Saturday, May 2, 2015

Taking control of a 36 year old NASA spacecraft using GNU radio

In 2014, Dennis Wingo and Keith Cowing formed the ISEE-3 Reboot Project, a crowdfunded effort to attempt to gain control of the decommissioned spacecraft for the benefit of citizen science. The team raised almost $160,000 in funding and assembled top space experts for the cause. In May, 2014, they began communicating with the spacecraft in advance of its August 10th 2014 lunar fly by.

Here's an excerpt of a brilliant podcast interview between software defined radio (SDR) specialist, Balint Seeber, and Infosec journalist, Patrick Gray, as recorded on April 24, 2015. Its the best anecdote about technology and hacking I've heard recently.

Below transcript starts at the [47m:43s] mark of the Risky Business podcast #363

Balint: It was also to set a precedent for citizen scientists from the public to essentially take over missions that ... all the missions that NASA may not want to spend its resources, its precious, you know resources and budget on. So this was supposed to be a good first example of how they could do that hand-off to a public group, and there were initial negotiations there and a Space Act agreement was signed so it was all above board and legitimate.

We realised the reason they got in touch with Ettus Research and then with me and my former colleague, John Malsbury, who funnily enough now works at SpaceX, so he's still in the space game, but he and I met with the guys and they basically told us the reason why we need your expertise is because NASA has thrown out all of the old equipment they used to speak to the space probe. So they put the space probe in this graveyard orbit, because the mission had finished and they ran out of funding, but there was no way for the NASA deep space network to actually send it commands to wake it back up again.

And so, having done their techno-archeology, as they like to put it, retrieving all these old NASA documents, we could see the various protocols that would be necessary to re-implement, using software defined radio, in this case GNU radio, to achieve this, you know, recreate the modems to talk to it. And so we did that and we were fortunate enough to be able to go to the Arecibo radio telescope in Puerto Rico, hook our software defined radios up to their big, big telescope, and then send these commands out to the probe, which at the time I think was 15.5 million kilometres away, travelling towards the earth at about four kilometres a second ...

Patrick: That's a long distance call...

Balint: Its a very long distance, and I call it "not your average radio link budget". But we managed after some initial attempts to have some success there and send the commands out to turn the telemetry on. We could then assess the health of the space probe and ...

Patrick: And you did your happy dance of course when the response came back?

Balint: That's true, yeah, we had our unmodulated carrier suddenly become modulated telemetry and it was the first real major milestone of the project. All that preparation that we'd done, all the interpretation of the documents and taking into account the various permutations of parameters and ...

Patrick: And the plan of course was to fire the thrusters in a way to get it into a stable orbit and they you guys could use the various sensors and things on it to quote "Do Science", uh, but it didn't quite work out did it?

Balint: No, unfortunately the grand idealist game was to reactivate all of the operational science instruments on board and actually bring it back and do proper, public science with it, and, you know, have it available for STEM and so on, but unfortunately when we tried to fire the thrusters, in all the different configurations, because there were lots of redundancies in the propulsion system, we never observed any impulse being registered on the accelerometer and the accelerometers data was being transmitted back on the telemetry and it would always sort of flat line. And this was a big disappointment for us, no matter what we tried we just couldn't get the thing to move, and one of the running theories is that the (fuel) tanks were actually pressurised with nitrogen so that it would force the fuel out, back into the rest of the propulsion system, as in the valves and the thrusters, and you could imagine that over the three decades there might have been a very, very slow leak and that nitrogen pressure, it might have just leaked out over time and unfortunately now its left us with an inoperable propulsion system.

Patrick: What, no backup fuel pump? (sarcastic)

Balint: Can you believe it?

Patrick: Bloody American engineering.

Balint: What were those NASA boffins thinking? (laughing)

Patrick: But you were able to actually fire up the sensors and do some science with it. What was the total budget of this project, that was crowdfunded in the end?

Balint: They used Rockethub and I think it was on the order of $150,000, so it was quite a nice little collection there, and yeah, some of the science instruments were reactivated and we actually for a short period got some good science data out of it, which was great, and it was quite funny, when I was at DEFCON last time, I got the call that one of the science instruments needed to be rebooted and I had been waiting for quite a long time in line to get a good seat and there were a number of back to back presentations that I was ...

Patrick: Excuse me I'll be back I've just got to go give the three finger salute to a satellite

Balint: Well that's the thing though, I didn't want to leave and so, unfortunately I didn't have any cell reception so I couldn't tether to my phone, you don't get on the WiFi at DEFCON obviously because then you open yourself up to being hacked. So there's a guy next to me that I started to talk to and we're talking about software defined radio and I sort of sized him up, he was from Norway and he seemed like a good bloke and I asked whether I could tether to his phone. He said yes because he had a prepaid account with some Internet credit on there. And so I ended up tethering to his phone, SSH-ing from the third row of DEFCON into the laptop at Arecibo to send commands to the space probe that was about to fly past the moon, to reboot the science instrument on board, and then I could continue watching the presentation, so it was quite fun.

Patrick: Its a pretty amazing time isn't it...

Balint: Well it just goes to show you how interconnected the entire world is, I mean you've got the WiFi from my laptop to the phone, LTE from the phone to the cellular network, and then the data connection obviously across that and then down to Arecibo and then our custom link to the space probe. So it was a good testament both to SDR and commercially deployed wireless standards.

Futher information ...
Communicating with a space probe using Software Defined Radio

... a video of a presentation Balint gave to the Manly Warringah Radio Society ...

Follow @dodgy_coder

Subscribe to posts via RSS

1 comment: