Fake GPS with a HackRF One

With the HackRF One it is posible to send a fake GPS signal to other devices.

You need the following parts:
– HackRF One (can also be a Chinese clone)
– External TCXO (as GPS needs high precision)
– Antenna (best is a dedicated GPS antenna)
– GNU Radio and HackRF tools

sudo apt install gnuradio libhackrf0 hackrf libhackrf-dev

Check if you see 0x01 with (means TXCO is installed):

hackrf_debug --si5351c -n 0 -r

1. Download the GPS-SDR-SIM software

git clone https://github.com/osqzss/gps-sdr-sim.git

2. Compile it


3. Get the current satellite positions from NASA
*New: Updated URL, 03.03.2021* (Thanks for the information Ye-Sheng Kuo)

  1. Create an account on https://urs.earthdata.nasa.gov/
  2. Make a file called .netrc with the following content:
    machine urs.earthdata.nasa.gov login <username> password <password>

    replace <username> and <password> with your credentials on Earthdata.

  3. Change the file permission with
    sudo chmod 004 .netrc

    so that no one can access your username and password.

You can automate this with this script (inside an .sh file):

day=$(date +%j)
year=$(date +%Y)
yr=$(date +%y)

curl -c /tmp/cookie -n -L -o "brdc""$day""0.$yr""n.Z" "https://cddis.nasa.gov/archive/gnss/data/daily/$year""/brdc/brdc""$day""0.$yr""n.gz"

uncompress "brdc""$day""0.$yr""n.Z"
echo "brdc""$day""0.$yr""n.Z"

4. Generate the signal file with the static position (coordinates) you want to send

./gps-sdr-sim -b 8 -e YOUR_BRDC_FILE_HERE -l 40.812800,-60.005900,100

5. Send the signal

sudo hackrf_transfer -t gpssim.bin -f 1575420000 -s 2600000 -a 1 -x 0

You can also generate routes in the form of an NMEA file with the Labsat simulator: https://www.labsat.co.uk/index.php/en/free-gps-nmea-simulator-software

More information: https://github.com/osqzss/gps-sdr-sim
Please use this responsively. Bear in mind that it can have an impact on other devices if you send it outside a closed circuit.