HackRF One with drone

[NiteAchilles]

Hi

I'm a beginner in using HackRF One. I have a Mavic 2 drone and I was wondering if I can conduct any attacks using the HackRF One, whether replay or GPS jamming/spoofing or even taking control of it entirely.

I have GNU radio installed and if there is anyone who has had experience in dealing with drones and their radio frequencies, I really really appreciate if you could help me. 

It's for a project to detect vulnerabilities of the drone and there is no malicious intent.

Thank you.

[Cap_Sig]

First thing to do is some recon on what frequencies are used by the drone.  Then you can start to dissect the signals.

There is good information around the web on GPS spoofing but I don't think you would want to do this with your drone unless you aren't afraid to destroy it.  The way GPS failsafes work is to return the drone to a set GPS home location.  If the current location of the drone is spoofed this could trigger something like a geofence failsafe.  At that point multiple things could happen resulting in a very bad ending for the drone.  If you drone has good GPS failsafe it should attempt to land directly downward.  This will all depend on model, firmware, etc of the drone.

Also some drones use a form of signal hopping on control channels.  This helps prevent jamming/interference of channels by changing them at a fast rate.  This makes intended jamming more difficult but not impossible.

I have a fair amount of experience with drones but not so much on the Mavic 2.  You can pull info as to operating frequencies by looking up the FCCID number found on the tag.  It should give you more details to help have a better starting point.  So drones are even using WiFi channels to operate with encrypted data.  Most likely the drone operates on a public frequency band, as if it didn't you would need a FCC license to operate it.  The other thing to keep in mind is when "jamming" a frequency you have to be very careful to not effect surround frequencies, devices, etc.

Hope this at least helps you get started. 

[NiteAchilles]

Hi thank you for replying

I've done research on the frequencies that are used by the drone, looking up via the FCC website.

Frequency Range

1. 2.4055 - 2.4775 GHz
2. 2.4075 - 2.4655 GHz
3. 2.4105 - 2.4715 GHz
4. 5.7285 - 5.8465 GHz
5. 5.7305 - 5.8445 GHz
6. 5.7355 - 5.8395 GHz

So these are the frequencies and I believe the modulation is FHSS, which as what you have mentioned prevent jamming/interference by changing channels at a fast rate. 

I am currently researching on GPS spoofing via the HackRF One, hopefully it will confuse the user or the drone...

May I know what kind of experience you had with drones and HackRF one? I'm not afraid to destroy the drone as it is for academic and research purposes...

I'm not sure if the HackRF One can jam, let's say the entire 5.7355 - 5.8395 GHz ...for example

 

[Cap_Sig]

The drone should use the 2.4xxx frequencies for RF control and the 5.8xxx is for video feeds.

Don't have much experience on the topic of taking over control of a drone with HackRF One.  The biggest issue you will face by "jamming" the frequencies is cause a failsafe to initiate which will just result in the drone landing.

There is sources out there that on GPS jamming which it sounds like the route you are most interested in going.  This again will probably just result in a failsafe situation.  It could be successful at causing the drone to change loiter position if you are very selective about how it is done but will probably require more hardware than just the HackRF One.  You will have to overpower the signal of GPS signals that are being used by the drone as well as the fact that it is using probably 10+ satellites at any given time for corrections.  

[Cap_Sig]

One interesting idea would be to jam/transmit a video from another source causing the controller to have a completely different video feed.  This would not cause a major issue for the operator as long as they are following VLOS rules but still a interesting proof of concept.