CAN this tools Spoof newer gps receivers?

Question

CAN this tools Spoof newer gps receivers?

nxydyxsj123456 opened this issue a year ago · comments

I use hackrf, I use TCXO, I can successfully spoof old android phones, but I can't spoof 2019 samsung s10+, is it a setting problem or is this tool not able to spoof newer gps receivers

Imtiaz Nabi · Answer 1 · Wed Jul 05 2023 14:15:01 GMT+0800 (China Standard Time)

It looks like the latest smartphone devices aren't solely relying on GNSS receiver for the calculation of position. There are multiple aiding sensors such as network location, built-in IMU, even Google smartphones such as Pixel use GLP services which creates a cache of the user position based on the processed information obtained from the devices within its vicinity.

All these technologies make the smartphone somewhat resilient to basic type of spoofing attacks. Have you tried turning off the auto update time and date off and restarted the device before transmitting the signal? When you do this the device gets into cold start mode meaning it is more vulnerable to attacks now.

However, the chances are still pretty low, can you please share the data of your old smartphones during the attack in an open sky environment? I am working on something but due to lack of hardware and data I am not able to do it.

psmitty7373 · Answer 2 · Wed Jul 05 2023 19:44:28 GMT+0800 (China Standard Time)

I've had success with more modern phones. Specifically clearing A-GPS data and blackholing the associated A-GPS domains helps greatly. Additionally, you have to make sure the clock matches what your GPS data is sending.

For Pixel devices, I blackhole:
xtrapath1.izatcloud.net
xtrapath2.izatcloud.net
xtrapath3.izatcloud.net

Imtiaz Nabi · Answer 3 · Wed Jul 05 2023 20:17:23 GMT+0800 (China Standard Time)

I've had success with more modern phones. Specifically clearing A-GPS data and blackholing the associated A-GPS domains helps greatly. Additionally, you have to make sure the clock matches what your GPS data is sending.

For Pixel devices, I blackhole:
xtrapath1.izatcloud.net
xtrapath2.izatcloud.net
xtrapath3.izatcloud.net

Can you please explain what transmitting front end are you using? I have a hackRF one without TCXO, also what about black holing the associated data? Never heard about that before...

psmitty7373 · Answer 4 · Wed Jul 05 2023 20:22:19 GMT+0800 (China Standard Time)

Using a hackrf with txco. You should really invest in the crystal. It's inexpensive and definitely helped. I'm using DNS black holing of the above domains so the phone cannot redownload assisted gps data. If it has the agps data it is very difficult to get a gps lock. You can use one of many gps apps to clear the agps cache or reboot the phone.

…

On Wed, Jul 5, 2023, 8:17 AM Imtiaz Nabi ***@***.***> wrote: I've had success with more modern phones. Specifically clearing A-GPS data and blackholing the associated A-GPS domains helps greatly. Additionally, you have to make sure the clock matches what your GPS data is sending. For Pixel devices, I blackhole: xtrapath1.izatcloud.net xtrapath2.izatcloud.net xtrapath3.izatcloud.net Can you please explain what transmitting front end are you using? I have a hackRF one without TCXO, also what about black holing the associated data? Never heard about that before... — Reply to this email directly, view it on GitHub <#378 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABDODBWZVUSV3PIHM7UTXETXOVLN3ANCNFSM6AAAAAAZ4GK33I> . You are receiving this because you commented.Message ID: ***@***.***>

nxydyxsj123456 · Answer 5 · Mon Jul 10 2023 08:46:05 GMT+0800 (China Standard Time)

I can success cheat old phone ，but in my samsung S10+, 10 satellite in view but 0 in use ,I have tried txco with 0.1~0.5ppm, open airplane mode,clear AGPS,and reboot my phone.

psmitty7373 · Answer 6 · Mon Jul 10 2023 09:17:33 GMT+0800 (China Standard Time)

Does the phone clock match the spoofed GPS time and date used in your apoapsis data? If it does, then the S10+ might have some additional spoof detection.

nxydyxsj123456 · Answer 7 · Mon Jul 10 2023 16:26:27 GMT+0800 (China Standard Time)

I tried past time and real time attack ,both not success in samsung and gps antenna, can cheap hackrf do this job？ i have more expensive device such as x310 n210 b210，but not found their code . i wonder wether it is a anti-cheat problem or my device problem.

nxydyxsj123456 · Answer 8 · Mon Jul 10 2023 16:30:04 GMT+0800 (China Standard Time)

It looks like the latest smartphone devices aren't solely relying on GNSS receiver for the calculation of position. There are multiple aiding sensors such as network location, built-in IMU, even Google smartphones such as Pixel use GLP services which creates a cache of the user position based on the processed information obtained from the devices within its vicinity.

All these technologies make the smartphone somewhat resilient to basic type of spoofing attacks. Have you tried turning off the auto update time and date off and restarted the device before transmitting the signal? When you do this the device gets into cold start mode meaning it is more vulnerable to attacks now.

However, the chances are still pretty low, can you please share the data of your old smartphones during the attack in an open sky environment? I am working on something but due to lack of hardware and data I am not able to do it.

i dont konw what the data mean i use old chinese xiaomi phone and success