User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
mission:log:2014:11:05:hacking-rf-controlled-power-switches-with-hackrf-and-gnuradio [2014/11/05 12:42] – [Analysis] chronomission:log:2014:11:05:hacking-rf-controlled-power-switches-with-hackrf-and-gnuradio [2014/12/09 18:34] (current) – [Identification] chrono
Line 39: Line 39:
 These bands therefore have a much higher probability of carrying our signal candidate than the rest of the available RF spectrum, so let's target the usual ISM suspects first. In Europe 433 and 868 MHz are commonly used for remote controls (even cranes), data/sensor telemetry (weather stations and the like) and much more.  These bands therefore have a much higher probability of carrying our signal candidate than the rest of the available RF spectrum, so let's target the usual ISM suspects first. In Europe 433 and 868 MHz are commonly used for remote controls (even cranes), data/sensor telemetry (weather stations and the like) and much more. 
  
-Let's pick 433 MHz, fire up osmocom_fft, gqrx, SDRangelove or any other SDR receiver with a spectrum analyzer/waterfall display tuned to 433 MHz. +Let's pick 433 MHz first, fire up osmocom_fft, gqrx, SDRangelove or any other SDR receiver with a spectrum analyzer/waterfall display tuned to 433 MHz. 
  
 <code> <code>
Line 92: Line 92:
 |  111111111111111100000000011101010  |  111111111111111100000000011100110  | |  111111111111111100000000011101010  |  111111111111111100000000011100110  |
  
-The whole process took a little less than an hour, just using GNU Radio and a HackRF (could have been done with an RTL-SDR device as well. The next steps will be covered in Episode II, where we can try to reproduce this pattern with a transmitter we'll build with GNU Radio. This will also serve as a chance to try something I'd like to call **Full Band Replay Attack**. +The whole process took a little less than an hour, just using GNU Radio and a HackRF (could have been done with an RTL-SDR device as well. The next steps will be covered in Episode II, where we can try to reproduce this pattern with a transmitter we'll build with GNU Radio. This will also serve as a chance to try something I'd like to call:
  
-Instead of trying to find the specific frequency and modulation and to build a transmitter for it, it should be equally feasible to just capture the whole ISM band and try to send it as it was received (replay). This would be a very crude approach requiring almost no knowledge but could be disastrously fast and effective when applied successfully, in many situations.+**Full Band IQ Replay Attack**.  
 + 
 +Instead of trying to find specific frequencies and modulations in order to build a narrow target transmitter, it should be equally feasible to just "record" a wide target band by capturing 10MSps raw IQ data and try to send this raw IQ data as it was received (replay). This would be a very crude approach requiring almost no knowledge about the specific implementation but could be disastrously fast and effective when applied successfully, in many situations.
  
 <WRAP round tip> <WRAP round tip>
 **Related Mission-Logs:**\\ **Related Mission-Logs:**\\
-[[mission:log:2012:05:06:rtlsdr-osmosdr-gnuradio-fm-receiver]]\\ + 
-[[mission:log:2012:08:02:active-wideband-receiver-antenna-for-sdr]]\\ +  * [[mission:log:2012:05:06:rtlsdr-osmosdr-gnuradio-fm-receiver]]\\ 
-[[mission:log:2014:08:08:darc-side-of-munich-hunting-fm-broadcasts-for-bus-and-tram-display-information-on-90-mhz]]+  [[mission:log:2012:08:02:active-wideband-receiver-antenna-for-sdr]]\\ 
 +  [[mission:log:2014:08:08:darc-side-of-munich-hunting-fm-broadcasts-for-bus-and-tram-display-information-on-90-mhz]]
 </WRAP> </WRAP>
  
-{{tag>hackrf rf gnuradio sdr ism band frequency analysis research rtl-sdr security}}+{{tag>hackrf rf gnuradio grc sdr ism band frequency analysis research rtl-sdr security}}
  
-{{keywords>Apollo-NG apollo next generation hackerspace hacker space research development makerspace fablab diy community open-resource open resource mobile hackbus hackrf gnuradio sdr ism band frequency analysis research rtl-sdr rf security}}+{{keywords>Apollo-NG apollo next generation hackerspace hacker space research development makerspace fablab diy community open-resource open resource mobile hackbus hackrf gnuradio grc sdr ism band frequency analysis research rtl-sdr rf security}}
  
 ~~DISCUSSION~~ ~~DISCUSSION~~