A tool which allows an attacker to change the time on a GPS-enabled NTP server by using spoofed NEMA sentences
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes
.gitignore
NMEAdesync.cfg
NMEAdesync.py
README.md
logging.cfg

README.md

NMEAdesync

NMEAdesync is a tool which will output NMEA sentences to stdout. Using socat you can redirect this output to NTPd and move time. NMEAdesync will be first prensented during a conference talk at BSidesCBR 2017.

NMEAdesync will send NMEA senetences with a spoof time to NTPd and also a spoofed PPS

Requirements

NTPd using NMEA data over serial as the time, with PPS for accuarete timing. I set up a Pi using this guide.

Running

  1. Configure the options in NMEAdesync.cfg
  2. Connect to the PPS wire to GPIO pint 25
  3. sudo rm /dev/gps0
  4. socat -d -d pty,raw,echo=0 "exec:/home/pi/NMEAdesync.py,pty,raw,echo=0"
  5. Note the pts number as will need to use it in the next step
  6. sudo ln -s /dev/pts/1 /dev/gps0
  7. Notice the time has changed
  8. Check pps sudo ppstest /dev/pps0