New Toy - Ubertooth One

I felt like exploring and learning some different wireless technologies, so I ordered an Ubertooth One from SparkFun.com.  I wanted to try it with Kali because I knew that there would be some tools and maybe even the Ubertooth software.  I already had Kali 1.04 (1.05 is released) as a VirtualBox VM, so I fired it up. 

I connected the antenna to the Ubertooth One, then plugged it in.  My Windows 7 host didn't recognize the usb device, but I didn't expect it to.  I connect the device to the VM and looked for ubertooth software. 
 
root@kali-vbox:~# ubertooth-
ubertooth-btle    ubertooth-hop     ubertooth-specan  ubertooth-util
ubertooth-dump    ubertooth-lap     ubertooth-uap  

I ranubertooth-dump and saw a lot of random stuff.  I then went to the getting started guide and saw that they suggested running ubertooth-specan-ui, which should give a nice graphical representation of wireless activity.  I did not have that program, so I headed to the build guide.

The first thing that I did was to uninstall the current ubertooth software.  It was the 2012.10.r1 version.  They are currently on 2014-02-R2.  

I pretty much followed the directions on the build guide.  Install some compile tools and libraries first.  I already had gcc and make installed.

#sudo apt-get install cmake libusb-1.0-0-dev make gcc

Then I dowloaded the latest pyusb (1.0.0b1) from the project page and installed it per the readme.  I noted that 1.0.0a3 was preinstalled.  Probably should have uninstalled it first.  I also learned about the "j" flag for tar to deal with *.xz files.

root@kali-vbox:~# tar xf pyusb-1.0.0b1.tar.gz
root@kali-vbox:~# cd pyusb-1.0.0b1/
root@kali-vbox:~/pyusb-1.0.0b1# ls
root@kali-vbox:~/pyusb-1.0.0b1# python setup.py install

Then I downloaded libbtbb per the directions, made it, and installed it.

Finally, I downloaded the ubertooth code, made it, and installed it.  Then I had the ubertooth-specan-ui binary.

root@kali-vbox:~# ubertooth-
ubertooth-btle       ubertooth-dump       ubertooth-scan
ubertooth-debug      ubertooth-follow     ubertooth-specan-ui
ubertooth-dfu        ubertooth-rx         ubertooth-util




And here's the proof!

The next step will be to build the kismet plugin and try to add it.  Kali 1.04 had kismet 2013.03.R1b already installed.  It might understand the ubertooth plugin.  It will probably be safer to uninstall it and get the latest source code.

Software Defined Radio

Every once in a while, I look up information on Automatic Dependent Surveillance-Broadcast (ADS-B).  What is that?  It is a broadcast from airplanes that gives information about aircraft like their identification, speed, altitude, position, etc.  It will be replacing radar as the primary tracking and surveillance tool worldwide.  It is already in use by many aircraft.

What is neat (and stupid) is that this information is broadcast in the clear on 1090MHz.  So for a while, people have been using satellite receivers and hacking them to pick up the signal, or building their own board, or creating kits.  It seems to be pretty popular now with several software decoders and "radar" software to display the information.

I was looking for information again and saw that there was an easier way to receive data now.  There are $20 USB dongles for European Digital TV that work as Software Defined Radios (SDR).  They have ranges from 24MHz to 1700MHz for the newer tuner (R820T).

I bought one from amazon for $12.95.  This is the listing, but the price changes.  This one is $19.95, is recommended, and is identical to what I got.

A good place to get started is to google rtl sdr.  RTL is the name of the utility drivers for the Realtech RTL2832U receiver.  This blog looks good, and I used this page a lot.  I also decided to do my dirty work in a Kali (Linux, Debian based) VM because I didn't want to install a bunch of dodgy software on my windows laptop first.  It looks like there are some windows programs, but I was particularly interested in gqrx, which is linux based.

To get it to work on Kali, I followed this, which recommended building GNU Radio and gqrx from scratch.  I ended installing a fresh version of Kali 1.04, and then just installing gqrx using apt-get.  That took care of the dependencies, and it worked fine.  It couldn't have been much simpler.

After that I was able to tune in FM radio stations and receive 1090MHz ADSB broadcasts.  I downloaded a simple display tool (adsbSCOPE) to verify that I was getting good information.  This is windows software, so I ran it on my laptop.  I set it to get information from my VM on port 7000, then I used rtl_adsb piped through netcat on the Kali VM to deliver the ADSB data.  They were running on the same machine, but this could be distributed.  Even to a Raspberry Pi...

The next steps are to get a PAL to F connector adapter so that I can use better antennas, then create some better antennas.  This page does a great job of listing the software and antennas that you can use to get ADSB.  adsbSCOPE was one of four "radar" softwares listed, with three of the four being free.  

One of the other ADSB radar programs is Virtual Radar.  I didn't want to try it because it uses Google maps.  It is also a web server, so I figured it probably wouldn't work great offline.  Many of the installations are published to the internet.  To find them, execute this Google search: inurl:”VirtualRadar/GoogleMap.htm”.  The second one I looked at had this:




I'm looking forward to getting better antennas and decoding other information.  In theory, most transmissions in the 24MHz - 1700MHz range should be receivable with this dongle.  There are tricks to shift frequencies so that it can receive even lower frequencies.  This should cover AM, FM, ADSB, police, aviation, ADSB, and many others.  My next step is NOAA satellite broadcasts, but I'll need to make a better antenna.