First, I learned a lot of my information from a combination of my amateur radio experience and an awesome talk I sat in at DEFCON 18. The majority of satellite systems are simple repeaters. The signal that comes in on a transponder is cleaned, amplified, and retransmitted. If you know the location and input frequency, and you pump more effective radiated power than anybody else, you win.
Many satellites also require command modules. These are used to interpret instructions to boost back into orbit or at the end of life, de-orbit into a "graveyard" pattern (or right into the atmosphere itself). Because most satellite systems are custom, it is a real crapshoot what you see for commands and security. I suspect that most command sequences are unencrypted and rely on the fact that a MITM attack on something in space is fairly hard.
Frequencies vary wildly from MHz to several tens of GHz. Your equipment needs to put out the right frequency through a dish that is the right size. Legally speaking, you will at a minimum foul the FCC or your national equivalent, by violating regulations on licensed broadcasting. Also, "birds" and airtime are expensive, so the civil liability if found can be bankrupting.
As far as taking a satellite transponder over is concerned, security relies on rarity of attacks, detection, and triangulation of the signal source. Then people come knocking on your door.
Finding a bird
First, you've got to have a target. Some satellites are geostationary, so they're easy. Other satellites have orbits that sending them in offset patterns around the world. The satellite will come into view at different elevations in the sky tracing different paths, so you'll need to know where it will be and how it will move in order to communicate.
Communications satellites tend to either be geostationary or part of a cluster of many satellites such that one or more is always in view of at least one ground station and any other point on the planet.
There are websites all over the place for this, and they often end up with military / disavowed satellites listed as people will track them with a telescope and then wonder why that one isn't listed yet.
Talking to a bird: Bands
Satellites operate on different frequencies, and the antenna used has to be sized to the frequency of the satellite. Most satellites operate in the microwave spectrum. The ubiquitous (in the United States) DirecTV / Dish Network antennas are usually on the higher end (smaller wavelength) of the spectrum. Because your signal has a lot of travel in its future and your target is small, your goal is to direct as much power in one direction as possible. Anything sent off to the sides, earth, etc. is wasted energy, so you will want an appropriately-sized high-gain antenna. Antenna design can be learned from amateur radio books on the topic.
Before someone chimes in and says, "You don't NEED a directional antenna and tracking motor," that's true... but it will help a hell of a lot. Just because your spot messenger or GPS doesn't have one doesn't mean you shouldn't use one if you can. It will keep your signal where you want it and limit the possibility of interference from or with other things using the same frequency. It also means that it will be harder for somebody to hunt you down. Being nicked just because you let strangers hear you might have some costs associated.
Talking to a bird: Protocol
Now we're getting a bit trickier. Some satellites are very simple, particularly amateur radio satellites. They receive a signal and they transmit that signal back. There are different variations of protocol, polarisation, modulation (QAM is a good one to understand), etc. If your target does more cleanup than just setting a noise floor and spitting things back out, you'll need to know that information as well.
Higher-level protocols may be standard IP/TCP, plaintext, encrypted, or some totally imaginary 17 bit codeword system that was dreamed up by a guy like Mel.
Taking over
You need to deliver more power to the right place with the appropriate protocol. Because almost every satellite is a custom design, that's challenging. If you goal is beyond simple re-broadcast, you're up against a big black box every time. Computers are small, low-power, and probably have next to nothing on them.
The best bet for MITM
If you can't afford to launch your own satellite, figure out where the ground station is and fly over it. Small aircraft are relatively cheap to rent (under $100 / hour to operate), tethered balloons may get high enough to have an effective angle, and if you're quite sneaky you can put something on the transmitter feed line itself.
Many smaller organizations rent their satellite time. I learned when I was 11 that the guy running the local news station's satellite truck is bored as hell when they're in between shots and will definitely show you all the cool things about his rig. Whatever he's renting is probably one of the easier things to get at because that has to be documented and relatively easy to work with.
No comments:
Post a Comment