SDR 101 - NDSU CyberSecurity 2017
-
Upload
mike-saunders -
Category
Technology
-
view
148 -
download
3
Transcript of SDR 101 - NDSU CyberSecurity 2017
Software Defined Radio 101Mike Saunders @hardwaterhacker
About Mike
• Started IT in 1998
• Security since 2007
• Avid ice fisherman
http://nickolaylamm.com/
Signals Around Us• Cell phones (900/1,800/1,900 MHz)
• Wifi (2.4 & 5 GHz)
• Bluetooth (2.4 GHz)
• Zigbee (2.4 GHz)
• Broadcast TV (54 - 900 MHz)
• Pagers (35/43/152/157/163/454/462/929 MHz)
• ADSB (978/1090 MHz)
• AIS (162 MHz)
• HAM radio (varied)
• Police & military comms (varied)
• Satellite comms (varied)
• Cordless phones (1.7/27/43-50/900 MHz, 1.9/2.4/5.8 GHz)
• Radar (varied)
• Car remotes (315 / 433 MHz)
• Garage door openers (310/315/390 MHz)
• TV remotes (varied)
• Wireless presenter remotes (varied)
• Etc. etc. etc.
What is SDR?
• Radios used to be implemented in hardware
• Software Defined Radio - software tunes receiver hardware to desired frequency
• Additional software can decode transmission to reveal data
• Signals can be transmitted with certain hardware
What You Need
• Hardware
• rtl, HackRF One, Ubertooth One, Yardstick, Funcube, etc.
• Antenna
• Software
• GNU Radio, SDR#, GQRX, etc.
Getting Started - Hardware
• Generic RTL2832U / R820T
• ≈ $15
• 25 - 1700 MHz
• RX only
Getting Started - Hardware
• Generic RTL2832U / R820T
• Aluminum case limits noise
• ≈ $25
• 25 - 1700 MHz
• RX only
Getting Started - Hardware
• HackRF One
• ≈ $330
• 10 MHz - 6GHz
• TX & RX
• 20M samples/second
Getting Started - Software
• Windows
• SDR#, HDSDR, SDR-RADIO.COM
• Mac & Linux
• GNU Radio, GQRX, Linrad
• Android
• SDR Touch, Wavesink Plus, RFAnalyzer
Getting Started - SDR#
• SDR# - www.airspy.com
• Quick start guide - http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/
Getting Started - Tuning
• http://www.nws.noaa.gov/nwr/coverage/station_listing.html
• https://www.youtube.com/watch?v=gFXMbr1dgng
Getting Started - FM Radio
Common Problems
• Don’t forget to install Zadig driver with generic RTL
• Some USB 3.0 ports don’t work well
• Issues with USB passthrough in VMs
• Frequency drift due to temperature differences (non-TCXO chipset)
SDR# Common Problems
• Slower processors = dropped samples, choppy audio
• Even an issue in VMs on more powerful hardware
• HDSDR is harder to use, but less overhead
SDR# Common Problems
ID an unknown signal
• Spend time sweeping through frequencies
• Search for known frequencies at radioreference.com
• Look up signal waterfall on sigidwiki.com
• Signal @ 152.480 Mhz
radioreference.com
FCC License Search
Search Results
Review Frequencies
Review Registration
Check SigIDWiki
Captured sample waterfall SigIDWiki Reference
Legal Disclaimer
• I am not a lawyer, this may or may not be illegal
• Research and decide for yourself
• 18 U.S.C § 2511
• 18 U.S.C § 2510
Decoding Pages• Walk through:
• http://www.rtl-sdr.com/rtl-sdr-tutorial-pocsag-pager-decoding/
• You need:
• SDR#
• VBCable
• http://vb-audio.pagesperso-orange.fr/Cable/index.htm
• PDW
• http://www.discriminator.nl/pdw/index-en.html
More Common Problems
More Common Problems
PHI/PII Galore
Houston, we have a problem
Now *That’s* Interesting
Look! Free Voicemail!
Next Steps
• Garage door hacking - http://samy.pl/opensesame/
• Ding Dong Ditch - http://samy.pl/dingdong/
• Decode a signal using GNU Radio
Wrap Up
• Get started cheap
• All kinds of signals to listen to and analyze
• Be responsible with what you find
• Report issues
Resources
• http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/
• http://www.radioreference.com/apps/db/
• http://www.sigidwiki.com/wiki/Database
• http://wireless2.fcc.gov/UlsApp/UlsSearch/searchAdvanced.jsp
• Noise Floor - @0xabad1dea -https://www.youtube.com/watch?v=5N1C3WB8c0o
Resources
• https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-leaking-beeps-healthcare.pdf
• https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_leaking-beeps-industrial.pdf
• http://www.fieldxp.com/ - Book series on SDR & GNURadio
• https://www.blackhat.com/docs/us-14/materials/us-14-Picod-Bringing-Software-Defined-Radio-To-The-Penetration-Testing-Community.pdf
Resources
• http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorial_Introduction