At this year’s hacker themed Eleventh Hope conference, Stefan “Sec” Zehl and Schneider gave a talk which discusses their latest work on decoding data from Iridium satellites using SDR’s. Iridium is a truly global satellite service which provides various services such as global paging, satellite phones, tracking and fleet management services, as well as services for emergency, aircraft, maritime and covert operations too. There are currently 72 operational satellites operating.
In their talk they discuss how Iridium security is moderate to relaxed, pointing out that Iridium claims that the majority of ‘security’ comes from the complexity of the system, rather than actual security implementations. They then go on to discuss how the Iridium system works, how to receive it with an RTL-SDR or HackRF/Rad1o, how the gr-iridium decoder implementation works, and how to use it to actually decode the data. Later in the presentation they show some interesting examples such as an intercepted Iridium satellite phone call to a C-37 aircraft.
A few days ago we posted a review on the Outernet LNA which can can be used to help receive their new L-band service signal. Their LNA uses a filter which restricts the frequency range from 1525 – 1559 MHz as this is the range in which the Outernet signals are located.
Additional Note Regarding the Downconverter: Also, it appears that the Outernet downconverter prototype that we posted about back in May has unfortunately been discontinued indefinitely and will not enter mass production. For now the LNA is the best option for receiving their signal.
To receive Iridium Jared used a simple ceramic patch antenna mounted on a piece of cheap copper clad fibreglass. This simple antenna was good enough to receive the Iridium signals with good strength. With this set up Jared was able to easily go outside and receive some packets and record them. He writes his next steps are to try and run the Iridium pager decoder on them and see what packets he captured.
A few days ago the Chaos Communications Congress (a technology and hacking focused conference) commenced. Amongst the talks there was one about reverse engineering the Iridium satellite paging system using software defined radio. Iridium satellites provide global communications via special satellite phones, pagers and other transceivers.
In the talk the speaker shows how they used a USRP radio together with a cheap active iridium antenna, a bandpass filter and an LNA to receive the Iridium satellite signals. They also mention that an E4000 RTL-SDR together with an LNA and appropriate home made antenna for frequencies in the ~1.6 GHz region can also be sufficient. Once they were able to receive signals they were then able to reverse engineer the signal and create several pieces of software to decode the pager messages. The code is available on their GitHub at https://github.com/muccc/iridium-toolkit.