Slashdot Mirror
Bypassing US GPS Limits For Active Guided Rockets
Kristian von Bengtson writes with a link to a short guest post at Wired with an explanation of how his amateur rocket organization Copenhagen Suborbitals
managed to obtain GPS receivers without U.S. military limits for getting accurate GPS information at altitude. Mostly, the answer is in recent relaxations of the rules themselves, but it was apparently still challenging to obtain non-limited GPS hardware. "I expect they only got the OK to create this software modification for us," von Bengston writes, "since we are clearly a peaceful organization with not sinister objectives – and also in a very limited number of units. Basically removing the limits is a matter of getting into the hardware changing the code or get the manufacturers to do it. Needless to say, diplomacy and trust is the key to unlock this."
In other news, amateur rocket organization Copenhagen Suborbitals recently reported theft of unspecified electronic components from its offices
Cruise missiles go a long way in expressing customer dissatisfaction, I guess.
Given that it's possible to build your own gps received from scratch anyway this seems little unnecessary. (See http://www.holmea.demon.co.uk/GPS/Main.htm for someone who did) Ok so it's not trivial but it's certainly possible.
Demand is pretty low I guess. When I was playing ingress and my GPS signal was bouncing away from what I was trying to capture, I sometimes feverishly thought "I'm going to look up how to get MILITARY GRADE GPS on my phone! Then I'll be unstoppable!" But even if someone offered a phone with that, and even if it did improve ingress, and even if I did still play, I'd only be willing to pay an extra $30 for it. That's the only use I'd have for unlocked GPS, and I don't even currently have it. Non-nerds don't even realize the GPS we civilians use is limited.
For that matter, I was talking to a friend who is in the marines and who... er... does stuff with maps for driving humvees. She didn't know if she used the military GPS, she didn't even know her iphone GPS was limited.
What seems strange to me is that they do limit GPS in the first place. Seems like anything where military level GPS could be used dangerously, it's not that high of a barrier. You don't need super accurate GPS to make a car bomb, and if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
(Hi, NSA. Congrats on keeping your jobs when government workers who DON'T shit on the constitution aren't being paid.)
Cruise missiles go a long way in expressing customer dissatisfaction, I guess.
"ICBM. We go the extra mile so you can reach out to your customers."
The limitations at issue are not accuracy limits. Nowadays there are no real differences in accuracy between military and civilian GPS, since selective availability was turned off years ago. The problem is that civilian GPS firmware prohibits the device from giving a fix if it is above a certain altitude (around 60,000 feet) and moving faster that about mach 1. This makes it useless for midcourse guidance of a rocket, which is the point.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
What seems strange to me is that they do limit GPS in the first place. Seems like anything where military level GPS could be used dangerously, it's not that high of a barrier. You don't need super accurate GPS to make a car bomb, and if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
Well we're mixing apples and oranges here, there is a civilian signal and a military signal and what this article is talking about is removing some software limitations on where and when a civilian GPS unit will work, in short if you tried to use one aboard an airplane it'd blank out, not because it couldn't get signal but because the reciever is too high and going too fast for what is permitted. They still can't decrypt the military signal which gives them higher accuracy and timing signals to make precision strikes with high speed missiles.
Live today, because you never know what tomorrow brings
if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
Well, yes... but it's one more thing to screw up, and it takes time, and you need someone who knows how to reprogram a receiver's firmware rather than just an Arduino, RPi, or other DIY autopilot.
Amazingly, the US government does actually understand that perfect security is impossible. Rather, the modern security strategy is centered around making enemy attacks more difficult, ideally requiring so much planning and expertise that they can be noticed and stopped before coming to fruition. As you've seen, most folks don't know that GPS is artificially limited, and most normal applications don't need the high precision of an unlimited receiver. When someone starts asking around on forums or posting classified ads looking for GPS firmware experts, suspicions are rightfully raised.
Of course, with more suspicion comes the need to eliminate such suspicion. If you're claiming to need unrestricted GPS for rocketry, this probably isn't your first rocket. There's likely records of supply purchases, perhaps travel to launch sites, and probably even phone records of you calling other rocketry experts. If only there was some big searchable database of exculpatory evidence, to help quickly separate the valid suspicions from the false positives...
NSA... shit on the constitution...
What seems strange to me is that we're mad at the NSA for invading our privacy, when we really should be mad at them for having poor access control. In my opinion, the NSA's databases should be kept operational, but with a PR campaign and better operational security. Database queries must be associated with an ongoing investigation, which could be started with as little as an anonymous tip, and must end either with escalation (to the judicial branch) or dismissal accompanied by a letter to the target disclosing the inquiry and its nature. Records should also be subject to subpoenas, but their contents must be reviewed by the judge prior to inclusion in any trial.
The NSA has built the ability to find evidence on an unprecedented scale. We should not fear such an ability, but rather we should be demanding that such power directly and visibly serves the people.
You do not have a moral or legal right to do absolutely anything you want.
Not entirely true. The P/Y code still offers improved accuracy compared to even a non-degraded C/A code due to it being transmitted at 10x the rate of the C/A code. It also allows for dual-frequency operation, permitting ionospheric delay to be corrected for. (There are tricks to using the P/Y code to obtain iono delay even without the decryption keys by cross-correlating the signals on each frequency, but these require a LOT of data collection and processing and I think the receiver has to be stationary.)
That said, modern civilian receivers do such a good job of processing the C/A code that they come close to matching many military receivers which are processing the P/Y code with far older hardware/software algorithms. Systems like WAAS can compensate for a large amount of ionospheric delay even without dual-frequency operation.
Upcoming GPS satellites will permit civilian dual-frequency operation.
retrorocket.o not found, launch anyway?
What seems strange to me is that they do limit GPS in the first place. Seems like anything where military level GPS could be used dangerously, it's not that high of a barrier. You don't need super accurate GPS to make a car bomb, and if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
It is just an export limit. We can have/use the technology here in the US as long as it stays here. Relevant ITAR restrictions are:
"Designed for encryption or decryption (e.g., Y-Code) of GPS precise positioning service (PPS) signals;"
"Designed for producing navigation results above 60,000 feet altitude and at 1,000 knots velocity or greater;"
There is not really a "soft" restriction on accuracy because none of us possess the decryption key for military carrier. Limits on accuracy is mostly caused by "ionospheric delay" from signals traveling thru charged upper atmosphere. Now that other GPS constellations are in operation it is possible to construct a receiver to concurrently examine timing/phase of multiple carrier frequencies to get an active handle on ionospheric delay and significantly improve accuracy. New civilian signals being added to GPS will also provide improved accuracy.
Ah, so I'm basically wrong. I'm trying to make a joke about inaccurate GPS and making uninformed posts to slashdot, but I've got nothing. So I'm just going to say "Good to know, thank you!"
> The NSA has built the ability to find evidence on an unprecedented scale. We should not fear such
> an ability, but rather we should be demanding that such power directly and visibly serves the people.
I am not really sure I agree. A lot of progress socially and morally has come from law breakers. What goes on behind closed doors is a rather new area to be moving into and reveals many things that we may or may not have known was going on before...and I am not so sure thats unmitigated good.
If these abilities existed 30 years ago, where would the gay rights movement be today? Making it easier to gain "evidence" could have been absolutely terrible then. Had they existed 50 years ago, would the civil rights movement been able to organize?
What makes us think that today we have it all right and from this point forward knowing about everything will just be good? Frankly, I doubt a society that can enforce all of its laws all the time is capable of progress.
"I opened my eyes, and everything went dark again"
The problem is that civilian GPS firmware prohibits the device from giving a fix if it is above a certain altitude (around 60,000 feet) and moving faster that about mach 1. This makes it useless for midcourse guidance of a rocket, which is the point.
Is someone with the technical abilities to build a guided missile really going to be deterred by the fact that off the shelf civilian GPS firmware is crippled in this way? The specifications for the GPS system are publicly available and many manufacturers have successfully used them to build GPS receivers, so it can't be rocket science (pun intended). And even if one were to use off the shelf GPS components, how hard would it be to modify the firmware? Firmware is just software stored in some type of read only or flash memory. Would it be that hard to download, inspect and modify it? It seems to me it would be about as hard as removing copy protection from a game.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Timing/phase analysis is also useful if you don't need absolutely precise location information - but need rapid and high precision relative positioning information. (No one said you couldn't get your position first, then switch to timing/phase analysis to do high-resolution relative positioning).
This method has been used to study wildlife where the swooping of birds is fast enough that the GPS update rate was insufficient - the timing/phase GPS gave much faster position (or change in position) updates at the loss of absolution positioning.
Is someone with the technical abilities to build a guided missile really going to be deterred by the fact that off the shelf civilian GPS firmware is crippled in this way? The specifications for the GPS system are publicly available and many manufacturers have successfully used them to build GPS receivers, so it can't be rocket science (pun intended). And even if one were to use off the shelf GPS components, how hard would it be to modify the firmware? Firmware is just software stored in some type of read only or flash memory. Would it be that hard to download, inspect and modify it? It seems to me it would be about as hard as removing copy protection from a game.
Yes, it is a substantial deterrent. The limitations are imposed in the lowest-level parts of the GPS receiver, the first stage of data processing at which it is technically feasible to infer speed and altitude. The hardware that runs this code is highly specialized - it's a mixed analog/digital RF ASIC that is designed in hardware to run that specific code, including the limitation. There is little distinction between hardware and firmware at that point, and it is likely that the code responsible for the limitation is not programmable/reprogrammable at all. The sophistication needed to build a rudimentary short-range guided missile is surprisingly basic, and many hobbyists (or terroristically-inclined groups) could do it without too much difficulty, on a five-figure or low-six-figure budget. The GPS limitation significantly hinders the on-target accuracy that could be achieved, since the high speed terminal phase of the flight is where excellent guidance in an absolute reference frame is most important. The sophistication needed to build or microscopically alter a GPS receiver without the limitation is significantly greater (and in an entirely different technical field) than what is needed to build a missile that would benefit from that GPS guidance.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
If you can keep the GPS online until 60,000 and then turn it back on when you drop below, that's probably enough for the job. On the way up it establishes your ballistic arc, and on the way down you can correct for peterbances that occurred. Basic INS stuff could deal with the between.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
There still are differences in the accuracy between military and civilian gps but it isn't the 10s of meters that was in place with selective availability. The military gps has access to the unlocked L2 channel while the civilian one still just has access to the L1 data. By having both the L1 and unencrypted L2 data it is possible to do RTK like corrections within a single device instead of having 2 devices with one at a well known location sending corrections to a mobile one. For most people a +-3 meter accuracy is fine (WAAS gives you this) but it is possible to get down to +-2 cm accuracy (ideal case) with RTK or military GPS.
Time to offend someone
Check out RTK systems using the L2 carrier to figure out the ionospheric error. Yes you do need a stationary unit and also a mobile unit. If you want real time corrections you need a wireless link between them to transmit the corrections over and it becomes harder to get rid of the off by 1 error that is often prevalent. More popular is to have a base station that is operational recording raw pseudo range and carrier phase data at a well known position (survey bench mark or from a long initial self survey) and a roving unit also collecting the pseudo range and carrier phase data. Once your surveying is done the data is post processed to provide highly accurate results. The problems with single reverence station RTK solutions like that is that you are limited to a radius of about 10mi (might be km) before the accuracy starts falling off so a better solution is having a CORS network with the ability to create virtual reference stations from "near by" reference stations.
Time to offend someone
Actually it is suppose to be an AND not an OR but most manufactures of civilian stuff find it is easier to do an OR since how often do regular people travel above 60,000 feet or travel above 1000 knots. In the hobbyist market for GPS modules it is a selling point that they operate with the AND instead of the OR functionality.
Time to offend someone
http://gnss-sdr.org/node/50
You can do software GPS using $10 rtl-sdr dongles.
Who logs in to gdm? Not I, said the duck.
You don't even need other GPS like constellations to do the necessary corrections. Differential GPS has been around for years as a simple solution and for more accuracy RTK solutions have been developed that operate with the US GPS. The biggest benefit of having multiple GPS like constellations is that you don't need your own reference station and can do it all in one device. Or you could do what the EU's Galileo system does and basically have 2 open channels providing data (the US GPS also has 2 channels but the L2 one is encrypted) which is how it can promise accuracies similar to RTK systems from a single device. The more data you have from different frequencies the more accurate you can get. I would love to have a module that could get the US L1 and L2 data, Russian GLONASS, and EU Galileo signals and be able to actively track 30+ satellites (most receivers only track at most 16) at once providing pseudo range and carrier phased data for all of them. Now that would be a very accurate system
Time to offend someone
The keys would have to be stored in the firmware somewhere, just a matter of finding and recognising them.
Apocalypse Cancelled, Sorry, No Ticket Refunds
You can roll your own using off the shelf components. Though this may add a bit of weight if you use PC hardware, an FPGA, DSP, microcontroller or combination may be able to do fast real time positioning past the measly few Hz that vendor GPS modules offer.
First you need a receiver for the GPS signals:
https://www.sparkfun.com/products/10981
Then you need to process that data into a useful position:
http://gnss-sdr.org/documentation/sige-gn3s-sampler-v2-usb-front-end
Honestly, applying munitions restrictions to fast GPS does nothing to stop anyone from building a cruise missile or other GPS guided weapons. All it does is impose silly restrictions that rogue nations, governments or peoples will simply ignore and work around while denying peaceful legitimate uses by ordinary people.
"Excess precision is not much use in military applications anyway. It seems nifty to put a rocket through the right window in someones hq. But a milimeter-precision gps won't help you with that. Sure, the weapon might know to the milimeter where it is."
What matters is getting high quality fixes and velocity updates simulataneously and continuously while the receiver is moving very rapidly compared to ground and very high.
The properties which allow that also allow precise fixes for stationary ground stations which can integrate over a long interval.
When you're a ICBM re-entry vehicle going 10+ km/s, tiny errors in space make for big misses. Remember, a ICBM warhead goes from the stratosphere to target in about 3-4 seconds. A missile attack looks like "Hey what's that fast white dot do<BANG>"
Ever looked how many DIY GPS receivers are out there? On a six figure budget it wouldn't be much trouble getting something made.
Although there are many so-called DIY GPU receivers out there, all of them I know about use off the shelf GPS modules (like the MTK3339 or perhaps some of the SiRF stuff), not doing the RF stuff themselves. There are some people making the RF stuff as DIY projects, but then they have to stuff the signal into an FPGA and drive the thing with a lump of software.
Having tried the later myself, I can tell you it's generally a bit finicky even in the simple case. I suppose if you know what you are doing you might have better luck (because of w/o a lot of experience, ionospheric noise modelling isn't very easy, it's much easier to just average stuff and hope for the best). Another roadblock is that most folks I know don't have many 60K/Mach velocity platforms to test on to perfect their dopper shift algorithms (remember, the satellites are moving too and you have to account for that)...
I don't think you are just going to download some DIY GPS receiver in the webosphere and have to work for missle guidance applications.
There's another comment in the thread with a link to a guy who has done all that for a hobby.
I also personally know another small team (2 people) who did it as part of a rocketry hobby and now sell the receivers commercially that they designed.
It is hard, but not impossible. It's within the capability of a single, very smart, very motivated individual.
SJW n. One who posts facts.