[Hackrf-dev] Current, reasonably priced external clock?

Mark Lachniet mark at lachniet.com
Tue Nov 8 08:02:56 EST 2016 

Thank you Ulf and Adam for taking pity on me and giving me so much 
actionable advice.  I'll give the Kalibrate / PPM adjustment ideas a whirl.

Geesh, those attenuators are expensive at $45 ea.  In the mean time I'll 
use the crappiest antenna I can find (or none?) and make sure the amp is 
turned off to minimize the chance of an airplane falling on my head.  Or 
maybe my wife will FINALLY agree to let me Faraday the basement.  I must 
have enough old tinfoil helmets around to do that by now :)

To get around the cell tower triangulation and crowd-sourced hotspots, 
even I wouldn't be so bold as to try to jam them but I do wonder what 
would happen to navigation systems if there were an overwhelming number 
of hotspots and towers appearing that it couldn't figure out.  Like 
flooding an old switch with too many MAC addresses, maybe it would just 
give up on those 2 crutches and revert to the  spoofed signal?  Or 
possibly try to find hotspots that geolocate to your supposed location 
and replay those to give it supplemental false proof?  Might be worth 
trying, though the results would probably vary by implementation.  Might 
be an interesting test of various code.  Who knows, might find something 
interesting security-wise.

-Mark


On 11/8/2016 6:57 AM, Ulf Bertilsson wrote:
> I use patched hackrf_transfeer that support ppm correction.
>
> Works just fine with gps spoofing.
>
> Sendt fra min iPhone
>
> Den 7. nov. 2016 kl. 23.14 skrev Adam Blanquart <ablanquart at gmail.com 
> <mailto:ablanquart at gmail.com>>:
>
>> Mark,
>>
>> The best ones you can find for a low price are, ironically, ones that 
>> are synchronized via GPS.  Of course, if you're working on spoofing 
>> GPS - that's not going to help.  The good news is that the HackRF can 
>> actually be calibrated via software to increase the accuracy enough 
>> to fool _most_ GPS devices.  Check out Wang Kang's "kalibrate" for 
>> HackRF, it should help you get up and running.  Again, this will work 
>> for most GPS devices; phones can be a bit trickier since they also 
>> use triangulation and crowd-sourced Wifi mapping to establish location.
>>
>> If the software doesn't work out for you - the cheapest way is to 
>> attach a more accurate TCXO directly to your HackRF.  Check out 
>> Takuji Ebinuma's TCXO modification- it's a part of his gps-sdr-sim 
>> project, which you can use for the actual spoofing.  I've made this 
>> modification to my hackRF and it works great!  I do have a portapack, 
>> however, and had to solder directly to the bottom of the board.  It 
>> still fits in the case :)
>>
>> As you are probably already aware, you need to VERY careful when 
>> spoofing GPS, whitehat or not.  It's become such an integral part of 
>> our lives that messing with it can have serious consequences.  I use 
>> a small antenna (linked below) along with a 20dB attenuator.
>>
>> - Adam Blanquart (overflow)
>>
>> Kalibrate for hackRF
>> https://github.com/scateu/kalibrate-hackrf 
>> <https://github.com/scateu/kalibrate-hackrf>.
>>
>> gpr-sdr-sim
>> https://github.com/osqzss/gps-sdr-sim
>>
>> TCXO mod
>> https://github.com/osqzss/gps-sdr-sim/commit/d8eab7ede71168d131f3803d84d9bf8dbb34f4df
>>
>> Antenna
>> http://www.digikey.com/product-search/en?keywords=TS.07.0113 
>> <http://www.digikey.com/product-search/en?keywords=TS.07.0113>
>>
>> In-Line 20dB Attenuator:
>> http://www.digikey.com/product-search/en/rf-if-and-rfid/attenuators/3539493?k=H12150-ND
>>
>> That should get you going in the right direction (no pun intended).  
>> I got into the SDR world because I was interested in GPS spoofing, so 
>> if you have any other questions, feel free to give me a shout...
>>
>>
>>
>> On Mon, Nov 7, 2016 at 11:00 AM, Mark Lachniet <mark at lachniet.com 
>> <mailto:mark at lachniet.com>> wrote:
>>
>>     Who knew it would be so obscure.  I guess everyone is using nice
>>     desktop sized clock signal generators?
>>
>>     I really want one that will run on 12v DC current if possible. 
>>     Potentially to make a HackRF/Pineapple/TXCO clock combo that
>>     could run on the 12v of a car after I stuff it in the dashboard
>>     out of sight.  Maybe even with a cell phone/CAM+OBDii add-on for
>>     remotely fiddling with car telemetry.  It would be hilarious to
>>     prank someone so their car shuts down whenever they get near the
>>     local police department and then have their in-car GPS tell them
>>     they were at Starbucks or something. (white hat PoC of course, no
>>     I would never actually do this to anyone  in production except
>>     maybe myself in an empty parking lot for yucks)
>>
>>     -Mark
>>
>>
>>     On 11/7/2016 12:10 PM, Kevin Maxson wrote:
>>>     I bought two of them. Neither worked. The seller didn't speak
>>>     much English, couldn't give me specs, couldn't tell me a pin
>>>     out. They offered to refund $8 of my $35.
>>>
>>>     You want them? All yours.
>>>
>>>     ./kevin
>>>     📱
>>>
>>>     On Nov 7, 2016, at 10:58 AM, justin.broos
>>>     <justin.broos at gmail.com <mailto:justin.broos at gmail.com>> wrote:
>>>
>>>>     Ebay,  Amazon have one that ultimately ships from some Chinese
>>>>     manufacturer off of aliexpress / alibaba . The plug in module
>>>>     is $20 iirc.  The description claims to output a 1ppm 10mhz
>>>>     source but no info about the tcxo is listed so who knows; I
>>>>     have equipment at work that could measure but don't have the
>>>>     knowledge of setting it up.  If you do opt for this route,  it
>>>>     would be interesting to know if the module works as advertised
>>>>     as I'm still on the fence to buy it .
>>>>
>>>>
>>>>
>>>>     Sent from my T-Mobile 4G LTE Device
>>>>
>>>>     -------- Original message --------
>>>>     From: Mark Lachniet <mark at lachniet.com <mailto:mark at lachniet.com>>
>>>>     Date: 11/3/16 13:04 (GMT-07:00)
>>>>     To: hackrf-dev at greatscottgadgets.com
>>>>     <mailto:hackrf-dev at greatscottgadgets.com>
>>>>     Subject: [Hackrf-dev] Current, reasonably priced external clock?
>>>>
>>>>     Hello all, my apologies for asking a question that I know has
>>>>     been asked
>>>>     in months past, but it has been long enough that there might be
>>>>     new
>>>>     options, and some of the previous answers seemed more towards
>>>>     development than plug-n-play.
>>>>
>>>>     I'm very new to SDR (and radio in general) and just learning
>>>>     the ropes.
>>>>     I was trying to do a PoC on the GPS spoofing using my HackRF
>>>>     and had
>>>>     limited success.  I got my Nuvi to lock in randomly a little
>>>>     bit but no
>>>>     real love.  I read that another person needed the external
>>>>     clock in
>>>>     order to get good results.  I'd like to buy a simple and
>>>>     inexpensive one
>>>>     that is fairly plug-n-play.  Can anyone recommend a specific
>>>>     model and
>>>>     vendor to purchase from that doesn't require such tasks as
>>>>     soldering?
>>>>
>>>>     I've got a nice long list of other questions but as I'm new and
>>>>     ignorant
>>>>     I'll hold onto those for a while on the off chance I can figure
>>>>     them out
>>>>     and appear less needy in the long run :)
>>>>
>>>>     Thank you for your time and consideration,
>>>>     Mark
>>>>
>>>>     _______________________________________________
>>>>     HackRF-dev mailing list
>>>>     HackRF-dev at greatscottgadgets.com
>>>>     <mailto:HackRF-dev at greatscottgadgets.com>
>>>>     https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
>>>>     <https://pairlist9.pair.net/mailman/listinfo/hackrf-dev>
>>>>     _______________________________________________
>>>>     HackRF-dev mailing list
>>>>     HackRF-dev at greatscottgadgets.com
>>>>     <mailto:HackRF-dev at greatscottgadgets.com>
>>>>     https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
>>>>     <https://pairlist9.pair.net/mailman/listinfo/hackrf-dev>
>>
>>
>>     _______________________________________________
>>     HackRF-dev mailing list
>>     HackRF-dev at greatscottgadgets.com
>>     <mailto:HackRF-dev at greatscottgadgets.com>
>>     https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
>>     <https://pairlist9.pair.net/mailman/listinfo/hackrf-dev>
>>
>>
>>
>>
>> -- 
>> ADAM BLANQUART | ablanquart at gmail.com <mailto:ablanquart at gmail.com> |
>> _______________________________________________
>> HackRF-dev mailing list
>> HackRF-dev at greatscottgadgets.com 
>> <mailto:HackRF-dev at greatscottgadgets.com>
>> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev
>
>
> _______________________________________________
> HackRF-dev mailing list
> HackRF-dev at greatscottgadgets.com
> https://pairlist9.pair.net/mailman/listinfo/hackrf-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist9.pair.net/pipermail/hackrf-dev/attachments/20161108/34a73c10/attachment.html>

More information about the HackRF-dev mailing list