software defined radio 101
play

Software Defined Radio 101 Mike Saunders @hardwaterhacker About - PowerPoint PPT Presentation

Software Defined Radio 101 Mike Saunders @hardwaterhacker About Mike Started IT in 1998 Security since 2007 Avid ice fisherman http://nickolaylamm.com/ Signals Around Us Cell phones (900/1,800/1,900 MHz) Police & military


  1. Software Defined Radio 101 Mike Saunders @hardwaterhacker

  2. About Mike • Started IT in 1998 • Security since 2007 • Avid ice fisherman

  3. http://nickolaylamm.com/

  4. Signals Around Us • Cell phones (900/1,800/1,900 MHz) • Police & military comms (varied) • Wifi (2.4 & 5 GHz) • Satellite comms (varied) • Bluetooth (2.4 GHz) • Cordless phones (1.7/27/43-50/900 MHz, 1.9/2.4/5.8 GHz) • Zigbee (2.4 GHz) • Radar (varied) • Broadcast TV (54 - 900 MHz) • Car remotes (315 / 433 MHz) • Pagers (35/43/152/157/163/454/462/929 MHz) • Garage door openers (310/315/390 MHz) • ADSB (978/1090 MHz) • TV remotes (varied) • AIS (162 MHz) • Wireless presenter remotes (varied) • HAM radio (varied) • Etc. etc. etc.

  5. What is SDR? • Radios used to be implemented in hardware • Software Defined Radio - software tunes receiver hardware to desired frequency • Additional software can decode transmission to reveal data • Signals can be transmitted with certain hardware

  6. What You Need • Hardware • rtl, HackRF One, Ubertooth One, Yardstick, Funcube, etc. • Antenna • Software • GNU Radio, SDR#, GQRX, etc.

  7. Getting Started - Hardware • Generic RTL2832U / R820T • ≈ $15 • 25 - 1700 MHz • RX only

  8. Getting Started - Hardware • Generic RTL2832U / R820T • Aluminum case limits noise • ≈ $25 • 25 - 1700 MHz • RX only

  9. Getting Started - Hardware • HackRF One • ≈ $330 • 10 MHz - 6GHz • TX & RX • 20M samples/second

  10. Getting Started - Software • Windows • SDR#, HDSDR, SDR-RADIO.COM • Mac & Linux • GNU Radio, GQRX, Linrad • Android • SDR Touch, Wavesink Plus, RFAnalyzer

  11. Getting Started - SDR# • SDR# - www.airspy.com • Quick start guide - http://www.rtl-sdr.com/rtl-sdr- quick-start-guide/

  12. Getting Started - Tuning • http://www.nws.noaa.gov/nwr/coverage/station_listing .html • https://www.youtube.com/watch?v=gFXMbr1dgng

  13. Getting Started - FM Radio

  14. Common Problems • Don’t forget to install Zadig driver with generic RTL • Some USB 3.0 ports don’t work well • Issues with USB passthrough in VMs • Frequency drift due to temperature differences (non- TCXO chipset)

  15. SDR# Common Problems • Slower processors = dropped samples, choppy audio • Even an issue in VMs on more powerful hardware • HDSDR is harder to use, but less overhead

  16. SDR# Common Problems

  17. ID an unknown signal • Spend time sweeping through frequencies • Search for known frequencies at radioreference.com • Look up signal waterfall on sigidwiki.com

  18. • Signal @ 152.480 Mhz

  19. radioreference.com

  20. FCC License Search

  21. Search Results

  22. Review Frequencies

  23. Review Registration

  24. Check SigIDWiki Captured sample waterfall SigIDWiki Reference

  25. Legal Disclaimer • I am not a lawyer, this may or may not be illegal • Research and decide for yourself • 18 U.S.C § 2511 • 18 U.S.C § 2510

  26. Decoding Pages • Walk through: • http://www.rtl-sdr.com/rtl-sdr-tutorial-pocsag-pager-decoding/ • You need: • SDR# • VBCable • http://vb-audio.pagesperso-orange.fr/Cable/index.htm • PDW • http://www.discriminator.nl/pdw/index-en.html

  27. More Common Problems

  28. More Common Problems

  29. PHI/PII Galore

  30. Houston, we have a problem

  31. Now *That’s* Interesting

  32. Look! Free Voicemail!

  33. Next Steps • Garage door hacking - http://samy.pl/opensesame/ • Ding Dong Ditch - http://samy.pl/dingdong/ • Decode a signal using GNU Radio

  34. Wrap Up • Get started cheap • All kinds of signals to listen to and analyze • Be responsible with what you find • Report issues

  35. Resources • http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/ • http://www.radioreference.com/apps/db/ • http://www.sigidwiki.com/wiki/Database • http://wireless2.fcc.gov/UlsApp/UlsSearch/searchAdv anced.jsp • Noise Floor - @0xabad1dea - https://www.youtube.com/watch?v=5N1C3WB8c0o

  36. Resources • https://www.trendmicro.de/cloud-content/us/pdfs/security- intelligence/white-papers/wp-leaking-beeps-healthcare.pdf • https://www.trendmicro.de/cloud-content/us/pdfs/security- intelligence/white-papers/wp_leaking-beeps-industrial.pdf • http://www.fieldxp.com/ - Book series on SDR & GNURadio • https://www.blackhat.com/docs/us-14/materials/us-14- Picod-Bringing-Software-Defined-Radio-To-The- Penetration-Testing-Community.pdf

  37. Resources • http://gnuradio.org/redmine/projects/gnuradio/wiki/Gu ided_Tutorial_Introduction

  38. Questions? • mike@hardwatersecurity.com • https://hardwatersec.blogspot.com • @hardwaterhacker

Recommend


More recommend