Classes - Beard

You are here: start » pixhawk » 2014 » redteam » getstarted



Getting Started

Hi! If you clicked this link, it's probably because you want to know how everything works! That's Great! Read this whole page, it will help a lot. On the Pi, most of what you need is located in the /home/pi/Perseusiii/ directory. It is probably a good idea to make a backup image of the pi's SD card once in a while. We did this once and it's located in ~/Work/Backups\ of\ the\ Pi/ on the base station (Persues III computer).

Linux Tips

Background Jobs

To run something in the background in linux put an & after the command. If you forgot to do this, you can press ctrl-z and then type bg. To view the jobs you have running in the background type jobs. To switch back to a job type fg n (where n is the job number).

Making a script executable

In order for a bash script to be executable, run the command “chmod +x” on the script, otherwise it won't be very useful.

4G Connection

To start the modem, plug it in and type “sudo wvdial 3gconnect &”. If this doesn't work, run the script in ~/Perseusiii/ The connection should then be established. To disconnect, switch back to the task (see above)and type ctrl-c.

There is a lot of work to be done here, we're not sure about if the pi has a firewall or if the modem may. We need to find this out so we can stream things to and from the Pi. You won't be able to do this from the Pi to the BYU network unless you set up a VPN though, because BYU has a hefty firewall. You may have to have someone setup port forwarding on their home computer to try streaming. Eventually, we will need another modem for the base station computer.

Note: Be Responsible! You have 3GB per Month

Because of the way T-Mobile works, a student from fall semester is the account holder for T-Mobile. Don't get him in trouble. If you see any messages about billing or exceeding data allotment, or anything out of the ordinary, contact him at

Streaming Video

Central to the mission of the project is the ability to stream video. We found that using gstreamer seemed to work really well. To use it, run the file called located in ~/Perseusiii/ on the Pi. This program must be started before you can run gst launcher in ~/Work/ on the Base Station. Sometimes you may need to run this multiple times to connect. If the IP address changes for any reason, or you are testing on another network, both files must be edited to point to the Pi's IP address.

This link shows the original page where we learned how to do it.

GPS Integration

Right now we're using a seperate GPS for the Pi. This is not ideal, so it would be good if you could figure out how to use mavlink to get the gps coordinates and feed them to gpsd (the linux gps daemon). Kismet needs gpsd to associate packets with lat/lon.

To start the gps system. first connect the gps to the appropriate pins on the pi.  You'll need 5V, Ground, UART TX and RX. Once you have made sure that you have connected it correctly navigate to ~/Perseusiii/ on the Pi and execute “sudo ./” This will start up the gps interface. Then you can type cgps -s to see if you are getting a signal (note that if you are doing this in the basement of the fletcher you won't get satellites unless you're sitting RIGHT BY the window).

Now that the GPS is linked into gpsd, as soon as you get a lock (blue light should blink) the gps will be usable by applications like kismet that use gpsd.

Using Kismet

Kismet is the program we have been using to search for wifi signals. I strongly recommend reading the actual documentation for the program, found at otherwise, it can be very confusing.

Remember: Be Responsible

You are responsible for what you do to the data. Do not do anything that would reflect poorly upon BYU or yourself, and be responsible! The packets you capture are not yours. Don't try to hack any networks that are not yours. Do not keep any of the data longer than necessary. Remove it after you are done.

After you run kismet you will get several files. To create a heat map you will need the gpsxml and netxml files. The pcapdump file is a copy of all the packets that you received.

Kismet on the Pi

On the Pi there are two ways to run kismet. You should run them from /usr/local/bin just typing kismet may cause problems in the future if there are updates to the Pi distribution. If you need to change the configuration files, (and you will) they are located in /usr/local/etc/ kismet.conf and kismet_drone.conf. kismet.conf is only used for running locally, this file will be read if you just run kismet. If you run kismet_drone (the client server version that can stream results back to the base station) then it will use kismet_drone.conf. There are two main things you need to know about this (which you can find by reading the man page or kismet documentation).

  1. How to change the IP addresses that kismet uses to transmit data to the base station, and also which computers are allowed to connect.
  2. How to add additional sources.

Kismet on the Base Station

Running kismet on the other side is fairly simple. This time, the configuration files are located in /etc/kismet/ and you can simply type kismet to run it. You will not be running the drone on this computer. The only things you may need to edit will be kismet.conf to tell the program what the ip address of the drone is. Again, read the documentation to learn how to do this.

Creating a Heat Map

Heatmapping utilities are found in ~/Work/Heatmapping/

Once you have run kismet and acquired the gpsxml and netxml files, copy them into this directory. Now you have two choices. will create a google earth readable file that shows your route and a dot for each network contacted. will create a heat map based on different networks contacted. It is also readable by google earth. This one takes a very long time. To shorten the time, I suggest using the -m and ESSID pattern options. For example: * python -m=NAMEOFOUTPUT [path/to/]SAMPLE_NAME [REGEX FOR NETWORKS YOU WANT] Look at the readme, or the link above for more info.

Other Options

You may want to look into parsing the xml file through matlab, just so it will go a bit quicker, I think the heatmap may be more accurate this way as well. Both above options seemed to be based on packets received rather than signal strength.

Using the Servos

The figure below and to the right shows how the PWM board connects to the Raspberry Pi (Green, Yellow, and Blue wires), battery source (Dark Red and Black wires), and servos (Orange, Light Red, and Brown). In order for the python script described below to drive the servos correctly, connect the servo wires to the ports labeled 14 and 15 on the PWM module.

PWM Pin Connections

The python code used to control the servos using the keystrokes 'a', 'w', 's', and 'd' can be found in the directory ~/MissionControl/ The full command to run this script is “sudo python” (when in the ~/MissionControl/ directory). This is a good start for creating a useful camera gimbal. Also, here are links to pages that contain documentation on the PWM board and gyroscope, accelerometer, and compass.