Slashdot Mirror
Finnish Hacker Isolates Helicopter GPS Coordinates From YouTube Video Sounds
An anonymous reader sends a post by Finnish electronics hacker Oona Räisänen, who heard a mysterious digital signal in the audio accompanying a YouTube video of a police chase. The chase was being filmed by a helicopter. Räisänen wrote: "The signal sits alone on the left audio channel, so I can completely isolate it. Judging from the spectrogram, the modulation scheme seems to be BFSK, switching the carrier between 1200 and 2200 Hz. I demodulated it by filtering it with a lowpass and highpass sinc in SoX and comparing outputs. Now I had a bitstream at 1200 bps. ... The bitstream consists of packets of 47 bytes each, synchronized by start and stop bits and separated by repetitions of the byte 0x80. Most bits stay constant during the video, but three distinct groups of bytes contain varying data." She guessed that the data was location telemetry from the helicopter, so she analyzed it to extract coordinates. When she plotted them and compared the resulting curve to the route taken by the fleeing car in the video, it was a match.
She? She could at least mention the man who showed her how to do it.
i think i'm in love with this women.
never bring a twinkie to a food fight.
I'd rather have a beer. I must not be a n3rd.
I'll be in the kitchen, making this woman a sandwich.
am I the only one reading this story and thinking, "so what?". The most interesting this is that apparently the digital signal was embedded into the tv-feed for the video. One would think that they would strip that back out before broadcast. The rest? I'm guessing that this woman has an amateur radio background, for her to know what 1200baud BFSK sounds like and to have all of the SDR software already on her computer. The rest is just hexdump and pattern matching. Sorry, I know this is an oversimplification, but this isn't genius either.
Each processor would proceed sequentially as if it had been better for them not to rise against Saul.
She washe one driving the car being chased by the police.
#DeleteChrome
How come I only see technical women smarter than me on the Internet? I've never worked with one, met one, talked to one - only elusive random women I see once in a while. It's like the elusive hen's tooth.
Oh, and why do the dumb fucks who run this site disallow people with negative karma to post anonymously? It's not like I can't just go run a fucking incognito window and do it, you neckbeard cunts.
There was a time, before we all lost our minds to Pong, Asteroids and Zelda (yes, I go way back) where we also spent time taking our world apart and figuring out how to make it better.
Oona rocks! She should be rewarded somehow.
BTW - the end of the article finally explains how a megahertz signal found its way onto the audio track.
but good lord get a hobby.
Now if she had got the location from the angle of reflected sunlight glinting off objects on the ground and the time of day, I would have been really impressed ;-)
Where are we going and why are we in a handbasket?
Oona had better be glad she's Finnish. If she did that in the US, she could expect jack-booted thugs from Homeland Security bashing her door down. That data is SEKRET! The fact that it's only perceived as secret by said ignorant thugs because the marketing department of the vendor told them so is completely lost in the general panic. TUR'RISTS could FOLLOW the HELICOPTER! Beat to quarters and man guns!
I'd like to think I was exaggerating for effect, but judging by the past decade, I'm really not. The current security apparatus really is self-parodying.
(For those who want to bitch about how this perception runs contrary to Slashdot groupthink about the threat posed by that apparatus, I say only this: some of us are capable of projecting into the future. We want the spying and the blundering belligerence stopped because it might not always be blundering or incompetent. It still manages to be mortally dangerous even now. It could get much much worse.)
I'm always running my own little TEMPEST operations on youtube videos, who doesn't?
All she did was decode the telemetry data. This data by definition contains location information. She looked at information encoded in a known protocol and told us what it says.
Just because it was surrounded by audio doesn't make it impressive. This is sophomore-level Signals and Systems stuff here. Next she's going to tell us that AM radio can be decoded by looking at the envelope signals.
A story worthy of slashdot. Please post more of these (not being sarcastic).
Only the State obtains its revenue by coercion. - Murray Rothbard
My new hero..... Good thing she's not in the US :)
You're not supposed to be decrypting latent signals effectively hidden in the video, to uncover privileged data. The feds would have a field day with anyone in the US who did this....
For those born after the 1970s, 0x80 is the sync byte. It's what you would send on serial line protocols when you have nothing to send, in order to maintain synchrony.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
She should try to do this for live video footage.
A story worthy of slashdot. Please post more of these (not being sarcastic).
I second this.
I'm adequately supplied with political stories, you can get those anywhere. Stories that raise the indignation level are also common - "oh! how unjust that is!".
When you have stuff that nerds find interesting that you don't see everywhere else, nerds will come here to see it.
Someone on this article truly deserves the title of a "hacker"
0x80 is just a null byte with odd parity. What she apparently missed is that this is bog-standard Bell 202 AFSK (1200 baud) with 7 data bits and odd parity, and the data is ASCII. By throwing away the top nybble, she was throwing away the parity bit and the top 3 bits of the ASCII encoding of decimal digits. The fact that it was a parity bit should've been pretty obvious, since the top nybble flips between 0x3x and 0xbx in the pattern that you'd expect for a parity bit.
You can decode it with off the shelf software, throw away the top bit, and get back mostly ASCII:
./minimodem --rx 1200 -f ~/helicopter.wav | tr '\200-\377\r' '\000-\177\n'
$
### CARRIER 1200 @ 1200.0 Hz ###
282 0002.3
#L N390374 W09432938YJ
#AL #NA 282 0002.3
#L N390374 W09432938YJ
#AL #NA 283 0002.3
#L N390372 W09432928YJ
#AL #NA 283 0002.3
#L N390370 W09432918YJ
#AL #NA 283 0002.3
#L N390370 W09432918YJ
#AL #NA 283 0002.3
[...]
I'm actually surprised that she missed / didn't mention this, considering her experience with signals analysis and demodulation. This is pretty much as basic as telemetry data modulation gets! Then again, as a reverse engineer myself, sometimes we get caught up doing deep analysis of something that later turns out to be totally trivial :)
At least that's what the police will allege.
... and not as the negative it is most often used nowadays ...
I'm sorry, but you're completely lost.
A wife asks her husband, a software engineer, ”Could you please go shopping for me and buy one carton of milk, and if they have eggs, get 6!” A short time later the husband comes back with 6 cartons of milk. The wife asks him, “Why the hell did you buy 6 cartons of milk?” He replied, “They had eggs.”
"For those born after the 1970s, 0x80 is the sync byte"
If the condition of being born after the 1970s is true, 0x80 is the sync byte, otherwise it's not.
Usually works out that way. Might as well be a story about some dude.
In chemistry and physics courses you'll find you often do lab work not in discovery of new things but to prove things that are already known. It turns out to be pretty simple to do an experiment to prove that two related theories can be measurably shown to be not false, through some apparatus under some paradigm.
So this woman used existing knowledge of how GPS works, of audio modulated data, and a chase that she also apparently knew the location of, and showed that the location of the chase matches the location being communicated. Okay, so that's cool.
But what did she accomplish? I am, of course, asking this from the "how is this news" rostrum. It's a great proof of theory but what the hell does it have to do with anything?
Oh, wait. The elephant in the room. I see what's going on, here, you geeks got all fucked up in the head again because here comes another woman with skills.
A man who turns into putty for women isn't trustworthy, you know that? Strong women prey on those guys and they become security concerns.
If you can't treat women as equals, then all of your wowie-zowie about women "doing guy things" is empty. You're more self-impressed at other males than impressed at this woman's potential.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
Impossible, audio systems and flight systems never interfere with each other. Any argument the other way is just from a bunch of technophobes. --- summarized from the cell phones on air planes threads.
http://www.redbubble.com/peopl...
"Consensus" in science is _always_ a political construct.
https://plus.google.com/116317...
"Consensus" in science is _always_ a political construct.
It's sad that this got an insightful mod. The fact that everyone jumps to potential mate every time a woman does something is one of the biggest barriers to women in technical fields.
First off, if you think "mate" is what love is about, you're the one with the problem.
Second, one person is not "everyone."
Third: did you really think the poster was serious? It was a hyperbolic statement, meant as a strong statement of respect.
Fourth: we can't desire a woman's lifelong companionship for her body (sexual objectification), but please do explain what is wrong with desiring a woman's companionship for her impressive work? Because you do realize that damn near every straight woman on this planet selects her mate by his accomplishments, wealth, and social standing, right?
Please help metamoderate.
So she's not so smart after all.
somebody working on the helicopter's systems clearly routed a serial data line that carried GPS data from the GPS reciever to another system (like a flight recorder (blackbox, or crime video box, etc), or some downlink radio) too close to the audio system, and they ended-up with some audible cross-talk. Either some part of this system was not properly emissions-tested OR the different subsystems were properly emissions-tested, but the way they were interconnected changed the everall system to be non-compliant
Nothing to see here... move along. No need to get all paranoid that somehow GPS data can generally be sniffed out of ANY system.
How could a summary fail to mention such a crucial trait in favor of focusing on the person's accomplishment!? All of the /guys/ get to be critiqued for how hot they are, after all; it's such an unfair double-standard that women never get the same attention put on their bodies rather than just their mental abilities... /s
BTW I'm a straight guy, I'm just tired of 'locker-room' comments that give the impression that "geeky straight man" = "backwards creep." Yeah, it's sexist when we respond to other guys' accomplishments by discussing what they did & related stuff, but then react to women's accomplishments by focusing on how attractive they are instead...seemed kinda funny 10 years ago, now it's just embarrassingly uncool.
Curiosity is great attribute. Having the technical abilities to satisfy it even better.
Reverse engineering is a fun quest.
Once you that first entry/clue into what the gadget is doing,
It's a great ride.
You figured out a '202 modem circa the 1970's.
There are many ways to demodulate it, the absolute optimal is called a matched filter.
This is two filters tuned to the two tones with the slicer looking at the relative amplitude of the signals.
It's impressive that for the low noise channel you are looking at, your high pass/low pass scheme is pretty much equlivant.
Keep up the good work. Just be sure to stay curious in other things besides tech. There's a lot of other interesting things out there.
Hmmm.. Old news, old technology, old data link standards over an analog channel. About 20 years ago, this was the standard method for police vehicles AVL over a motorola VHF radio. I recall building demodulators in our amateur radio club. Doesn't anybody here remember analog?
Funny how what counts as "magical" nowadays is the human part:
>What software did you use for the "magical image analysis"?
Plotting the car's position was actually all manual work. I've done that before from videos.
Not long ago words like "automagical" were used to describe what a computer does. Is this a shift in perception?
I'm surprised they're doing in-band signalling with out a band-pass filter, tho I guess maybe they don't count the GPS telemetry as sensitive or they want it archived with the video stream.
Over quite some years I've enjoyed reading Slashdot cos I feel more or less equal to everybody here. And it's an inclusive sort of universe. But then sadly the concept of a woman is mentioned and I realise I am nothing like 95% of you ignorant assholes, and that you have zero respect for me as a human being. Thanks guys, I might just go outside and catch some sunshine.
The OP's comment did not "reduce her to a baby factory."
Please help metamoderate.