• Stars
    star
    1,636
  • Rank 28,579 (Top 0.6 %)
  • Language
    JavaScript
  • Created almost 11 years ago
  • Updated about 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A drone engineered to autonomously seek out, hack, and wirelessly take full control over any other Parrot or 3DR drones within wireless or flying distance, creating an army of zombie drones under your control.

SkyJack

SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones within wireless or flying distance, creating an army of zombie drones under your control.

Update: Proof of Concept of SkyJack for 3D Robotics drones using the TI CC1111 chipsets [August 2015]

The update uses a sub-GHz RF transciever to predict frequency hopping pattern + ID of 3DR telemetry modules, allowing full remote takeover of nearby drones, similar to the Parrot attack (with no wifi required).

by @SamyKamkar // [email protected] // http://samy.pl // Dec 2, 2013

Code available on github


Watch the video here
SkyJack - autonomous drone control

Overview

Today Amazon announced they're planning to use unmanned drones to deliver some packages to customers within five years. Cool! How fun would it be to take over drones, carrying Amazon packages…or take over any other drones, and make them my little zombie drones. Awesome.

Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.

SkyJack also works when grounded as well, no drone is necessary on your end for it to work. You can simply run it from your own Linux machine/Raspberry Pi/laptop/etc and jack drones straight out of the sky.

http://samy.pl/skyjack/drone-pwn.png


Download

You can acquire SkyJack from github: https://github.com/samyk/skyjack

Software

SkyJack

SkyJack (available from github) is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in order to get its wifi card into monitor mode, detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses node.js with node-ar-drone to control zombie drones.

I detect drones by seeking out any wireless connections from MAC addresses owned by the Parrot company, which you can find defined in the Registration Authority OUI.

aircrack-ng

I use aircrack-ng to put our wireless device into monitor mode to find our drones and drone owners. I then use aireplay-ng to deauthenticate the true owner of the drone I'm targeting. Once deauthenticated, I can connect as the drone is waiting for its owner to reconnect.

node-ar-drone

I use node-ar-drone to control the newly enslaved drone via Javascript and node.js.

Hardware

Parrot AR.Drone 2

The Parrot AR.Drone 2 is the drone that flies around seeking other drones, controlled from an iPhone, iPad or Android, and is also the type of drone SkyJack seeks out in order to control. SkyJack is also capable of seeking out Parrot AR.Drone version 1.

The Parrots actually launch their own wireless network which is how the owner of the drone connects. We take over by deauthenticating the owner, then connecting now that the drone is waiting for its owner to connect back in, exploiting the fact that we destroyed their wireless connection temporarily.

Raspberry Pi

I use a Raspberry Pi to drive the project as it's inexpensive, reasonably light, has USB, and runs Linux.

Alfa AWUS036H wireless adapter

I use the Alfa AWUS036H wireless card which supports raw packet injection and monitor mode which allow me to deauthenticate users who are legitimately connected to their drones.

Edimax EW-7811Un wireless adapter

I also use the Edimax EW-7811Un wireless USB adapter in order for SkyJack to launch its own network. This allows me to connect to SkyJack from my laptop or iPad and watch all the other drones as they're being controlled.

USB Battery

I suggest any USB battery which is light (under 100 grams), and can output close to an amp (1000mAh). The Raspberry Pi + wifi will likely use about this much juice. You could also possibly hook up three AAA batteries together to get about 4.5V out which would be a bit lighter, though I'm not sure how much current it will be able to output.

Questions?

Feel free to contact me with any questions!

You can reach me at [email protected].

Follow @SamyKamkar on Twitter or check out http://samy.pl for my other projects.

More Repositories

1

poisontap

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
JavaScript
6,195
star
2

evercookie

Produces persistent, respawning "super" cookies in a browser, abusing over a dozen techniques. Its goal is to identify users after they've removed standard cookies and other privacy data such as Flash cookies (LSOs), HTML5 storage, SilverLight storage, and others.
JavaScript
4,320
star
3

magspoof

A portable device that can spoof/emulate any magnetic stripe, credit card or hotel card "wirelessly", even on standard magstripe (non-NFC/RFID) readers. It can disable Chip&PIN and predict AMEX card numbers with 100% accuracy.
C
3,888
star
4

pwnat

The only tool/technique to punch holes through firewalls/NATs where multiple clients & server can be behind separate NATs without any 3rd party involvement. Pwnat is a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, DNS, router admin requirements, STUN/TURN/UPnP/ICE, or spoofing.
C
2,846
star
5

slipstream

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting a website
Perl
1,887
star
6

usbdriveby

USBdriveby exploits the trust of USB devices by emulating an HID keyboard and mouse, installing a cross-platform firewall-evading backdoor, and rerouting DNS within seconds of plugging it in.
Arduino
1,230
star
7

keysweeper

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
Eagle
1,084
star
8

opensesame

OpenSesame attacks wireless garages and can open most fixed-code garages and gates in seconds using a Mattel toy
C
833
star
9

samytools

Simple tools to make reverse engineering and console cowboying easier, primarily by data translation and manipulation + file handle piping. Mostly *nix tools with an emphasis on macOS.
Perl
555
star
10

webscan

Browser-based network scanner & local-IP detection
JavaScript
418
star
11

proxygambit

Anonymize and fracture network traffic/Internet access over a point-to-point wireless link or through TCP->GSM->wifi tunnel (advanced resurrection of ProxyHam)
Arduino
352
star
12

combobreaker

Motorized, portable, 3D printed, Arduino-based combination lock cracker
C++
231
star
13

dingdong

Digital Ding Dong Ditch -- RTL-SDR + Arduino + GSM/SMS/FONA + RF + GQRX to hack a wireless doorbell from a text message
C++
229
star
14

quickjack

Quickjack is a point-and-click tool for intuitively producing advanced clickjacking and frame slicing attacks.
JavaScript
227
star
15

frisky

Instruments to assist in binary application reversing and augmentation, geared towards walled gardens like iOS and macOS
C++
198
star
16

glitchsink

Voltage glitcher to bypass instructions/bootloader protections *without* target modification
C++
115
star
17

jiagra

Javascript/Website Performance Enhancement
JavaScript
108
star
18

easel-driver

Easel driver for Linux, Mac, Windows, ARM, Raspberry Pi, Intel, FTDI, CH340, CH341, CP210x, FTDI clones, local, and remote access to GRBL-based CNC controllers
Shell
93
star
19

myo-osc

OSC bridge for the Thalmic Myo gesture control armband (cross-platform)
C++
80
star
20

BPL

The Blind Public License is a restrictive license that does not allow any person to read, view, interpret, emulate, debug, disassemble, reverse engineer, or execute ("Observing") any included code, schematics or engineering diagrams (the "Technology").
56
star
21

samyk

54
star
22

sqlpp

feature-rich, multi-database interfacing, multi-connection, colorful console-based SQL client
Perl
53
star
23

bgrid

wireless balloon LED network w/ATtiny24 + nRF24L01+ (PCB + firmware + TouchDesigner)
C++
46
star
24

buspirate

Bus Pirate (cross-platform, cleaned up for OS X)
C
42
star
25

crak

Crash Royale Attack Kit
JavaScript
39
star
26

openrTMS

Open rTMS (Transcranial Magnetic Stimulation)
C++
26
star
27

amazonshelper

TamperMonkey script (browser extension) for Amazon to add price by volume for materials and to hide useless UI elements
JavaScript
24
star
28

lcventilator

Low cost ventilator based on Dr. Jeffrey Ebin's design
C++
21
star
29

specs

Public specifications for easy accessibility
19
star
30

pinning

#PINNING is a browser extension (currently TamperMonkey script) to improve Pinterest's desktop browsing UX
JavaScript
15
star
31

glitchisnk

Voltage glitcher to bypass instructions/bootloader protections without target modification
14
star
32

microscopy

files for (μ)scope projects
11
star
33

motoaudio

Inspecting the Moto Audio application running on Motorola Android devices
9
star
34

testimg

chrome blocks downloading images from my github :(
9
star
35

openraman

Low cost, high performance open source Raman spectrometer
C++
6
star
36

mains-logs

log files for mains project
2
star
37

mains

monitoring mains line voltage
Perl
1
star