What are MEMS sensors and why is hacking them important? WATCH THIS VIDEO
The objective of this project is to investigate the feasibility of injecting acoustic waves (sounds) in MEMS sensors with hopes that we can attack modern hobby drones. Drones are toys, why should we be concerned with them? Drones are currently perhaps the most significant threat to homeland security today. Security to date has been designed in two dimensions with the inclusion of fences and metal detectors to provide measure of security for events such as concert and sporting events. With the proliferation of drones today, the feasibility of an attacker mounting harmful objects (explosives) on a drone and simply flying them over fences is an incredible threat.
This project is a great opportunity to get your feet wet with reverse engineering, hardware development, and hacking as well as learning how best to apply the scientific method to solving real world problems. Before we can start hacking drones, we must go through some introductory work on hardware focused development. We will be using the Arduino Uno, an excellent microcontorller board to learn first hand how to make code do what you want it to. Some of you may have taken a programming class or two and thats great, but if you haven't do not be discouraged and just follow the tutorials which all include sample code.
NOTE: This project is not going to be about giving you busy work. We will start this project by spending our first couple of weeks getting our "hand dirty" with assembling very basic circuits with Arduino. Follow the tutorials in the links provided, retype the code exactly as it appears and try to think through logically what the code is doing. Once you become familiar with how arduino's interface with various sensors we will then repeat an experiment published which involves using sound to alter the behavior of an accelerometer.
Weeks 1 and 2: January 19 - February 2
Objective: Become familiar with programming in arduino to prepare for experimental work. You will each be given an Arduino Uno board, cable to connect it to your laptop, hook-up wires and a few sensors to play with. Google what they all are to learn more about them. They are straightforward to learn and you will pick it up fast.
To Do:
1) Download the latest Arduino development environment which is cross platform from the following link: Arduino IDE Download (Windows) or Arduino IDE Download (Linux) or for MacOS Arduino IDE (MacOS)
(If you have trouble with downloading, there are tutorials in the book which will be provided on pp. 22 - 26).
2) Get familiar with how microcontrollers work, specifically that on the Arduino.
The programming cycle on Arduino is basically as follows:
» Plug your board into a USB port on your computer.
» Write a sketch that will bring the board to life.
» Upload this sketch to the board through the USB connection and wait a couple of seconds for the board to restart.
» The board executes the sketch that you wrote.
3) Remember you first time trying to learn a programming language where you had to complete the "Hello World" application? Blinking an LED is the "Hello World" equivalent for embedded system development. Write your first sketch! Follow the tutorial on pages 30 - 41 of the book.
Completing this tutorial will accomplish several things:
Ensure you downloaded arduino IDE correctly and that it can connect to your board.
Show you how the arduino works and what its capable of
Learn basics of the programming language used by arduino (Its a modified version of C in case you are wondering)
4) Now that you have successfully completed the "Blinky" tutorial, lets progress to do some more advanced stuff
5) Read pages 1 - 62 of "Getting started with Arduino". There are many pages with platform specific installer pages so skip those. Complete the step-by-step tutorials: Blink LED, LED with push button, PWM LED.
6) By February 2, email me a photo of each of your circuits as well as your programming code sketch.
Weeks 3 and 4: February 3 - 16
Objective: Now that you understand the basics of how Arduino works we will continue to the fun stuff. This is YOUR project and no matter what you do in the future learning how to apply the scientific method to most things you do will benefit you incredibly. In this lesson you will be designing and repeating the experiment from the following paper (READ ME!)
You will not be alone on this project! Professor Dong and myself will be assisting you throughout the process. Do not let the scientific nerd jargon intimidate you as the experiment will not be incredibly difficult! The goal of this experiment: The team will develop a method for testing the ability to hack MEMS accelerometers by acoustic attack. Sounds hard? Its not! We will use arduino's as our platform to view data in real time coming from the accelerometers and will use a function generator to play various sounds at specific frequencies in attempt to change the readings on the accelerometers. Why this is important. Hobby drones, such as DJI Phantom, Parrot, 3DR etc. all use a combination of MEMS sensors (accelerometer, gyroscope, magnetometer) with GPS to navigate. These sensors help them navigate and avoid objects. After performing this experiment we will have a better understanding on the capabilities of using audio to target sensors.
To Do:
1) Read the paper linked in the previous paragraph if you haven't already.
2) Skim the following manuals which detail some of the equipment we will be using for the experiment:
- Agilent 33220A Function / Arbitrary Waveform Generator
- Tektronix TBS 1000-series EDU Oscilloscope
*Manuals and a couple of quick overview youtube videos will be posted in the team drive.
3) Now that you have read the papers and know a bit about the equipment that will be used, AS A TEAM, prepare an outline of how you plan to recreate the experiment in the study.
- We will use the Arduino's you have been learning more about to read data streams from the drone sensors in the experiment.
- The overall goal of this experiment is to manipulate acoustic/sounds waves to get them to alter the sensors data. Sounds cool right?
- I will also post further details on the MEMS (accelerometer) sensors we will be using on our team drive.
4) Friday February 9, we will meet in the UAS lab to go over the next steps. If the plans are sound it will be experiment time!
Week 5 - Semester End
Once this lab portion is completed we will get to the fun part! Actually hacking drones, both in the lab and in the field. Once we have repeated the lab experiment in Weeks 3 and 4 we will repeat it with the exact sensors that are commonly used on various drones. In doing so we will know just how much audio (and the frequency range) we will need to perform acoustic injection on drones in the field.
Things to look forward to:
1) We will have flying days where we will grab drones from the lab and go fly them to get more familiar with how they operate.
2) Mounting our accelerometers and Arduino's on drones to collect data on directional characteristics
3) Attempt to hack drones by injecting acoustic waves! Not only will we try to use audio to JAM the drones and make them crash, we will also strive to inject audio into the onboard sensors to gain control of them, making them do whatever we want!
March 2 - March 12:
Hi Team,
I hope everyone has been getting along with programming the MPU 6050 MEMS Sensor ok. If you have figured out how to view the serial data in Arduino, the next step is to figure our a method to save the data output in the serial command to be able to graph and see results. The easiest way is to simply copy & paste output into a .csv or text file, BUT you guys are programs so lets try to automate this! Use whatever program you'd like that save data into either .csv or .txt format! There are allot of ways to do this and I encourage you all to peruse google for existing methods to do this!
For example: Here is a simple Python script, which captures all of the serial data to a .csv file.
import sys, os, serial, threading
def monitor():
ser = serial.Serial(COMPORT, BAUDRATE, timeout=0)
while (1):
line = ser.readline()
if (line != ""):
#print line[:-1] # strip \n
fields = line[:-1].split('; ');
// ID = fields[0]
// TIME = int(fields[1])
# print fields
print "device ID: ", ID
# write to file
text_file = open("Pdata.log", "w")
line = str(TIME) + ": " + str(CT) + "\n"
text_file.write(line)
text_file.close()
# do some other things here
print "Stop Monitoring"
""" -------------------------------------------
MAIN APPLICATION
"""
print "Start Serial Monitor"
COMPORT = 4;
BAUDRATE = 115200
monitor()
With files we can then make some awesome looking figures for analysis to see if you are indeed changing the sensor readouts in a meaningful way. Getting the sensors to "fudge" data is one thing, which could cause a drone to crash or cause erratic behavior of other devices, BUT what if we use sounds to actually control the device via manipulating the MEMS sensors precisely and accurately? In order to be able to do that we need to be able to accurately control our "acoustic injection".