Satellite hacker weapon: OpenATS new version update

Category: Tags: ,

DIY antenna automatic tracking system OpenATS

OpenATS : build your own satellite earth station

OpenATS Download

1. A brief introduction to the background of satellite tracking and the measurement and control network

With the accelerated deployment of satellite Internet in the world, satellite Internet ushered in a large-scale layout and accelerated development, especially the large satellite Internet constellation represented by the low-orbit satellite constellation StarLink.

The types and distinctions of satellite orbits are mentioned in my previous articles, so I won’t introduce them in detail here. The orbit height of low-orbit satellites is generally low, which is also an ideal orbit to reduce communication delay. But according to the physics of celestial body motion and other physics, we can know that the closer the satellite is to our earth, it needs a higher speed to get rid of the gravity of the earth. When it is approximately close to the surface, the speed must reach the first cosmic speed of 7.9km/ s can get rid of the gravity of the earth’s center without falling down. Therefore, the relative speed of low-orbit satellites is generally about 7km/s. One of the most direct requirements brought about by the faster speed is the need for the antenna to accurately track and point to the satellite. This is the fundamental reason why the satellite antenna has a tracking function. In fact, except for other satellites that are relatively stationary, almost all satellites need tracking systems to support. Satellites are far away from us, and antennas often use high-gain parabolic antennas. The beam of parabolic antennas is narrow. If you want to achieve precise pointing, the system accuracy requirements are very high. Common tracking methods include pulse tracking, beacon tracking, etc. OpenATS uses ephemeris tracking.

Tracking antennas involve many technologies and are very expensive. An antenna with a diameter of 1m costs tens of thousands of dollars, and allowing enthusiasts to make their own tracking system is the main reason for making OpenATS. I am doing satellite security research. OpenATS has played a very important role in my work research. “Satellite hackers” who don’t play with antennas are actually gimmicks. People in the satellite communications industry should be familiar with the fact that the transit time of low-orbit satellites is very short, the shortest is about a few minutes. If you want to perform data reception for a long time or stabilize measurement and control tasks, you need to build receiving stations and measurement and control stations in various places.

The famous international aerospace powers have deployed their own deep-space measurement and control stations in different countries to support space missions:

NASA’s Deep Space Measurement and Control Network (DSN) is mainly composed of 3 large stations, located at Goldstone Station in California (35°25′36″N, 116°53′24″W), Madrid Station in Spain (Latitude 40°25’53” North, Longitude 4°14’53” West) and Canberra Station in Australia (Latitude 35°24’05” South, Longitude 148°58’54” East). It happens that the longitude interval is about 120°, which can stagger the reception of probes and satellite information from the deep space network, such as the Mars probe. NASA DSN is under the management of JPL.

The 70m diameter deep space antenna in Canberra, Australia, is also the only antenna that can send commands to Voyager 2

ESA (European Space Agency)’s deep-space measurement and control stations mainly include Australia’s Sinnorshe Station (31°2′53.61″ South latitude, 116°11′29.4″ East longitude), and Spain’s Cebreros Station (40°27′9.68 North latitude) “, 4°22′3.18″ West longitude), Yanmaragui Station, Argentina (35°46′33.63″ South latitude, 69°23′53.51″ West longitude).

ESA’s Cebreros Control Station


Russia’s deep-space measurement and control network consists of the Ussuriysk station (44°1′58.8″ north latitude, 131°45′18″ east longitude) and Yevpatoriya station (45°12′59.76″ north latitude, 33°21 east longitude). ′59.76″) and Xionghu Station (latitude 55°51′56.8″ north, longitude 37°57′16.56″ east).

The main purpose of these deep-space measurement and control stations distributed in different regions of the world is to be able to receive and transmit measurement and control signals with zero blind spots, and to maximize the ability to capture satellites, rockets, and detectors. The most famous and most capable one is the NASA Deep Space DSN Measurement and Control Network. The following is the real-time interface of NASA’s measurement and control station.

Do you really envy NASA? It’s okay. Now that you have OpenATS, you can also build such a system. You can improve OpenATS in the later period and the system will be more complete. All of these can be achieved.


2, the composition and introduction of OpenATS
The new OpenATS is improved in order to build the measurement and control network and the receiving network. The old version of OpenATS requires strong hands-on ability and some knowledge reserves. With the update of OpenATS, it becomes more open, more advanced and more accurate, but it is also More complex…

First introduce the architecture of the entire OpenATS system. A simple composition diagram allows users to better understand the entire system.

The new OpenATS system involves several components of the MCU, client, server, and web. All of them are written in C language except the WEB side, in order to have better compatibility and computational efficiency. The entire system is built in a Linux environment, and users can run the client on a small Linux computer such as a Raspberry Pi, and combine it with a microcontroller to form an antenna controller.

The main task of the microcontroller is to receive the azimuth and elevation data sent from the client, and then calculate and convert them into corresponding pulses and send them to the motor driver. The motor can use a stepper motor or a servo motor. This part of the single-chip microcomputer is upgraded from the original OpenATS, with higher processing speed and compatibility. The original Arduino was replaced with STM32 F407. Of course, this is only the solution I tested. You can also port to a faster microcontroller. The code is open source and easy to port.

The client is a very important control part. The main task is to receive the latitude, longitude, altitude, time and other data of the antenna GPS, read the latest TLE satellite ephemeris data, and use the SDP4 algorithm to calculate the current position of the satellite (Cartesian coordinate system) ), then calculate the azimuth and elevation angle of the satellite compared to the antenna, and send it to the microcontroller. The client also has a websocket interface and a socket interface, and sends the calculated data to the web front end for display and report to the server on the network for remote monitoring.

The server has all the functions of the client, including satellite tracking, target tracking, and manual control. Another main function is to receive all antenna client data and send it to the web control center. The client’s communication data format:

The data formats are: antenna ID, antenna latitude, antenna longitude, antenna height, antenna azimuth, antenna elevation, and antenna status. If the antenna status is 0, it is the target tracking mode, if it is a number, it is the tracking satellite status, and the number is the NORAD satellite number.

The server can also issue commands to track a certain satellite to each ground station. The server has a database interface, which can record the data of the client to facilitate the retrieval of the historical status of the antenna. Interested organizations or companies can also add the webcam API in the web interface to monitor the status of the antenna in real time. The server also reserves the json function, if you need to modify the web transmission data, you can directly call the json function interface.

The web side receives the JSON data packaged by the websocket from the server software. Examples of data: {“antennaid”: “BEIJING”, “lat”: 39.98138427734375, “lng”: 116.48518371582031, “alt”: 149.36970520019531, “az”:261.34140014648438, “el”:-44.218364715576172,”status”:28654,”ip”: “” }respectively correspond to: antenna number, antenna latitude, antenna longitude, antenna height, antenna azimuth, antenna elevation, antenna status , The client ip address. After analysis and processing, they are displayed in the web interface, so that users can watch all the monitoring and control stations in real time. The server has reserved an interface and can also issue tracking instructions to each measurement and control station for remote control. The organization or individual who needs it can make an interface on the web interface by themselves.


3. How to install and use OpenATS
The source code of the entire OpenATS system has been uploaded on Github, and the link is at the end of the article. Different folders correspond to MCU, client, server, and web. After downloading, copy them to different environments for deployment.

1. Installation on MCU

The MCU is upgraded from the original version of OpenATS. Users can directly upload the source code to Arduino or STM32 according to the steps in the previous article, and only need to copy the corresponding stepper motor library to the library directory. You can modify the pulse interface pin number, pulse ratio coefficient and other parameters in the code according to your own hardware conditions.

2. Client installation

Install the client first to install the dependent environment. This system relies on GPSD, libgps-dev (3.20), nscurses, libwebsockets-dev, gcc, make, wget, just make it directly after installing these dependent environments. It is recommended to install NTPD and set the time service source of NTPD as a local GPS source, which can calibrate the time of the local system and also serve as a time server to provide external services. For the specific setting method, please refer to the keyword GPS to build a local NTP server by Google. Since our commonly used system is a non-real-time operating system, the accuracy may not be too high, but it is sufficient for us, at least several orders of magnitude more accurate than the NTP network timing.

3. Server installation

The server installation is similar to the client. In addition to the above dependent environment, you need to install the mysql database or mariadb database, and you also need the libsqlclient-dev client library. Of course, if you don’t need the support of the database, you don’t need to install the database, but the client library still needs to be installed, or it won’t be compiled.

4. Web deployment

Web deployment is relatively simple. Install the corresponding web environment. Apache is enough. Just copy the files in the web folder directly to the web directory and modify the server address of the html homepage, so that the server information can be obtained through websocket.

5. Configuration file

Both the client and the server have software configuration files. The file name is options.ini. For the convenience of friends who are not familiar with English, it contains Chinese annotations. The configuration file can modify the default latitude, longitude, and altitude of the receiving station. If there is no GPS module In this case, the latitude and longitude information in the configuration file is used. And the default target location information, antenna maximum elevation angle limit parameters, whether to use GPSD service, whether to use GPS time, GPS and antenna serial configuration information, target tracking and receiving data interface, network interface, front-end interface, GPS reading/tracking/antenna control Speed ​​(unit: ms), TLE satellite ephemeris data update address and backup address, etc. Users make appropriate modifications according to their own needs and system design.

6. The command parameters of OpenATS are as follows:

-s satellite tracking command, followed by the satellite name, for example: openats -s NOAA 18

-N Satellite tracking command, followed by the NORAD number of the satellite, for example: openats -n 28654

-T Tracking the target command, there is no need to follow the parameters.

-U Update and download TLE data, without parameters, directly download all ephemeris data of SpaceTrack

-I Display satellite orbit information function, followed by the satellite NORAD number.

-G is the GPS debugging function, no parameters are required, GPS information will be displayed for debugging.

-R is the remote control mode, and then the OpenATS client will have commands issued by the server for unified management.

Note: Even in the normal tracking mode, the OpenATS client will send the latitude, longitude and angle data of the antenna to the server. If you don’t need it, you can comment out the corresponding thread in the code.

Using OpenATS to track the downlink signal of a polar-orbiting satellite, a large Doppler shift can be seen.


4, some common problems and points of attention of OpenATS
The default is compiled with the -g parameter. If there is an error, a debugging file will be generated. If the linux system does not generate an error file, please enter the command: ulimit -c unlimited to set the system. After an error occurs, use gdb to debug and locate the error location. You can send an email to let me know.

In the default configuration, OpenATS obtains GPSD latitude, longitude, altitude, time and other information through shared memory to calculate satellite angles. This is the recommended configuration. Users can modify the configuration file to directly use the GPS serial port information, or replace the GPS parsing library by themselves. , But I don’t recommend it. The use of GPSD has the following advantages: 1. GPSD is more mature for GPS module information processing technology, with a processing speed of about 10ms, high accuracy and good stability. If the original data of the GPS module is used, it will be due to data drift Cause tracking to be affected. 2. GPSD can support other software such as NTPD for timing services at the same time. It can calibrate the computer’s local time to make the tracking system achieve more accurate time. GPS timing accuracy can reach 20~30ns (1ns is one billionth of a second). Serial communication and processing can still guarantee accuracy of about 100 milliseconds, which can greatly reduce calculation errors. 3. GPSD supports the $GPHDT direction finding statement, which can make preliminary corrections to the azimuth angle of the antenna system, paving the way for communication in static and communication in the future. In the future, OpenATS will support static communication and dynamic communication, and real-time correction of the PID algorithm on the single-chip computer through sensors.

Because the system uses high-precision tracking, the code uses all double-precision types (although float is sufficient), and the system time is obtained in milliseconds (using the ftime() function), so the time requirements are very high. If GPSD and NTPD are used to assist If the system is timed, the time can calculate the satellite position with high precision. However, if the GPS module is used, the real-time calculation is affected by the module’s serial data frequency. You can use commands to set the GPS module to a higher serial communication frequency, such as 10Hz. This is why it is not recommended to directly use the GPS module to collect data. It is recommended to use GPSD service.

The core tracking technology used by OpenATS is satellite TLE ephemeris tracking. The current position of the satellite is calculated through TLE orbit data. This tracking has obvious advantages but also has many disadvantages. The TLE orbital ephemeris data must cooperate with the SDP4 algorithm due to its special element number, which leads to limited forecast accuracy. Of course, it is accurate enough for us. The error drift of TLE accuracy increases with time, so it is necessary to update TLE data frequently to maintain its accuracy. TLE is distributed by the North American Aviation Command (NORAD), and some sensitive satellites such as military satellites are not included in the distribution. After OpenATS runs, it will automatically check the data on my server and update the local data within 4 hours. My server background will automatically update the data from the SpaceTrack website every 4 hours (NORAD updates twice a day). Due to restrictions on personal or organizational distribution of TLE data, Please use it with caution or change to another server address (there are several organizations in the United States that provide TLE data download).

The target tracking function of OpenATS is a new function that can be used to track target objects such as drones, balloons, airplanes, and rockets. After OpenATS starts target tracking, it will open the TCP listening port locally, and the user only needs to send the GPS data of the target object. The GPS data format is: LAT:XX.XXXXX LNG:XXX.XXXXX ALT:XXX.XXXXX, note that the data format follows: “xx.xxxxxxx degrees” instead of “degrees, minutes, seconds” format, you need to pay attention. For example, players can modify ADS-B software such as dump1090 to send the latitude and longitude of the aircraft to OpenATS, and OpenATS will control the antenna to keep track of the aircraft. Some drone enthusiasts can also use the location data sent back by the drone to send it to OpenATS to automatically track the drone to obtain a greater navigation distance. Please imagine more ways to play. For example, replacing the antenna with a laser cannon, and then using a Doppler radar to calculate the angle, it is an automatic defense weapon, for reference only.

In manual tracking mode, input two angle data to control the antenna pointing, the format is: azimuth angle and elevation angle, for example: 265.35 46.35, the antenna points to azimuth angle 265.35 and elevation angle 46.35. It is very simple. Entering commands such as q will exit and the antenna will automatically return to zero. Input “X correction angle” to correct the 0 point position of the azimuth angle, and input “Y correction angle” to correct the 0 point position of the elevation angle to calibrate the 0 point position of the antenna.



There are no reviews yet.

Be the first to review “Satellite hacker weapon: OpenATS new version update”

Your email address will not be published. Required fields are marked *