actually in my practice when i used in open area gps-sdr-sim its dosen't works so simply because after gps cold start when they download ephemeris data. for security ECM i think have alot ECM for protection against spoofing.
It all depends on the algorithms used in the GNSS receiver. This video shows an asynchronous attack ( non-coherent). When the receiver is already locked on real signals, the non-coherent signal is perceived as noise. For an attack to succeed, it is very important to suppress all original signals GPS, GLONASS, Beidou, Galileo. When the receivers lose the signal, there are two algorithms of action: 1. go to search mode. In this case, the receiver will successfully find and lock on the fake signals. 2. wait for the signal to return to its previous codephase-doppler zone. Such receivers can be spoofed only by a coherent attack.
@@t1g7r21 Yes, you are right. We use several GNSS antennas to analyze spatial parameters of GNSS signals. It's needed to detect a sophisticated coherent spoofing attack. Watch our videos about spoofing attack scenarios: ua-cam.com/video/5Mw-NKy1BOM/v-deo.html
Hello, and thank you for sharing this informative video. Will a EVK-M8N work just as well? Also, what is the model of antenna you are using, are there any alternatives to that antenna? Thanks.
I m writing a thesis on spoofing attacks in autonomous vehicles, can anyone here guide me about where to start and how I can make it easy for me?. I have to first spoof the receiver of autonomous vehicles and then propose a mitigation technique. How much these devices cost and can I use them with autonomous vehicles?
Check out the articles on our blog. We publish our research on spoofing there. Maybe it will help you. For example, an article about types of spoofing attacks: gpspatron.com/types-of-gnss-spoofing/
@@copycarvers Please keep in mind that generating signals in GNSS bands may not be legal in your region. The purpose of this channel is to show how unprotected GNSS receivers are against such threats.
Файл эферемид, который качается - старый. Поэтому приемник сравнивает время Глонасс и Бейдоу и откидывает данные GPS как невалидные(с Глонасс разница +3 часа) по времени,например параметр TOW. Если транслировать актуальные эферемиды - Глонасс не поможет. Ничего не поможет . Так как все гражданские телефончики планшетики , самокатики - праймари GPS. И кстати U-Blox center почему-то тоже не мяукнул что время от начала GPS недели старое в эферемиде... однако :))))
Hi I am generating a csv file with ECEF positions using a SPG4 propagator, to simulate an orbit, I am trying to load it into the software it does the whole procedure but the GPS ublox Neo M8T, that I am using does not engage with this file. I am using a Neo 6 GPS and the system does work, what can I do to make it work with the Neo M8T. Thanks David
How to constantly posting the spoofed coordinates? In your video,the spoofed coordinates should be transmitted till 5 min,right?? Suppose i want to transmit a spoofed location for longer time say 10 hrs,how to do that??
Hi there. There are two options here: 1. develop your own app based on GPS-SDR-SIM with real-time IQ streaming capabilities. 2. Use any commercial app.
@@GPSPATRON can you please provide any url for tutorial to develop such app.Sounds complicated! Also,please mention some such commercial apps you mentioned….
I have tried this experiment with PLUTO SDR, when I am testing with GPS Receiver i am not getting Stable Satellite C/N Ratios, can you help me where did i modify to get proper position fix
Two conditions must be met for the receiver to accept your signal: - good TCXO - other constellations invisibility (you should totally block it with a jammer) Take into account that such over-the-air experiments are illegal in most countries.
Great video , but I need your help. Last week I do spoofing, and it’s work fine with iPhone. But currently unfortunately it is doesn’t work for iPhone. Currently it is work only for android device. What can I do for improve spoofing?
im not sure this will help your problem (I'm not as smart as this person) but after changing the geolocation on the iPhone you must reset the phone so it can be spoofed again. Basically after spoofing the phone, you must reset it because any further signals received after you stopped the spoofing will not be read until the Iphone is reset (reset as in hard power off)
Spoofer --> receiver distance is not very important. It is critical to choose the distance between the jammer, spoofer, and receiver. The jammer must block the original GLONASS and Beidou signals. At the same time jammer should not suppress fake spoofer signals.
but why we need jammer if the transmit position of our Hackrf is nearest, so should be the strongest? And you may forgot mentioned about TCXO clock for hackrf as well?
@@IdrusAlhamid-jz9jt you need to jam the original signals so the receiver will pick up the spoofed ones - think about it like its not a radio because the signal must be confirmed before they are read (like Bluetooth compared to FM radio) - also if you do not jam the original signals, the Spoof protection on the receiver will pick up on the false signals (like how the GLONASS and Beidou were considered "spoofed" signals after the original jamming)
This is impossible to do. The GNSS receiver does not emit any signals and therefore cannot be detected. You can simply block GNSS signals with a jammer. Or you can change the coordinates with a spoofer.
but such an experiment may violate your local law. It is forbidden to generate radio signals in this frequency band. It is better to conduct a study with cables as in our video.
is there any practical use for gps spoofing? Only thing that comes to mind is cheating in gps games like ingress or pokemon..beside that..any good use? I tested this with portapack h2+, worked on an old samsung phone, didnt work on my redmi phone unless i turn of internet and it confused my smartwatch so it got no connection..like a jammer. Fun for a minute but i dont see any practical use. Is it just just a "lets see if we can" thing?
This is just a demonstration that GNSS spoofing has become very affordable and easy. Attackers will always find a purpose if critical infrastructure is not protected
In Australia the 7-11 fuel company allows you to lock in a fuel price based on your location for 7 days (so you can travel and still have the cheap fuel) so there is one use - though you would need to use it a lot to pay for the hardware!
U can spoof a Starlink satellite, the Russians figured it by using jammers on their military vehicles when the Ukrainians were using the satellites to locate Russian signals to direct killer drones on them, but in Feb 2023 Elon out of humanitarian cause decided to switch off Starlink within that region or block them. This is debatable, my guess is Elon got a call from Jake Sullivan or the Director of the CIA Burns, telling him what Starlink was causing in Ukraine, and was given an ultimatum. The Russians were capable of hacking into those satellites and mimic Ukrainian signals as well. Elements within the Russian FSB or GRU military intelligence units must of figured out how to hack the signals using their own fleet of Russian space satellites in order to pinpoint GPSS signals and port into them.
@@MrDenisJoshua It is better to use another application that generates and sends IQ data at the same time. You can find it on github. Be aware that transmitting an RF signal over-the-air in the GNSS bands is prohibited in most countries.
@@GPSPATRON Thanks a lot again... do you have the name of this soft please ? I'll use only on a place underground... I just must tell to the mobile that I'm home :-)
Anything you can do with a credit card an internet connection, and an ability to follow simple directions, is shockingly easy. Especially considering the damage which could be caused
Hi Yacine, The purpose of this video is to show the vulnerability of the GNSS receiver to spoofing. GNSS spoofing has become a huge issue for precise navigation, time synchronization.
@@GPSPATRON thank you for answering sir ! Another question : can you make a video on how to spoof a key with keyfobbing ? Like the video of a mercedes that were stolen with 2 persons, one with a radio, another with a PC
@@GPSPATRON Скажите, пожалуйста, есть ли в Вашем HackRF внешний TCX0 и на сколько мощный передаётся сигнал? У меня штырём покрывается вся квартира с полным приёмом.
@@ДмитрийПетров-ы1ъ будет работать и на базовом LO. Но чем выше стабильность по частоте, тем лучше будут координаты имитироваться. Меньше будет дисперсия ошибки в плане.
You holding a big strange glowing box with an antenna sticking out and yourself laughing maniacally and wearing a gopro will most likely give it away when the gps starts acting weird.
can we spoof GPS signals in India as well just as easily as you demonstarted in this video? so i need your help in making a Proj for my Mtch degree. ready to pay for it as well. waiting for your reply in anticipation.
Hi Sadanand, What do you think about the small joint research? We support various educational programs. Please fill out the feedback form on our website and we will definitely get back to you.
Hi, we do not have it. However, you can check this article instead: gpspatron.com/spoofing-a-multi-band-rtk-gnss-receiver-with-hackrf-one-and-gnss-jammer/
@@GPSPATRON Which jammer is $20? I noticed the following prices: Great Scott Gadgets HackRF One - Software Defined Radio $340.00 EVK-M8T $260.00 And nobody seems to have them in stock at present. Instructive video though.
@@PeterFerris The guy that hangs with the 40 theives knows where to get em cheap, but quality varies, and you'd better be careful that it's only powerful enough for local interference or the fcc will bring the high-caliber fine gun.
Этот ролик нужен, чтобы показать на сколько ГНСС спуфинг стал доступным. Мы это делаем для продвижения нашей системы защиты от спуфинга. Мы бы с удовольствием делали видосы на русском, если в России был спрос на нашу систему. Так что сорри.
If you have trouble understanding this guy, you are the problem, not him. This video was superb, and my guess is you have no idea how to utilize the info.
I bet you still listened to the whole video though. You know why? Because he is like 10 times smarter than you, but you got butthurt from it and just felt the urge to give you opinion like anyone was going give a crap. Move along doophus
Mate, I got absolutely no idea what you’re doing but you clearly are a very smart dude and ur video was well presented!!!
wow! I haven't ever thought, that it is so easy to hack GPS. so many services are in danger.
Great useful video, great knowledge. I am waiting for more. :D
What is the bandwidth of the frequency? Maybe by increasing the bandwidth you can jam the real GPS signal and make the receiver only detect yours.
That's exactly what I did.
Jammer suppressed all signals in the L1 range from 1560 to 1610 MHz
actually in my practice when i used in open area gps-sdr-sim its dosen't works so simply because after gps cold start when they download ephemeris data. for security ECM i think have alot ECM for protection against spoofing.
It all depends on the algorithms used in the GNSS receiver.
This video shows an asynchronous attack ( non-coherent). When the receiver is already locked on real signals, the non-coherent signal is perceived as noise. For an attack to succeed, it is very important to suppress all original signals GPS, GLONASS, Beidou, Galileo.
When the receivers lose the signal, there are two algorithms of action:
1. go to search mode. In this case, the receiver will successfully find and lock on the fake signals.
2. wait for the signal to return to its previous codephase-doppler zone. Such receivers can be spoofed only by a coherent attack.
@@GPSPATRON your solution based on spatial processing methods for GPS spoofing detection and mitigation?
i mean protection.
@@t1g7r21 Yes, you are right. We use several GNSS antennas to analyze spatial parameters of GNSS signals. It's needed to detect a sophisticated coherent spoofing attack. Watch our videos about spoofing attack scenarios: ua-cam.com/video/5Mw-NKy1BOM/v-deo.html
Hello, and thank you for sharing this informative video. Will a EVK-M8N work just as well? Also, what is the model of antenna you are using, are there any alternatives to that antenna? Thanks.
Bro how much are gps trnasmission of hack rf covers and can i use it in my room to spoof gps location of games is it safe?
very easy to spoof, very safe also
@@soothingsounds7491 how do you know?
I heard this comment section made the list!! 🎉🎉
I m writing a thesis on spoofing attacks in autonomous vehicles, can anyone here guide me about where to start and how I can make it easy for me?. I have to first spoof the receiver of autonomous vehicles and then propose a mitigation technique. How much these devices cost and can I use them with autonomous vehicles?
Check out this playlist:
ua-cam.com/play/PLLKqXsMeT96wCXglr4ILmBP6oF5a9TDiG.html
You will find many interesting videos
Check out the articles on our blog. We publish our research on spoofing there. Maybe it will help you.
For example, an article about types of spoofing attacks: gpspatron.com/types-of-gnss-spoofing/
Hy Zain, i'm writing a thesis that seems your. But mine is about GNSS . Did you finish yours ? We can change informations ....
can we use RTL SDR instead of the HackRF One?
RTL SDR is just a receiver. You need a transmitter.
@@GPSPATRON what about USRP?
@@copycarvers Ettus Research USRP will definitely work.
Thank you so much
@@copycarvers Please keep in mind that generating signals in GNSS bands may not be legal in your region. The purpose of this channel is to show how unprotected GNSS receivers are against such threats.
Файл эферемид, который качается - старый. Поэтому приемник сравнивает время Глонасс и Бейдоу и откидывает данные GPS как невалидные(с Глонасс разница +3 часа) по времени,например параметр TOW. Если транслировать актуальные эферемиды - Глонасс не поможет. Ничего не поможет . Так как все гражданские телефончики планшетики , самокатики - праймари GPS. И кстати U-Blox center почему-то тоже не мяукнул что время от начала GPS недели старое в эферемиде... однако :))))
тоесть, если качать актуальный файл, тьо все будет ок?
When to wait next video ?
Hi I am generating a csv file with ECEF positions using a SPG4 propagator, to simulate an orbit, I am trying to load it into the software it does the whole procedure but the GPS ublox Neo M8T, that I am using does not engage with this file. I am using a Neo 6 GPS and the system does work, what can I do to make it work with the Neo M8T.
Thanks
David
Hi David. What software do you use for GPS signal simulation? What hardware?
Please, Why did you plug the cellphone with a cable in hack RF instead of use the antenna transmitting ?
The cellphone is send8ng the GPS signal data file to the hackrf. You could also use a computer (Linux, Mac or windows)
Eu estava tentando baixar o arquivo e ele não está mais disponivel a versão compilada e eu não sei onde achar ela
How to constantly posting the spoofed coordinates?
In your video,the spoofed coordinates should be transmitted till 5 min,right?? Suppose i want to transmit a spoofed location for longer time say 10 hrs,how to do that??
Hi there. There are two options here:
1. develop your own app based on GPS-SDR-SIM with real-time IQ streaming capabilities.
2. Use any commercial app.
@@GPSPATRON can you please provide any url for tutorial to develop such app.Sounds complicated!
Also,please mention some such commercial apps you mentioned….
@@arduinosuperuser-hu9tr we have own SDR-based solution: gpspatron.com/gp-simulator/
However, it's a bit expensive - from 1.8k a year.
I have tried this experiment with PLUTO SDR, when I am testing with GPS Receiver i am not getting Stable Satellite C/N Ratios, can you help me where did i modify to get proper position fix
Two conditions must be met for the receiver to accept your signal:
- good TCXO
- other constellations invisibility (you should totally block it with a jammer)
Take into account that such over-the-air experiments are illegal in most countries.
Great video , but I need your help. Last week I do spoofing, and it’s work fine with iPhone. But currently unfortunately it is doesn’t work for iPhone. Currently it is work only for android device. What can I do for improve spoofing?
im not sure this will help your problem (I'm not as smart as this person) but after changing the geolocation on the iPhone you must reset the phone so it can be spoofed again. Basically after spoofing the phone, you must reset it because any further signals received after you stopped the spoofing will not be read until the Iphone is reset (reset as in hard power off)
Hi, nice work! Why is important and challenging to select a "suitable power/distance combination" between the receiver and the spoofer?
Spoofer --> receiver distance is not very important. It is critical to choose the distance between the jammer, spoofer, and receiver. The jammer must block the original GLONASS and Beidou signals. At the same time jammer should not suppress fake spoofer signals.
but why we need jammer if the transmit position of our Hackrf is nearest, so should be the strongest?
And you may forgot mentioned about TCXO clock for hackrf as well?
@@IdrusAlhamid-jz9jt you need to jam the original signals so the receiver will pick up the spoofed ones - think about it like its not a radio because the signal must be confirmed before they are read (like Bluetooth compared to FM radio) - also if you do not jam the original signals, the Spoof protection on the receiver will pick up on the false signals (like how the GLONASS and Beidou were considered "spoofed" signals after the original jamming)
Could you broadcast an RF signal and actually show Google maps being spoofed?
Nick, be careful with this kind of activity. It is illegal in most countries. I mean to broadcast such signals
Крутые ребята) нам такие нужны)
Залупа тебе а не такие ребята
Yes more and also how to detect car tracker on vehicles.
This is impossible to do.
The GNSS receiver does not emit any signals and therefore cannot be detected.
You can simply block GNSS signals with a jammer. Or you can change the coordinates with a spoofer.
GPSPATRON so spoofer Signals I need RF one and what else ? Thanks for replying, great video and information.
@@JA-yy6bd To conduct a live-sky experiment you just need HackRF One with antenna, GNSS jammer, and mobile phone or laptop.
but such an experiment may violate your local law.
It is forbidden to generate radio signals in this frequency band.
It is better to conduct a study with cables as in our video.
GPSPATRON thanks for your help I really appreciate information and knowledge. Looking forward to more video from you.
is there any practical use for gps spoofing? Only thing that comes to mind is cheating in gps games like ingress or pokemon..beside that..any good use? I tested this with portapack h2+, worked on an old samsung phone, didnt work on my redmi phone unless i turn of internet and it confused my smartwatch so it got no connection..like a jammer. Fun for a minute but i dont see any practical use. Is it just just a "lets see if we can" thing?
This is just a demonstration that GNSS spoofing has become very affordable and easy. Attackers will always find a purpose if critical infrastructure is not protected
In Australia the 7-11 fuel company allows you to lock in a fuel price based on your location for 7 days (so you can travel and still have the cheap fuel) so there is one use - though you would need to use it a lot to pay for the hardware!
Can I trick a fixed Starlink and make it mobile? The GPS would be locked and I would walk with the mobile
Starlink likely uses its own satellites to give a reasonable position.
Google luck trying to spoof that.
U can spoof a Starlink satellite, the Russians figured it by using jammers on their military vehicles when the Ukrainians were using the satellites to locate Russian signals to direct killer drones on them, but in Feb 2023 Elon out of humanitarian cause decided to switch off Starlink within that region or block them. This is debatable, my guess is Elon got a call from Jake Sullivan or the Director of the CIA Burns, telling him what Starlink was causing in Ukraine, and was given an ultimatum.
The Russians were capable of hacking into those satellites and mimic Ukrainian signals as well. Elements within the Russian FSB or GRU military intelligence units must of figured out how to hack the signals using their own fleet of Russian space satellites in order to pinpoint GPSS signals and port into them.
How much time aprox. a dovnloaded file wil work please ?
Thanks for the video
It depends on the settings you used when generating the IQ data file. In the example from the video the duration is 10 minutes, if I'm not mistaken
@@GPSPATRON So I can use a parameter to tell to the software to make a file for some weeks please ?
Thanks again
@@MrDenisJoshua It is better to use another application that generates and sends IQ data at the same time. You can find it on github. Be aware that transmitting an RF signal over-the-air in the GNSS bands is prohibited in most countries.
@@GPSPATRON Thanks a lot again... do you have the name of this soft please ?
I'll use only on a place underground... I just must tell to the mobile that I'm home :-)
@@MrDenisJoshua you check this one github.com/Mictronics/multi-sdr-gps-sim
yeah it surely is a stretch to call that "shockingly easy"
Anything you can do with a credit card an internet connection, and an ability to follow simple directions, is shockingly easy. Especially considering the damage which could be caused
Does i cha ge gpa location to anywhere in the world?
Yes anywhere in the world and any time too.
Hi Sir, thank you for the video. Can you explain me the purpose of this practice ? I can’t understand this video ...
Hi Yacine,
The purpose of this video is to show the vulnerability of the GNSS receiver to spoofing.
GNSS spoofing has become a huge issue for precise navigation, time synchronization.
@@GPSPATRON thank you for answering sir ! Another question : can you make a video on how to spoof a key with keyfobbing ? Like the video of a mercedes that were stolen with 2 persons, one with a radio, another with a PC
@@Y_B099 Sorry dude, but we only work with GNSS.
Спасибо. Всё подробно и понятно.
you are welcom
Do not try this at home :-)
@@GPSPATRON Скажите, пожалуйста, есть ли в Вашем HackRF внешний TCX0 и на сколько мощный передаётся сигнал? У меня штырём покрывается вся квартира с полным приёмом.
@@ДмитрийПетров-ы1ъ будет работать и на базовом LO. Но чем выше стабильность по частоте, тем лучше будут координаты имитироваться. Меньше будет дисперсия ошибки в плане.
yes Hello, thanks 🙏🏻, but if you using HackRf one you need have TCX0 right? did you declare this?
God bless.
Is this detectable by uber driver?
You holding a big strange glowing box with an antenna sticking out and yourself laughing maniacally and wearing a gopro will most likely give it away when the gps starts acting weird.
can we spoof GPS signals in India as well just as easily as you demonstarted in this video?
so i need your help in making a Proj for my Mtch degree. ready to pay for it as well.
waiting for your reply in anticipation.
Hi Sadanand,
What do you think about the small joint research?
We support various educational programs. Please fill out the feedback form on our website and we will definitely get back to you.
Read our article in which we investigate the work of the anti-spoofing algorithms
gpspatron.com/ublox-m8t-gps-spoofing-test/
Any information on where to get these devices and manuals for how this works?
✊🏻✊🏻✊🏻
Is it's now the same day's broadcast file, will it not work?
can you do that for mulitple ip address?
Hello sir can you send the stepwise procedure of this
Hi, we do not have it. However, you can check this article instead:
gpspatron.com/spoofing-a-multi-band-rtk-gnss-receiver-with-hackrf-one-and-gnss-jammer/
understood nothing but cool
Shouldve stayed in school
))
Put price of items in discerption.
www.sparkfun.com/products/13001
HackRF One - $299
Jammer - $20
@@GPSPATRON Which jammer is $20? I noticed the following prices:
Great Scott Gadgets HackRF One - Software Defined Radio $340.00
EVK-M8T $260.00
And nobody seems to have them in stock at present. Instructive video though.
@@PeterFerris The guy that hangs with the 40 theives knows where to get em cheap, but quality varies, and you'd better be careful that it's only powerful enough for local interference or the fcc will bring the high-caliber fine gun.
Зачем так язык мучить? 🤔🤔🤔
если бы в России наш проект был бы нужен хоть кому-то, говорил бы на русском :-)
no suck exe for windows.
Ну вот что на русском языке было не сделать...
Этот ролик нужен, чтобы показать на сколько ГНСС спуфинг стал доступным. Мы это делаем для продвижения нашей системы защиты от спуфинга. Мы бы с удовольствием делали видосы на русском, если в России был спрос на нашу систему. Так что сорри.
@@GPSPATRON мне кажется, время спроса пришло))
@@lblset здохнуть пришло
Anybody with a heavy foreign accent like this guy should not be making himself even more difficult to understand with that background music.
If you have trouble understanding this guy, you are the problem, not him. This video was superb, and my guess is you have no idea how to utilize the info.
He is very easy to understand.
I bet you still listened to the whole video though. You know why? Because he is like 10 times smarter than you, but you got butthurt from it and just felt the urge to give you opinion like anyone was going give a crap. Move along doophus
Nice services, glad I found your profile on the internet I got mine done by 𝟒𝟕𝐛𝐫𝐚𝐢𝐧𝐭𝐞𝐜𝐡