SkyJack is a drone engineered to autonomously seek out, hack, and wirelessly take full control over any other drones within wireless or flying distance, creating an army of zombie drones under your control.
Update: Proof of Concept of SkyJack for 3D Robotics drones using the TI CC1111 chipsets [August 2015]
The update uses a sub-GHz RF transciever to predict frequency hopping pattern + ID of 3DR telemetry modules, allowing full remote takeover of nearby drones, similar to the Parrot attack (with no wifi required).
by @SamyKamkar // code@samy.pl // http://samy.pl // Dec 2, 2013
Code available on github
Today Amazon announced they're planning to use unmanned drones to deliver some packages to customers within five years. Cool! How fun would it be to take over drones, carrying Amazon packages…or take over any other drones, and make them my little zombie drones. Awesome.
Using a Parrot AR.Drone 2, a Raspberry Pi, a USB battery, an Alfa AWUS036H wireless transmitter, aircrack-ng, node-ar-drone, node.js, and my SkyJack software, I developed a drone that flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.
SkyJack also works when grounded as well, no drone is necessary on your end for it to work. You can simply run it from your own Linux machine/Raspberry Pi/laptop/etc and jack drones straight out of the sky.
You can acquire SkyJack from github: https://github.com/samyk/skyjack
SkyJack (available from github) is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in order to get its wifi card into monitor mode, detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses node.js with node-ar-drone to control zombie drones.
I detect drones by seeking out any wireless connections from MAC addresses owned by the Parrot company, which you can find defined in the Registration Authority OUI.
I use aircrack-ng to put our wireless device into monitor mode to find our drones and drone owners. I then use aireplay-ng to deauthenticate the true owner of the drone I'm targeting. Once deauthenticated, I can connect as the drone is waiting for its owner to reconnect.
I use node-ar-drone to control the newly enslaved drone via Javascript and node.js.
The Parrot AR.Drone 2 is the drone that flies around seeking other drones, controlled from an iPhone, iPad or Android, and is also the type of drone SkyJack seeks out in order to control. SkyJack is also capable of seeking out Parrot AR.Drone version 1.
The Parrots actually launch their own wireless network which is how the owner of the drone connects. We take over by deauthenticating the owner, then connecting now that the drone is waiting for its owner to connect back in, exploiting the fact that we destroyed their wireless connection temporarily.
I use a Raspberry Pi to drive the project as it's inexpensive, reasonably light, has USB, and runs Linux.
I use the Alfa AWUS036H wireless card which supports raw packet injection and monitor mode which allow me to deauthenticate users who are legitimately connected to their drones.
I also use the Edimax EW-7811Un wireless USB adapter in order for SkyJack to launch its own network. This allows me to connect to SkyJack from my laptop or iPad and watch all the other drones as they're being controlled.
I suggest any USB battery which is light (under 100 grams), and can output close to an amp (1000mAh). The Raspberry Pi + wifi will likely use about this much juice. You could also possibly hook up three AAA batteries together to get about 4.5V out which would be a bit lighter, though I'm not sure how much current it will be able to output.
Feel free to contact me with any questions!
You can reach me at code@samy.pl.
Follow @SamyKamkar on Twitter or check out http://samy.pl for my other projects.