Go to file
2017-09-07 21:01:23 +12:00
documents White papers on ADS-B encoding/decoding 2017-06-16 14:12:47 +03:00
.gitignore gitignore update 2017-09-05 21:34:53 +12:00
ADSB_Encoder.py Refactoring 2017-09-07 21:01:23 +12:00
conversions.py Moving code around to help my understanding. file names most probably wrong right now but will update when understand it better 2017-09-05 21:35:26 +12:00
Encoder.py More refactoring to get things in own files to help my understanding 2017-09-07 20:15:28 +12:00
HackRF.py Comments on what things are doing and also doing the DD step in the script 2017-09-07 18:59:24 +12:00
LICENSE Initial commit 2017-06-15 16:38:21 +03:00
location.py Comments on what things are doing and also doing the DD step in the script 2017-09-07 18:59:24 +12:00
ModeS.py Refactoring 2017-09-07 21:01:23 +12:00
parity.py Moving code around to help my understanding. file names most probably wrong right now but will update when understand it better 2017-09-05 21:35:26 +12:00
PPM.py More refactoring to get things in own files to help my understanding 2017-09-07 20:15:28 +12:00
README.md Describe the hackrf_transfer flags 2017-09-06 19:30:06 +12:00

"ADS-B Out" add-on for SoftRF-Emu, Stratux, etc...

This repository contains "ADS-B Out" encoder for Tx-capable SDR hardware.

It is currently written in architecture independent Python language and can be used as an add-on for existing open source "ADS-B In" solutions. One known good example is Stratux.

Disclaimer

The source code is published for academic purpose only.

Instructions

  1. Execute ADSB_Encoder.py script with <ICAO> <Latitude> <Longtitude> <Altitude> arguments:
$ ADSB_Encoder.py  0xABCDEF 12.34 56.78 9999.0
$ ls Samples.iq8s
Samples.iq8s
$
  1. Make the raw signal file aligned to 256K buffer size:
$ dd if=Samples.iq8s of=Samples_256K.iq8s bs=4k seek=63
1+0 records in
1+0 records out
4096 bytes (4.1 kB) copied, 0.00110421 s, 3.7 MB/s
$
  1. Transmit the signal into air:
$ hackrf_transfer -t Samples_256K.iq8s -f 868000000 -s 2000000 -x 10
call hackrf_sample_rate_set(2000000 Hz/2.000 MHz)
call hackrf_baseband_filter_bandwidth_set(1750000 Hz/1.750 MHz)
call hackrf_set_freq(868000000 Hz/868.000 MHz)
Stop with Ctrl-C
 0.5 MiB / 1.000 sec =  0.5 MiB/second

User cancel, exiting...
Total time: 1.00038 s
hackrf_stop_tx() done
hackrf_close() done
hackrf_exit() done
fclose(fd) done
exit
$
  • -t is the input file to transmit
  • -f is the frequency in hertz. In the real world this would be 1090000000 but do not use that
  • -s is the sample rate in hertz
  • -x is the gain

Validation

$ sudo dump1090 --net --freq 868000000
...

References

  1. "Gr-Air-Modes", Nick Foster, 2012
  2. "EXPLOITING THE AUTOMATIC DEPENDENT SURVEILLANCE BROADCAST SYSTEM VIA FALSE TARGET INJECTION", Domenic Magazu III, 2012
  3. "ADS-B out by HACKRF and received over the air by rtl-sdr dongle and dump1090", Jiao Xianjun, 2014
  4. "Ghost in the Air(Traffic): On insecurity of ADS-B protocol and practical attacks on ADS-B devices", Andrei Costin and Aurelien Francillon, 2015
  5. "ADS-B Decoding Guide", Junzi Sun, 2017

History

This is a fork orginally from https://github.com/lyusupov/ADSB-Out in September 2017.