Hardware & Making
Hacking yourself a satellite - recovering BEESAT-1
In 2013, the satellite BEESAT-1 started returning invalid telemetry, rendering it effectively unusable. Because it is projected to remain in orbit for at least another 20 years, recovering the satellite and updating the flight software would enable new experiments on the existing hardware. However, in addition to no access to telemetry, the satellite also has no functional software update feature. This talk will tell the story of how by combining space and computer security mindsets, the fault was correctly diagnosed without telemetry, software update features were implemented without having them to begin with, and the satellite was recovered in September of 2024.
In 2009, BEESAT-1 was launched into low earth orbit as the first 1U CubeSat of Technische Universität Berlin. In 2011, the satellite started returning invalid telemetry data. After a short amount of time spent diagnosing the issue, operators switched to the redundant on-board computer, which initially resolved the issue. However in 2013 the issue reoccurred on the second computer. With no other on-board computer available to switch to, operations largely ceased besides occasional checks every few years to see whether the satellite was still responding to commands at all.
A recovery of BEESAT-1 back into an operational state was made particularly attractive considering that due to its higher orbit, it is currently estimated to remain in space for another 20 years or more, while many of the other spacecraft of the BEESAT series have since burned up in the atmosphere. Additionally, the spacecraft is equipped with a number of sensors and actuators which were not fully utilized during the primary mission and could be used in an extended mission. However, to fully utilize all the available hardware on the spacecraft, a software update is required. Unfortunately, the software update functionality was not completed at the time of launch and as a consequence is in a nonfunctional state. An alternate solution must be devised.
Following an extensive effort that diagnosed the telemetry problem, developed a solution that would remedy both the telemetry problem and allow the upload of new flight software, and implemented this solution on the actual spacecraft in orbit, the satellite was finally recovered into an operational state with the ability to perform a software update in September 2024.
This talk will cover the recovery process from beginning to end, including:
- A crash course in spacecraft operations, including
- a brief overview of the typical subsystems of satellites and BEESAT-1 in particular
- the practicalities of operating a small satellite like BEESAT-1 in a sun-synchronous low earth orbit
- Diagnosing the loss of telemetry without access to said telemetry
- Engineering a solution to the diagnosed issue, including:
- figuring out how to upload new software without a feature intended for that task
- establishing a development and testing setup for flight software development years after the original setup was dismantled
- developing a patch to enable returning the satellite to an operational state and establish the ability to upload new flight software, while under the constraints posed by the lack of a proper upload method and without compromising the safety of the spacecraft
- Implementing this solution on the actual spacecraft in space
- A brief look at the current state of the spacecraft and remaining future tasks
Along the way, some of the fun and unexpected moments experienced while working with the 15 year old software and hardware will be shared. The talk is likely to be a mix of technical and non-technical. I hope to provide enough context so that you can follow without a background in space systems or computer security.
Additional information
| Live Stream | https://streaming.media.ccc.de/38c3/eins |
|---|---|
| Type | Talk |
| Language | English |
More sessions
| 12/27/24 |
I'm not big-brained enough to use cameras on Linux, so I decided to write my own camera stack (based on a real story).
|
| 12/27/24 |
Reverse engineering the Wi-Fi peripheral of the ESP32 to build an open source Wi-Fi stack.
|
| 12/27/24 |
Many developers know that the answer to "How do I debug this microcontroller" is either "JTAG" or "SWD". But what does that mean, exactly? How do you get from "Wiggling wires" to "Programming a chip" and "Halting on breakpoints"? This talk will cover how common debug protocols work starting from signals on physical wires, cover common mechanisms for managing embedded processors, and ending up at talking to various common microcontrollers.
|
| 12/27/24 |
The Iridium satellite (phone) network is evolving and so is our understanding of it. Hardware and software tools have improved massively since our last update at 32C3. New services have been discovered and analyzed. Let's dive into the technical details of having a lot of fun with listening to satellites.
|
| 12/27/24 |
The 530 tons and 63 meter tall Ariane 6 rocket finally launched on July 9th 2024 carrying our open-source developed payloads – the SIDLOC experiment and the satellite Curium One – into space. SIDLOC tested a new, open, low-power standard for identifying and precisely locating spacecraft whilst our satellite Curium One established an open-source baseline for larger CubeSat systems and allowed us to test a bunch of new technologies. From sourcing a launch opportunity to the final integration ...
|
| 12/27/24 |
Recent breakthroughs in machine learning have dramatically heightened the demand for cutting-edge computing chips, driving advancements in semiconductor technologies. At the forefront of this progress is Extreme Ultraviolet (EUV) lithography—a transformative method in microchip fabrication that enables the creation of ultra-small, high-performance devices. However, the path from raw materials to these state-of-the-art chips navigates a complex global supply chain riddled with technical ...
|
| 12/27/24 |
Custom silicon chips are black boxes that hold many secrets, like internal ROMs, security features and audio DSP algorithms. How does one start reverse engineer them? Let's look at the basics of silicon reverse engineering, what gate array chips are, and how some tooling can generate Verilog code automatically from a die shot.
|
