The United States Air Force, in conjunction with the Defense Digital Service, presents this year’s Space Security Challenge, Hack-A-Sat. This challenge asks hackers from around the world to focus their skills and creativity on solving cybersecurity challenges on space systems.
Hack a Sat write-up by Donald Ashdown
Before getting into the write ups I wanted to offer a few personal comments. Firstly that this was an amazing experience, being involved with space and satellites was very novel and refreshing.
Secondly, these challenges were extremely difficult, however my team placed 101/1200 teams, and we worked day and night.
Challenge Categories
Astronomy, Astrophysics, Astrometry, Astrodynamics, AAAA
Satellite Bus
Ground Segment
Communication Systems
Payload Modules
Space and Things
I like to watch - 37 Points
We are provided with a .kml file that we download and view with notpad ++.
I have never heard of a .kml file before, but the hint for the above challenge suggests we need to become familiar with .kml file.
What is a KML file?
Well we have google to answer this question, because nobody on the team was familiar with this type of file.
Keyhole Markup Language is an XML notation for expressing geographic annotation and visualization within two-dimensional maps and three-dimensional Earth browsers. KML was developed for use with Google Earth, which was originally named Keyhole Earth Viewer.
Solve for TLE
After reviewing the .kml code, we net-cat into the challenge server and receive the following message.
After some research, we learned that the above message is identified as a TLE, known as a Two-line element set.
Its purpose is to provide data format encoding for a list of orbital elements on an Earth-orbiting object, given a point in time.
The TEL format has been used by NASA since the 1970's for tracking and identifying primarily satellites.
Washington Monument
At this point, we have three things;
An empty kml file used to reference an exact spot and camera angle on google maps
A TLE file, providing us the exact location of a satellite at a certain time
Washington monument as a challenge hint provided at the start
It is strongly suggested that we have to fill out the KML file, with the LookAt Cordinates of the location at the time the photo was taken, pip this into google maps and we will find the flag.
Looking up the Washington monument provides us with the follow coordinates:
longitude -77.035278
latitude 38.889484
Building the KML file
Following the KML structure, we simple add the coordinates for the Washington monument in the file.
We also reference the http://18.191.77.141:10450/cgi-bin/HSCKML.py address provided to us in the challenge., under the link tag.
We then load this file into Google Earth Pro and we see the Washington Monument.
So we did not find the flag, just a pin that says Keep Looking.
Where is the satellite
At this point, the kml file does not have a value for heading, tilt and range. We probably have to fill these out, and to do so we must know the satellites location at the time.
We found a script used to interpret TLE information, which got us started on the next path.
https://github.com/coltonriedel/tle
We entered all the provided TEL information, in the ECEF coordinate system based off the sgp4 model.
We received the following values;
2020,03,26,21,52,07.000000, 2029.72655181, 5206.47627522, 3857.06394627
This allowed us to calculate longitude and latitude angles within the ECEF coordinate system, using the cuboid below based on Pythagoras theorem.
This provided us two values;
λ – longitude – 68.70185059
α -latitude – 34.61439181
Entering this into our KML file brought us to the desert, in the middle of no where.
Tilt and Heading
At this point we still needed the tilt and head of the satellite at the time.
These two diagrams found at the Google Developers KML guide;
https://developers.google.com/kml/documentation/kmlreference#lookat
allowed us to calculate Tilt and Heading, which we then loaded into the KML file.
We finally found the flag in Maryland :)
It was an amazing journey and a very difficult one at that.