Wondering if this targets RamSat or it could be an attempt of communication with another satellite that happens to be visible at the same time with yours and using the same framing.
It did happen twice, though.
https://network.satnogs.org/observations/6215376/
https://network.satnogs.org/observations/6215378/
They are within two hours, though. It happens with Meteor M2 and NOAA-19, but not two hours apart. Plus, the attacker is likely using a yagi (I think?), so that would probably not have enough beamwidth to reach two satellites 10 degrees apart (in my opinion).
Indeed, but have in mind that if two satellites are in similar orbit and/or similar height in a LEO orbit they tend to meet ~every 90min (one orbit around the globe) over the same place, and on those observations the time difference is 90min.
Yes, but I think not at the same azimuth/elevation?
I may be wrong, though 
Yes different azimuth and elevation but in the field of view of the same station.
EDIT: just to be clear, I’m not saying that this is necessarily the case here, just to have this scenario in mind for a future analysis. 
1 Like
@pethornton Would it be possible to configure RamSat to store the “malicious” packets onboard and then downlink them to see the contents?
Just curious
EDIT: Are you also aware of the next downlink opportunity?
Thank you for your diligent replies!
Hello Team… I’ve seen this happen before in my data… I set an observation and recorded it in my data… Nothing extra I did but schedule an observation. Below is some of what I got back, just thought it was Ramsat using an invalid security key. Maybe I was catching the signal back when others were playing 
®h¦–@`†¢@@@@áðRamSat: Invalid security key.
1 Like
Be aware that the attacker would have the same curiousity. The downlinked data could aid their hacking efforts.
1 Like
I’m not sure I understand… the attacker is sending the malicious packets!
Yes, but they might not know how the satellite is interpreting the packets.
1 Like
Thanks, all, for the discussion of possibilities. To be clear, no harm has been done, and the system in theory is robust to this sort of poking, intentional or otherwise. The security key is strong. However, as our first mission for this (or any) flight software, I’m not keen to have it needlessly tested. I was really hoping to hear from @usugas or @usugasteam .
@mfalkvidd is making a good point about not wanting to give too much detail on the system interpretation of unauthorized commands. The details I already gave can be obtained easily through our public github repo for the flight software. In any case @jupitersaturn09 the flight software does not have an “echo command” function for bad commands, and no capability for reprogramming in flight.
@vi3wroy4l we had a few examples very early in the mission, maybe July or August last year, where we saw this pattern while the satellite was over western N. America. Your station could have picked that up. I’m not sure if you would be seeing the same responses that show up recently in the USU GAS station in Utah. On another note, @vi3wroy4l thank you for all the work you’ve done at your station to track RamSat! I’m trying to think of how to thank the top observers more personally, but thought I’d take this opportunity to let you know we very much appreciate your help.
6 Likes
@pethornton Thank you so much for the confirmation! I’m so glad Rammy is ok up there Also, could you please link the repo? I can’t seem to find it…
Just tracked RamSat over its NA passage. 7 frames decoded.
1 Like
I did some looking thru Ramsat’s data from the satnogs DB. (Only downloaded the last month. And I found that even back on 2022-06-26 there were attempts to access it.
SatNOGS Network - Observation 6133535 - 2022-06-26 07:46 - RamSat: Invalid security key.
SatNOGS Network - Observation 6186023 - 2022-07-08 08:15 - RamSat: ERROR - received packet too short.
SatNOGS Network - Observation 6206907 - 2022-07-13 22:20 - RamSat: ERROR - received packet too short.
Plus the other two we know about already.
https://network.satnogs.org/observations/6215376/
https://network.satnogs.org/observations/6215378/
I am thinking of downloading all the data and checking it but not sure if there is any point in it.
1 Like
Okay, So I went thru all the data from the Satnogs DB and found the following times that RamSat: Invalid security key showed up.
Some of these are probably the team actually trying to command it and just having link issues imo. (Since some are right after successful command or in the first observations in satnogs at all.)
2022-07-14 09:03 SatNOGS Network - Observation 6215378
2022-07-14 07:30 SatNOGS Network - Observation 6215376
2022-06-26 07:46 SatNOGS Network - Observation 6131601
2022-06-03 00:53 SatNOGS Network - Observation 6021834
2022-03-22 17:50 SatNOGS Network - Observation 5662749
2022-03-11 08:11 SatNOGS Network - Observation 5603839
2022-02-26 08:57 SatNOGS Network - Observation 5533915
2022-02-26 07:22 SatNOGS Network - Observation 5538568
2022-02-14 14:55 SatNOGS Network - Observation 5468509
2022-01-23 21:59 SatNOGS Network - Observation 5347678
2022-01-02 10:56 SatNOGS Network - Observation 5234018
2022-01-02 09:20 SatNOGS Network - Observation 5233901
2021-11-09 08:29 SatNOGS Network - Observation 4977980
2021-08-20 10:41 SatNOGS Network - Observation 4596058
2021-08-17 20:51 SatNOGS Network - Observation 4586457
2021-08-08 15:21 SatNOGS Network - Observation 4538745
2021-07-25 21:53 SatNOGS Network - Observation 4478133
2021-06-29 08:21 SatNOGS Network - Observation 4341959
2021-06-14 21:54 SatNOGS Network - Observation 4266847
3 Likes
Thank you! I can plug this into some software and try to triangulate the attacker’s position just for fun
Thanks @KD9KCK for pulling this list together. Any of the occurrences on the east coast of North America could be related to our team, either sending incorrect command strings, or maybe weak signals that get a bit scrambled at the edges of our pass. The occurrences on the west coast, and a couple in the vicinity of Hungary, would have to originate elsewhere. Interestingly, the earliest occurrence on your list was on 14 June 2021, the day we deployed from ISS. It was either that event or the one on 29 June 2021, that let us know the receive module and command handler code were probably working correctly. We were struggling at that time to make an uplink connection, and we weren’t sure if the problem was at the ground station or at the satellite. So although I recall being a bit alarmed that someone was trying to uplink and had the frequency, I was also relieved to know that the space components seemed to be working correctly.
3 Likes
You’re welcome… Though I know I don’t get to much data to send, I may be more of a “Hey your Sat was spotted rippin across the West Coast Canada” kinda station 
2 Likes
For observers on the east coast of North America, we’ll be doing some downlink work on a pass starting today (20 June) at 21:33 UTC.
4 Likes