sdr 101 - ndsu cybersecurity 2017
TRANSCRIPT
![Page 1: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/1.jpg)
Software Defined Radio 101Mike Saunders @hardwaterhacker
![Page 2: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/2.jpg)
About Mike
• Started IT in 1998
• Security since 2007
• Avid ice fisherman
![Page 3: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/3.jpg)
![Page 4: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/4.jpg)
http://nickolaylamm.com/
![Page 5: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/5.jpg)
Signals Around Us• Cell phones (900/1,800/1,900 MHz)
• Wifi (2.4 & 5 GHz)
• Bluetooth (2.4 GHz)
• Zigbee (2.4 GHz)
• Broadcast TV (54 - 900 MHz)
• Pagers (35/43/152/157/163/454/462/929 MHz)
• ADSB (978/1090 MHz)
• AIS (162 MHz)
• HAM radio (varied)
• Police & military comms (varied)
• Satellite comms (varied)
• Cordless phones (1.7/27/43-50/900 MHz, 1.9/2.4/5.8 GHz)
• Radar (varied)
• Car remotes (315 / 433 MHz)
• Garage door openers (310/315/390 MHz)
• TV remotes (varied)
• Wireless presenter remotes (varied)
• Etc. etc. etc.
![Page 6: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/6.jpg)
![Page 7: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/7.jpg)
![Page 8: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/8.jpg)
What is SDR?
• Radios used to be implemented in hardware
• Software Defined Radio - software tunes receiver hardware to desired frequency
• Additional software can decode transmission to reveal data
• Signals can be transmitted with certain hardware
![Page 9: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/9.jpg)
What You Need
• Hardware
• rtl, HackRF One, Ubertooth One, Yardstick, Funcube, etc.
• Antenna
• Software
• GNU Radio, SDR#, GQRX, etc.
![Page 10: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/10.jpg)
Getting Started - Hardware
• Generic RTL2832U / R820T
• ≈ $15
• 25 - 1700 MHz
• RX only
![Page 11: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/11.jpg)
Getting Started - Hardware
• Generic RTL2832U / R820T
• Aluminum case limits noise
• ≈ $25
• 25 - 1700 MHz
• RX only
![Page 12: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/12.jpg)
Getting Started - Hardware
• HackRF One
• ≈ $330
• 10 MHz - 6GHz
• TX & RX
• 20M samples/second
![Page 13: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/13.jpg)
![Page 14: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/14.jpg)
Getting Started - Software
• Windows
• SDR#, HDSDR, SDR-RADIO.COM
• Mac & Linux
• GNU Radio, GQRX, Linrad
• Android
• SDR Touch, Wavesink Plus, RFAnalyzer
![Page 15: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/15.jpg)
Getting Started - SDR#
• SDR# - www.airspy.com
• Quick start guide - http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/
![Page 16: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/16.jpg)
![Page 17: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/17.jpg)
Getting Started - Tuning
• http://www.nws.noaa.gov/nwr/coverage/station_listing.html
• https://www.youtube.com/watch?v=gFXMbr1dgng
![Page 18: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/18.jpg)
![Page 19: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/19.jpg)
Getting Started - FM Radio
![Page 20: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/20.jpg)
Common Problems
• Don’t forget to install Zadig driver with generic RTL
• Some USB 3.0 ports don’t work well
• Issues with USB passthrough in VMs
• Frequency drift due to temperature differences (non-TCXO chipset)
![Page 21: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/21.jpg)
SDR# Common Problems
• Slower processors = dropped samples, choppy audio
• Even an issue in VMs on more powerful hardware
• HDSDR is harder to use, but less overhead
![Page 22: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/22.jpg)
SDR# Common Problems
![Page 23: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/23.jpg)
![Page 24: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/24.jpg)
ID an unknown signal
• Spend time sweeping through frequencies
• Search for known frequencies at radioreference.com
• Look up signal waterfall on sigidwiki.com
![Page 25: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/25.jpg)
• Signal @ 152.480 Mhz
![Page 26: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/26.jpg)
radioreference.com
![Page 27: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/27.jpg)
FCC License Search
![Page 28: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/28.jpg)
Search Results
![Page 29: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/29.jpg)
Review Frequencies
![Page 30: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/30.jpg)
Review Registration
![Page 31: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/31.jpg)
Check SigIDWiki
Captured sample waterfall SigIDWiki Reference
![Page 32: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/32.jpg)
Legal Disclaimer
• I am not a lawyer, this may or may not be illegal
• Research and decide for yourself
• 18 U.S.C § 2511
• 18 U.S.C § 2510
![Page 33: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/33.jpg)
Decoding Pages• Walk through:
• http://www.rtl-sdr.com/rtl-sdr-tutorial-pocsag-pager-decoding/
• You need:
• SDR#
• VBCable
• http://vb-audio.pagesperso-orange.fr/Cable/index.htm
• PDW
• http://www.discriminator.nl/pdw/index-en.html
![Page 34: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/34.jpg)
More Common Problems
![Page 35: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/35.jpg)
More Common Problems
![Page 36: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/36.jpg)
PHI/PII Galore
![Page 37: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/37.jpg)
Houston, we have a problem
![Page 38: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/38.jpg)
Now *That’s* Interesting
![Page 39: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/39.jpg)
Look! Free Voicemail!
![Page 40: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/40.jpg)
Next Steps
• Garage door hacking - http://samy.pl/opensesame/
• Ding Dong Ditch - http://samy.pl/dingdong/
• Decode a signal using GNU Radio
![Page 41: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/41.jpg)
Wrap Up
• Get started cheap
• All kinds of signals to listen to and analyze
• Be responsible with what you find
• Report issues
![Page 42: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/42.jpg)
Resources
• http://www.rtl-sdr.com/rtl-sdr-quick-start-guide/
• http://www.radioreference.com/apps/db/
• http://www.sigidwiki.com/wiki/Database
• http://wireless2.fcc.gov/UlsApp/UlsSearch/searchAdvanced.jsp
• Noise Floor - @0xabad1dea -https://www.youtube.com/watch?v=5N1C3WB8c0o
![Page 43: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/43.jpg)
Resources
• https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-leaking-beeps-healthcare.pdf
• https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_leaking-beeps-industrial.pdf
• http://www.fieldxp.com/ - Book series on SDR & GNURadio
• https://www.blackhat.com/docs/us-14/materials/us-14-Picod-Bringing-Software-Defined-Radio-To-The-Penetration-Testing-Community.pdf
![Page 44: SDR 101 - NDSU CyberSecurity 2017](https://reader034.vdocuments.net/reader034/viewer/2022042907/58d15cc91a28aba3468b4845/html5/thumbnails/44.jpg)
Resources
• http://gnuradio.org/redmine/projects/gnuradio/wiki/Guided_Tutorial_Introduction