Embedded Files
1/30/2020-2/13/2020
Task:
Determine traffic between the Intel drone and its controller.
Result: Little to no traffic between the Intel drone and its controller (seen with Kali sniffing).
Related findings:
There seemed to be an application for configuring the controller, but it did not work on our computer.
Notes:
Intel data files have about 30 thousand packets each (matches our routine target amount).
Traffic between the Intel drone and QGroundControl works well (seen with Kali sniffing).
Ongoing issues:
Last semester's data-analyzing Python script might not work on some of our computers.
2/14/2020-2/21/2020
Task:
Graph
Result: did not make the graph, but did analyze Intel_1 data enough to make a graph next time.
Notes:
Fixed issue from last week: data-analyzing Python script works on Joy's computer
Using our Intel_1 data, we found that for any specific frame, the data length (encrypted) was consistently 44 bytes greater than the data length (decrypted). To check, the frame length was the same in the encrypted and decrypted cases.
We checked frames corresponding to the heartbeat Message ID as well as the next three most common Message IDs.
We checked the data length and frame length of each frame using Wireshark (pcap file for encrypted, corresponding json file for decrypted).
We checked the Message ID of the frames using the Excel spreadsheet generated by our Python script.
We checked for matching/identical statistics (ex. times) in order to identify the frame that we selected from the Excel spreadsheet and then find its entry in Wireshark.
Possible goals for follow-up:
Repeat the Python-Wireshark process for some Sky Viper data.
Repeat the Python-Wireshark process for more Intel data.
Polish the graph of our findings from the Python-Wireshark process.
2/22/2020-2/28/2020
Task:
Graph
Result: made graphs for Intel_1 data and Viper_1 data
Notes:
We analyzed Viper_1 data using the same procedure as with the Intel_1 data last week.
We made a bar graph for the Intel_1 data and another for the Viper_1 data.
Both graphs are in the [Analysis] folder --> Spring 2020 496 project folder on the shared drive.
2/29/2020-3/6/2020
Task:
Sniff data using a router and a computer.
Compare encrypted and decrypted packets.
Notes:
We looked in particular at the data lengths of packets for different message IDs (for both the Intel and the Sky Viper) and organized these into bar graphs.
Results are in the [Analysis] folder --> Spring 2020 496 project folder on the shared drive.
file name: Length_And_TimeDelta_Analysis.xls
We sniffed data traffic between a router and a computer, in order to see the difference in data lengths between the encrypted and decrypted packets (the difference was 40 bytes).
3/7/2020-3/13/2020
Task:
Prepare for the VIP poster session on Friday.
Notes:
wrote a script to go through an encrypted json file and write to an excel spreadsheet
what is written:
payload length
REL_TIME
purpose:
for comparisons with the decrypted version of the same origin pcap file (we also use David's script from last semester; it only works for decrypted json files)
3/14/2020-3/20/2020
spring break
for the remainder of the semester, classes will be online
3/21/2020-3/27/2020
Task:
try to become familiar with Scapy (mentioned at VIP poster session)
Notes:
found a tutorial video that shows how to use Scapy to create packets that can be viewed using Wireshark (have not yet tested it)
it seems like this will be useful since collecting packets from flying the drones is no longer viable
link: bit.ly/39k56ir
3/28/2020-4/3/2020
Task:
for Scapy: find a way to sniff packets/analyze a pcap file (we want to compare the results with Wireshark)
for Kali Linux: find a way to execute commands using a script (we want to make the data-collecting process more automated)
Notes:
for Scapy (tested using our "Viper_1.cap" pcap file):
problem: Scapy can only read/needs decrypted pcap files; however, Scapy itself cannot decrypt an encrypted pcap file
solution: (this is the only solution that I could find) used the airdecap-ng command of Kali Linux, as suggested here (link: bit.ly/3atF7q6)
the airdecap-ng command outputs a decrypted version of the pcap file in the same folder as the original (the decrypted file was "Viper_1-dec.cap")
in Scapy (now using our "Viper_1-dec.cap" decrypted pcap file):
using the sniff() function and filtering to allow UDP packets only (same as we would in Wireshark), Scapy found 281 UDP packets
note: using the format sniff(offline = packets), so there is no filter, produces an error
for Kali Linux: wrote and partially tested a script containing the commands we use in our data-capturing routine (as seen in our shared drive's folders Method: How to Collect Drone Data using Kali Linux and Wireshark --> DataCollect Screenshots; the steps that use "ifconfig" are skipped since they are for visual confirmation of the success of the previous step and are therefore unnecessary in an automated process)
all credit goes to this page: (link: bit.ly/2vYX7tt)
what the script looks like (created by accessing the vim text editor in the Kali Linux terminal):
how to run the script (note: my Kali Linux terminal shell is bash):
First, put the script file into the bin folder (accessible through File Manager) in your Kali Linux. In the screenshot below, the script file is called "traffic_commands" (highlighted).
Second, use the following command to give your terminal permission to run "traffic_commands" from your bin folder.
chmod 755 /usr/bin/traffic_commands
Note: the "755" sub-command grants read, write, and execute permission.
In order to edit/write to the script file, use the following command to open it in the vim text editor.
Note: using "700" (instead of "755") for the sub-command grants read and execute permission (no writing), supposedly (I haven't tried it).
Third, since your terminal seems to be able to access the bin folder by default, you only need to enter the script file name in order to execute it.
Note: I do not have a wifi card with me to test this script completely.
Note: The output "Found 1 processes...the interface back in managed mode" is the same as we usually get after trying to execute the airmon-ng start wlan0 command, so the terminal seems to be able to read the first line of the script.
Note: At the bottom of the screenshot, I accessed vim in order to add the airodump-ng command into the script (commented by default, able to be uncommented and edited as needed).
4/4/2020-4/10/2020
Task: create a python script that uses scapy to collect packets; basically, the execution of the script should end with the Excel spreadsheet outputted by data_parser.py (David's code)
Notes:
concerns:
scapy does not seem to have a way to check for a WPA handshake; is this not necessary when using scapy?
our manual process for collecting packets required our computer to observe/obtain the WPA handshake between the drone and its Access Point ("AP" in our "Pcap to JSON instructions" document in the drive)
without the WPA handshake, we would not be able to use the drone's WPA password to decrypt the packet data
progress:
outline for the script/process seems to be:
1. put wifi card in monitor mode (wlan0mon)
2. put wlan0mon to the drone network (identifiable by ESSID and BSSID; located on a particular channel, which changes per trial)
3. (for now, not included; see concerns) confirm that your computer has seen the WPA handshake
4. start to collect packets
5. stop collecting when you have collected 30 thousand to 40 thousand packets
6. save the collected packets to a pcap file
7. use the drone's WPA password to decrypt the packet data
8. filter the decrypted packet data so that you only have UDP packets, then save this data as a json file
9. use David's code (data_parser.py) to analyze the json file and organize the data in an Excel spreadsheet
I put together a test python script; will need to ask Alysha/Eric to look it over; I am unable to test it myself because I don't have a wifi card (may ask Alysha/Eric/someone with a wifi card to test it when they have time)
my trial (with neither a drone nor a wifi card) got as far as step 2, putting wlan0mon to the drone network (ESSID), and stopped at errors because there was no wlan0mon to begin with:
In other words, every line above that portion was without error.
Note: I experienced library-related errors at first.
1. I had to install Anaconda to Kali Linux in order to be able to access the pandas and numpy libraries (David's code)
2. I had to use the "pip install scapy" command in the terminal in order to have access to scapy (even though Kali Linux is supposed to have scapy already). This command takes a long while to run, but it executes quickly (also, I was able to skip the keyring or username/password prompt by pressing "Cancel" every time the window prompt appeared).
Note: I originally wrote the python file on Windows, so I had to redress the file (tr -d '\r' etcetera, first line in the screenshot) in order to run it on Linux. The second line (chmod) in the screenshot is in order to make the python file an executable.
4/11/2020-4/17/2020
Note:
did not meet on Friday due to the school holiday
collected reference materials for the group to use for the turn-ins - in particular, for the (individual) project reports (included here for easy reference and for confirmation of the validity of these reference materials)
instructions (overview of the 496 project course)
notable topics on that page:
turn-ins:
Before receiving a grade for the course, the student must submit the following documents to the faculty advisor and the Department.
To the faculty advisor, a final report must be submitted. The advisor may require that the document be hard copy or electronic. The advisor may require additional documents to be submitted, e.g., source code.
To the EE Department, the following three electronic documents must be submitted to the eeasst@gmail.com:
A copy of the written final report, which must be a Word or PDF document. The name of your file should be "report.doc" or "report.pdf" depending on the format.
A copy of the oral presentation slides, which must be a Powerpoint or PDF document. The name of your file should be "oral.ppt" or "oral.pdf" depending on the format.
A copy of a 2–5-minute video presentation, which must be uploaded through Google Drive and shared with eeasst@gmail.com. The name of your file should be “ProjectTitle_Video.*” Ex: “WindTurbine_Video.mp4”
To turn in documents please email eeasst@gmail.com.
The video must be uploaded and shared one day prior to the EE 496 Poster Session.
The copy of the written final report and oral presentation slides must be submitted by the date specified by your faculty advisor.
what seemed to be the important take-away points on there, given that our session will be via Zoom:
Topics that should be covered:
●Problem addressed
●Approach used
●Results obtained
●Ethical considerations
●Impact (economic, societal, environmental, and global)
important take-away points:
Q: Should I prefix the poster title with "WIP"?
A:
Only if the project is anticipated to be incomplete by the end of the semester (e.g, this is the first semester of a two-semester project). The “WIP” lets evaluators know that your results are work in progress and should be evaluated accordingly.
Note: last semester's 496 poster had the "WIP" prefix, so maybe we should use the "WIP" prefix, too?
video: content outline (it's as we would expect)
State goal of your project,
explain your process,
present your results, and
summarize to conclude.
poster: template example (the VIP poster session poster and last semester's 496 poster seem to use a similar template)
4/18/2020-4/24/2020
Task:
write readme documents (a couple of explanatory sentences to introduce each item/category) for each subfolder in our "Spring 2020 - 496 project" folder on the shared drive
to aid other people in reading navigating and understanding our work
start to synthesize materials for the 496 project turn-ins (group: poster, video, powerpoint presentation; individual: report)
Note:
Now, each folder (each subfolder as well as the overhead/outermost level folder) has a "README" document to explain the purpose of the folder and introduce each item within it.
I worked on the powerpoint presentation using last semester's 496 group's presentation as a reference for the outline and background information of our project, while inserting the graphs and progress that we made this semester.
As a group, we coordinated during the week on how we would be starting the video, and Alysha offered to do the in-person drone demonstration and storyboard/outline of the video flow.
Next steps:
continue work on the 496 project turn-ins
4/25/2020-5/1/2020
Working on the 496 project turn-ins (powerpoint, video, report)
task assignments for the report are here
5/2/2020-5/8/2020
Working on the 496 project turn-ins (powerpoint, video, report)
task assignments for the report are here
for the automated data-collection script (manual process is in the screenshots here), I made a README so that the students in this project in later semesters may have an easier time picking up where I left off (and maybe they'll be able to debug the code)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Please write an update on your progress before we meet. I create a subpage in the following list for each of you. Please add a paragraph about your progress. For example,
01/06/20-01/21/20,
Problems we discussed last time
Tasked conducted: test code XXX, link, results, figures
New Problems:
read references: to new sites, links, papers, results, figures
Page updated
Report abuse