Software Defined Radio 101 Mike Saunders @hardwaterhacker About - - PowerPoint PPT Presentation

software defined radio 101
SMART_READER_LITE
LIVE PREVIEW

Software Defined Radio 101 Mike Saunders @hardwaterhacker About - - PowerPoint PPT Presentation

Mar 11, 2023 101 likes •548 views

Software Defined Radio 101 Mike Saunders @hardwaterhacker About Mike Started IT in 1998 Security since 2007 Avid ice fisherman http://nickolaylamm.com/ Signals Around Us Cell phones (900/1,800/1,900 MHz) Police & military

slide-1
SLIDE 1

Software Defined Radio 101

Mike Saunders @hardwaterhacker

slide-2
SLIDE 2

About Mike

  • Started IT in 1998
  • Security since 2007
  • Avid ice fisherman
slide-3
SLIDE 3
slide-4
SLIDE 4

http://nickolaylamm.com/

slide-5
SLIDE 5

Signals Around Us

  • Cell phones (900/1,800/1,900 MHz)
  • Wifi (2.4 & 5 GHz)
  • Bluetooth (2.4 GHz)
  • Zigbee (2.4 GHz)
  • Broadcast TV (54 - 900 MHz)
  • Pagers (35/43/152/157/163/454/462/929

MHz)

  • ADSB (978/1090 MHz)
  • AIS (162 MHz)
  • HAM radio (varied)
  • Police & military comms (varied)
  • Satellite comms (varied)
  • Cordless phones (1.7/27/43-50/900 MHz,

1.9/2.4/5.8 GHz)

  • Radar (varied)
  • Car remotes (315 / 433 MHz)
  • Garage door openers (310/315/390 MHz)
  • TV remotes (varied)
  • Wireless presenter remotes (varied)
  • Etc. etc. etc.
slide-6
SLIDE 6
slide-7
SLIDE 7
slide-8
SLIDE 8

What is SDR?

  • Radios used to be implemented in hardware
  • Software Defined Radio - software tunes receiver

hardware to desired frequency

  • Additional software can decode transmission to reveal

data

  • Signals can be transmitted with certain hardware
slide-9
SLIDE 9

What You Need

  • Hardware
  • rtl, HackRF One, Ubertooth One, Yardstick,

Funcube, etc.

  • Antenna
  • Software
  • GNU Radio, SDR#, GQRX, etc.
slide-10
SLIDE 10

Getting Started - Hardware

  • Generic RTL2832U / R820T
  • ≈ $15
  • 25 - 1700 MHz
  • RX only
slide-11
SLIDE 11

Getting Started - Hardware

  • Generic RTL2832U / R820T
  • Aluminum case limits noise
  • ≈ $25
  • 25 - 1700 MHz
  • RX only
slide-12
SLIDE 12

Getting Started - Hardware

  • HackRF One
  • ≈ $330
  • 10 MHz - 6GHz
  • TX & RX
  • 20M samples/second
slide-13
SLIDE 13
slide-14
SLIDE 14

Getting Started - Software

  • Windows
  • SDR#, HDSDR, SDR-RADIO.COM
  • Mac & Linux
  • GNU Radio, GQRX, Linrad
  • Android
  • SDR Touch, Wavesink Plus, RFAnalyzer
slide-15
SLIDE 15

Getting Started - SDR#

  • SDR# - www.airspy.com
  • Quick start guide - http://www.rtl-sdr.com/rtl-sdr-

quick-start-guide/

slide-16
SLIDE 16
slide-17
SLIDE 17

Getting Started - Tuning

  • http://www.nws.noaa.gov/nwr/coverage/station_listing

.html

  • https://www.youtube.com/watch?v=gFXMbr1dgng
slide-18
SLIDE 18

Getting Started - FM Radio

slide-19
SLIDE 19

Common Problems

  • Don’t forget to install Zadig driver with generic RTL
  • Some USB 3.0 ports don’t work well
  • Issues with USB passthrough in VMs
  • Frequency drift due to temperature differences (non-

TCXO chipset)

slide-20
SLIDE 20

SDR# Common Problems

  • Slower processors = dropped samples, choppy audio
  • Even an issue in VMs on more powerful hardware
  • HDSDR is harder to use, but less overhead
slide-21
SLIDE 21

SDR# Common Problems

slide-22
SLIDE 22
slide-23
SLIDE 23

ID an unknown signal

  • Spend time sweeping through frequencies
  • Search for known frequencies at radioreference.com
  • Look up signal waterfall on sigidwiki.com
slide-24
SLIDE 24
  • Signal @ 152.480 Mhz
slide-25
SLIDE 25

radioreference.com

slide-26
SLIDE 26

FCC License Search

slide-27
SLIDE 27

Search Results

slide-28
SLIDE 28

Review Frequencies

slide-29
SLIDE 29

Review Registration

slide-30
SLIDE 30

Check SigIDWiki

Captured sample waterfall SigIDWiki Reference

slide-31
SLIDE 31

Legal Disclaimer

  • I am not a lawyer, this may or may not be illegal
  • Research and decide for yourself
  • 18 U.S.C § 2511
  • 18 U.S.C § 2510
slide-32
SLIDE 32

Decoding Pages

  • Walk through:
  • http://www.rtl-sdr.com/rtl-sdr-tutorial-pocsag-pager-decoding/
  • You need:
  • SDR#
  • VBCable
  • http://vb-audio.pagesperso-orange.fr/Cable/index.htm
  • PDW
  • http://www.discriminator.nl/pdw/index-en.html
slide-33
SLIDE 33

More Common Problems

slide-34
SLIDE 34

More Common Problems

slide-35
SLIDE 35

PHI/PII Galore

slide-36
SLIDE 36

Houston, we have a problem

slide-37
SLIDE 37

Now *That’s* Interesting

slide-38
SLIDE 38

Look! Free Voicemail!

slide-39
SLIDE 39

Next Steps

  • Garage door hacking - http://samy.pl/opensesame/
  • Ding Dong Ditch - http://samy.pl/dingdong/
  • Decode a signal using GNU Radio
slide-40
SLIDE 40

Wrap Up

  • Get started cheap
  • All kinds of signals to listen to and analyze
  • Be responsible with what you find
  • Report issues
slide-41
SLIDE 41

Resources

  • http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/
  • http://www.radioreference.com/apps/db/
  • http://www.sigidwiki.com/wiki/Database
  • http://wireless2.fcc.gov/UlsApp/UlsSearch/searchAdv

anced.jsp

  • Noise Floor - @0xabad1dea -

https://www.youtube.com/watch?v=5N1C3WB8c0o

slide-42
SLIDE 42

Resources

  • https://www.trendmicro.de/cloud-content/us/pdfs/security-

intelligence/white-papers/wp-leaking-beeps-healthcare.pdf

  • https://www.trendmicro.de/cloud-content/us/pdfs/security-

intelligence/white-papers/wp_leaking-beeps-industrial.pdf

  • http://www.fieldxp.com/ - Book series on SDR & GNURadio
  • https://www.blackhat.com/docs/us-14/materials/us-14-

Picod-Bringing-Software-Defined-Radio-To-The- Penetration-Testing-Community.pdf

slide-43
SLIDE 43

Resources

  • http://gnuradio.org/redmine/projects/gnuradio/wiki/Gu

ided_Tutorial_Introduction

slide-44
SLIDE 44

Questions?

  • mike@hardwatersecurity.com
  • https://hardwatersec.blogspot.com
  • @hardwaterhacker