rayhunter
rayhunter copied to clipboard
EFForg
Geolocation: how???
I'm not sure whether the orbic device has a GPS, or how to access it if it does. I'm also totally unclear on how geolocation via 4G works. It seems like there's an open dataset of cell tower ID/GPS location (https://opencellid.org), which we may be able to use to associate SIB block data to GPS coordinates.
Anyway, it'd be good to get a sense of how we might be able to get GPS data for the device, and then possibly annotate our pcap files w/ location data.
Could also use bssids and use magic 8 ball we might be able to get gps data from something in /dev perhaps an AT interface
Jumping over here from Croc Hunter (will it ever be revisited?) but is there any chance of the device is plugged into a Linux host that gps could be pulled from gpsd if it was allowed to share outside of just local host?
I ordered a hotspot so I can catch up.
its definitely a posibility but I think the easier solution would be to have an app and pull location information from the phone. The app could then also be used to view results while still maintaining the slim form factor. People shouldn't have to install inux to use this thing.
Cooper Quintin Senior Public Interest Technologist EFF.org is member supported. Join today!https://www.eff.org/donate
Signal: hunter.02 Find me on twitter or bluesky @cooperq @.***@infosec exchange on mastodon)
From: alphafox02 @.> Sent: Friday, November 1, 2024 6:57 AM To: EFForg/rayhunter @.> Cc: Cooper Quintin @.>; Comment @.> Subject: Re: [EFForg/rayhunter] Geolocation: how??? (Issue #20)
Jumping over here from Croc Hunter (will it ever be revisited?) but is there any chance of the device is plugged into a Linux host that gps could be pulled from gpsd if it was allowed to share outside of just local host?
I ordered a hotspot so I can catch up.
— Reply to this email directly, view it on GitHubhttps://github.com/EFForg/rayhunter/issues/20#issuecomment-2451916799, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAAP3VLWICD752HOUH4LNJ3Z6OCF5AVCNFSM6AAAAABRAKAR3SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINJRHEYTMNZZHE. You are receiving this because you commented.Message ID: @.***>
That would be cool too, but I can think of some slim form factors that are not phones and could be additional capabilities in conjunction with the device. I bought what’s needed, so I’ll wait till I have a better understanding of how it works and how it could be used outside paired to a phone.
According to https://www.qualcomm.com/products/technology/modems/qualcomm-9207-lte-modem should have support for "Galileo, Beidou, GLONASS, GPS" in the chipset itself. but the last page of https://fccid.io/2ABGH-RC400L/Internal-Photos/Internal-Photos-4714495 does not highlight any GPS antenna (perhaps possible that as an RX-only it isn't required to be highlighted?)
yea, it should have GPS but we haven't been able to figure out a way to get it, if anyone can I will definitely be very thankful.
I may have asked this before, but if it’s plugged into a Linux host, could it grab information from GPSD and use it?
Yes but I don't want to assume or require that people have this device plugged into a linux host, you would also need a separate GPS device.
But can you make it optional for those that want to run it this way or maybe till it’s possible to gain access to its built in GPS?
in my opinion, running rayhunter while plugged into a linux host is pretty far from one of the primary use-cases we're trying to support (a person of low to medium technical ability who's on the go). i'd much rather we find a way to pair rayhunter data with a phone's GPS data somehow, which would support both the use case i mentioned as well as that of a more technically proficient researcher.
I completely agree.
I was just asking because, for example, I have a PinePhone and/or other mobile Linux devices that would pair up easily with the hotspot. So still mobile, but giving it a little assist in terms of access to gpsd.
The only thing I’m not sure about, is with the hotspot plugged into Linux, if it’d actually have access to gpsd that usually runs only on localhost.
At any rate, it’d be a cool POC to pair the hotspot with my PinePhone and go mobile mapping out locations similar to how I used crocodile Hunter.
Maybe there are some I²C / GPIOs that any alternate firmware could use to grab some GNSS sensor?
- Sadly it's not done by just shoving i.e. a VK-172 dongle with an OTG adaptor into the MiFi unit...
OFC if one were to hookup the unit to a linux device and just pull it's logs in (near-) realtime whilst also having location data to correlate that may be an option, tho I don't see any way to make this smaller than some messy Pi0(W) + Dongle + Powerbank unit that will definitely look more sus at a protest than a mere mobile hotspot - espechally when put into a more rugged case that'll enshure it won't die instantly when blasted with a water cannon.
PinePhone in one hand w/ gpsd (hopefully working) and opened up to allow more than localhost - Puck in the other or in a pocket. Connect phone wirelessly to puck. Puck pulls gps info from PinePhone :)
The Qualcomm MDM9207 should absolutely able to support an external GPS module that uses GPIO, I2C, SPI, or UART to communicate assuming pins to solder an external GPS module are exposed.
But based on the spec sheet from the Qualcomm website it sure seems like only an antenna needs to be connected to support Galileo, Beidou, GLONASS and GPS.
That said, I would assume finding another LTE modem with native GPS may be both cheaper and simpler than people soldering their own GNSS modules or antennas to the board.
In the meantime, still suggest at least adding an option where the code on the puck could pull from gps on a connected host (ie a pi). Gpsd can be set to allow access by more than just local host. I’m setup with a host + orbit and permission from the FCC to fly it for a test (not directly related to RayHunter) but I figured why not do a survey from the air.
Definitely interested in what an aerial survey looks like, but most cell towers are aimed downwards. Does your license allow you to fly that low? In case you need the FCC data, I've uploaded an SQLite database here with FCC ULS data.
I have approval to conduct a test, but only stationary at a certain height and location. If I can get that working well, I’ll see if I can file additional exceptions.