2021 Hack-A-Sat DEFCON Space Security Challenge CTF Qualifiers Writeup - Linky
Linky was an RF math problem, introducing the link-budget algorithm and getting contestants to calculate missing parameters for the operation of the radio link.
Years have passed since our satellite was designed, and the Systems Engineers didn't do a great job with the documentation. Partial information was left behind in the user documentation and we don't know what power level we should configure the Telemetry transmitter to ensure we have 10 dB of Eb/No margin over the minimum required for BER (4.4 dB) .
Upon connecting to the target port and presenting token, you're presented with a TUI of sorts:
_ _ _
| | (_)_ __ | | ___ _
| | | | '_ \| |/ / | | |
| |___| | | | | <| |_| |
|_____|_|_| |_|_|\_\\__, |
|___/
.-.
(;;;)
\_|
\ _.--l--._
. \ | `.
.` `.\ | .` `.
.` `\ | .` `.
/ __ \.|.` __ \/
| ''--._ \V _.--'' |
| _ (") _ |
| __..--' ^ '--..__ |
\ .`|`. /-.)
`. .` | `. .`
`. .` | `. .`
`._ | _.`|
`--l--` | |
| |
| |
| |
o | | o
) o | | (
\|/ ( | | \|/
\|/ | | o WWwwwW
o | | )
WWwwWww ( | | \|/
\|/WWwwWWwW
Our satellite has launched, but the user documentation and Critical Design Review package
for the Telemetry link are missing a few key details. Fill in the details to configure
the Telemetry Transmitter and solve the challenge.
Here's the information we have captured
************** Global Parameters *****************
Frequency (Hz): 12100000000.0
Wavelength (m): 0.025
Data Rate (bps): 10000000.0
************* Transmit Parameters ****************
Transmit Line Losses (dB): -1
Transmit Half-power Beamwidth (deg): 26.30
Transmit Antenna Gain (dBi): 16.23
Transmit Pointing Error (deg): 10.00
Transmit Pointing Loss (dB): -1.74
*************** Path Parameters ******************
Path Length (km): 2831
Polarization Loss (dB): -0.5
Atmospheric Loss (dB): -2.1
Ionospheric Loss (dB): -0.1
************** Receive Parameters ****************
Receive Antenna Diameter (m): 5.3
Receive Antenna Efficiency: 0.55
Receive Pointing Error (deg): 0.2
Receive System Noise Temperature (K): 522
Receive Line Loss (antenna to LNA) (dB): -2
Receive Demodulator Implementation Loss (dB): -2
Required Eb/No for BER (dB): 4.4
Calculate and provide the recieve antenna gain in dBi:
Helpfully, there's an algo we can use for that, as we know the frequency (12.1ghz, puts us in the KU band).
Source: everythingrf.com
Knowing that, we get our next question, to calculate the ground terminal thermals interference dB:
Good job. You get to continue Receive Antenna Gain (dBi): 53.94 Receive Half-power Beamwidth (deg): 0.33 Receive Pointing Error (deg): 0.2 Receive Pointing Loss (dB): -4.48 Okay, now we know the receive antenna gain. Calculate and provide the ground terminal G/T (dB/K):
Once again, there's an algorithim for that. Plugging in our figures of 5.3m, 0.55 efficiency, 522K noise temp, 1.21ghz, 2dB line loss, we get 24.86dB of G/Tsys:
Finally, we're asked to calculate the transmit power:
Good job. You get to continue Receive Antenna Gain (dBi): 53.94 Receive Half-power Beamwidth (deg): 0.33 Receive Pointing Error (deg): 0.2 Receive Pointing Loss (dB): -4.48 Okay, now we know the receive antenna gain. Calculate and provide the ground terminal G/T (dB/K): 24.86 Nicely done. Let's keep going. Determine the transmit power (in W) to achieve 10dB of Eb/No margin (above minimum for BER):
At this point, I wasn't able to work out how you're suppose to calculate the wattage required without knowing the bandwidth. We're given the data rate and frequency, but without knowing the stream encoding, I'm not sure how we're suppose to work this out.
rmorika's page seemed the clearest, but this was starting to consume a lot of time.
Luckily, we're in a CTF, and we can just make some educated guesses.
from pwn import *
import numpy as np
import sys
def test_tx_power(value):
r = remote("wild-wish.satellitesabove.me", 5022)
r.recvline()
r.sendline("ticket{redacted}")
r.recvuntil("Calculate and provide the recieve antenna gain in dBi:")
r.sendline("53.94")
r.recvuntil("Calculate and provide the ground terminal G/T (dB/K):")
r.sendline("24.86")
r.recvuntil("BER):")
r.sendline(value)
r.recvline()
r.recvline()
result = r.recvline().decode("utf-8")
r.close()
return "Wrong! Maybe next time" in result
# 0-20W in 0.01 increments
test_set = ["%.2f" % x for x in np.linspace(0.01, 20, 2000)]
for x in test_set:
print("testing ", x)
successfully_failed = test_tx_power(x)
if not successfully_failed:
print("GOT IT!")
print(x)
sys.exit()
This yielded 9.30 as the correct answer:
Determine the transmit power (in W) to achieve 10dB of Eb/No margin (above minimum for BER): 9.3
Winner Winner Chicken Dinner
************** Global Parameters *****************
Frequency (Hz): 12100000000.0
Wavelength (m): 0.025
Data Rate (bps): 10000000.0
************* Transmit Parameters ****************
Transmit Power (W): 9.3
Transmit Power (dBW): 9.68
Transmit Line Losses (dB): -1
Transmit Half-power Beamwidth (deg): 26.30
Transmit Antenna Gain (dBi): 16.23
Transmit Pointing Error (deg): 10.00
Transmit Pointing Loss (dB): -1.74
Transmit Effective Isotropic Radiated Power (EIRP)(dBW): 24.91
*************** Path Parameters ******************
Path Length (km): 2831
Polarization Loss (dB): -0.5
Atmospheric Loss (dB): -2.1
Ionospheric Loss (dB): -0.1
************** Receive Parameters ****************
Receive Antenna Diameter (m): 5.3
Receive Antenna Efficiency: 0.55
Receive Antenna Gain (dBi): 53.94
Receive Half-power Beamwidth (deg): 0.33
Receive Pointing Error (deg): 0.2
Receive Pointing Loss (dB): -4.48
Receive System Noise Temperature (K): 522
Receive Line Loss (antenna to LNA) (dB): -2
******************* Results **********************
RSSI (dBW): -162.68
G/T (dB/K): 24.86
S/No (dB-HZ): 86.30
Eb/No (dB): 16.30
Receive Demodulator Implementation Loss (dB): -2
Required Eb/No for BER (dB): 4.4
Margin(dB): 9.90
flag{redacted}
Comments
Post a Comment