User Tools

Site Tools


Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
mission:log:2014:11:05:hacking-rf-controlled-power-switches-with-hackrf-and-gnuradio [2014/12/06 12:19]
chrono
mission:log:2014:11:05:hacking-rf-controlled-power-switches-with-hackrf-and-gnuradio [2014/12/09 18:34] (current)
chrono [Identification]
Line 39: Line 39:
 These bands therefore have a much higher probability of carrying our signal candidate than the rest of the available RF spectrum, so let's target the usual ISM suspects first. In Europe 433 and 868 MHz are commonly used for remote controls (even cranes), data/sensor telemetry (weather stations and the like) and much more.  These bands therefore have a much higher probability of carrying our signal candidate than the rest of the available RF spectrum, so let's target the usual ISM suspects first. In Europe 433 and 868 MHz are commonly used for remote controls (even cranes), data/sensor telemetry (weather stations and the like) and much more. 
  
-Let's pick 433 MHz, fire up osmocom_fft, gqrx, SDRangelove or any other SDR receiver with a spectrum analyzer/waterfall display tuned to 433 MHz. +Let's pick 433 MHz first, fire up osmocom_fft, gqrx, SDRangelove or any other SDR receiver with a spectrum analyzer/waterfall display tuned to 433 MHz. 
  
 <code> <code>
Line 92: Line 92:
 |  111111111111111100000000011101010  |  111111111111111100000000011100110  | |  111111111111111100000000011101010  |  111111111111111100000000011100110  |
  
-The whole process took a little less than an hour, just using GNU Radio and a HackRF (could have been done with an RTL-SDR device as well. The next steps will be covered in Episode II, where we can try to reproduce this pattern with a transmitter we'll build with GNU Radio. This will also serve as a chance to try something I like to call **Full Band IQ Replay Attack**. +The whole process took a little less than an hour, just using GNU Radio and a HackRF (could have been done with an RTL-SDR device as well. The next steps will be covered in Episode II, where we can try to reproduce this pattern with a transmitter we'll build with GNU Radio. This will also serve as a chance to try something I'like to call
 + 
 +**Full Band IQ Replay Attack**. 
  
 Instead of trying to find specific frequencies and modulations in order to build a narrow target transmitter, it should be equally feasible to just "record" a wide target band by capturing 10MSps raw IQ data and try to send this raw IQ data as it was received (replay). This would be a very crude approach requiring almost no knowledge about the specific implementation but could be disastrously fast and effective when applied successfully, in many situations. Instead of trying to find specific frequencies and modulations in order to build a narrow target transmitter, it should be equally feasible to just "record" a wide target band by capturing 10MSps raw IQ data and try to send this raw IQ data as it was received (replay). This would be a very crude approach requiring almost no knowledge about the specific implementation but could be disastrously fast and effective when applied successfully, in many situations.
Line 98: Line 100:
 <WRAP round tip> <WRAP round tip>
 **Related Mission-Logs:**\\ **Related Mission-Logs:**\\
-[[mission:log:2012:05:06:rtlsdr-osmosdr-gnuradio-fm-receiver]]\\ + 
-[[mission:log:2012:08:02:active-wideband-receiver-antenna-for-sdr]]\\ +  * [[mission:log:2012:05:06:rtlsdr-osmosdr-gnuradio-fm-receiver]]\\ 
-[[mission:log:2014:08:08:darc-side-of-munich-hunting-fm-broadcasts-for-bus-and-tram-display-information-on-90-mhz]]+  [[mission:log:2012:08:02:active-wideband-receiver-antenna-for-sdr]]\\ 
 +  [[mission:log:2014:08:08:darc-side-of-munich-hunting-fm-broadcasts-for-bus-and-tram-display-information-on-90-mhz]]
 </WRAP> </WRAP>