Hijack FM Radio Stations with a Raspberry Pi [Tutorial]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

a broadcast signal intrusion is a condition that allows a hacker to temporarily take over a radio signal within a local area it turns out you can create this condition on a Raspberry Pi and using a wire take over any radio broadcast in the FM range we'll show you how this works on this episode of cyber weapons lab [Music] [Applause] [Music] most people believe what they hear on the radio but using a Raspberry Pi and a wire you can easily overwhelm any receiver in the area including in cars restaurants or anyone else's listening to the radio now the way this works is by temporarily overwhelming the signal that the legitimate station is broadcasting allowing us to play whatever we want over that station and make it seem like it's what they're broadcasting now whether that's misleading alerts or news that's not right or even a targeted broadcast it all is pretty much the same when it comes to taking over devices in a nearby area now before you get too excited you should know that in most countries this is very legal because you are intentionally interfering with a lawful broadcast and that means that up without a license you could be doing a lot of damage because this does not generate a clean broadcast now what that means is that this creates a square wave which basically outputs a lot of radio energy on bandwidth so that and wavelengths that it really shouldn't be which could include medical devices or police frequencies or other things that you really wouldn't want to mess with so because of this if you want to try this out in a local area you can even just go ahead and take the wire off of pin 4 which you can count from the outside top 1 2 3 4 in and just using the pin itself it's actually enough to get a couple maybe 12 inches of range from your receiver so if you just put your PI pretty close you can avoid interfering with your neighbors or anyone else nearby and practice this without causing a big fuss now you'll need to make sure that you have Kali Linux running on your Raspberry Pi and pretty much any wire including this breadboard wire will do although we used a piece of speaker wire and in general a solid core wire will be better because it has less resistance than a braided wire once you have that we can begin now in order to follow this guide you'll need to first follow our guide to setting up a headless Raspberry Pi with Kali Linux this will allow us to run all these commands in debian and although you can also run this on raspbian we have all this setup for Kali so you can just and follow our last guy because it also includes two critical steps first is the ability to login without putting in a password and second is automatically starting an SSH server now if you follow this our old guide then that should allow all those things to be in place and you'll be able to start your phone's hotspot and then just connect your PI automatically that means that from your phone or from your laptop you'll be able to connect to your Raspberry Pi via SSH now once you've completed this tutorial on setting up your headless Raspberry Pi make sure that it's been connected to the wireless network before that you want it to connect to you because once you do it the first time it'll save it and automatically connect every time after that and also make sure that you put the wire that you're going to be using as an antenna on the fourth pin now once all that is done we'll need to find the Raspberry Pi on the network and we can use nmap to do that so we'll go ahead and type sudo and map tack P and then 22 to search for port 22 which is SSH I'm going to use the network range here which is 192 168 0 0 / 24 once that scan returns we should see one open SSH port and we'll use that to log in to our Raspberry Pi to control it once we do that we'll be able to install PI RDS which will let's see we'll be able to install PI FM RDS which will allow us to broadcast on any FM channel that we want within reason I don't think we can go too high over I think 100 megahertz something like that but we'll take a look and see what we can do so once this is done we can see that there is a port 22 open on the IP address 192 168 0 35 so we will type ssh route at and then the IP address that you found on your network for the Raspberry Pi in our case 1 & 2 1 6 8 0 35 and when we press Enter it'll ask us if we want to accept the key so we'll type yes to accept the ssh key then we'll need to supply the password which in this case is the default to RT oor once we're inside we can see our fancy splash screen which lets us know that we've successfully logged in and we'll be able to go ahead and install what we need to run high RDS so the first thing we'll need to do is install any prerequisite libraries and in this case lips and file one tak dev is very important to make sure you have so go ahead and run sudo apt-get install lips and file dot dev to make sure that this works you should already have RPI mailbox because that's included in Kali Linux for the Raspberry Pi but the next step will be to copy the git clone command over to the Raspberry Pi while you are logged in via SSH so we'll go ahead and run this and if you haven't already downloaded this like we have then you would see the PI FM RDS loading itself onto the Raspberry Pi so we can type CD hi FM RDS and then LS to see that there's a source file so type CD SRC and after type LS we can see that the majority of what we're looking for is all in this folder so great we have connected to our Raspberry Pi we have downloaded hi FM RDS and now we're ready to execute a command to use the wire that we plugged in to create a basically a broadcast intrusion on whatever frequency we want so we're going to use 94.7 FM but we need to make sure that we're actually doing this correctly so let's use a program called G qrx to make sure that we are actually taking over the radio station that we're targeting now we're gonna use our RTL SDR connected to G qrx to be able to monitor the frequency 94.7 and listen in on what's going on so it looks like we have a radio station but let's take a listen there we go all right so we have some music playing on 94.7 and our goal is going to be to switch it to something completely different now if we were doing something malicious this could be maybe an emergency alert or a warning or something else but in this case we're just going to switch the music to something we like a little bit better now take a look at the waveform as soon as I start this attack and you'll see a brief burst of energy as soon as we start to take over the frequency now here you can see this little jump but aside from that it was a pretty smooth transition and the transition back to the original frequency is pretty smooth as well so if you're looking to either switch the song at an opportune moment where maybe that jump won't be noticed or if you want to cut in with like a broadcast or something else that might be cut into a radio a regular radio broadcast you can kind of camouflage this to perform a social engineering attack where you convince the target that maybe a piece of news is happening that isn't really happening or maybe even just take over the radio station to otherwise give some more information that might be false so I'm going to go ahead and cancel this and we can see just like that and we switch back to the original frequency and we can hear the music that's supposed to be playing well so now that we've proved that we can see that this actually works but there is a problem so I'm going to go into the terminal and take a look at the other different files we have available to play I see there's one that's called pulses dot wave and we're going to use that one in order to identify why this could get us into some trouble if we're just doing this without being careful about the range and then other devices that could be interfered with so now instead of a song we're just going to start our GQ our X again and then begin broadcasting a series of tones now this is pretty recognizable and we'll use this to be able to show off why this is not a great idea to do necessarily without a filter on the band now this is supposed to be broadcasting on 94.7 but in fact we might see that it's leaking into other frequencies so let's go up to 116 and see what's happening now we can go through some of the frequencies here and see that the tone that we're broadcasting is actually showing up and while we might hear a lot of static when we find the right frequency you'll see over here on one twenty one point nine seven but we're actually broadcasting and leaking into a huge part of the spectrum so this is actually even bigger than the part that we're looking to broadcast into so as a result we can see that this whole area is being flooded with random radio noise now we don't know what's going on at one twenty one point one it could be a medical device it could be a federal agents radio but either way you probably don't want to be bleeding all over the spectrum a bunch of radio noise that could interfere with a legitimate device that takes controls via the radio so before you go on trying to improve the power of this sort of attack realize that the first thing to filter to focus on is actually filtering it and making sure that it doesn't bleed over and start bothering other frequencies and causing other sorts of problems the ability to use the Raspberry Pi to broadcast on arbitrary FM frequencies can be quite useful for hacker in a DEFCON I even saw an awesome tool called vapour trail which combined a software-defined radio and a Raspberry Pi to create a transponder that would sneak stolen information past a blue team by using maybe a local radio stations frequency rather than the Wi-Fi that they're looking for now all this is super cool you need to be very careful when boosting the power on something like this because you're basically spraying radio energy all over the spectrum and that can cause all sorts of unintentional problems with interference and get you in trouble with the FCC that's all we have for this episode of cyberweapons lab make sure to LIKE comment and subscribe and if you have any thoughts or questions about the show should be a message on Twitter we'll see you next time

Info

Channel: Null Byte

Views: 150,719

Rating: undefined out of 5

Keywords: wonderhowto, nullbyte, null byte, hack, hacking, hacker, hacks, hackers, how to hack, how to, tutorial, guide, cyber weapon, cyber weapons, cyber, Pi-FM-RDS, radio frequency hijacking, radio transmitting, gqrs SDR, raspberry pi, kali linux, radio, frequency, frequencies, FM, FM radio, FM hacking, FM hack, FM frequency, hijacking, hijack, RPi, MHz, megahertz, radio transmitter, transmitter, broadcast signal, signal intrusion, max headroom, fsociety, DOS attack, RTL-SDR, PiFmRds, kody kinzie

Id: 4yhhW2ekgN8

Channel Id: undefined

Length: 11min 34sec (694 seconds)

Published: Fri Oct 05 2018