安全路透社
当前位置:安全路透社 > 网络转载 > 正文

渗透航空WiFi一些攻防姿势

45.png

如果有人跟你说,未来的飞机恐怖威胁事件根本无需这么麻烦,作案工具只需一台能轻松通过安检的笔记本电脑即可,你是否会对此感到即好奇又害怕呢?

起因

去年美国联邦航空管理局发出警告称,波音公司最新的787梦幻客机上的Wi-Fi设计存在漏洞,使得它很容易受到黑客攻击。而波音787梦幻客为乘客配备了Wi-Fi网络,不过波音的Wi-Fi网络和波音飞机的航空电子系统使用的是同一个网络,从而提高了黑客利用机内的网络就能劫持飞机导航系统,并可导致控制整架飞机的可能性。此种事情要是想发生,首先就必须要绕过防火墙,防火墙的作用是用来隔离乘客使用的Wi-Fi系统和航空电子系统,但防火墙并不是完全没有漏洞。当然更好的设计就是从物理上直接分离网络,这也使得飞机上的黑客不能从一个网络过渡到另一个网络上,也不能让黑客通过恶意软件和互联网远程连接到飞机的航空电子系统。由于乘客使用的Wi-Fi系统,使得这些飞机可以与外面的世界相连,最终导致危险的事情发生。而下面将要介绍的就是在连接无线网之后,对于流量的捕获分析,还有强制主页情况(如校园网里面的验证通常都是通过一个网页验证来完成,不管你点要访问哪一个网站,它都会强制给你转到我们设置的主页)。

故事开始

我乘坐塞尔维亚A319飞机时,发现该飞机存在WiFi网络,我很快注意到了这一点,后来通过相关信息了解到它和维珍航空网络设备一样,都使用松下网络设备,但A319飞机网络信息中没有填充以下字段

td_id_fltdata_wind_speed

td_id_fltdata_mach

td_id_fltdata_outside_air_temp

td_id_fltdata_date

td_id_flight_phase

td_id_route_id

td_id_media_date

我再次注意到上面信息td_id(0-1位置变化,我利用我的手机登陆到之前描述的主页(强制主页),点开之后是一个公告,这很亦可赛艇。GPS位置变化也有些单调,总体感觉像是航班实时跟踪。

35.png

39.png

海拔

我连接好WiFi之后,发现10000英尺是一个分水岭,低于那个高度就不会那么容易上网了,如图所示。

37.png

38.png

网络后台的深入

塞尔维亚航空虽然还没有鼓励用户去安装应用程序,但为了接下来的分析我决定下载一个APP,当然我是在没有登上飞机之前就做好的准备工作。下面就是程序代码(NexStreaming公司)

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<NexPlayerLicense version="2.0">

  <!-- Please feel free to delete the non-encrypted and readable

    list of supported app IDs given right under these lines ("SupportAppIDs" tag).

    The license file will be equally valid in this case -->

  <SupportAppIDs> 

    <appID>com.airserbia.mediaplayer.preview

    </appID>  

  </SupportAppIDs>

  <Config>

    rryafJd5zi2i2hmClx6YIyCyuQ4lHvQaMbdV7fJRjjj8wWJHMao6ZSYxOcuOGNw

    e6k88kWFfb3wQbTBIDVSmRDs2VwGu+DFsQGNt/dkcP2EN3CktTlAfFFCpUPKKfXr

    p2wLl/Ppq9kfLnFDWw3SYZ1gTBLdDlHwBFQxepUX/p53eb0qGKv501UdnR7T7FmC

    LaMFwF6DJWGsefHqQauUwKrAlnLKThyV9pI3m/7AkVsdqAlViiCZ0Jicc3VRf4m/

    G1dUw67LSVnYD0LIScRHx1SXYnBsw5pD+i8WQIDPv2WWNYQYj103LqlAxMLcwoYX

    twlRwN3YtHViuA7kWAHYdSOGBnDUyIgZfk8AzGrOs0oPS/mWYLEqJtogN8o41PHc

    hY4C4LQL6OYVmhQD2ZIfpGKUMN+i9M9RWAYv0HEYIzb7mnugOv9Xt35bC1N/gnnC

    HlO6WzjtSlYxpUcg1eYvMkZ1KcadJMahYP2tF+xUonF8LGwid98xRFFRbR47hcHH

    HCRwDWc7mRLcJKbTODMHr6+KKHkzn/21zacdvBZw06xE20B/O6+VHKRAtn4hO0uA

    ZG1vADqYltY7D1w2agZpRAFazw384cY84MSvDnq8MUYZQnicXi2kEk9LMTMKwzgZ

    OX9Kd+oThREr77lbno4xHISC2pTf8wlIBvK6l40KdGUCwY+uOFQdBRk2JR5juo39

    5wshDjae2iNfUXQRZh/hWmO/NogH4FwPTbGBHBmP2Gd+My8vVpzRpcuEUTZZRVvI

    RhHyFOz+8KlaLT9Fo3xCyEqZVoF3qQvN61BfNmD41aOTljgwwssBfLZJeAWCAFuH

    Q7vyd8jqYSb0y57hJmWEC+qeMMFs6FaDdRCxVzWX/LkeSfcFYxK2srLIKI1V9buG

    kkUoN2H/vy/Mr8aN+jHW0RmSozA3EYxyq2e3ZLe9ZdtGvT6QdGC3dIvM+bgISs8g

    /2vUw9rdNpnYVUNEFm/7hXMoyvMHnZmz3njZQwDFkFTHhSp/7F3OJZqQ943pSmuS

    VkbLFYVeTaAuX9upsOrVkMzVEi+qIFfaOKE0W5WQmlljZMt8P8DIgSBn16Y9Dugj

    ZX0dBqoE6ReyKGCy440tnVQjzAoqiFtu8huyMKiU/xnqeLvvE2xGvQxSBQC/Tuym

    4Ajh1DR+rpE17z4Jd8dS0ex6yxf75R2PpDhxieWiNp9cKQRCF4BVA/KDsbn88TF+

    XTfaMvuFFZa4Y0EmBAaXHyyOT7CgsHRRdRlUpnxVWvqKC1Ywfc7inY1sbGOw2s2/

    FZIpVG7oX8tuqoJiqnFz8NJPvjZ9F5cETCxRdqoEaPKzsyYnguuGeAMxDl2PRZ0X

    3b7jsoBrpQ7efMeyq94Ebd/EB0BgoWf8I4W/V5sFSOGY9CLHiiyG+RqDR9ySUHQk

    XIY33I5YT63ppYeuMNryRiBXk5N1RtxFLn6dhl1rkDemFxXFmnZrNwuD4fsZSZL7

    XVyoM+WEwmZ5q3y14hKdDtJwOnn8QohlLXBhEHQ8k7OKWvQTgbz4FgtWw/7s0aYM

    7tl7aafMQI7rWKr/82fVQ1TakPCYE0Huz4fTZQoKCz7eB0BWvid3XcN2WiE4YSUW

    MqdUBUc0VGMAULIn/JRjYP3EfjUK588oV4mT/tv8Yjkl9OB0Mdgk6rtdnP4jDdn3

    7+9hzU0PmnySdVhIPNLhRgjRSOBkXdtEIOmVbzkjLQeqthxLDWG8pHj+dD5+DoXO

    MCpC7qw2G25j/rMZVecTx+jnZHAiy9aLPhxrg/ZD7vXOmrTTpBlZAkqKSAGoV4ze

    qXumFDai+VdMFnsylQlfxC0adGcoREbRYzFnjEQXzhHnKQfh2NTQ9c/1LENn7ddg

    0Z37oeJ+kWoOD1VrDxxPK68zy+yFgnXiaGMYaforR4tUSd2kOK4c0oGE1t2n7l1w

    GhUsUhc4l/oYLFspn9HVK92UWlLEZP2AuuIaeKVqe9EdvVjSYxWcv3wfm33OEQmU

    XA6Cjkm6cxIXyrV3+ZDK3bPR6PAYd09+9crZGKvfS038Y9LyKBmNLOWG0K/NTm82

    ZYZk+6sjNdFrXDL0Va1JDv5XXgDRgMzs7Rf02tv0yCzmvDeFH+jwSKEO1EUeyAZm

    ZC98Bguw5L/NGsF+oNeZVYNxG3/EoxhcLO8ZCn+i8m0QwfC+yh04jQCPlpZcWBFa

    Fs9Zrgh0URewPnZn2urLLxZcu9wfgfr2zV5zldVWdoUSfa96AIrKXpY9vFpflk/0

    UEeqm/YjTHjF8lfy765hBd3B17OIXdF1/w61QQqfSTVAiZyNcWW+39wDnMDMKgEV

    yAc90LxUt3bRmx3W5hyn3AzWq5Gdh4H/JGXCyKwks9jq5labBcQl4GpcJOPTVs12

    Wju2hzqYHA2OFjtm3EkSklHark60RnunURs2/O6COXCc/Z+SNc6Qw0h1c0kpQPJO

    HDynh258VQV4DAodrgltPkFibR3RB9TrIRMIjeOSY/gJKk9EeusXPB2w0WoI68lP

    EU+oaAi9nWBVnUR7CL08FvHDUQbbbcvIcpIvoMPJDsQYvPvgM5LXA4thzRPTuXud

    l48p2y8DlMMMY1ziaHq5aZgXD5O+G9oxkveKXYZxlkEwWYHEg2kDV1tG+2MpeIux

    q1dQEf2v2BzpIDGFHQVYci6+7VYjlioG4vBRAbrHAkct4ouZJJwZfhtfHEivXqqF

    yeGtnB8lv1IDBaCcmHd7ahbdjrvqgJR5P6EX8Pc4gWyDyGipvDadJ8orQ2T9AGth

    htiss+XfdhLiSvlErh9uGgfAazKs36SZj5/IEQo2L5NllcAwbGkXeRI/EQs1W5DV

    WAEtSWQzapIrRVosQ0lulcvsXdclM+KvL/NlvD7ZHGGY=

  </Config>

</NexPlayerLicense>

值得注意的是,应用程序是一个很关键的事情,它被用来和松下网络设备一起使用

Owner: CN=Panasonic

Issuer: CN=Panasonic

Serial number: 5ca3f33f

Valid from: Mon May 11 22:22:04 BST 2015 until: Tue Apr 17 22:22:04 BST 2114

Certificate fingerprints:

   MD5:  A0:AD:33:3C:AC:4A:CE:B8:03:B5:76:9F:97:DD:0E:7F

   SHA1: 05:8B:4C:27:91:82:48:63:05:19:42:16:DE:27:38:26:D2:31:2B:6C

   SHA256: C2:CA:55:DB:98:71:33:6C:62:16:00:89:CC:D9:FE:5B:71:6B:00:46:75:98:4C:55:47:F5:9F:DD:46:DD:EE:14

   Signature algorithm name: SHA256withRSA

   Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 41 EA 03 D1 F8 64 4F B7   21 C1 4E 43 FD A4 ED BD  A....dO.!.NC....

0010: 49 DE 21 4F                                        I.!O

]

]

而这一点也越发的明显,我可以看到安卓应用程序组件名称(com.pac.dummyairline.ACTIVITY)还有服务器部分(aero.panasonic.inflight.services.ifeaodservice.IfeAodService以及aero.panasonic.inflight.remote.service),逆向分析程序之后,可以得到很多有关aero.panasonic.inflight.信息,还有很多网址信息,而这个过程也会得到如下信息

private static final String AIR_SERVER_HOST_NAME = "api.airpana.com";

private static final String GRND_SERVER_HOST_NAME = "cadev.panasonic.aero";

private static final String SERVICE_INFLIGHT_PANASONIC_AERO = "services.inflightpanasonic.aero";

需要注意的是,上面出现的信息cadev.panasonic.aero是访问网络的关键(GRND_SERVER为主机名称),在文件(aero/panasonic/inflight/services/service/ServerRequestGenerator.java )下会出现更多的外部链接

METHOD_GET_CHALLENGE = "/inflight/services/auth/v1/challenge";

METHOD_GET_VALIDATE_TOKEN = "/inflight/services/auth/v1/validate_token";

METHOD_POST_SOLUTION = "/inflight/services/auth/v1/solution";

AI_MULTI_AIRPORT_INFO_MSG = "/inflight/services/airport_info/v1/multi_airport_info";

AI_URL_AIRPORT_INFO_BASE = "/inflight/services/airport_info/v1/";

A_ANALYTICS_MSG = "/inflight/services/analytics/v1/log";

A_URL_ANALYTICS_BASE = "/inflight/services/analytics/v1/";

COMPONENT_UPLOAD_URL_BASE = "/inflight/services/cmi/lms/v2/";

CREW_AUTHENTICATION_URL_BASE = "/inflight/services/cmi/auth/login/";

EXTV_METADATA_AVAILABLE_STATIONS_MSG = "/inflight/services/extv_metadata/v1/stations";

EXTV_METADATA_BASE = "/inflight/services/extv_metadata/v1/";

EXTV_METADATA_COMMISSIONING_STATUS_MSG = "/inflight/services/extv_metadata/v1/commissioning_status";

EXTV_METADATA_STATION_STATUS_MSG = "/inflight/services/extv_metadata/v1/station_status";

FD_FLIGHTDATA_MSG = "/inflight/services/flightdata/v2/flightdata";

FD_URL_FLIGHTDATA_BASE = "/inflight/services/flightdata/v2/";

FMI_FLIGHT_MAP_AVIALABLE_RESOLUTION_MSG = "/inflight/services/maps/v1/flight_map";

FMI_FLIGHT_MAP_IMAGE_MSG = "/inflight/services/maps/images/";

FMI_URL_FLIGHTMAP_IMAGE_BASE = "/inflight/services/maps/";

FMI_URL_FLIGHTMAP_RESOLUTION_BASE = "/inflight/services/maps/v1/";

HSP_CATALOGS = "/inflight/services/catalogs/hospitality/browse/v1/catalogs";

HSP_CATEGORIES = "/inflight/services/catalogs/hospitality/browse/v1/categories";

HSP_IMAGES = "/inflight/services/catalogs/hospitality/browse/v1/images/";

HSP_ITEMS = "/inflight/services/catalogs/hospitality/browse/v1/items";

HSP_URL_BASE = "/inflight/services/catalogs/hospitality/browse/v1/";

MD_IMAGES_MSG = "/inflight/services/metadata/v1/images/";

MD_METADATA_CATEGORY_MEDIA_MSG = "/inflight/services/metadata/v1/category_media";

MD_METADATA_CATEGORY_MSG = "/inflight/services/metadata/v1/categories";

MD_METADATA_CHILD_MEDIA_MSG = "/inflight/services/metadata/v1/child_media";

MD_METADATA_MSG = "/inflight/services/metadata/v1/media_metadata";

MD_METADATA_SEARCH_MSG = "/inflight/services/metadata/v1/search";

MD_URL_MEDIA_METADATA_BASE = "/inflight/services/metadata/v1/";

PACKAGE_UPLOAD = "/inflight/services/cmi/lms/v2/lms_package_upload";

PC_PARENTAL_CONTROL_RATING_ALL_MSG = "/inflight/services/parental_control/v1/ratings";

PC_PARENTAL_CONTROL_RATING_MSG = "/inflight/services/parental_control/v1/rating";

PC_URL_PARENTAL_CONTROL_BASE = "/inflight/services/parental_control/v1/";

SD_AVAILABLE_SERVICE_MSG = "/inflight/services/service_discovery/v1/servicesservices";

SD_URL_SERVICE_DISCOVERY_BASE = "/inflight/services/service_discovery/v1/services";

SEAT_PAIRING_INITIATE_MSG = "/inflight/services/remote_comm/v1/initiate_pair";

SEAT_PAIRING_INITIATE_WITH_PASSCODE_MSG = "/inflight/services/remote_comm/v1/ped_pair";

SEAT_PAIRING_MODE_MSG = "/inflight/services/remote_comm/v1/switch_pair_mode";

SEAT_PAIRING_STATUS_MSG = "/inflight/services/remote_comm/v1/pair_status_v2";

SEAT_PAIRING_UNPAIR_MSG = "/inflight/services/remote_comm/v1/ped_unpair";

SEAT_REMOTE_CONTROL_MSG = "/inflight/services/remote_comm/v1/send_message";

SH_CATALOGS = "/inflight/services/catalogs/shopping/browse/v1/catalogs";

SH_CATEGORIES = "/inflight/services/catalogs/shopping/browse/v1/categories";

SH_IMAGES = "/inflight/services/catalogs/shopping/browse/v1/images/";

SH_INVT_ITEM = "/inflight/services/cmi/catalogs/shopping/inventory/v1/item";

SH_INVT_ITEM_ADST = "/inflight/services/cmi/catalogs/shopping/inventory/v1/adjust_item_quantity";

SH_INVT_ITEM_LIST = "/inflight/services/cmi/catalogs/shopping/inventory/v1/all_items/";

SH_INVT_URL_BASE = "/inflight/services/cmi/catalogs/shopping/inventory/v1/";

SH_ITEMS = "/inflight/services/catalogs/shopping/browse/v1/items";

SH_URL_BASE = "/inflight/services/catalogs/shopping/browse/v1/";

SP_URL_SEAT_PAIRING_BASE = "/inflight/services/remote_comm/v1/";

SYS_AVAILABLE_SER_INFO_MSG = "/inflight/services/service_control/v1/all_services";

SYS_URL_SYS_INFO_BASE = "/inflight/services/service_control/v1/";

注意文件( aero/panasonic/inflight/services/ifeservice/ServerEventList.java ),在分析APP中,发现似乎使用不同的JSON字段在网站中

private static final String SERVER_ALTITUDE = "core.flightdata.altitude_feet";

    private static final String SERVER_CURRENT_COORDINATES = "core.flightdata.current_coordinates";

    private static final String SERVER_DECOMPRESSION = "core.flightdata.td_id_decompression";

    private static final String SERVER_DEPARTURE_COORDINATES = "core.flightdata.departure_coordinates";

    private static final String SERVER_DEPARTURE_IATA = "core.flightdata.departure_iata";

    private static final String SERVER_DEPARTURE_ICAO = "core.flightdata.departure_icao";

    private static final String SERVER_DEPARTURE_UTC_OFFSET = "core.flightdata.departure_utc_offset_minutes";

    private static final String SERVER_DESTINATION_COORDINATES = "core.flightdata.destination_coordinates";

    private static final String SERVER_DESTINATION_IATA = "core.flightdata.destination_iata";

    private static final String SERVER_DESTINATION_ICAO = "core.flightdata.destination_icao";

    private static final String SERVER_DESTINATION_UTC_OFFSET = "core.flightdata.destination_utc_offset_minutes";

    private static final String SERVER_DISTANCE_COVERED_PERCENTAGE = "core.flightdata.distance_covered_percentage";

    private static final String SERVER_DISTANCE_FROM_DEPARTURE = "core.flightdata.distance_from_departure_nautical_miles";

    private static final String SERVER_DISTANCE_TO_DESTINATION = "core.flightdata.distance_to_destination_nautical_miles";

    private static final String SERVER_ESTIMATED_ARRIVAL_TIME = "core.flightdata.estimated_arrival_time_utc";

    private static final String SERVER_FLIGHT_MAP_UPDATE = "core.maps.map_update";

    private static final String SERVER_FLIGHT_NUMBER = "core.flightdata.flight_number";

    private static final String SERVER_FLIGHT_SPEED_MACH = "core.flightdata.flight_speed_mach";

    private static final String SERVER_GROUND_SPEED = "core.flightdata.ground_speed_knots";

    private static final String SERVER_HEAD_WIND_SPEED = "core.flightdata.head_wind_speed_knots";

    private static final String SERVER_LOCAL_NETWORK_AVAILABLE = "local.network.available";

    private static final String SERVER_LOCAL_NETWORK_UNAVAILABLE = "local.network.unavailable";

    private static final String SERVER_NOP = "core.event_server.nop";

    private static final String SERVER_OUTSIDE_AIR_TEMPERATURE = "core.flightdata.outside_air_temp_celsius";

    private static final String SERVER_PA = "core.flightdata.td_id_x2_pa_state";

    private static final String SERVER_PA_ANNOUNCEMENT = "core.flightdata.passenger_anouncement";

    private static final String SERVER_PA_ANNOUNCEMENT_NONMANDATORY = "core.flightdata.passenger_anouncement_nonmandatory";

    private static final String SERVER_ROUTE_ID = "core.flightdata.route_id";

    private static final String SERVER_TAIL_NUMBER = "core.flightdata.tail_number";

    private static final String SERVER_TAKEOFF_TIME = "core.flightdata.takeoff_time_utc";

    private static final String SERVER_TIME_AT_DESTINATION = "core.flightdata.time_at_destination";

    private static final String SERVER_TIME_AT_ORIGIN = "core.flightdata.time_at_origin";

    private static final String SERVER_TIME_TO_DESTINATION = "core.flightdata.time_to_destination_minutes";

    private static final String SERVER_TRUE_HEADING = "core.flightdata.true_heading_degree";

    private static final String SERVER_WEIGHT_ON_WHEELS = "core.flightdata.weight_on_wheels";

    private static final String SERVER_WIND_DIRECTION = "core.flightdata.wind_direction_degree";

    private static final String SERVER_WIND_SPEED = "core.flightdata.wind_speed_knots";

我在前一段时间曾经在美国乘坐维珍航空的飞机,在几个小时的旅行中,我连接了飞机上的无线网络,笔记本电脑在连接WiFi之后,页面跳转到一个关于支付系统的界面,而我的卡里钱并没有多少,我还注意到电脑上的流量情况,并用浏览器(输入地址http://api.airpana.com/inflight/services/flightdata/v1/flightdata)发送请求(GET请求),还有利用软件工具进行分析,得到的返回信息,同时我每到10秒钟便开始抓取流量数据,并存储到本地空间。

{

"td_id_decompression":"0",

"td_id_weight_on_wheels":"0",

"td_id_x2_pa_state":"0",

"td_id_fltdata_ground_speed":"0528",

"td_id_fltdata_time_to_destination":"0228",

"td_id_fltdata_wind_speed":"-026",

"td_id_fltdata_mach":"0857",

"td_id_fltdata_true_heading":"0068",

"td_id_fltdata_gmt":"0422",

"td_id_fltdata_outside_air_temp":"8044",

"td_id_fltdata_head_wind_speed":"",

"td_id_fltdata_date":"00260716",

"td_id_fltdata_distance_to_destination":"00001926",

"td_id_fltdata_altitude":"00041002",

"td_id_fltdata_present_position_latitude":"00050405",

"td_id_fltdata_present_position_longitude":"80051148",

"td_id_fltdata_destination_latitude":"00051280",

"td_id_fltdata_destination_longitude":"80000265",

"td_id_fltdata_destination_id":"EGLL",

"td_id_fltdata_departure_id":"KJFK",

"td_id_fltdata_flight_number":"VS046",

"td_id_fltdata_destination_baggage_id":"LHR",

"td_id_fltdata_departure_baggage_id":"JFK",

"td_id_airframe_tail_number":"G-VBZZ",

"td_id_flight_phase":"7",

"td_id_gmt_offset_departure":"80005.00",

"td_id_gmt_offset_destination":"00000.00",

"td_id_route_id":"43",

"td_id_fltdata_distance_from_origin":"00001120",

"td_id_fltdata_estimated_arrival_time":"0910",

"td_id_fltdata_time_at_takeoff":"002607160213",

"td_id_fltdata_departure_latitude":"00040375",

"td_id_fltdata_departure_longitude":"80073465",

"td_id_pdi_fltdata_departure_iata":"",

"td_id_pdi_fltdata_departure_time_scheduled":"",

"td_id_pdi_fltdata_arrival_iata":"",

"td_id_fltdata_wind_direction":"0267",

"td_id_media_date":"20160726",

"td_id_extv_channel_listing_version":""

下面还是如上文一样,高度之间的关系曲线图。

40.png

41.png

42.png

如上文一样,航班实时跟踪。

43.png

44.png

我下载了登陆页面文件(e.g. engine_min.js (1.1M)以及inflight.js),并尝试对它们进行分析,飞机进行飞行时,可以看出下面信息(7、8位置飞行信息)

FlightPhase: {

                UNKNOWN: 0,

                POWER_UP: 1,

                ENGINES_START: 2,

                TAKE_OFF_POWER: 3,

                ACCELERATING: 4,

                LIFT_OFF: 5,

                CLIMB: 6,

                CRUISING: 7,

                DESCENDING: 8,

                APPROACH: 9,

                GO_AROUND: 10,

                FLARE: 11,

                TOUCHDOWN: 12,

                TAXI_TO_STOP: 13,

                ENGINES_STOP: 14,

                MAINTENANCE: 15

            }

我发现程序中一个疑问,就是关于飞机飞行信息(没有用0作为初始,而是用8作为初始计算点),于是在后面分析时发现如下程序

 r = function(a) {

            var c = parseFloat(a.slice(1, 5)),

                c = c + parseFloat(a.slice(5, 7)) / 60,

                c = c + parseFloat(a.slice(7)) /

                600;

            "8" === a[0] && (c *= -1);

            return c

        },

在以后的查找信息过程中,会发现各种各样的飞行信息

 

z = {

            ALTITUDE_FEET: "altitude_feet",

            CURRENT_COORDINATES: "current_coordinates",

            DISTANCE_FROM_DEPARTURE_NAUTICAL_MILES: "distance_from_departure_nautical_miles",

            DISTANCE_TO_DESTINATION_NAUTICAL_MILES: "distance_to_destination_nautical_miles",

            GROUND_SPEED_KNOTS: "ground_speed_knots",

            FLIGHT_SPEED_MACH: "flight_speed_mach",

            TIME_TO_DESTINATION_MINUTES: "time_to_destination_minutes",

            OUTSIDE_AIR_TEMP_CELSIUS: "outside_air_temp_celsius"

        };

在完整查看上面文件代码之后,我发送URL请求(利用函数),并得到(grep 命令很多相关网站信息,如下

baseURL:InFlight.makeServiceURL("/event/v1/eventstream")

h=InFlight.makeServiceURL("/network/v1/ping"),

url:InFlight.makeServiceURL("/airport_info/v1/multi_airport_info?icao_codes="+c.icao_codes+"&"), 

url:InFlight.makeServiceURL("/analytics/v1/log"),

url:InFlight.makeServiceURL("/apiapi/v1/index"),

url:InFlight.makeServiceURL("/captcha/v1/new_challenge")

url:InFlight.makeServiceURL("/captcha/v1/solution"),

url:InFlight.makeServiceURL("/exconnect/v1/status")

url:InFlight.makeServiceURL("/exconnect/v1/enable_device_for_whitelist")

url:InFlight.makeServiceURL("/exconnect/v1/check_captcha_requirement"),

url:InFlight.makeServiceURL("/exconnect/v1/wisp"),

url:InFlight.makeServiceURL("/exconnect/v1/device_state")

url:InFlight.makeServiceURL("/extv_metadata/v1/commissioning_status")

url:InFlight.makeServiceURL("/extv_metadata/v1/stations"),

url:InFlight.makeServiceURL("/extv_metadata/v1/station_status"),

url:InFlight.makeServiceURL("/flightdata/v1/flightdata")

url:InFlight.makeServiceURL("/livetextnews/v1/providers"),

url:InFlight.makeServiceURL("/livetextnews/v1/categories"),

url:InFlight.makeServiceURL("/livetextnews/v1/article"),

url:InFlight.makeServiceURL("/livetextnews/v1/current_weather"),

url:InFlight.makeServiceURL("/livetextnews/v1/forecast_weather"),

url:InFlight.makeServiceURL("/maps/v1/flight_map")

url:InFlight.makeServiceURL("/metadata/v1/media_keytype_count"),

url:InFlight.makeServiceURL("/metadata/v1/categories"),

url:InFlight.makeServiceURL("/metadata/v1/category_media"),

url:InFlight.makeServiceURL("/metadata/v1/media_metadata"),

url:InFlight.makeServiceURL("/metadata/v1/child_media"),

url:InFlight.makeServiceURL("/one_media/v1/banner"),

url:InFlight.makeServiceURL("/one_media/v1/interstitial"),

e=InFlight.makeServiceURL("/payment/v1/form",!0),

url:InFlight.makeServiceURL("/payment/v1/get_token",!0),

url:InFlight.makeServiceURL("/cmi/payment/v1/all_orders"),

url:InFlight.makeServiceURL("/cmi/payment/v1/order"),

url:InFlight.makeServiceURL("/cmi/payment/v1/void_orders"),

url:InFlight.makeServiceURL("/cmi/payment/v1/refund"),

url:InFlight.makeServiceURL("/cmi/payment/v1/generate_comp_code"),

url:InFlight.makeServiceURL("/cmi/payment/v1/update_comp_code"),

url:InFlight.makeServiceURL("/cmi/payment/v1/all_comp_codes"),

url:InFlight.makeServiceURL("/cmi/payment/v1/delete_comp_code"),

url:InFlight.makeServiceURL("/cmi/payment/v1/validate_crew_id"),

url:InFlight.makeServiceURL("/ppv/v1/check_payment_requirement",!0),

url:InFlight.makeServiceURL("/ppv/v1/check_purchase_requirement",!0),

url:InFlight.makeServiceURL("/ppv/v1/purchase",!0),

url:InFlight.makeServiceURL("/ppv/v2/check_payment_requirement",!0),

url:InFlight.makeServiceURL("/ppv/v2/check_purchase_requirement",!0),

url:InFlight.makeServiceURL("/ppv/v2/purchase",!0),

url:InFlight.makeServiceURL("/cmi/route_control/v1/data"),

url:InFlight.makeServiceURL("/status/v1/status")

FlightView survey曾对美国600个乘客进行调查,结果只有28%的乘客对机内WiFi服务感到满意。而美国《消费者报告》全国调查中心的最新研究显示,事实上很少乘客在使用空中Wi-Fi。根据3000名乘客的为期1年的调查问卷显示,只有23%的人想链接机上的Wi-Fi,也只有16%的人真正地连上了。而连接上的人当中有37%表示有时会有中断或网速不稳定的情况。乘坐飞机在高空飞行时终于可以无线上网了,虽然这是一件高兴的事儿,不过对于整个飞机上网这件事来说,依然存在着不少问题。

重中之重的就是飞机飞行的安全问题,无线网络存在被入侵的风险。美国一位网络安全专家就曾登上飞机,通过WiFi黑掉了飞机的安全系统,并且声称能够在飞行过程中不知不觉的关闭引擎并让机舱内的灯保持常亮状态,如果想要让乘客上网,那么WiFi就需要开放,而免费WiFi难以收回成本,其实,在飞机上无线上网,是未来必然的发展趋势。众多的航空公司也在向这方面发展,不过受制于改造成本较高,目前正在逐步对自家的飞机进行改造。相信不久的将来,安全问题会逐渐解决并提供更、更安全好的无线网络。

*参考来源:networksaremadeofstring(1,2),饭团君编译

未经允许不得转载:安全路透社 » 渗透航空WiFi一些攻防姿势

赞 (0)
分享到:更多 ()

评论 0

评论前必须登录!

登陆 注册