Others have asked about my project so I've decided to post as it progresses. What I am attempting to do is send a Chumby Hacker Board up on a UAV to map wireless networks. This method is much more convenient than driving along in a car. I've broken this project into few milestones.

* Get the CHB setup to scan and dump wireless networks.
* Build a drone, since I have never done so.
* Mount the CHB along with APM and all the needed electronics on the drone.
* Split the GPS connection to the CHB.

First, why I chose the Chumby Hacker Board? Well, to be honest it is the cheapest Linux computer I have seen small enough to fit on a small drone. I've looked into Gumstix, but they are far too expensive in comparison. CHB is also extremely ecofriendly--more like battery friendly. Gumstix are much more powerful and thus use more energy. Pico-sized motherboards would have the same problems as Gumstix, and to a much higher degree. I will post again on each of these sections as I work on them.

Setup for the CHB
The CHB comes with 3 USB ports, which is the perfect amount if there are plans for 1 wireless module, 1 USB GPS connection, and 1 USB APM connection. For the wireless module I chose something that uses the RT73 driver. I found the D-Link DWG-122 to be very cheap and nicely made because there is a small U.FL connector for an antenna built right on the board. I found some refurbished DWG-122 on eBay for about $8 each with free shipping.

I set up my CHB using the serial connection (FTDI). I compiled all of the tools from source on the CHB itself using a USB drive to transfer the tarballs. The tools you will need are: falconwing compiler for CHB, perl, python, openssl, aircrack-ng, libnl, pkg-config, iw, and for fun, elinks. The falconwing, perl, python, and libnl can be found on the CHB source list (http://files.chumby.com/source/) and everything else can be found on their respected websites.

In my opinion, the CHB partition structure is a bit whacky, and there are tutorials on how to “fix” it. I didn’t bother with it because I think that if you need to “fix” it, why is it shipped like that? So I just worked with the structure installing everything to /mnt/storage, which is the microSD card.

Here is a complete log of how I compiled them all:

#set filesystems from read-only to read/writemount -o remount,rw /

#set the date and time
date -s "2011-01-31 20:58"

#extract Perl binaries
cd /mnt/usb
tar xfz usr_arm_ext3.tgz -C /mnt/storage
#create a symbolic link to the storage directory for binaries
ln -s /mnt/storage/usr /psp/usr

#add the symbolic link to the global PATH variable
export PATH=/psp/usr/sbin:/psp/usr/bin:$PATH

#extract Python binarries (appears to actually be 2.6.3 --whatever)
tar xfj python_chumby_2.7.1.tar.bz2 -C /mnt/storage

#copy and extract toolchain from silvermoon
#might work for falconwing, not sure yet (it should)
#cp /mnt/usb/silvermoon_toolchain.sh /mnt/storage
cp /mnt/usb/falconwing_toolchain.sh /mnt/storage
cd /mnt/storage

#move back to usb and extract openssl
#NOTE: aircrack-ng uses functions that were deprecated in openssl v 1.0.0c
#Use version 0.9.8q
cd /mnt/usb/
tar xfz openssl-0.9.8q.tar.gz -C /mnt/storage

#move to openssl-0.9.8q and config
cd /mnt/storage/openssl-0.9.8q/
#use the prefix to store the binaries on /mnt/storage in order to not modify /usr
#plus, there probably isn't enough room on /usr unless the partitions have been
#successfully modified
./config --prefix=/mnt/storage && make && make install

#move back to usb and extract aircrack-ng
cd /mnt/usb/
tar xfz aircrack-ng-1.1.tar.gz -C /mnt/storage
cd /mnt/storage/aircrack-ng-1.1
#first, the common.mak file needs to be edited
vi common.mak
#now change the following line
-I/mnt/storage/openssl-0.9.8q/include/ -L/mnt/storage/openssl-0.9.8q/
#this points to the openssl headers for compilation
make && make install DESTDIR=/mnt/storage
#add the new bin dirs to the PATH variable
export PATH=/mnt/storage/usr/local/bin:/mnt/storage/usr/local/sbin:$PATH

#libnl (netlink library) from Chumby sources, a dependantcy of iw
cd /mnt/usb
tar xfz libnl-2.0.tar.gz -C /mnt/storage/
cd /mnt/storage/
./configure --prefix=/mnt/storage && make && make install
#set the PKG_CONFIG_PATH variable for iw
export PKG_CONFIG_PATH=/mnt/storage/libnl-2.0

#pkg-config is also required for compiling iw (detects the version of libnl)
cd /mnt/usb
tar xfz pkg-config-0.25.tar.gz -C /mnt/storage/
cd /mnt/storage/pkg-config-0.25
./configure && make && make install

#now compile and install new iw-0.9.22.tar.bz2
cd /mnt/usb/
tar xfj iw-0.9.22.tar.bz2 -C /mnt/storage
cd /mnt/storage/iw-0.9.22/
make && make install DESTDIR=/mnt/storage
export PATH=/mnt/storage/usr/sbin:$PATH

#elinks web browser (optional)
cd /mnt/usb/
tar xfz elinks-0.11.7.tar.gz -C /mnt/storage/
cd /mnt/storage/elinks-0.11.7/
./configure --prefix=/mnt/storage && make && make install

Now you’ll want to create a boot up script to start up airodump-ng when the CHB starts up. The CHB uses the path /psp/rfs1 for boot up scripts. It will automatically start the script if you name it userhook1.

Using this blog post (http://zerocold.co.uk/?p=463) you can convert the dumps from airodump-ng to a format that Google Earth will recognize. This conversion can and should be done on the ground using your UAV to harvest the data.
E-mail me when people leave their comments –

You need to be a member of diydrones to add comments!

Join diydrones


  • Hi!! nice post!! 

    Its basically a CHB tutorial you got here :)

    Now, my question, do you have plans to send commands from the CHB to the ATM??? in positive case, have you code something??? 

    I'm telling you, because I'm trying to do it, but not using a APM, I'm using a Multiwii....


  • @Ethan

    that make sense. But be careful with the freq scheme used.

    Be aware of what telemetry and RC freq do you use in order to not interfere with wifi signal.

  • That's exactly what I was thinking. Was going to run the WiFi antenna down one arm, telemetry down another, and the RC Rx down a third.
  • yes pretty neat, yes

    It would be interesting to know what ant setup you are using.

    Maybe a patch ant (of about 10dBi) pointing downwards will be nice.

  • That's a pretty neat project. I was worried about using a plane to do this due to higher speeds compared to a quadcopter. I'm probably going to build a quadcopter first since I've never built nor flown a drone or RC aircraft. Quadcopters seem a bit easier to me...plus I've already redesigned the standard quad frame to fit a CHB. That will be one of my next posts.
  • Yeah, lets send our drones for warflying!


    Some google searching showed that to my surprise

    1) warflying term is already on the wikipedia.link, although it doesn't refer to RC flying.

    2) that some interesting work have already done on RC warflying AND "penetration testing",

    guess which autopilot they were using? Ardupilot. LINK

  • Ah cool. I guess that's good news because I like the term warflying.
  • As far as I know wardriving is just that: scanning for wireless APs.

    However, it's true that some wardriving sw also sports utils for breaking into scanned ntwrks, presumably used for security testing.


  • @Ritchie

    I didn't say anything about breaking into wireless networks. Scanning and mapping networks is legal. Don't you scan for wireless networks on your laptop or mobile phone occasionally?


    Warflying sounds cool indeed, but I wouldn't call it that since it's just scanning for networks.

  • I dont think he means warflying just finding networks, am i right?? I'll start working on this as soon as i get the board. Others have all ready fixed wifi.
This reply was deleted.