Software Defined Radio 101 Mike Saunders @hardwaterhacker
About Mike • Started IT in 1998 • Security since 2007 • Avid ice fisherman
http://nickolaylamm.com/
Signals Around Us • Cell phones (900/1,800/1,900 MHz) • Police & military comms (varied) • Wifi (2.4 & 5 GHz) • Satellite comms (varied) • Bluetooth (2.4 GHz) • Cordless phones (1.7/27/43-50/900 MHz, 1.9/2.4/5.8 GHz) • Zigbee (2.4 GHz) • Radar (varied) • Broadcast TV (54 - 900 MHz) • Car remotes (315 / 433 MHz) • Pagers (35/43/152/157/163/454/462/929 MHz) • Garage door openers (310/315/390 MHz) • ADSB (978/1090 MHz) • TV remotes (varied) • AIS (162 MHz) • Wireless presenter remotes (varied) • HAM radio (varied) • Etc. etc. etc.
What is SDR? • Radios used to be implemented in hardware • Software Defined Radio - software tunes receiver hardware to desired frequency • Additional software can decode transmission to reveal data • Signals can be transmitted with certain hardware
What You Need • Hardware • rtl, HackRF One, Ubertooth One, Yardstick, Funcube, etc. • Antenna • Software • GNU Radio, SDR#, GQRX, etc.
Getting Started - Hardware • Generic RTL2832U / R820T • ≈ $15 • 25 - 1700 MHz • RX only
Getting Started - Hardware • Generic RTL2832U / R820T • Aluminum case limits noise • ≈ $25 • 25 - 1700 MHz • RX only
Getting Started - Hardware • HackRF One • ≈ $330 • 10 MHz - 6GHz • TX & RX • 20M samples/second
Getting Started - Software • Windows • SDR#, HDSDR, SDR-RADIO.COM • Mac & Linux • GNU Radio, GQRX, Linrad • Android • SDR Touch, Wavesink Plus, RFAnalyzer
Getting Started - SDR# • SDR# - www.airspy.com • Quick start guide - http://www.rtl-sdr.com/rtl-sdr- quick-start-guide/
Getting Started - Tuning • http://www.nws.noaa.gov/nwr/coverage/station_listing .html • https://www.youtube.com/watch?v=gFXMbr1dgng
Getting Started - FM Radio
Common Problems • Don’t forget to install Zadig driver with generic RTL • Some USB 3.0 ports don’t work well • Issues with USB passthrough in VMs • Frequency drift due to temperature differences (non- TCXO chipset)
SDR# Common Problems • Slower processors = dropped samples, choppy audio • Even an issue in VMs on more powerful hardware • HDSDR is harder to use, but less overhead
SDR# Common Problems
ID an unknown signal • Spend time sweeping through frequencies • Search for known frequencies at radioreference.com • Look up signal waterfall on sigidwiki.com
• Signal @ 152.480 Mhz
radioreference.com
FCC License Search
Search Results
Review Frequencies
Review Registration
Check SigIDWiki Captured sample waterfall SigIDWiki Reference
Legal Disclaimer • I am not a lawyer, this may or may not be illegal • Research and decide for yourself • 18 U.S.C § 2511 • 18 U.S.C § 2510
Decoding Pages • Walk through: • http://www.rtl-sdr.com/rtl-sdr-tutorial-pocsag-pager-decoding/ • You need: • SDR# • VBCable • http://vb-audio.pagesperso-orange.fr/Cable/index.htm • PDW • http://www.discriminator.nl/pdw/index-en.html
More Common Problems
More Common Problems
PHI/PII Galore
Houston, we have a problem
Now *That’s* Interesting
Look! Free Voicemail!
Next Steps • Garage door hacking - http://samy.pl/opensesame/ • Ding Dong Ditch - http://samy.pl/dingdong/ • Decode a signal using GNU Radio
Wrap Up • Get started cheap • All kinds of signals to listen to and analyze • Be responsible with what you find • Report issues
Resources • http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/ • http://www.radioreference.com/apps/db/ • http://www.sigidwiki.com/wiki/Database • http://wireless2.fcc.gov/UlsApp/UlsSearch/searchAdv anced.jsp • Noise Floor - @0xabad1dea - https://www.youtube.com/watch?v=5N1C3WB8c0o
Resources • https://www.trendmicro.de/cloud-content/us/pdfs/security- intelligence/white-papers/wp-leaking-beeps-healthcare.pdf • https://www.trendmicro.de/cloud-content/us/pdfs/security- intelligence/white-papers/wp_leaking-beeps-industrial.pdf • http://www.fieldxp.com/ - Book series on SDR & GNURadio • https://www.blackhat.com/docs/us-14/materials/us-14- Picod-Bringing-Software-Defined-Radio-To-The- Penetration-Testing-Community.pdf
Resources • http://gnuradio.org/redmine/projects/gnuradio/wiki/Gu ided_Tutorial_Introduction
Questions? • mike@hardwatersecurity.com • https://hardwatersec.blogspot.com • @hardwaterhacker
Recommend
More recommend