
As I’m sure you can guess I’m not[br]recognized as a legal minority religion
9:59:59.000,9:59:59.000
in Germany. I’d also like to thank skytee
9:59:59.000,9:59:59.000
and Fabienne Serrière and Adam Laurie
9:59:59.000,9:59:59.000
and Jim Geovedi for some[br]prior satellite tracking work,
9:59:59.000,9:59:59.000
and the scooby crew (?) at Dartmouth[br]College for all sorts of fun
9:59:59.000,9:59:59.000
whenever I bounce out there.[br]This is the mission patch
9:59:59.000,9:59:59.000
of the Southern Appalachian[br]Space Agency (SASA).
9:59:59.000,9:59:59.000
applause and cheers
9:59:59.000,9:59:59.000
This was drawn by Scot Biben (?) and there are[br]a few pieces of my people’s native culture
9:59:59.000,9:59:59.000
that I need to point out here. On the[br]right the little Dinosaur type thing
9:59:59.000,9:59:59.000
with his finger going out, you might[br]call him E.T. but we call these things
9:59:59.000,9:59:59.000
‘buggers’. They are like this tall, and[br]they are green and that’s why the man
9:59:59.000,9:59:59.000
on the left has a shotgun.[br]laughter
9:59:59.000,9:59:59.000
Because he doesn’t want to be abducted.[br]You got a satellite dish in the middle
9:59:59.000,9:59:59.000
and it’s sitting on sinter blocks because[br]that’s also a piece of my people’s
9:59:59.000,9:59:59.000
native culture. There’s a moonshine[br]still in the background.
9:59:59.000,9:59:59.000
That’s kind of like Waldcubbet (?), you[br]make it at home and from corn.
9:59:59.000,9:59:59.000
And then there’s the mountain… a piece,[br]it looks like there are snowpeaks
9:59:59.000,9:59:59.000
on those mountain tops. But our mountains[br]aren’t tall enough to have snow.
9:59:59.000,9:59:59.000
These are actually that we’ve blown off[br]the lids of the mountains for coal mining.
9:59:59.000,9:59:59.000
Which is another piece of[br]my people’s native culture.
9:59:59.000,9:59:59.000
And at the top, in space you can see[br]the ISS, and you can see a banana,
9:59:59.000,9:59:59.000
and you can see what I think is a bulb.[br]This is to signify space trash.
9:59:59.000,9:59:59.000
I mean there’s a lot of stuff up there.[br]And, you know it’s symbolism that matters
9:59:59.000,9:59:59.000
in these things, you know?
9:59:59.000,9:59:59.000
At BerlinSides, in May of 2012
9:59:59.000,9:59:59.000
I did a lecture on reverse[br]engineering the SPOT Connect.
9:59:59.000,9:59:59.000
The SPOT Connect is a litte[br]hockey puck type thing
9:59:59.000,9:59:59.000
– this is what it looks like.[br]And these things are great.
9:59:59.000,9:59:59.000
It weighs a bit more than your cell phone[br]but it runs off of a couple of batteries,
9:59:59.000,9:59:59.000
it connects to your phone by Bluetooth.
9:59:59.000,9:59:59.000
Originally these were emergency locator[br]beacons. So if you’re going hiking…
9:59:59.000,9:59:59.000
have any of you seen the movie where[br]the guy has to cut off his arm
9:59:59.000,9:59:59.000
with a dull knife? If you’re hiking and[br]you don’t want that same experience
9:59:59.000,9:59:59.000
you buy one of these things. And[br]then there’s an emergency button
9:59:59.000,9:59:59.000
you can push that transmits your[br]GPS coordinates by satellite
9:59:59.000,9:59:59.000
to rescue workers. But that was boring,[br]so they had to add social media.
9:59:59.000,9:59:59.000
laughs, laughter
9:59:59.000,9:59:59.000
So in addition to keeping you[br]from chewing off your own arm
9:59:59.000,9:59:59.000
this device will also allow you to[br]tweet and make Facebook posts.
9:59:59.000,9:59:59.000
laughs, laughter
9:59:59.000,9:59:59.000
The idea is that as you’re running…[br]here I’m crossing the Schuylkill River
9:59:59.000,9:59:59.000
in Philadelphia and the Android[br]phone on the left is making a post.
9:59:59.000,9:59:59.000
And I did an article on reverse-[br]engineering the Bluetooth side
9:59:59.000,9:59:59.000
of these things. Because… I use a weird[br]brand of phone that Microsoft killed off,
9:59:59.000,9:59:59.000
and I’m terribly bitter about it. But[br]I also figured out the physical layer.
9:59:59.000,9:59:59.000
And that’s what this diagram shows.[br]This transmits at 1.6125 GHz.
9:59:59.000,9:59:59.000
And it sends a pseudo-random stream, so[br]each one of these zeros is a long chunk
9:59:59.000,9:59:59.000
where it’s bouncing back and forth[br]between 2 different frequencies.
9:59:59.000,9:59:59.000
And the same for the ones.[br]But the way that the pattern works
9:59:59.000,9:59:59.000
is that it switches the signal whenever[br]it is going from the 0 signal
9:59:59.000,9:59:59.000
to the 1 signal. And internally, there are[br]these little pops that you can actually
9:59:59.000,9:59:59.000
identify on a Software Defined Radio[br]recording. And this is how you can
9:59:59.000,9:59:59.000
reverse-engineer the signal that[br]the SPOT Connect is sending up
9:59:59.000,9:59:59.000
to its satellite network.
9:59:59.000,9:59:59.000
Everything is clear text on this.[br]And it’s completely unencrypted.
9:59:59.000,9:59:59.000
It just has your serial number, your GPS[br]coordinates, and a bit of ASCII text.
9:59:59.000,9:59:59.000
So if you listen on this frequency and[br]you have the correct recording software
9:59:59.000,9:59:59.000
you can actually watch all of the SPOT[br]Connect messages that are transmitting
9:59:59.000,9:59:59.000
up from your location. And this would be[br]great except that this is designed for
9:59:59.000,9:59:59.000
hiking in areas where there’s no cell[br]phone service. So having an antenna
9:59:59.000,9:59:59.000
on the uplink frequency is kind of[br]useless. You know you would actually
9:59:59.000,9:59:59.000
have to go out to a national park, find[br]some guy who is about to chew his arm off,
9:59:59.000,9:59:59.000
and then you could listen to his uplink[br]where he is like tweeting: “Hey, I’m gonna
9:59:59.000,9:59:59.000
chew my arm off”, you know?[br]laughter
9:59:59.000,9:59:59.000
So that’s great as a proof of concept[br]but it’s not really anything practical.
9:59:59.000,9:59:59.000
The current state of that was that I knew[br]the protocol and I could sniff the uplinks.
9:59:59.000,9:59:59.000
But I wanted to sniff the downlinks. So[br]it’s easy for me to get the thing that
9:59:59.000,9:59:59.000
goes up to the satellite. But what I wanted[br]was what comes down from the satellite.
9:59:59.000,9:59:59.000
And that requires a satellite dish. But[br]a geo-stationary dish isn’t good enough
9:59:59.000,9:59:59.000
because the satellites that run this[br]network – there are a lot of them,
9:59:59.000,9:59:59.000
it’s called the Globalstar network,[br]they fly really low across the earth,
9:59:59.000,9:59:59.000
and they fly across the earth in very[br]tight, very fast orbits. So they’ll move
9:59:59.000,9:59:59.000
from horizon to horizon in 15 to 20[br]minutes. Which means that you either need
9:59:59.000,9:59:59.000
like a sweat shop army of kids[br]trying to aim the satellite dish
9:59:59.000,9:59:59.000
as it’s going across or you need[br]to make it computer-controlled.
9:59:59.000,9:59:59.000
Stepping back from the SPOT[br]Connect for a little bit, and
9:59:59.000,9:59:59.000
discussing some prior research.[br]Adam Laurie did some work
9:59:59.000,9:59:59.000
with geostationary satellites.[br]These are the satellites that stay
9:59:59.000,9:59:59.000
in one position in the sky.[br]He gave two sets of talks
9:59:59.000,9:59:59.000
– one in 2008 and the second in[br]2010. And he used a DVB-S card
9:59:59.000,9:59:59.000
connected to a satellite dish with[br]a diseqc motor, so that it could move
9:59:59.000,9:59:59.000
the satellite dish left and right in order[br]to scan a region of the horizon.
9:59:59.000,9:59:59.000
His tool is publicly available,[br]it’s called satmap.
9:59:59.000,9:59:59.000
You can grab it at this URL.
9:59:59.000,9:59:59.000
And then after he finds a signal he has[br]a feed scanner. Normally when you use
9:59:59.000,9:59:59.000
Satellite TV you provider gives you[br]a listing of the frequencies, and
9:59:59.000,9:59:59.000
your provider gives you an exact orbital[br]position to aim your satellite dish at.
9:59:59.000,9:59:59.000
But Adam’s tool allows you to scan to[br]see which frequencies are in use and
9:59:59.000,9:59:59.000
which protocols are in use, once[br]you’ve correctly aimed your dish.
9:59:59.000,9:59:59.000
And he also describes a technique[br]for moving your dish left and right
9:59:59.000,9:59:59.000
while doing this in order to[br]identify where the satellites are.
9:59:59.000,9:59:59.000
This recording here is from[br]a re-implementation that I made
9:59:59.000,9:59:59.000
of Adam’s work, in order to[br]catch up with it. In this diagram
9:59:59.000,9:59:59.000
the x-axis – because you move left[br]and right – that shows the azimuth,
9:59:59.000,9:59:59.000
that shows how far left or right my[br]satellite dish has moved. And then
9:59:59.000,9:59:59.000
the y-axis shows the frequency. And[br]all of these dots are strong signals.
9:59:59.000,9:59:59.000
So every vertical bar in which you see[br]chunks of frequencies, that’s a satellite.
9:59:59.000,9:59:59.000
But these stay in the same position. So[br]it’s easy for me to repeat this experiment.
9:59:59.000,9:59:59.000
It’s easy for me to re-run it, and to find[br]the same satellites in the same position.
9:59:59.000,9:59:59.000
It’s easy to debug this.[br]But it can’t move in elevation.
9:59:59.000,9:59:59.000
This diagram is actually[br]a very small slice of the sky.
9:59:59.000,9:59:59.000
We’re looking at a single line,[br]maybe 10 degrees across.
9:59:59.000,9:59:59.000
Maybe only 5 degrees across.
9:59:59.000,9:59:59.000
So hacking Ku-band – the television[br]satellites – has the advantage
9:59:59.000,9:59:59.000
that you can use cheap standardized[br]hardware. I bought one of these DVB-S cards
9:59:59.000,9:59:59.000
in Mauerpark, in Berlin for 3 Euro. You[br]can use standardized disecq motors,
9:59:59.000,9:59:59.000
you can buy them at a satellite TV shop.
9:59:59.000,9:59:59.000
TV signals come with video feeds[br]so you can actually see pictures.
9:59:59.000,9:59:59.000
There was a scandal about 4..5 years[br]ago where they were finding
9:59:59.000,9:59:59.000
drone [control] feeds that were being[br]bounced across these satellites.
9:59:59.000,9:59:59.000
In the nineties it was very popular to[br]listen to the sort of unedited sections
9:59:59.000,9:59:59.000
of interviews, when people would[br]be interviewed over a satellite,
9:59:59.000,9:59:59.000
before Skype and such[br]things became options. And
9:59:59.000,9:59:59.000
there are also networking signals here[br]using TCP/IP packets. So you can actually
9:59:59.000,9:59:59.000
turn your DVB-S card into[br]a promiscuous ethernet adapter,
9:59:59.000,9:59:59.000
and start sniffing all of the traffic that[br]comes across. This is also a great way
9:59:59.000,9:59:59.000
to get free downlink bandwidth. Because[br]you can just flood packets at an address
9:59:59.000,9:59:59.000
that, you know, will be routed to[br]you, or several addresses, and
9:59:59.000,9:59:59.000
then you sniff it out as the[br]legitimate receiver ignores them.
9:59:59.000,9:59:59.000
But it also has some disadvantages. It[br]only works for geostationary satellites.
9:59:59.000,9:59:59.000
If the satellite is not staying in the[br]same position relative to the ground
9:59:59.000,9:59:59.000
then you can’t track it. Your[br]dish also moves very slowly.
9:59:59.000,9:59:59.000
And it only moves left and right.[br]It won’t move up and down.
9:59:59.000,9:59:59.000
And you’re limited to standardized[br]signals. So while it’s great that you get
9:59:59.000,9:59:59.000
video and TCP/IP you’re never[br]going to get anything weird.
9:59:59.000,9:59:59.000
You’re not gonna get any mobile[br]data, you’re not going to get any
9:59:59.000,9:59:59.000
Brazilian truck-drivers – we'll[br]get to those in a bit. laughs
9:59:59.000,9:59:59.000
I misspoke, you actually will get[br]Brazilian truck-drivers in this.
9:59:59.000,9:59:59.000
So I bought a satellite dish. One of the[br]best things about living in America is
9:59:59.000,9:59:59.000
that you can buy industrial[br]hardware cheap as dirt on ebay.
9:59:59.000,9:59:59.000
I know things aren't likely used to being[br]a cat bite to (?)(?) human children anymore.
9:59:59.000,9:59:59.000
But this satellite dish here on[br]the left – the one in the radome –
9:59:59.000,9:59:59.000
that's my dish. And to the right,[br]that's the boat that it came from.
9:59:59.000,9:59:59.000
applause[br]laughs
9:59:59.000,9:59:59.000
This came from a military ship.[br]But the dish itself is also available
9:59:59.000,9:59:59.000
for civilian use on very large yachts.
9:59:59.000,9:59:59.000
The dish itself is a Felcom 81 and it[br]was intended for use with a network
9:59:59.000,9:59:59.000
called Inmarsat. Inmarsat allows[br]for telephone connections,
9:59:59.000,9:59:59.000
and also data connections when you're on[br]a boat. So if the crew wants to call home
9:59:59.000,9:59:59.000
or wants to go to AOL Keywords
9:59:59.000,9:59:59.000
or whatever was popular back when[br]this was common they could do that.
9:59:59.000,9:59:59.000
And the dish was designed to sit[br]at the very top of a ship's mast.
9:59:59.000,9:59:59.000
The reason why is that at the top of[br]the mast there aren't any obstructions
9:59:59.000,9:59:59.000
– it has a clear view of the sky in all[br]directions. But there's a complication
9:59:59.000,9:59:59.000
with being on the top of the mast. Which[br]is that the ship is rocking beneath you
9:59:59.000,9:59:59.000
and you're moving more[br]than the rest the ship.
9:59:59.000,9:59:59.000
So they have stepper motors[br]for azimuth, elevation and tilt.
9:59:59.000,9:59:59.000
And then they have spinning gyroscopes.[br]Back before the iPhone there was
9:59:59.000,9:59:59.000
this dark, dark time when[br]gyroscopes actually spun.
9:59:59.000,9:59:59.000
And this is the sort of gyroscope that[br]it has. It actually has 4 of them so
9:59:59.000,9:59:59.000
that it can measure its movement.
9:59:59.000,9:59:59.000
And then it has a control computer. So the[br]idea is that the dish itself can be moved
9:59:59.000,9:59:59.000
while remaining absolutely stable[br]with regard to the gyroscopes.
9:59:59.000,9:59:59.000
So it compensates for the rocking of[br]the ship beneath it as it's targeting
9:59:59.000,9:59:59.000
a stationary satellite.[br]In America this costs 250 dollars
9:59:59.000,9:59:59.000
but it's electronics equipment, so while[br]you think that would only be a 180 Euro
9:59:59.000,9:59:59.000
it's more like 2500. And that's before[br]import duties and it being impounded.
9:59:59.000,9:59:59.000
We also have this lovely culture in which[br]people love excuses to use their trucks.
9:59:59.000,9:59:59.000
So the guy that I bought this from offered[br]to deliver it to my home for only $200.
9:59:59.000,9:59:59.000
It was an 11-hour drive.
9:59:59.000,9:59:59.000
But if you wanted this you'd have to[br]bring it back in your carry-on luggage
9:59:59.000,9:59:59.000
and that could be awkward.
9:59:59.000,9:59:59.000
I got this dish and I decided I had[br]to do something with it. So I created
9:59:59.000,9:59:59.000
the Southern Appalachian Space Agency.[br]I'm from the state of Tennessee,
9:59:59.000,9:59:59.000
formerly known as the State of Franklin[br]until North Carolina invaded us.
9:59:59.000,9:59:59.000
It's ok, I know Europeans suck at history.
9:59:59.000,9:59:59.000
laughs[br]laughter and applause
9:59:59.000,9:59:59.000
Now I'm trying to think of how to show[br]you on a map where Tennessee is
9:59:59.000,9:59:59.000
without having a map. But, you know, it's[br]okay, I know you suck at geography
9:59:59.000,9:59:59.000
and will forget it soon (?)
9:59:59.000,9:59:59.000
From audience: It's very[br]near Texas, to the north.
9:59:59.000,9:59:59.000
Travis: Texas is our first colony. But[br]it's actually a decent drive to the east.
9:59:59.000,9:59:59.000
Due east (?). You don't[br]actually have to go it anyways.
9:59:59.000,9:59:59.000
So what I did was I took these motors[br]which were designed to be able to move
9:59:59.000,9:59:59.000
the satellite dish to compensate[br]for the rocking the ship and
9:59:59.000,9:59:59.000
I re-purposed them to track through[br]the sky while the ground is stable.
9:59:59.000,9:59:59.000
We don't have very many earthquakes in[br]Tennessee. The last one that we had
9:59:59.000,9:59:59.000
made rivers run the wrong direction.[br]But it's okay – it's a geography thing.
9:59:59.000,9:59:59.000
laughs[br]So this allows me to track things
9:59:59.000,9:59:59.000
that are moving through the sky.[br]But it doesn't actually matter
9:59:59.000,9:59:59.000
where they're moving in the sky because[br]that's just a software problem.
9:59:59.000,9:59:59.000
So in addition to tracking objects that[br]are in low-earth orbit by a software patch
9:59:59.000,9:59:59.000
I can also track things that are in deep[br]space. It's not much harder to track
9:59:59.000,9:59:59.000
deep space probes or stars than it[br]is to track items in low-earth orbit.
9:59:59.000,9:59:59.000
And then I added a software defined radio[br]which allows me to record a signal now
9:59:59.000,9:59:59.000
and then demodulate it later.[br]Which is necessary if you intend
9:59:59.000,9:59:59.000
to reverse-engineer a signal. Because[br]a lot of the downlinks from these satellites
9:59:59.000,9:59:59.000
are completely non… completely[br]undocumented. And being able
9:59:59.000,9:59:59.000
to tune in to the right frequency is only[br]half of it. You also need a recording
9:59:59.000,9:59:59.000
of sufficient quality that you can[br]reverse-engineer it after the fact.
9:59:59.000,9:59:59.000
We're sort of spoiled by software[br]defined radios in that when doing
9:59:59.000,9:59:59.000
software defined radio work we usually[br]have a very good signal to work from.
9:59:59.000,9:59:59.000
So having high quality signals for later[br]reverse-engineering is necessary.
9:59:59.000,9:59:59.000
I really wanted to be able to identify[br]undocumented downlinks for low-earth orbit
9:59:59.000,9:59:59.000
in the same way that we already[br]do this for geo-stationary orbit
9:59:59.000,9:59:59.000
using tools like the ones that Adam[br]Laurie and Jim Geovedi made.
9:59:59.000,9:59:59.000
So I built a software framework as[br]a collection of Python daemons.
9:59:59.000,9:59:59.000
And these run across a home[br]area network in my house.
9:59:59.000,9:59:59.000
There's a Beaglebone inside of the Radome.
9:59:59.000,9:59:59.000
And an x86 server in the house. Or AMD64,[br]whatever the kids call it these days.
9:59:59.000,9:59:59.000
And then I used Postgres for coordination.[br]So that all of these daemons can talk
9:59:59.000,9:59:59.000
to each other without… without me really[br]caring which machine they're on.
9:59:59.000,9:59:59.000
So for maintenance I can have my[br]laptop pretending to be the dish,
9:59:59.000,9:59:59.000
and I can have stepper motors on my desk,[br]and I can watch them spin, and I can even
9:59:59.000,9:59:59.000
make a model of the dish and swap these[br]components in and out without the rest of
9:59:59.000,9:59:59.000
the network being confused. This also[br]allows for sequal (?) injection attacks to
9:59:59.000,9:59:59.000
physically move my dish. Which is why the[br]Sassin (?) network is not on one of those
9:59:59.000,9:59:59.000
fancy WEB 2.0 things. Because of you could[br]inject, say, “UPDATE target SET name=
9:59:59.000,9:59:59.000
'VOYAGER 1'”. Then my dish would physically[br]move and start tracking Voyager 1
9:59:59.000,9:59:59.000
through the sky. Voyager 2
9:59:59.000,9:59:59.000
doesn't actually come into the sky because[br]of my position in the Northern hemisphere.
9:59:59.000,9:59:59.000
So, it's okay, I know you suck at[br]geography. But Voyager 1 is going up,
9:59:59.000,9:59:59.000
and Voyager 2 is going down.
9:59:59.000,9:59:59.000
There's a Realtek Software Defined Radio[br]for the radio reception. Although
9:59:59.000,9:59:59.000
these things are garbage. So I'm in the[br]process of replacing this for the HackRF.
9:59:59.000,9:59:59.000
There's also an EiBot board for motor[br]control. We'll get back to that in a minute.
9:59:59.000,9:59:59.000
And there's an Inertial Measurement Unit[br]from VectorNav which actually measures
9:59:59.000,9:59:59.000
using the fancy MEMS gyroscopes and[br]a MEMS compass how I'm moving.
9:59:59.000,9:59:59.000
This isn't accurate enough to target[br]the dish, so I'm still counting steps
9:59:59.000,9:59:59.000
to move the dish. But it is accurate[br]enough to tell me when my belts
9:59:59.000,9:59:59.000
have broken. Or when I'm up[br]against the physical obstruction.
9:59:59.000,9:59:59.000
This is skytee helping[br]me out with the dish.
9:59:59.000,9:59:59.000
He's zip-tying it. Because, you know[br]we know everything about duct tape
9:59:59.000,9:59:59.000
where I come from, but we know nothing[br]about zip ties. So I had to bring in
9:59:59.000,9:59:59.000
a German engineer.[br]laughter
9:59:59.000,9:59:59.000
We call him a Gerry wigger(?)[br]but, you know…
9:59:59.000,9:59:59.000
This is the satellite dish itself. And you[br]can sort of see in this photograph
9:59:59.000,9:59:59.000
where we've strapped on the equipment.[br]There's like an embillica (?) cord.
9:59:59.000,9:59:59.000
Or more like a spinal column that actually[br]runs up the back of the dish. So we just
9:59:59.000,9:59:59.000
added new cables onto that line.[br]And then zip-tied them in place.
9:59:59.000,9:59:59.000
And skytee came up with all these[br]crazy ideas like that we should use
9:59:59.000,9:59:59.000
chains and zip-ties to make sure that the[br]cables don't tear themselves out. And
9:59:59.000,9:59:59.000
that worked tremendously well in practice.[br]So, as this thing spins around,
9:59:59.000,9:59:59.000
by the original design there's a ring[br]connector that all of the signals
9:59:59.000,9:59:59.000
go through. That all of the networking[br]goes through. That all of the rest
9:59:59.000,9:59:59.000
goes through. And that worked in the[br]nineties because it had no reason
9:59:59.000,9:59:59.000
to send anything faster than 9600 baud.
9:59:59.000,9:59:59.000
But with the modern signals going across[br]it I need 100MBit/s or even GB ethernet,
9:59:59.000,9:59:59.000
that's not enough, I need more than[br]two wires. So there's a cable that comes
9:59:59.000,9:59:59.000
across it, and then I rely on the[br]software to keep it from wrapping
9:59:59.000,9:59:59.000
that cable around itself. So it can only[br]move, say, 400 degrees around.
9:59:59.000,9:59:59.000
But that's still more than a full circle.[br]So by stopping halfway and moving back
9:59:59.000,9:59:59.000
I can prevent it from getting snagged (?).
9:59:59.000,9:59:59.000
We've got the Beaglebone on the left,[br]in the middle there's a USB hub
9:59:59.000,9:59:59.000
and on the right is the motor controller.
9:59:59.000,9:59:59.000
The Beaglebone runs Debian Linux and[br]takes care of sending the software defined
9:59:59.000,9:59:59.000
radio recordings over the network. It also[br]takes care of updating the motor positions
9:59:59.000,9:59:59.000
to be the ones that the database[br]declares should be current.
9:59:59.000,9:59:59.000
The stepper motors themselves are the[br]originals that the dish was designed with.
9:59:59.000,9:59:59.000
And they're running to an EiBot Board.[br]The EiBot board was intended
9:59:59.000,9:59:59.000
for plotting on Easter eggs[br]laughs, laughter
9:59:59.000,9:59:59.000
I feel, you know… is that neat?
9:59:59.000,9:59:59.000
laughs[br]applause
9:59:59.000,9:59:59.000
So you can actually aim a satellite dish[br]that's as tall as you are, with of these
9:59:59.000,9:59:59.000
fancy motors using less sophisticated[br]equipment than what's used
9:59:59.000,9:59:59.000
in a 3D printer. Don't panic, though.
9:59:59.000,9:59:59.000
It's a hell of a lot more[br]reliable than a 3D printer.
9:59:59.000,9:59:59.000
But we needed some sort of backup in[br]addition to the inertial measurement unit
9:59:59.000,9:59:59.000
telling us when the device[br]had snagged itself.
9:59:59.000,9:59:59.000
It would also help to have[br]a visual queue. Because
9:59:59.000,9:59:59.000
the satellite dish sits in Tennessee, and[br]while I love my home town, and, you know
9:59:59.000,9:59:59.000
I'm very proud of being Tennesseean it's[br]also a long way to travel when you need
9:59:59.000,9:59:59.000
to re-orient the dish. Using an[br]accelerometer it's easy enough
9:59:59.000,9:59:59.000
to correct the elevation. Because you can[br]use the accelerometer as a level, and
9:59:59.000,9:59:59.000
you can use that to tell how high up the[br]dish is pointing, at an absolute scale.
9:59:59.000,9:59:59.000
But the compass isn't very accurate. So[br]instead, as a backup we have a webcam
9:59:59.000,9:59:59.000
that's taped to the top. Taping[br]is my people's native culture.
9:59:59.000,9:59:59.000
We have it taped to the top, and then[br]it's pointing backwards. So this gives us
9:59:59.000,9:59:59.000
like a rear view camera,[br]from the dish's position.
9:59:59.000,9:59:59.000
So as the dish sits[br]inside of its radome…
9:59:59.000,9:59:59.000
– junk cars in the yard are also[br]my people's native tradition!
9:59:59.000,9:59:59.000
laughs, laughter
9:59:59.000,9:59:59.000
So the dish sits there next to[br]my brother's Toyota Supra.
9:59:59.000,9:59:59.000
And that thing, you know,[br]that thing flies as soon as it gets
9:59:59.000,9:59:59.000
an engine put back in it.[br]laughter
9:59:59.000,9:59:59.000
So it sits there and it's moving but[br]externally you can't see where it is.
9:59:59.000,9:59:59.000
Which means that I can't call my family[br]in Tennessee and blackmail them into
9:59:59.000,9:59:59.000
- yet again - looking at my dish to tell[br]where it's pointed. There are bolts
9:59:59.000,9:59:59.000
that hold this down. It takes half an hour[br]to remove the lid, another half an hour
9:59:59.000,9:59:59.000
to put it back on.
9:59:59.000,9:59:59.000
So instead we took the radome…[br]that's Frank, he's my cat.
9:59:59.000,9:59:59.000
Give a “Cheers!” for Frank!
9:59:59.000,9:59:59.000
applause and cheers
9:59:59.000,9:59:59.000
Yeah, we had such a great time with Frank.[br]And we never knew that she was pregnant.
9:59:59.000,9:59:59.000
If you happen to need kittens and wanna[br]pay the custom's fees I'll hook you up!
9:59:59.000,9:59:59.000
So then we took tape and ran tape[br]down the edges of the radome,
9:59:59.000,9:59:59.000
and then marked it. So from the markings[br]you can tell which clock position
9:59:59.000,9:59:59.000
the back of the satellite dish is pointing[br]at. So if you point the dish towards 12:00
9:59:59.000,9:59:59.000
you know that you're roughly at 6:00,[br]so you know that it's pointing South.
9:59:59.000,9:59:59.000
And then you can sort of scan the sky[br]for a stationary target, and navigate
9:59:59.000,9:59:59.000
off of that, to recover your position.
9:59:59.000,9:59:59.000
Software-wise… remember, the[br]whole thing runs through Postgres,
9:59:59.000,9:59:59.000
so I just tunnel the Postgres over SSH,[br]and then I wrote a Python client
9:59:59.000,9:59:59.000
that displays the satellite positions[br]and the satellite state in PiGame (?).
9:59:59.000,9:59:59.000
This is intended for making those games[br]where you see the rabbit and the rabbit
9:59:59.000,9:59:59.000
jumps on the other rabbit. But it… works![br]And it works perfectly well enough
9:59:59.000,9:59:59.000
to target the dish. Because all that this[br]software has to do is plot the positions
9:59:59.000,9:59:59.000
of the satellites, and give orders back to[br]the database when I click on a satellite
9:59:59.000,9:59:59.000
or click on a position.[br]It can also display stars.
9:59:59.000,9:59:59.000
So the red items are satellites which are[br]not selected. The green item is GOES3 (?)
9:59:59.000,9:59:59.000
which is the satellite that I'm targeting.[br]And then the white items are
9:59:59.000,9:59:59.000
stars in the sky. Now this is[br]a plot in which the azimuth
9:59:59.000,9:59:59.000
is on the X axis, and the elevation is on[br]the Y axis. But I can also arrange it
9:59:59.000,9:59:59.000
into a polar plot. Which sort of gives me[br]an upside-down view of the satellite dish
9:59:59.000,9:59:59.000
looking at the sky.[br]I doubt you can read it but
9:59:59.000,9:59:59.000
just above the green circle in the center,[br]that's Polaris which is the North star.
9:59:59.000,9:59:59.000
It's also weird because, you know,[br]working on this, you know, I thought
9:59:59.000,9:59:59.000
that I got really good at astronomy[br]until I realized that I only knew
9:59:59.000,9:59:59.000
what the stars looked like during the day.[br]laughter, laughs
9:59:59.000,9:59:59.000
And it being PiGame (?) you can[br]actually run it on a mobile device.
9:59:59.000,9:59:59.000
So the same client that runs on my[br]laptop can also run on my Nokia N900.
9:59:59.000,9:59:59.000
laughs[br]applause
9:59:59.000,9:59:59.000
A significant portion of the GUI client for[br]this was written while stuck on the U-Bahn,
9:59:59.000,9:59:59.000
connected over 3G, SSH through[br]and just using emacs on the phone.
9:59:59.000,9:59:59.000
laughter, laughs[br]applause
9:59:59.000,9:59:59.000
If you're one of those people who needs to[br]complain about the N900 being too old,
9:59:59.000,9:59:59.000
it also runs on the N9.
9:59:59.000,9:59:59.000
And then you can take the data out of this[br]and run it through scientific software.
9:59:59.000,9:59:59.000
In addition of the software defined radio[br]recordings themselves being dumped out
9:59:59.000,9:59:59.000
to a text file or a binary file on disk[br]you can also dump out things like
9:59:59.000,9:59:59.000
the received signal strength indicators[br](RSSI). So this is a screenshot in which
9:59:59.000,9:59:59.000
I'm identifying different satellites that[br]I've seen in the sky based upon
9:59:59.000,9:59:59.000
their downlink signal peaks. You can see[br]the noise floor there, at the bottom,
9:59:59.000,9:59:59.000
and then there's a rather strong signal on[br]the left. And a weaker neverware (?) signal
9:59:59.000,9:59:59.000
on the right. Now, the[br]daemons that build this up…
9:59:59.000,9:59:59.000
you need an orbit prediction daemon.[br]Because you need to know
9:59:59.000,9:59:59.000
where the satellites are and where[br]they're going, and where they will be
9:59:59.000,9:59:59.000
by the time you get to them.
9:59:59.000,9:59:59.000
You need to update the orbits themselves.
9:59:59.000,9:59:59.000
LEO satellites are described in TLE files,
9:59:59.000,9:59:59.000
these are called 'Two Line Entry' and[br]they're called 'Two Line Entry' because
9:59:59.000,9:59:59.000
they're three lines long.[br]laughter
9:59:59.000,9:59:59.000
These were originally used by NORAD for[br]inter-continental ballistic missile tracking.
9:59:59.000,9:59:59.000
And because a ballistic missile[br]is basically in orbit, it's just that
9:59:59.000,9:59:59.000
that orbit happens[br]to collide with the earth.
9:59:59.000,9:59:59.000
But this format isn't terribly accurate[br]for satellites that adjust their own orbit.
9:59:59.000,9:59:59.000
So anything that has fuel, or has engines,[br]or changes mass will vary its position.
9:59:59.000,9:59:59.000
And this also doesn't account for drag.[br]Because, you know, the missile itself,
9:59:59.000,9:59:59.000
you know it goes up it goes down, it's[br]not orbiting enough for the light drag
9:59:59.000,9:59:59.000
in the upper atmosphere to matter. But for[br]a satellite it does. So these Two Line Entries
9:59:59.000,9:59:59.000
will work for a matter of days or maybe[br]a couple of weeks. But they don't last
9:59:59.000,9:59:59.000
longer than that. So you need a daemon[br]that grabs the new files from spacetrack (?).
9:59:59.000,9:59:59.000
And this is just a matter of like[br]a recursive WGET, and then
9:59:59.000,9:59:59.000
parsing the files. And that still needs[br]to be done. You also need motor control,
9:59:59.000,9:59:59.000
because you need to move the dish[br]physically to track your target.
9:59:59.000,9:59:59.000
You need input for the Inertial[br]Measurement Unit. This comes over
9:59:59.000,9:59:59.000
a low voltage serial port. And then[br]you need radio daemons to handle
9:59:59.000,9:59:59.000
spectrum analysis or downlink recording.[br]And these you'll have several of them,
9:59:59.000,9:59:59.000
you have to swap them out. So you'll begin[br]by using the spectrum analyzer to identify
9:59:59.000,9:59:59.000
that your aim is accurate, that you're[br]accurately tracking the targets
9:59:59.000,9:59:59.000
well enough to get a recording from[br]them. And then after that you begin
9:59:59.000,9:59:59.000
to take software defined recordings off[br]them. And, eventually, you might have
9:59:59.000,9:59:59.000
a standalone application that parses[br]what you're receiving. Such as
9:59:59.000,9:59:59.000
the Osmocom guys did with OpenGMR.
9:59:59.000,9:59:59.000
So for orbit prediction I began[br]with a DOS program that had been
9:59:59.000,9:59:59.000
ported to Unix, called 'predict'.
9:59:59.000,9:59:59.000
And this worked, but it's garbage.
9:59:59.000,9:59:59.000
It only supports 20 satellites plus the[br]sun, the moon, Venus and Mars.
9:59:59.000,9:59:59.000
But no other planets because it's[br]designed for astronomy photographers
9:59:59.000,9:59:59.000
who want to get a picture of something[br]as it comes over the horizon. You know,
9:59:59.000,9:59:59.000
I need to track hundreds of targets and[br]then write a script to opportunistically
9:59:59.000,9:59:59.000
pick the ones that I want to record.[br]Because otherwise you have to like
9:59:59.000,9:59:59.000
set an alarm clock for the half-hour pass[br]in which you can play with something.
9:59:59.000,9:59:59.000
That software does allow you to query the[br]results by UDP, though. So you can just
9:59:59.000,9:59:59.000
send it a flood of request packets,[br]then it will flood back with the data
9:59:59.000,9:59:59.000
you're looking for. So I switched to[br]a library called PyEphem which allows you
9:59:59.000,9:59:59.000
to track hundreds of birds. It has no[br]UDP nonsense. It will also calculate
9:59:59.000,9:59:59.000
satellites, planets and stars.[br]And the really nifty thing about this
9:59:59.000,9:59:59.000
is that you tell it… you know, it being[br]a library you tell it when to update
9:59:59.000,9:59:59.000
the individual object that you're[br]interested in. So you can update
9:59:59.000,9:59:59.000
objects that are out of view or[br]uninteresting more slowly
9:59:59.000,9:59:59.000
than the ones that you care about.[br]So I managed to track every single item
9:59:59.000,9:59:59.000
in geo-stationary orbit. This thick[br]ring here is the clarke-belt(?)
9:59:59.000,9:59:59.000
of all satellites in geo-stationary orbit,[br]as viewed from my Southern horizon.
9:59:59.000,9:59:59.000
applause
9:59:59.000,9:59:59.000
The Two Line Entry files you can get[br]freely from CELESTRAK.COM.
9:59:59.000,9:59:59.000
So this is just a simple script that[br]grabs them and then inserts them.
9:59:59.000,9:59:59.000
And the prediction daemon will actually[br]select them as it is loading up.
9:59:59.000,9:59:59.000
Because all inter process communication is[br]running through this Postgres database.
9:59:59.000,9:59:59.000
And this daemon can be moved to[br]a different machine if I needed
9:59:59.000,9:59:59.000
more computing power, or anything[br]like that. The motor control demon…
9:59:59.000,9:59:59.000
well, the Eibot board is designed to take[br]stepper motor commands. It shows up
9:59:59.000,9:59:59.000
as USB Serial device on Linux. So as[br]I plug it in to the Beaglebone it appears
9:59:59.000,9:59:59.000
as /dev/ttyACM0. And the baud rate doesn't[br]matter. Because this is a USB device.
9:59:59.000,9:59:59.000
You could then send it simple commands.[br]Like 'SM,3000,500,-400' means that I wanna
9:59:59.000,9:59:59.000
move a stepper motor for 3000 ms. I want[br]the first motor to move 500 forwards,
9:59:59.000,9:59:59.000
that's UP, and the second one to move[br]400 LEFT which is backwards 400 steps.
9:59:59.000,9:59:59.000
And then it will count that out, and[br]then it sends me back an OK.
9:59:59.000,9:59:59.000
If I want to disable the motors, I send[br]'EM,0,0'. This allows the motors to be
9:59:59.000,9:59:59.000
freely spun. Because normally a stepper[br]motor will physically hold its position,
9:59:59.000,9:59:59.000
you need to turn them off in[br]order to slide the dish around.
9:59:59.000,9:59:59.000
'EM,1,1' will enable both motors[br]in 1/16-of-a-step mode.
9:59:59.000,9:59:59.000
Stepper motors can do fractional[br]steps because they're
9:59:59.000,9:59:59.000
holding themselves in position.
9:59:59.000,9:59:59.000
You can see the motors themselves[br]with the belts and the geartrain.
9:59:59.000,9:59:59.000
This thing on the right would probably[br]be illegal for me to turn on.
9:59:59.000,9:59:59.000
The thing on the right is a 250 W[br]amplifier. laughter
9:59:59.000,9:59:59.000
The stepper motors themselves just have[br]six wires. In a lot of 3D printer type stuff
9:59:59.000,9:59:59.000
they ignore the middle two. So you just[br]drop off the middle two wires, you run
9:59:59.000,9:59:59.000
the other four to your stepper[br]controller, and you're good to go.
9:59:59.000,9:59:59.000
The belts and stuff need to be measured[br]in order to figure out exactly
9:59:59.000,9:59:59.000
what the georeduction (?) is. Because you[br]need to know how many steps form a degree.
9:59:59.000,9:59:59.000
The IMU unit, this Vectornav VN100 (?),[br]it's a MEMS gyroscope and accelerometer
9:59:59.000,9:59:59.000
and a compass in a single box.[br]It costs $500 which was
9:59:59.000,9:59:59.000
more than all of the other[br]equipment put together.
9:59:59.000,9:59:59.000
The compass is confused by the stepper[br]motors because the compass is measuring
9:59:59.000,9:59:59.000
magnetic fields. So you need to[br]mount this physically as far away
9:59:59.000,9:59:59.000
from the stepper motors as possible. And[br]the gyroscope is confused by motor jerk (?)
9:59:59.000,9:59:59.000
which is a shame because stepper motors[br]work as a series of jerks (?) rather than
9:59:59.000,9:59:59.000
as a single consistent motion. And the[br]accelerometer is confused by gimble lock,
9:59:59.000,9:59:59.000
so you have to switch it to[br]a quaternian (?) mode in order to get
9:59:59.000,9:59:59.000
consistent values out of it. And if I had[br]to do this over again I'd really try
9:59:59.000,9:59:59.000
to drop this piece of garbage. But it's[br]a lovely technology when it works.
9:59:59.000,9:59:59.000
some laughter
9:59:59.000,9:59:59.000
Now for position calculations, the[br]elevation itself comes from the IMU.
9:59:59.000,9:59:59.000
The azimuth comes from the motor daemon.[br]This is because the accelerometer
9:59:59.000,9:59:59.000
can very accurately tell which way[br]the earth's gravity is pulling it
9:59:59.000,9:59:59.000
whereas the accelerometer has to integrate[br]jerks (?) over time in order to figure out
9:59:59.000,9:59:59.000
its position. So the[br]accelerometer will drift
9:59:59.000,9:59:59.000
and the compass will be confused by the[br]magnetic fields while the elevation is
9:59:59.000,9:59:59.000
just a single accelerometer[br]that doesn't drift.
9:59:59.000,9:59:59.000
And the IMU will become[br]a backup for these things
9:59:59.000,9:59:59.000
in order to figure out how to make[br]it reliable. But at the moment
9:59:59.000,9:59:59.000
the position measurement is infinitely[br]more reliable. The tilt motor
9:59:59.000,9:59:59.000
I'm not using at present because on[br]a ship that's rocking it's necessary
9:59:59.000,9:59:59.000
to tilt the dish. On a satellite dish[br]that's staying still the only useful
9:59:59.000,9:59:59.000
tilting the dish is so that you can follow[br]the arc of a satellite through the sky
9:59:59.000,9:59:59.000
by only moving a single motor.[br]Photopgrapher do this when they're
9:59:59.000,9:59:59.000
trying to get long exposures of moving[br]satellites. At the moment my software
9:59:59.000,9:59:59.000
doesn't support this feature. But[br]if it turns out to be necessary
9:59:59.000,9:59:59.000
to get higher quality[br]recordings I might add it.
9:59:59.000,9:59:59.000
There are radio daemons. The[br]first is a spectrum analyzer.
9:59:59.000,9:59:59.000
This just measures the signal strength[br]on each frequency. And it does it by the
9:59:59.000,9:59:59.000
power spectral density function.
9:59:59.000,9:59:59.000
And the strength itself will[br]vary with the position error.
9:59:59.000,9:59:59.000
So this allows you to figure out how[br]far off you are by sort of testing,
9:59:59.000,9:59:59.000
by overshooting just a little bit,[br]or undershooting just a little bit
9:59:59.000,9:59:59.000
to center on your target. The downlink[br]recorder dumps the IQ values
9:59:59.000,9:59:59.000
in the software defined radio[br]directly to an NFS share,
9:59:59.000,9:59:59.000
which can later be decoded and[br]read and reverse-engineered.
9:59:59.000,9:59:59.000
We've got a whole table of spectrum[br]data. And then I plot that in a tool
9:59:59.000,9:59:59.000
called Viewpoints which NASA releases[br]for dealing with giant scatterplots
9:59:59.000,9:59:59.000
in multiple dimensions. Each view takes[br]two dimensions, and it's tons of fun.
9:59:59.000,9:59:59.000
The client GUI is this PyGame. I have[br]Postgres for communications, and
9:59:59.000,9:59:59.000
the server does all the heavy lifting,[br]so the Beaglebone itself never has
9:59:59.000,9:59:59.000
to do anything complicated with[br]regards to software defined radio.
9:59:59.000,9:59:59.000
This is also about these faint blue lines[br]are positions at which I've seen
9:59:59.000,9:59:59.000
particularly strong signals in order to[br]identify which satellites are active
9:59:59.000,9:59:59.000
and which ones are inactive.[br]Because satellites die over time.
9:59:59.000,9:59:59.000
And particularly useful targets we're[br]reverse-engineering are satellites that are
9:59:59.000,9:59:59.000
out-of-commission or outdated.[br]I'm running out of time by these markers.
9:59:59.000,9:59:59.000
Does that mean that we're skipping[br]questions, or does that mean that
9:59:59.000,9:59:59.000
I need to be off the stage?[br]mumbling to stage
9:59:59.000,9:59:59.000
Not having Q&A, okay. So today I get[br]accurate tracking of satellites.
9:59:59.000,9:59:59.000
And this thing can run unattended 24h[br]a day for months without maintenance.
9:59:59.000,9:59:59.000
Like I said: it's nothing like a 3D printer.[br]laughter
9:59:59.000,9:59:59.000
It takes software defined radio[br]recordings, it can provide maps
9:59:59.000,9:59:59.000
of views of different[br]satellites in the sky.
9:59:59.000,9:59:59.000
The next step is I want to publish[br]a 'port scan' of the entire sky.
9:59:59.000,9:59:59.000
So which frequencies are in use on which[br]birds, for every bird that ever comes
9:59:59.000,9:59:59.000
above Tennessee, on every[br]downlink that fits my antenna
9:59:59.000,9:59:59.000
as well as a database of software[br]defined radio recordings. If anyone
9:59:59.000,9:59:59.000
would care to donate a truckload[br]of disks – that might be handy.
9:59:59.000,9:59:59.000
I'd also like to make other ground[br]stations. The software that I've written
9:59:59.000,9:59:59.000
ought to be portable to new hardware.[br]So there's nothing that should keep you
9:59:59.000,9:59:59.000
from being able to port this to run on[br]your own dish. And I have a large yard,
9:59:59.000,9:59:59.000
so I could conceivably have[br]a dozen of these things.
9:59:59.000,9:59:59.000
Another way that you can do it, and[br]the way that it's traditionally done
9:59:59.000,9:59:59.000
for, say, KEEP (?) satellites is having[br]Yagis or other loosely directional antennas
9:59:59.000,9:59:59.000
in order to receive the signals.[br]I went with a dish because I wanted
9:59:59.000,9:59:59.000
more selectivity. I wanted to be able to[br]get reverse-engineerable recordings
9:59:59.000,9:59:59.000
rather than intentional ones for which[br]I already knew the downlink protocol.
9:59:59.000,9:59:59.000
So this is my van, my van is amazing.
9:59:59.000,9:59:59.000
applause
9:59:59.000,9:59:59.000
Thanks to Nick Farr. I had a bit too[br]much to drink in Montreal and
9:59:59.000,9:59:59.000
I called Nick Farr and I said: “Nick,[br]I want a dukw”, like these amphibious
9:59:59.000,9:59:59.000
troop transport vehicles. And Nick[br]said: “Sorry, I can't get you one but
9:59:59.000,9:59:59.000
you want a news-van!” And I said:[br]“Hell yeah, I want a news van!”
9:59:59.000,9:59:59.000
So – this pole in the background, that's[br]not a lighting pole. That's actually
9:59:59.000,9:59:59.000
part of the van.[br]laughter
9:59:59.000,9:59:59.000
This is the antenna retracted. This mast[br]goes up 20 m by pneumatic power.
9:59:59.000,9:59:59.000
There's an air compressor in the back.[br]Here is the control panel,
9:59:59.000,9:59:59.000
there's an air-conditioned[br]office in the middle.
9:59:59.000,9:59:59.000
laughter, laughs
9:59:59.000,9:59:59.000
This has four 19" server racks as well[br]as some A/V equipment that was left over.
9:59:59.000,9:59:59.000
I was particularly excited about the[br]video monitor which supports PAL
9:59:59.000,9:59:59.000
which you folks are familiar with,[br]NTSC or “Never The Same Color”
9:59:59.000,9:59:59.000
which is my people's native culture…[br]laughter
9:59:59.000,9:59:59.000
But most importantly, it does SECAM,[br]the system essentially contrary
9:59:59.000,9:59:59.000
to the American method.[br]laughs
9:59:59.000,9:59:59.000
laughter and applause
9:59:59.000,9:59:59.000
So in addition to my radio equipment[br]I'm adding my Soviet PDP-11 which was…
9:59:59.000,9:59:59.000
laughs[br]…and that's not a joke. I have a Soviet
9:59:59.000,9:59:59.000
PDP-11 thanks to the kind folks at the[br]Positive Hacking Days conference.
9:59:59.000,9:59:59.000
This is the control panel,[br]and that's my talk!
9:59:59.000,9:59:59.000
applause
9:59:59.000,9:59:59.000
Herald: Thank you so much.[br]There actually is time for Q&A now.
9:59:59.000,9:59:59.000
Travis: Well, first I'd like to introduce[br]you to my cat. If we could go back
9:59:59.000,9:59:59.000
to the prior image. This is Frank![br]We didn't know it at that time, but
9:59:59.000,9:59:59.000
Frank was not dead when this picture was[br]taken. If you'd like kittens get in touch!
9:59:59.000,9:59:59.000
Okay. Are there any questions?
9:59:59.000,9:59:59.000
Question: Great talk. What's the most[br]interesting signal you decoded so far?
9:59:59.000,9:59:59.000
Travis: At the moment I'm sort of stuck[br]at the L band range. Because of filters
9:59:59.000,9:59:59.000
that I have yet to remove. So everything[br]gets attenuated, and becomes annoyingly
9:59:59.000,9:59:59.000
quiet outside of the 1.5 ..1.6 -ish range.
9:59:59.000,9:59:59.000
The Globalstar network is what I'm[br]most interested in targeting next.
9:59:59.000,9:59:59.000
I can't wait to see what[br]people are tweeting
9:59:59.000,9:59:59.000
while they should be enjoying nature.
9:59:59.000,9:59:59.000
Herald: Is there a question[br]from the internet?
9:59:59.000,9:59:59.000
Signal Angel: Yeah, the internet has[br]many questions. So first one was:
9:59:59.000,9:59:59.000
Is there really no authentication or[br]encryption on the Q band IP services?
9:59:59.000,9:59:59.000
So you can just spoof at will? And…
9:59:59.000,9:59:59.000
can the birds see the physical[br]location of the source
9:59:59.000,9:59:59.000
accurately enough to[br]find who is spoofing?
9:59:59.000,9:59:59.000
Travis: I'm not an expert in Ku band. The…[br]for the downlink the bird has no clue
9:59:59.000,9:59:59.000
as to the location of the dish. Because[br]you're only listening. They can roughly
9:59:59.000,9:59:59.000
figure out your geographic area because…[br]they need to figure out where
9:59:59.000,9:59:59.000
the spot beam is going. So they might know[br]whether you're in, say, Germany or
9:59:59.000,9:59:59.000
in France. But they won't know whether[br]you're in Heidelberg or Mannheim.
9:59:59.000,9:59:59.000
They do have forms of authentication for[br]many satellite networks. Satellite TV
9:59:59.000,9:59:59.000
is one of the best-protected network[br]services because of the satellite wars
9:59:59.000,9:59:59.000
in the 90's, in which TV pirates would[br]fight back and forth with smart card
9:59:59.000,9:59:59.000
designers. But there are also many[br]unencrypted links. And there are…
9:59:59.000,9:59:59.000
because of standard protocols those[br]are particularly easy to find in Ku band.
9:59:59.000,9:59:59.000
Question: You've been talking about[br]using RTLSDR from osmocom.
9:59:59.000,9:59:59.000
And you were talking about your spectrum[br]analysis program. Is this one working
9:59:59.000,9:59:59.000
with RTLSDR?
9:59:59.000,9:59:59.000
Travis: So… RTLSDR… so I'm using[br]the RTLSDR not the osmo-sdr.
9:59:59.000,9:59:59.000
Which are separate. The spectrum[br]analyzer is working with the RTLSDR.
9:59:59.000,9:59:59.000
My complaint about the RTLSDR is that[br]when you have a strong signal next to
9:59:59.000,9:59:59.000
a weak signal the weak signal is[br]utterly useless for interpretation.
9:59:59.000,9:59:59.000
Question: Okay. Thank you.
9:59:59.000,9:59:59.000
Herald: Another question[br]from the internet?
9:59:59.000,9:59:59.000
Signal Angel: Okay, next question from[br]the internet is: how do you record
9:59:59.000,9:59:59.000
the radio signal from the dish,[br]at what sampling rate?
9:59:59.000,9:59:59.000
Travis: The RTLSDR samples at 2 million[br]samples per second. As soon as I switch it
9:59:59.000,9:59:59.000
over to the HackRF I'll be having[br]20 million samples per second.
9:59:59.000,9:59:59.000
The sampling rate can be reduced once[br]the bandwidth of the signal is known.
9:59:59.000,9:59:59.000
For reduced storage. And the recordings[br]can also be compressed.
9:59:59.000,9:59:59.000
But it's still a hell of a lot of storage.
9:59:59.000,9:59:59.000
Herald: Any other questions?
9:59:59.000,9:59:59.000
Signal Angel: The internet[br]has more questions…
9:59:59.000,9:59:59.000
Herald: Okay…
9:59:59.000,9:59:59.000
Signal Angel: Did you look into obtaining[br]a capacity of IBAN with copper (?), as used
9:59:59.000,9:59:59.000
for the rotary gentries in CT scanners?[br]Those can apparently transmit contactless
9:59:59.000,9:59:59.000
several GBytes per[br]second, bi-directionally.
9:59:59.000,9:59:59.000
Travis: I've not looked into those.[br]It seemed better to have an Umbellaco (?)
9:59:59.000,9:59:59.000
cable and to be careful not to snap it.
9:59:59.000,9:59:59.000
The whole thing was done for a budget[br]of less than 2000 Dollars, and can be
9:59:59.000,9:59:59.000
recreated for less than a budget of 1000[br][Dollars]. And they… so we tried to avoid
9:59:59.000,9:59:59.000
fancy parts. The local radio shack loved[br]us because we'd swing in and buy all sorts
9:59:59.000,9:59:59.000
of crazy stuff. As soon as we told them[br]that we wanted the satellite dish to
9:59:59.000,9:59:59.000
dance Gangnam style…[br]laughs
9:59:59.000,9:59:59.000
laughter
9:59:59.000,9:59:59.000
in German, strong accent:[br]Danke, gerne!
9:59:59.000,9:59:59.000
applause
9:59:59.000,9:59:59.000
silent postroll titles
9:59:59.000,9:59:59.000
subtitles created by c3subtitles.de[br]in the year 2017. Join, and help us!