IMCAFS

Home

explore the wireless world with usrp part 1: usrp from getting started to tracking aircraft flight path

Posted by punzalan at 2020-03-09
all

Warm tip: please consciously abide by the radio management regulations and set up and use the radio equipment according to the law

Author: Sprite 0xroot @ vulnerability box security team cn0xroot.github.io

0 * 00 Preface

USRP is a product with relatively mature functions and applications in several popular SDR hardware. It can support well from WiFi protocol, ZigBee protocol, RFID protocol, GSM communication system, LTE 4G communication system to USRP of aircraft communication and satellite communication. Software development engineers can use it to develop applications, and security engineers can use it to test and research related wireless communication protocols.

A large number of kids who have played TV stick have used the scheme of TV stick + dump1090 to realize the function of tracking aircraft flight path. The reason why it is easy to track the aircraft is that a lot of very old wireless standards are used in the aviation CNS system.

(TV stick + dump1090 2D)

(photo source: http://slideplayer.com/slide/2547225)

For SSR system, the ground station transmits 1030mhz inquiry signal, and the aircraft transmits the reply signal at 1090mhz after receiving this signal. The signal contains some information of the aircraft and is displayed on the radar screen of ATC. There is also the air collision avoidance system (TCAS). The aircraft can send 1030mhz query signal by itself, and other aircraft can send response signal at 1090mhz after receiving this signal, so one aircraft can "see" the surrounding aircraft. Because the above query reply mode is not so efficient in many cases, an ADS-B mode has emerged. In ADS-B, each aircraft does not wait to query and actively broadcast its own information. At this time, all surveillance and anti-collision need to do is receive.

ADS-B signal is often transmitted at 978mhz in general aviation and 1090mhz in commercial flight.

0×01 HardWare

PC:Ubuntu OR Mac

SDR: USRP, antenna, USB data cable

0×02 Software

2.1 install PIP and pybombs

apt-get update apt-get install git apt-get install python-pip pip install --upgrade pip pip install git+https://github.com/gnuradio/pybombs.git pybombs recipes add gr-recipes git+https://github.com/gnuradio/gr-recipes.git pybombs recipes add gr-etcetera git+https://github.com/gnuradio/gr-etcetera.git pybombs prefix init /usr/local -a myprefix -R gnuradio-default pybombs install gqrx gr-osmosdr uhd

The above content is the method to install SDR related software under Ubuntu. In Mac OSX, you can use MAC port for installation.

2.2 download USRP image

After installing the UHD (USRP hardware driver) with pybombs, you need to download the firmware image and FPGA image, and execute:

python  /usr/local/lib/uhd/utils/uhd_images_downloader.py

After inserting USRP, it can execute:

uhd_find_devices 或者 uhd_usrp_probe

To view device information:

2.3 compile and install GR air modes:

git clone https://github.com/bistromath/gr-air-modes cd gr-air-modes mkdir build cd build cmake .. make sudo make install sudo ldconfig

2.4 install Google Earth

Ubuntu 32 bit:

wget http://dl.google.com/dl/earth/client/current/google-earth-stable_current_i386.deb

Ubuntu 64 bit:

wget http://dl.google.com/dl/earth/client/current/google-earth-stable_current_amd64.deb sudo dpkg -i google-earth-stable_current_amd64.deb

Mac osx

wget https://dl.google.com/earth/client/advanced/current/GoogleEarthMac-Intel.dmg

0 × 03 decode aircraft signal & import Google Earth

cd gr-air-modes/apps/ ./modex_rx -K test.kml 

Execute modex? Rx in app directory, start to receive and decode 1090mhz wireless signal from aircraft, - k parameter is to save decoded flight number, latitude and longitude, flight speed, etc. as. KML file.

Open Google Earth: add – > Web link – >

New link name and absolute path to KML file:

Set the refresh time and whether to go to the view when refreshing:

If you turn on refresh to go to view, Google Earth will automatically locate your area and display the aircraft over the received area.

(aircraft flight path 3D)

The flight number of the aircraft is displayed on the map. Double click the aircraft icon to display the aircraft altitude, flight speed and other information.  

0 × 04 demo video

0 x 05 refer

https://kb.ettus.com/Implementation_of_an_ADS-B/Mode-S_Receiver_in_GNU_Radio

http://www.freebuf.com/articles/wireless/77819.html

USRP B200: Exploring the Wireless World

Aircraft Tracking with Mode S: Modez & Aviation Mapper

https://media.blackhat.com/bh-us-12/Briefings/Costin/BH_US_12_Costin_Ghosts_In_Air_WP.pdf

https://www.rs-online.com/designspark/10-things-you-can-do-with-software-defined-radio