Universal Radio Hacker - Replay Attack With HackRF

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hi and welcome back to another tech minds videos so today we're going to be taking a look at a piece of software called a universal radio hacker now this software is available for Windows OSX and Linux I'll leave a link down in the description of where you can download this from now this software is designed to provide you with a whole host of tools which allows you to record a segment of RF analyze that segment and then either try and decode it check it for security leaks or even crack some sophisticated encodings or even perform a replay attack thus assuming you have an appropriate transmitter now in this video I'll be showing you how you can record the RF packet from a doorbell transmitter and then look at the raw data bits and then retransmitting it to play the actual doorbell without pressing the doorbell fault now for this I'll be using a hack RF which can transmit and receive so with the hack RF one connected we need to load up universal radio hacker and the first thing that we need to do is just go over to where it says spectrum analyzer up here on the top left we have a device drop-down so you can select whichever SDR receiver or transmitter that you've got connected so for me it's hack RF I'm gonna click this little refresh button here to make sure that it connects to the right device I'm going to uncheck DC correction for now I'm gonna click the start button Susan see we've got a center frequency of 433 a nine nine is where it's looking and what we're looking for here is a peak when I press the key fob so I'm just gonna go ahead now and press the Bell key fob and we should see a peak signal as you can see here in red it remembers where that transmission was so I'll just want to make sure that I'm dead center on there and I left click on the mouse click stop close that down I've got a file record signal and it has remembered the frequency that were is on its going to make sure that we've got the correct device set up here and then we're gonna just press star now as soon as I press star and actually connects and starts recording I'm going to press the bell fob once and then I press stop visiting here in the background the Bell is actually we're obviously ringing when I press it so what we want to do now is save this so I'm gonna go to save I'm just going to leave it as the default file name click Save and I'm gonna close this window now as I close this window it takes our signal and puts it into the interpretation window now you can clearly see here the main transmission from the key fob we've got a lot of other blank space so obviously as soon as it started recording there was nothing transmitting and then after is well between the time way released my finger from the Bell bun and when I stop recording we've got some blank space but what we can do with the interpretation window is we can actually select parts of the transmission we can also zoom in as well using the thumb wheel and we can have a real good look at the detail before I get into this I'm going to do is just trim this up so I'm going to select the signal and then I'm going to do a crop to selection and that has now got rid of all the blank transmission Susan you see here this is an analogue representation of that signal you can see from the left as I start to press the key fob that the signal is extremely strong and as time goes on it starts to fade is the transmission starts to get weaker what I would imagine here is that is actually energizing the transmitter part of the key fob and as time progresses the energy is decreasing and then the output from the key fob is bless you can see this quite clearly with the amplitude decreasing as time goes on now what we're doing here is we're actually looking at the analog signal view down here in the bottom right hand corner it's a signal view I can change this to be modulated if I wish and this will actually show us in 2d and modulated signal now if we want to play this back or retransmit this using the hack RF we can easily do that by using the play button here up on the top left hand corner this is try replaying this so I'll click the play button make sure that I've got the correct device configured the frequency is set right and I'm just going to click start let's see if the doorbell actually plays and there we go it actually works but wow must pretty cool okay so let's have a little look at something else isn't see here it looks like we've got quite a lot of packet transmissions going here so we've got 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 and 22 and maybe even 23 really low kind of amplitude there so I wonder if it requires all of these or whether it is actually just repeating the same packet now remember this recording here is actually just one tap on the doorbell button so let's take one of the samples let's take the first one for example just by left clicking and selecting it I'm gonna do a create signal from selection so this one here down the bomb is just at that first packet a sister a quick auto-detect let's try sending this now just this single packet so click play let's see if that works and there we go it actually does work so it's just using that single packet but it's repeating it many times in the main transmission now as universal radio hacker is an actual piece of software for investigating unknown wireless protocols it's going to have a whole load of tools and features which to be honest to me is a bit kind of over my head at the moment but I think it's a really interesting tool to give you a little look around I mean obviously we saw earlier how we can zoom in to a particular waveform we can select it we can have a look at the modulation type as a button here this is auto detect parameters that's quite useful and will work on quite small recordings and when we're looking at the analog side this is how it looks if we want to change this to change the signal view to be modulated what we have here is a green and kind of brown area as you can see you can actually adjust it what we're doing we're changing the center point now to explain that a little bit further why to scroll in here and have a look we can see we've got these on-off signals on is up and down is off so this translates pretty much to binary now if we go below that then it isn't going to detect or isn't going to show any of the signals now this line does actually need to be somewhere where it can detect between an honor and off and as you can see here down in the bottom this is our decoded bits so as you can see it's in binary 1 1 1 1 0 0 0 etc and also the great thing is as you just saw there if I want to find that particular bit then you can actually select it here down the bottom and we'll show you in the signal View window now there's some other tabs on universal radio hacker there's one here called analysis now this might look quite complicated but what it allows you to do is edit some of these bits so if you is decoding a particular protocol but you want to change something on it maybe it's a controller that's transmitting particular bits of data to switch various relays maybe you want to investigate and see if you can change certain bits within that packet to switch other relays that's just kind of a general example but there's so much more you can do with this I'm not really going to go into this anymore because I still got a lot to learn with this and the whole point of this video was to show you how easy it is to run Universal Radio hacker and record a signal and then replay it as a replay attack okay it's just a doorbell in this particular example but I'm sure there's lots of other useful things that you could use this for anyway I hope you found this video interesting if you've got any comments please leave them down below if you use this software before if you're an expert at this I'd love to hear from you on what projects or what you've managed to use this software for that would be absolutely great also want to say a massive thank you to all my current patrons if you want to get involved as patron compost egg mines and don't forget I'm also on Twitter I leave my handle down below until the next video guys take care and we'll see you in the next one [Music]
Info
Channel: Tech Minds
Views: 120,214
Rating: undefined out of 5
Keywords: Universal, radio, hacker, linux, windows, osx, ubuntu, hacking, crack, decode, bits, sdr, software, defined, replay, attack, ham radio, transmit, receive, decoder, analyse
Id: uIVBVd6yi_A
Channel Id: undefined
Length: 9min 30sec (570 seconds)
Published: Tue Oct 29 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.