HACK-A-SAT RESOURCE LIBRARY
A collection of Resources for budding SAT hackers (Satellites, not the testยฏ\_(ใ)_/ยฏ). Note: This is an evolving resource, so please contribute with a pull request
Jump To: Web sites | Articles and Op-Eds | Tools and Projects | Videos | Books and White Papers | 2020 Write-Ups | Programming Libraries | Miscellaneous | Contacts
BACKGROUND
The democratization of space has opened up a new frontier for exploration and innovation. But with this opportunity, new cybersecurity vulnerabilities are also being created. One human can design, build and launch a satellite, adhering to very few standards and security protocols. So how can we achieve safe, reliable and trustworthy operations to truly realize the promise of space? ...BY HACKING A SATELLITE.
The United States Air Force, in conjunction with the Defense Digital Service, presents this yearโs Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems... THE QUESTION IS, HOW?
RESOURCES
Hack A Sat Workshops
We are bringing a series of interactive workshops to DEF CON in complete Safemode via Twitch. Check out our vibrant, web-based virtual reality environment to access the workshops at dds-virtual.com, otherwise, see the github repo for the deets on game play for each of the work shops!
Hack A Sat Challenges
- Hack A Sat Qualifier Challenges : Public version of the qualifier challenges from HAS 2020
Articles and Op-Eds
- Space Development Agency to launch five satellites aboard SpaceX rideshare by Sandra Erwin (https://spacenews.com/space-development-agency-to-launch-five-satellites-aboard-spacex-rideshare/)
- U.S. Army selects Iridium to develop payload for low Earth orbit satellite navigation system by Sandra Erwin (https://spacenews.com/u-s-army-selects-iridium-to-develop-payload-for-low-earth-orbit-satellite-navigation-system/)
- Op-ed | Assessing new launch vehicles on the market by Phillip Bracken (https://spacenews.com/op-ed-assessing-new-launch-vehicles-on-the-market/)
- Hackers could shut down satellites โ or turn them into weapons by William Akoto (https://theconversation.com/hackers-could-shut-down-satellites-or-turn-them-into-weapons-130932)
- Want to Hack a Satellite? It Might Be Easier Than You Think by Max Eddy with video presentation (https://forum.defcon.org/node/232085)
- It's Surprisingly Simple to Hack a Satellite by Lorenzo Franceschi-Bicchierai about Iridium hacking (https://forum.defcon.org/node/232079)
- Hacking Satellites Is Surprisingly Simple By Ryan Whitwam (https://www.extremetech.com/extreme/287284-hacking-satellites-is-probably-easier-than-you-think)
- Our satellites are prime targets for a cyberattack. And things could get worse. by Gergory Falco (https://www.washingtonpost.com/opinions/our-satellites-are-prime-targets-for-a-cyberattack-and-things-could-get-worse/2019/05/07/31c85438-7041-11e9-8be0-ca575670e91c_story.html)
Web Sites
- Satellite Orbits, Models, Methods, Applications, Oliver Montenbruck, Eberhard Gill (https://github.com/orbitalindex/awesome-space)
- Hackers Homepage on DSS signal hacking (https://hackershomepage.com/dss_hacking.htm)
- School Amateur Radio Club Network: "a free on-line resource for anyone associated with or thinking about setting up a School Amateur Radio Club"(https://sarcnet.org/)
- Satellite Projects (GOES Satellite Hunt and other), Lucas Teske (https://lucasteske.dev/satcom-projects/satellite-projects)
Tools and Projects
- Mini Satellite-Antenna Rotator Mk1: "This project is a portable device used to automatically point a directional antenna towards an orbiting satellite."(https://forum.defcon.org/node/232474)
- Webinar: GNSS hacking, from satellite signals to hardware/software cybersecurity (https://www.youtube.com/watch?v=Au43CmiOO_g)
- Presentation at RSA Conference 2019- Attack Vectors in Orbit: The Need for IoT and Satellite Security by William J Malik, CISA: https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13692/MBS-W03-Attack-Vectors-in-Orbit-The-Need-for-IoT-and-Satellite-Security.pdf
- Satellite Project: Hackaday Satellite Projects (https://hackaday.io/list/4321-satellite-projects)
- Tools and infrastructure: QEMU+GDB to emulate a satellite, CCSDS using scapy, infra scripts. Solar Wine (https://github.com/solar-wine/tools-for-hack-a-sat-2020)
Videos
- Hacking Iridium Satellites With Iridium Toolkit by TechMinds (https://www.youtube.com/watch?v=usCJtuvXfPg)
- Iridium Satellite Hacking - HOPE XI 2016 (https://www.youtube.com/watch?v=cvKaC4pNvck&t=)
- SATCOM Terminals: Hacking by Air, Sea, and Land by Ruben Santamarta (https://www.youtube.com/watch?v=YeKswEamOl4&t=)
- DEF CON 23 - Colby Moore - Spread Spectrum Satcom Hacking (https://www.youtube.com/watch?v=2aBXpho5b7w&t=)
- 2012: Martin Rutishauser: Satellite Hacking: An Introduction (https://www.youtube.com/watch?v=xIsG8GpB67A&t=)
- Reverse Engineering Satellite Based IP Content Distribution (https://www.youtube.com/watch?v=U1WyBP4lKZk&t=)
- How to Reverse-Engineer a Satellite TV Smart Card (https://www.youtube.com/watch?v=tnY7UVyaFiQ&t=)
- Reverse engineering Outernet (33c3) (https://www.youtube.com/watch?v=TCoSRx7DpGY&t=)
- Reverse Engineering NOAA and ARGOS Satellite - Hot Topics - 9th September 2016 (https://www.youtube.com/watch?v=HjBMxoHTjCk&t=)
- Lucas Teske - Satellite Communications Reverse Engineering - H2HC 2016 (https://www.youtube.com/watch?v=SIxRyVKlpEo&t=)
- Spread Spectrum Satcom Hacking: Attacking The Globalstar Simplex Data Service (https://www.youtube.com/watch?v=1VbmHmzofmc&t=)
- Hacking Iridium Satellites With Iridium Toolkit (https://www.youtube.com/watch?v=usCJtuvXfPg&t=)
- Black Hat DC 2009 - Adam Laurie - Satellite Hacking for Fun and Profit (https://www.youtube.com/watch?v=PyXZX63etog&t=)
- Stephan Gerling - Hacking Yachts Remotely via Satcom or Maritime Internet Router (https://www.youtube.com/watch?v=mT7dXJ_ob8k&t=)
- Black Hat USA 2015 - Spread Spectrum Satcom Hacking Attacking The Globalstar Simplex Data Service (https://www.youtube.com/watch?v=arPqhHQ-R4o&t=)
- SEC-T 2009 - Playing in a Satellite environment - Ramรณn Pinuaga (https://www.youtube.com/watch?v=Z6FjVRYyCf4&t=)
- GPS As An Attack Vector (https://www.youtube.com/watch?v=Duxr1yRKRoU&t=)
Books and White Papers
- About: Fundamentals of Astrodynamics and Applications, Third Edition by David A. Vallado
- About: Fundamentals of Spacecraft Attitude Determination and Control by F. Landis Markley, John L. Crassidis
- About: Satellite Communications Payload and System (https://ieeexplore.ieee.org/book/6305387)
- How To: Satellite Hacking: A Guide for the Perplexed: http://www.international-relations.com/CM2012/Satellite-Hacking.pdf
- How To: Satellite Network Hacking & Security Analysis by Adam Ali.Zare Hudaib (https://www.cscjournals.org/manuscript/Journals/IJCSS/Volume10/Issue1/IJCSS-1200.pdf)
- How To: Satellite Tool Kit Astronautics Primer by Jerry Jon Sellers Based on Understanding Space: An Introduction to Astronautics (http://lasp.colorado.edu/~lix/class/asen5050/stk_files/astroprimer.pdf)
- How To: NASA's Beginner's Guide to Rockets (https://www.grc.nasa.gov/www/k-12/rocket/bgmr.html)
- How To: CubeSat 101: Basic Concepts and Processes for First-Time CubeSat Developers (https://www.nasa.gov/sites/default/files/atoms/files/nasa_csli_cubesat_101_508.pdf)
- How To: DIY Communications and Control for Amateur Space : Talking and Listening to Your Satellite by Sandy Antunes (https://www.worldcat.org/title/diy-comms-and-control-for-amateur-space-talking-and-listening-to-your-satellite/oclc/910553792)
- How To: Surviving Orbit The DIY way : Testing the Limits Your Satellite Can and Must Match (https://www.worldcat.org/title/surviving-orbit-the-diy-way-testing-the-limits-your-satellite-can-and-must-match/oclc/826866872)
- How To: Space Mission Engineering: The New SMAD (http://www.sme-smad.com/)
- Types of Risks and Attacks: MITIGATING CYBER SECURITY RISK IN SATELLITE GROUND SYSTEMS by Stephen F. Bichler, Maj, USAF (https://apps.dtic.mil/dtic/tr/fulltext/u2/1012754.pdf)
- Types of Risks and Attacks: Attack Vectors in Orbit: The Need for IoT and Satellite Security by William J Malik, CISA (https://published-prd.lanyonevents.com/published/rsaus19/sessionsFiles/13692/MBS-W03-Attack-Vectors-in-Orbit-The-Need-for-IoT-and-Satellite-Security.pdf)
- Types of Risks and Attacks: Cybersecurity Principles for Space Systems by Gregory Falco (https://2ea998fc-9f95-482a-87f8-dd57460966a8.filesusr.com/ugd/e741d3_daa22cd1e5234b8f9139fa9c7406be29.pdf)
- Types of Risks and Attacks: Electronic and Cyber Warfare in Outer Space by Rajeswari Pillai Rajagopalan (https://www.unidir.org/files/publications/pdfs/electronic-and-cyber-warfare-in-outer-space-en-784.pdf)
Hack-A-Sat 2020 Writeups
- Recap of the team Exodus Orbitals Alliance (192 out of 1278 teams) https://blog.exodusorbitals.com/2020/05/26/hack-a-sat-2020-after-action-report/
- Where's the Sat? [HackaSat] [Writeup] by Philippe Delteil (https://medium.com/@pdelteil/wheres-the-sat-hack-a-sat-writeup-9a523634963b)
- Seeing Stars [HackASat] [Writeup] by Philippe Delteil (https://medium.com/@pdelteil/seeing-stars-hackasat-writeup-372e7859ca97)
- Track The Sat - Ground Segment by Keramas (https://keramas.github.io/2020/05/24/HackASat-CTF.html)
- 56k Flex Magic - Communication Systems by Keramas (https://keramas.github.io/2020/05/25/HackASat-Part2.html)
- 56k Flex Magic - Communication Systems by Tan (https://medium.com/@solomontan_68263/56k-flex-magic-hack-a-sat-2020-f63df73b7dfd)
- I Like to Watch โ Hack-A-Sat CTF Challenge Solution [Writeup] by Dawid Golunski (https://pentest.co.uk/insights/i-like-to-watch-hack-a-sat-challenge/)
- Hack-a-Sat CTF Writeup: My 0x20 (aka โMyspaceโ) [Writeup] by OH HAI THERE (https://ohaithe.re/post/619784043448418304/hack-a-sat-ctf-writeup-my-0x20-aka-myspace)
- Hack-A-Sat 2020: Sun? On my Sat? [Writeup] by OH starfleetcadet75 (https://starfleetcadet75.github.io/writeups/2020/06/05/sun-on-my-sat.html)
- Vaporsec CTF team from DC 858/619 summarizes the event and lessons learned (https://www.facebook.com/DC858/videos/281579856584929/)
- LaunchLink - Hack-A-Sat Quals 2020 [Writeup] by erfur (https://erfur.github.io/LaunchLink_Hackasat/)
- Leaky Crypto - Hack-A-Sat Writeup: [Writeup] by ADDVulcan (https://github.com/ADDVulcan/ADDVulcan/tree/master/Payload%20Modules/Leaky%20Crypto)
- Qualification and final write-ups [Writeup] by Solar Wine (https://github.com/solar-wine/writeups/)
Standards
- CCSDS: The Consultative Committee for Space Data Systems (CCSDS) is a multi-national forum for the development of communications & data systems standards for spaceflight. (https://public.ccsds.org/default.aspx)
- OGC: Open Geospatial Consortium is a worldwide community committed to improving access to geospatial, or location information. (https://www.ogc.org/)
- OMG Space DTF: The OMG Space Domain Task Force (Space DTF) was established to answer a call by industry professionals for greater interoperability as well as a reduction in costs, (https://www.omg.org/space/)
Programming Libraries
- CCSDSPy: Provides an IO Interface for reading CCSDS data in Python. The CCSDS format is used for many NASA and ESA missions for low-level telemetry (https://ccsdspy.readthedocs.io/en/latest/)
- Satpy: Python library for reading and manipulating meteorological remote sensing data and writing it to various image and data file formats (https://github.com/pytroll/satpy)
- SGP4: Python version of the SGP4 satellite position library (https://github.com/brandon-rhodes/python-sgp4)
- Poliastro: Collection of Python functions useful in Astrodynamics and Orbital Mechanics, focusing on interplanetary applications. It provides a simple and intuitive API and handles physical quantities with units (https://docs.poliastro.space/en/stable/)
- Skyfield: Computes positions for the stars, planets, and satellites in orbit around the Earth (https://rhodesmill.org/skyfield/)
- satellite.js: A library to make satellite propagation via TLEs possible in the web. Provides the functions necessary for SGP4/SDP4 calculations, as callable javascript. Also provides functions for coordinate transforms. (https://github.com/shashwatak/satellite-js)
- Cesium-js: Cesium is the open platform for software applications designed to unleash the power of 3D data. (https://cesium.com/)
- SpacePython: Satellite Operations Language Metamodel. (https://www.omg.org/spec/SOLM/About-SOLM/)
- OpenTsiolkovsky: OpenTsiolkovsky is a free , specific usage rocket flight simulator that allow you calcurate rocket trajectry. (https://github.com/istellartech/OpenTsiolkovsky)
Miscellaneous
- SPACEX - ISS Docking Simulator: This simulator will familiarize you with the controls of the actual interface used by NASA Astronauts to manually pilot the SpaceX Dragon 2 vehicle to the International Space (https://iss-sim.spacex.com)
- Satellite, Junk, and Flare Tracking (https://www.satflare.com/home.asp)
- Feed Hunting and Satellite Mapping (http://www.feedhunter.com/)
CONTACTS
Space and Satellite Security POCs
- Adam Ali Zare Hudaib: Author of Satellite Network Hacking & Security Analysis
- William Akoto: Author of Hackers could shut down satellites โ or turn them into weapons
- LT COL Stephen Bichler: Author of MITIGATING CYBER SECURITY RISK IN SATELLITE GROUND SYSTEMS
- Gregory Falco: Author of Cybersecurity Principles for Space Systems
Defense Digital Service Library Custodians
- Clair Koroma ([email protected])
- Daniel Allen ([email protected])
- Nick Ashworth ([email protected])