yerartdev
commented
4 years ago ... and I failed! 8..-(
Closed yerartdev closed 4 years ago
yerartdev
commented
4 years ago ... and I failed! 8..-(
dhboterov
commented
4 years ago yerartdev
commented
4 years ago That's awesome! I didn't managed to go deep myself on junzis' stuff ... Thanks! :+1:
And I've also tried https://opensky-network.org/aircraft-database but they yield less info. By the way Reg. ID is called Registration there.
For the record I've also found a paper with some extra info about the ICAO address and Registration ...
https://www.lenders.ch/publications/conferences/cycon18_3.pdf
Utilizing Air Traffic Communications for OSINT on State and Government Aircraft Martin Strohmeier, Matthew Smith, Daniel Moser, Matthias Schäfer, Vincent Lenders and Ivan Martinovic NATO CCD COE 10th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, May 2018.
[...]
D. Aircraft Identifiers in ATC Communication
A 24-bit address assigned by the International Civil Aviation Organization (ICAO) to every aircraft is transmitted via both ADS-B/SSR and partly on ACARS (on the SATCOM/VDLm2 data links). This identifier is different to an aircraft squawk or callsign. Squawks, of which there are only 4096, are allocated locally by ATC and are not useful for continuous tracking. The callsign can be set separately through the flight deck for every flight, and can include both letters and numbers. Callsigns of private aircraft typically consist of the aircraft registration number, commercial airliners use the flight number, and military and government operators often use special call signs depending on their mission.
In contrast, the ICAO identifier is unique providing address space for 16 million assignments, and enables the continuous tracking of the movements of particular aircraft; while the transponder can be re-programmed by engineers, the identifier is not easily (or legally) changed by the pilot. These characteristics make the ICAO identifier ideal for continuous tracking over a prolonged period of time.
[...]
data: "8D34508F201432CF060000303030", 1090 MHz, SDR signal capture, module2{uppercase (Reg.ID + Callsign)} (flag to catch)
1st observation: it's a (kind off) hex string -> https://cryptii.com/pipes/hex-decoder -> [FAILED] = "Binary content can't be interpreted as text. Try switching to the bytes view. Invalid UTF-8 encoded text: unexpected continuation byte at 0x0" -> Q: Is it binary then? [OK]
search: [carrot2] "1090 MHz protocols" -> "Automatic dependent surveillance–broadcast (ADS–B)" -> https://en.wikipedia.org/wiki/Automatic_dependent_surveillance_%E2%80%93_broadcast (skimmed) -> search (Ctrl-F) "callsign" -> found "https://en.wikipedia.org/wiki/File:Adscapture.png" [An example of reception of ADS-B signals on a software-defined radio dongle. These signals are not encrypted. Very inexpensive hardware and free software can be used to display the speed,course, altitude, callsign and identification of an aircraft equipped with an ADS-B transponder.] -> A "mode S" capture is shown ... [OK]
search [carrot2] "how to interpret an ADS-B sequence" -> https://en.wikipedia.org/wiki/Aviation_transponder_interrogation_modes#Mode_S -> "Upon interrogation, Mode S transponders transmit information about the aircraft to the SSR system, to TCAS receivers on board aircraft and to the ADS-B SSR system. This information includes the call sign of the aircraft and/or the aircraft's permanent ICAO 24-bit address (which is represented for human interface purposes as six hexadecimal characters.) One of the hidden features of Mode S transponders is that they are backwards compatible; an aircraft equipped with a Mode S transponder can still be used to send replies to Mode A or C interrogations. This feature can be activated by a specific type of interrogation sequence called inter-mode." -> https://en.wikipedia.org/wiki/Aviation_transponder_interrogation_modes#ICAO_24-bit_address -> [CUL-DE-SAC]
search [carrot2] "ads-B mode S data" -> https://mode-s.org/decode/adsb/introduction.html [OK]
search [carrot2] "ads-B mode S data viewer python" -> https://pypi.org/project/pyModeS/2.1/ [OK] (?) (Let's see ...)
hint[PyModeS, flag format] -> CallSign with adsb.callsign [OK] and Reg.ID?? Is it ICAO or DF/CA?? (https://mode-s.org/decode/adsb/introduction.html) [DOUBT]
hint[https://mode-s.org/decode/adsb/introduction.html] -> "An unique ICAO address is assigned to each Mode-S transponder of an aircraft. Thus this is a unique identifier for each aircraft."
(de)code [pyModeS]
$ python3 -m venv ads-b $ ls ads-b $ source ads-b/bin/activate (ads-b) $ pip install pyModeS Collecting pyModeS Downloading pyModeS-2.8.tar.gz (165 kB) |████████████████████████████████| 165 kB 2.3 MB/s Collecting numpy Downloading numpy-1.19.1-cp38-cp38-manylinux2010_x86_64.whl (14.5 MB) |████████████████████████████████| 14.5 MB 12.1 MB/s Collecting pyrtlsdr Downloading pyrtlsdr-0.2.92-py2.py3-none-any.whl (25 kB) Collecting pyzmq Downloading pyzmq-19.0.2-cp38-cp38-manylinux1_x86_64.whl (1.1 MB) |████████████████████████████████| 1.1 MB 14.5 MB/s
[...]
Installing collected packages: numpy, pyrtlsdr, pyzmq, pyModeS Running setup.py install for pyModeS ... done Successfully installed numpy-1.19.1 pyModeS-2.8 pyrtlsdr-0.2.92 pyzmq-19.0.2
(ads-b) $ vim.tiny mod2flag.py ................................................................................ from pyModeS import adsb
ctf = "8D34508F201432CF060000303030" flag = "{uppercase (Reg.ID + Callsign)}"
print('- data: {}\n- flag: {}'.format(ctf, flag)) print('module2({} {})' .format(adsb.icao(ctf), adsb.callsign(ctf) ) ) ...........................................................................
(ads-b) $ python mod2flag.py