Did you know that ATC conversations and conversations between planes are freely available, with no encryption? It is legal to listen in on ATC conversations, and in this guide I will tell you how if you have some free time.
What You Need
RTL-SDR Stick and Antenna (x1)
This is the antenna and radio processor we will be using to get a signal from an air traffic control tower.
If it is your first time using SDR# (SDRSharp), then you must install SDR#, then install the drivers. The below guide will show you how to do so.
First, install SDR# and let the installation wizard guide you through the process.
Then, open the newly added program Zadig and you should see a screen like the one below.
A: This is where you choose the interface you want to install drivers for
B: This is where you check if a driver was installed
C: This is where you can install the drivers
Follow the steps below:
First, use dropdown A to select an interface. The interface must start with Bulk-in, Interface. If you have multiple bulk-in interfaces, repeat these steps for every one
Next, make sure textbox B tells you that there is no driver installed
Finally, click Install WCID Driver (button C)
Opening SDR#
Once all the drivers are installed, you may close out of Zadig and open SDR#. You should see a screen like the one below.
A: This is the frequency selector. This is where you can choose which frequency your antenna is supposed to be tuned to. Right now it is tuned to 120 MHz, but in the next section you will learn to find the frequency of your ATC tower
B: This is where you can choose your radio settings. For this tutorial, keep the default settings but change the radio mode to AM
C: This is where you choose the source of the radio stream. Right now you want it set to RTL-SDR USB
D: This is where you can visualize the radio waves. You can click anywhere on this to set the frequency to the location of the waves to which you clicked. You can drag the lighter waves to set the bandwidth. You want to make sure that the bandwidth is not too big otherwise you will get interference, but not too small so you only get part of the wave. I have set my bandwidth to 7.557 kHz
Reading Aerospace Vector Maps
Using a site, like SkyVector, you can find your airport and look at the frequency under it. Tune to that frequency. For place value context, think of the second segment of numbers as MHz SkyVector shows frequencies in megahertz.
Some airports, like the ones marked with a star, do not have full-time ATC, meaning that planes have to talk directly to each other.
Tune to this frequency on SDR#.
Listening to these frequencies
Look for any spikes in these frequencies. Ste the frequency to the frequency of these spikes (you can do this easily by clicking on these spikes) Adjust the bandwidth to these spikes, hovering over the top-right Zoom button and using the slider below it to zoom into the waves. Click on the top-left gear icon and adjust the setting to match the ones below:
Now, turn the volume up and listen. If you do not hear talking, experiment with the bandwidth or choose another frequency. A good frequency should be like the one below:
Done!
And that is the end of the project! Pretty easy, right? There are some caveats, though. You will only get the best signal when you live no further than 50 kilometers away from an airport with a full-time ATC, and the radio tends to disconnect a lot if not screwed in fully. Either way, it is still a super cool project, and is definitely worth trying out if you are interested in this kind of thing. Frequencies might not be exact, so experiment a little!
There is a common WiFi attack that can disconnect any device on the network you are currently on. It also works on networks that you are not currently on.
How it works
There is a protocol in WPA2 that lets you disconnect a device safely from a network. However, these packets are not encrypted, so anyone with a WiFi-enabled device (like the ESP8266) can fake these packets.
Installing the software
First, go to the ESP8266 deauther page and download the latest release and download the file esp8266_deauther_[VERSION]_NODEMCU.bin.
Next, download the ESP8266 Flasher and run the utility. Flash the binary file (the .bin you downloaded) at 0x00000. Click Flash and wait till it completes.
Running attacks
On a device, connect to the Wi-Fi network named pwned and enter the password deauther. Next, go to the IP address 192.168.4.1 and click I have read and understood the risks and choose a target network. Under the Attacks tab, begin the attack Deauth.
A note on WPA3
WPA3, which was passed as an official WiFi protocol, encrypts these packets so hackers cannot abuse them. However, some WiFi routers still use WPA2, so this attack will still work sometimes.
In this post, I will be showing you how to start feeding flight data to three services: Flightradar24, ADS-B Exchange, and FlightAware. This post may be helpful to some of you who want to run your own flight feeder, and can’t tell which is a better service to feed to.
The main benefit of running your own Raspberry Pi flight tracker is that you will get paid accounts for free. For example, you will get a free FlightAware enterprise account, a subscription valued at around $89.95 a month. FlightRadar24 will also give you a free business plan, which costs $49.99 a month. If you also want to support non-proprietary websites, you can also give flight data to ADS-B Exchange.
What you will need (hardware)
Below are the parts you will need:
Raspberry Pi 3B (x1, required)
The Raspberry Pi will be our microcontroller (This also works with other models, just not the Zero or the Pico; you can see FlightAware’s compatibility list here)
To begin the installation, we will have to first start feeding to FlightAware. To begin, first, create an account at their website, or log in at their website.
Note that you must select the correct drive, as this will erase your drive.
Configuring the ISO
If you want to enable SSH on your PiAware, or you have a wireless network configuration that you want to set (this will be typically everyone, unless you are using an ethernet cable on your Raspberry Pi), you must follow the below steps to configure the new operating system to use your configurations. You can refer to the configurations at FlightAware’s Website, or you could not set a default configuration, and once the PiAware has booted up, configure it using Bluetooth.
Booting it up
Now, you can put it all together! Connect your ADS-B antenna to your Raspberry Pi via USB, and then put the SD card through the back. Then, plug in the HDMI cable (and ethernet if you are going to be using it), and power it on.
Now, once the Raspberry Pi has booted up, you should see a screen showing the PiAware Status. If you did this correctly, it should be connected. You will also need to connect a keyboard if you do not know your PiAware’s IP address. If it asks you for credentials, the default is pi for username, and raspberry for password.
Setting up the FlightAware feeder
Now we get to the fun part! Now, we set up the feeders. Let’s start off with the FlightAware feeder. Since we flashed the custom ISO file, FlightAware is going to be installed, just not set linked to an account. Create a basic plan FlightAware account at their website if you don’t already have one, and claim your PiAware. Once that is set up, make sure you are connected to the same network as your PiAware. It will come in handy for later. Once you do that, make sure you are still on the status page on your PiAware, click Alt+F2 (or whatever key it says to press to open the terminal and run commands). If it asks you for credentials, the default is pi for username, and raspberry for the password (unless it is set otherwise, of course). Now run the following command:
BASH
hostname -I
This should return your Pi’s IP address. Now, on another device, navigate to your IP address on the SkyAware page. For example, if my Pi’s IP address is 192.168.1.1, I will navigate to the following website:
URL
http://192.168.1.1/skyaware
After that, you should see a map with all the aircraft you are tracking. You have successfully set up FlightAware! After some time, your basic account will be upgraded, and you can view your ADS-B statistics.
Setting up FlightRadar24
Now, open the terminal and run the following command:
You will then be asked some questions about antenna position, fr24 sharing key, and other things.
Now, we need to configure FlightRadar24. To begin, sign up for an account at their official website. Note that all you need to do is sign up for a free account and do not select any paid plans. This is because your account will automatically be upgraded at the end of this tutorial.
Run the following command to enter configuration:
BASH
sudo fr24feed --signup
You will be asked questions about you and the antenna that you are using. Answer the questions similar to the ones below:
Email Address: Enter the same email address you used to sign up for FlightRadar24. This is the same email address that your sharing key will be sent to, and the same email address that your account on will be upgraded.
FR24 Sharing key: If you have never set up a feeder or have never got a sharing key from FlightRadar24, leave this blank. If not, enter your FlightRadar24 sharing key.
Participating in MLAT Calculations: Answer yes, unless you know you don’t want it or need it.
Autoconfiguration for dump1090 (if asked): Yes
Latitude & Longitude: Use a website like latlong.net to find your latitude and longitude. It is best to be as accurate as possible. Enter this question in the form of XX.XXXX and XX.XXXX (leave out any extra numbers).
Altitude: This is your altitude from sea level. You can use whatismyelevation.com to find your altitude.
Receiver Selection: If you are using a DVB-T (the type I put in the parts list) stick then I strongly recommend option 1. If you encounter an error regarding dump1090 in this tutorial, restart the tutorial and click option 4. If you do not have a DVB-T stick, check out your other options.
Dump1090 Arguments (if asked): Leave this blank and hit enter.
Raw Data Feed: No, unless you know what you are doing.
Basestation Data feed: No unless you know what you are doing.
Logfile Mode: 48-hour, 24 rotation.
Logfile Path: This will be the path that the log file is saved to. If you want to use a custom path for logs, put it here. If not, stick with the default and hit enter.
FlightRadar24’s configuration should return that everything is correctly set up. The program should also give you a sharing key. Save this key as you may need it later in the future.
To begin feeding ADS-B data to FlightRadar24, enter the command below. Note that MLAT or general feeding might take some time to show up. For me, it took 30 minutes before the feeder was actively sending data to FlightRadar24:
BASH
sudo systemctl restart fr24feed
You can go to the data page and view your feeder statistics. If you want to access the web UI for FlightRadar24, then go to your Raspberry Pi’s IP address (remember, you can access it with sudo hostname -I), and access it via a web browser on port 8754, unless set otherwise. For example, my Raspberry Pi’s IP address is 192.168.1.252, so I access it by using http://192.168.1.252:8754.
Also, it is important to note that it may take some time for the receiver to start working and sending data. For me, it took 30 minutes before flight data was sent to the services I was feeding to.
Setting up MLAT for FlightAware
If you want to set up MLAT configurations on FlightAware (we highly recommend doing so, it can increase the amount of positions seen), then follow our steps.
First, go to your FlightAware data sharing page and clcik the gear icon next to the nearest airport, labeled in orange.
Then, enable MLAT and Mode S Alliteration. Put in the same details as you did for FlightRadar24, or new details if you have to.
Setting up ADS-B Exchange
First, we need to download ADS-B Exchange. You can do that with the following command:
You will be asked a couple questions. For the first one, type in a random username, but note that this username will be public. Next, enter the details it asks for, and it will begin configuring. Note that this may take a while.
The script should output a sharing key. You can use this to view your feeder statistics at the official website of ADS-B Exchange. You should also be able to access your web interface on the adsbx page. This will be your Raspberry Pi’s IP address, with /adsbx at the end. For me, the URL was http://192.168.1.252/adsbx.
In this guide, I will be turning a Raspberry Pi into an OpenWrt router. This is good for travel, and it can connect to VPN servers to give you secure VPN internet.
First, we need to install OpenWrt on the board. To do that, put the MicroSD card into the MicroSD card reader, then plug the MicroSD card reader into the computer.
Once that is done, download the proper firmware from this site. Then, once you have the Raspberry Pi Imager open, select, click “Choose OS”. Then scroll down and click “Use Custom”, then select the location of the firmware that you downloaded from the OpenWrt Wiki.
Click “Select Drive”, then click the drive of the SD card reader.
Step 2: Connect to OpenWrt via SSH
Now, plug the ethernet cable into your Raspberry Pi, then plug the other end into your computer. Open Command Prompt, then run:
BATCH
ssh root@192.168.1.1
On the fingerprint prompt, type “yes”.
Step 3: Setting a password
When we used SSH to log in to the OpenWrt session, notice that it did not prompt us for a password. Super insecure. To set one, run the command. This is also how you change the password on any Linux device:
Run these commands. I hooked mine up to the LAN interface, if you want to use Wi-Fi, follow the official documentation. These will configure OpenWrt to connect to your network.
ASH SHELL
uci set network.lan.ipaddr=192.168.2.2
uci set network.lan.gateway=192.168.2.1
uci set network.lan.dns=192.168.2.1
uci commit
service network restart
Step 6: Partitioning
Create a partition to store data. We will install fdisk and use it:
opkg update
opkg install fdisk
fdisk /dev/mmcblk0
To create two partitions (one for /home and one for /srv), use the following fdisk commands.
p to print the current partition table.
n then e to create an extended partition.
n then l to create the first partition. When asked for the last sector, type +2G to make it 2GB large.
n then l to create the second partition. When asked for the last sector, leave empty to fill the remaining space.
Now we can mount the first partition at /home and the second at /srv. Both are on a flash SD card, the noatime flag is important.
ASH SHELL
opkg update
opkg install block-mount
block detect | uci import fstab
uci set fstab.@mount[2].target=/home
uci set fstab.@mount[2].enabled=1
uci set fstab.@mount[2].options=noatime
uci set fstab.@mount[3].target=/srv
uci set fstab.@mount[3].enabled=1
uci set fstab.@mount[3].options=noatime
uci commit
Create the srv mount point, as the other one already exists.
ASH SHELL
mkdir -p /srv
Mount both partitions.
ASH SHELL
block mount
Step 8: Set the hostname
ASH SHELL
uci set system.@system[0].hostname='thetechmaker-good.hi.testing'
uci commit
Step 9: Remove unused packages
OpenWrt was originally a Linux distribution for routers, so it might come with useless networking software you’ve never heard of. You can remove this with the following commands: