Slashdot Mirror
Bypassing US GPS Limits For Active Guided Rockets
Kristian von Bengtson writes with a link to a short guest post at Wired with an explanation of how his amateur rocket organization Copenhagen Suborbitals
managed to obtain GPS receivers without U.S. military limits for getting accurate GPS information at altitude. Mostly, the answer is in recent relaxations of the rules themselves, but it was apparently still challenging to obtain non-limited GPS hardware. "I expect they only got the OK to create this software modification for us," von Bengston writes, "since we are clearly a peaceful organization with not sinister objectives – and also in a very limited number of units. Basically removing the limits is a matter of getting into the hardware changing the code or get the manufacturers to do it. Needless to say, diplomacy and trust is the key to unlock this."
In other news, amateur rocket organization Copenhagen Suborbitals recently reported theft of unspecified electronic components from its offices
Given that it's possible to build your own gps received from scratch anyway this seems little unnecessary. (See http://www.holmea.demon.co.uk/GPS/Main.htm for someone who did) Ok so it's not trivial but it's certainly possible.
Demand is pretty low I guess. When I was playing ingress and my GPS signal was bouncing away from what I was trying to capture, I sometimes feverishly thought "I'm going to look up how to get MILITARY GRADE GPS on my phone! Then I'll be unstoppable!" But even if someone offered a phone with that, and even if it did improve ingress, and even if I did still play, I'd only be willing to pay an extra $30 for it. That's the only use I'd have for unlocked GPS, and I don't even currently have it. Non-nerds don't even realize the GPS we civilians use is limited.
For that matter, I was talking to a friend who is in the marines and who... er... does stuff with maps for driving humvees. She didn't know if she used the military GPS, she didn't even know her iphone GPS was limited.
What seems strange to me is that they do limit GPS in the first place. Seems like anything where military level GPS could be used dangerously, it's not that high of a barrier. You don't need super accurate GPS to make a car bomb, and if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
(Hi, NSA. Congrats on keeping your jobs when government workers who DON'T shit on the constitution aren't being paid.)
Cruise missiles go a long way in expressing customer dissatisfaction, I guess.
"ICBM. We go the extra mile so you can reach out to your customers."
The limitations at issue are not accuracy limits. Nowadays there are no real differences in accuracy between military and civilian GPS, since selective availability was turned off years ago. The problem is that civilian GPS firmware prohibits the device from giving a fix if it is above a certain altitude (around 60,000 feet) and moving faster that about mach 1. This makes it useless for midcourse guidance of a rocket, which is the point.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
if you're competent to make your own attack drone, you probably know how to bypass the restrictions.
Well, yes... but it's one more thing to screw up, and it takes time, and you need someone who knows how to reprogram a receiver's firmware rather than just an Arduino, RPi, or other DIY autopilot.
Amazingly, the US government does actually understand that perfect security is impossible. Rather, the modern security strategy is centered around making enemy attacks more difficult, ideally requiring so much planning and expertise that they can be noticed and stopped before coming to fruition. As you've seen, most folks don't know that GPS is artificially limited, and most normal applications don't need the high precision of an unlimited receiver. When someone starts asking around on forums or posting classified ads looking for GPS firmware experts, suspicions are rightfully raised.
Of course, with more suspicion comes the need to eliminate such suspicion. If you're claiming to need unrestricted GPS for rocketry, this probably isn't your first rocket. There's likely records of supply purchases, perhaps travel to launch sites, and probably even phone records of you calling other rocketry experts. If only there was some big searchable database of exculpatory evidence, to help quickly separate the valid suspicions from the false positives...
NSA... shit on the constitution...
What seems strange to me is that we're mad at the NSA for invading our privacy, when we really should be mad at them for having poor access control. In my opinion, the NSA's databases should be kept operational, but with a PR campaign and better operational security. Database queries must be associated with an ongoing investigation, which could be started with as little as an anonymous tip, and must end either with escalation (to the judicial branch) or dismissal accompanied by a letter to the target disclosing the inquiry and its nature. Records should also be subject to subpoenas, but their contents must be reviewed by the judge prior to inclusion in any trial.
The NSA has built the ability to find evidence on an unprecedented scale. We should not fear such an ability, but rather we should be demanding that such power directly and visibly serves the people.
You do not have a moral or legal right to do absolutely anything you want.
Not entirely true. The P/Y code still offers improved accuracy compared to even a non-degraded C/A code due to it being transmitted at 10x the rate of the C/A code. It also allows for dual-frequency operation, permitting ionospheric delay to be corrected for. (There are tricks to using the P/Y code to obtain iono delay even without the decryption keys by cross-correlating the signals on each frequency, but these require a LOT of data collection and processing and I think the receiver has to be stationary.)
That said, modern civilian receivers do such a good job of processing the C/A code that they come close to matching many military receivers which are processing the P/Y code with far older hardware/software algorithms. Systems like WAAS can compensate for a large amount of ionospheric delay even without dual-frequency operation.
Upcoming GPS satellites will permit civilian dual-frequency operation.
retrorocket.o not found, launch anyway?
> The NSA has built the ability to find evidence on an unprecedented scale. We should not fear such
> an ability, but rather we should be demanding that such power directly and visibly serves the people.
I am not really sure I agree. A lot of progress socially and morally has come from law breakers. What goes on behind closed doors is a rather new area to be moving into and reveals many things that we may or may not have known was going on before...and I am not so sure thats unmitigated good.
If these abilities existed 30 years ago, where would the gay rights movement be today? Making it easier to gain "evidence" could have been absolutely terrible then. Had they existed 50 years ago, would the civil rights movement been able to organize?
What makes us think that today we have it all right and from this point forward knowing about everything will just be good? Frankly, I doubt a society that can enforce all of its laws all the time is capable of progress.
"I opened my eyes, and everything went dark again"
Is someone with the technical abilities to build a guided missile really going to be deterred by the fact that off the shelf civilian GPS firmware is crippled in this way? The specifications for the GPS system are publicly available and many manufacturers have successfully used them to build GPS receivers, so it can't be rocket science (pun intended). And even if one were to use off the shelf GPS components, how hard would it be to modify the firmware? Firmware is just software stored in some type of read only or flash memory. Would it be that hard to download, inspect and modify it? It seems to me it would be about as hard as removing copy protection from a game.
Yes, it is a substantial deterrent. The limitations are imposed in the lowest-level parts of the GPS receiver, the first stage of data processing at which it is technically feasible to infer speed and altitude. The hardware that runs this code is highly specialized - it's a mixed analog/digital RF ASIC that is designed in hardware to run that specific code, including the limitation. There is little distinction between hardware and firmware at that point, and it is likely that the code responsible for the limitation is not programmable/reprogrammable at all. The sophistication needed to build a rudimentary short-range guided missile is surprisingly basic, and many hobbyists (or terroristically-inclined groups) could do it without too much difficulty, on a five-figure or low-six-figure budget. The GPS limitation significantly hinders the on-target accuracy that could be achieved, since the high speed terminal phase of the flight is where excellent guidance in an absolute reference frame is most important. The sophistication needed to build or microscopically alter a GPS receiver without the limitation is significantly greater (and in an entirely different technical field) than what is needed to build a missile that would benefit from that GPS guidance.
I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
Check out RTK systems using the L2 carrier to figure out the ionospheric error. Yes you do need a stationary unit and also a mobile unit. If you want real time corrections you need a wireless link between them to transmit the corrections over and it becomes harder to get rid of the off by 1 error that is often prevalent. More popular is to have a base station that is operational recording raw pseudo range and carrier phase data at a well known position (survey bench mark or from a long initial self survey) and a roving unit also collecting the pseudo range and carrier phase data. Once your surveying is done the data is post processed to provide highly accurate results. The problems with single reverence station RTK solutions like that is that you are limited to a radius of about 10mi (might be km) before the accuracy starts falling off so a better solution is having a CORS network with the ability to create virtual reference stations from "near by" reference stations.
Time to offend someone