Radio Frequency signal plays a vital role in IoT(Internet of Things), in devices like vehicle monitoring, remote control, wireless data transmissions, garage Openers, etc. Want to understand the basics of RF or other types of frequencies.
IoT :
Defining the IoT term is not at all easy and different sectors define it as per their ease. This article will share different types of definitions.
According to the OXFORD dictionary, IoT is an interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data. If you can able to understand what it was you can easily define it yourself.
I’m not here to explain what is IoT and what type of Radio Frequency communications are there. Long story short i.e., I’m going to grab encoded Radio Frequency signal which is transmitting on Air and trying to decode the encoded information from the signal by using different types of Hardware and Software devices.
The below table shows H&S devices that we are going to use in this exploit.
| Hardware | Software |
| 1. 433 MHz Transmitter 2. RTL-SDR Dongle 3. Arduino 4. Breadboard | 1. GQRX (Mac) 2. GNURadio 3. Audacity 4.Arduino IDE 5. SDR Console (Windows) |
Note:
For this exploit, I have used OS X but I will tell you how to install the above software and hardware drivers for both OS X and windows.
For Mac OS X :
There are different types of ways to install the above software.
- We must do everything manually by searching, downloading & Installing. It is a bit brainstorming process searching for exact dependencies and libraries. Don’t get panicked, to ease this installation process, use package managers i.e., Brew & Mac Ports.
- The best thing is to download & Install package managers coz., they will search for exact libraries and dependencies of software which we are going to install. So, for the above software, I suggest you go with “Mac Ports” rather than BREW.
Though both Mac Ports and Brew are good package managers, go with Mac Ports as Brew has library dependency issues.
You need to install xquartz and mac ports in your mac and below are the links that provide you different OS versions and select one and download zip or dmg according to OS X version.
https://www.xquartz.org/index.html
https://www.macports.org/install.php
After the successful installation of package manager ports, open the command line (Terminal) in your mac and try to type commands according to the below article which eases your process without getting your hands dirty. Follow and execute the commands listed in the article which are linked to each other technically.
https://ports.macports.org/port/gnuradio/summary
It will take a couple of hours to install these software better grab your sandwich.
After the successful installation, check whether all the software are correctly installed or not. For this simply open a command line(Terminal) and type below commands.
- gnuradio-companion
- gqrx
Note:
Here are some of the points that should be taken into consideration after installation, set the path for the packages installed in the environment variables. Below are some of the paths you should export into your .bashprofile.
After setting paths in environment variables, if you still get any error then google it for a better solution.
I am sorry to say that we are just halfway done and still some more geeky tasks should be done and they are on the way. This is for OSX installation and “Audacity” tool you have to download and install them separately for mac.
Setting Path Environment Variable:
libxml2 is keg-only, which means it was not symlinked into /usr/local,
because macOS already provides this software and installing another version in
parallel will cause all kinds of trouble.
If you need to have libxml2 first in your PATH run:
echo ‘export PATH=”/usr/local/opt/libxml2/bin:$PATH”‘ >> ~/.bash_profile
For compilers to find libxml2 you may need to set:
export LDFLAGS=”-L/usr/local/opt/libxml2/lib”
export CPPFLAGS=”-I/usr/local/opt/libxml2/include”
For pkg-config to find libxml2 you may need to set:
export PKG_CONFIG_PATH=”/usr/local/opt/libxml2/lib/pkgconfig”
For Windows :
Installing software tools in windows is a bit complex process and will take a couple of hours for this manual process. Have some patience, no other options for now below are the links to ease your process on installation.
GNURadio:
To know how to install GNU Radio on your windows please go with the below video and downloadable links are given in the description of the video.
http://www.gcndevelopment.com/gnuradio/downloads.htm
https://www.google.com/search?client=firefox-b-d&q=get+pip
Audacity:
https://www.fosshub.com/Audacity.html
The below article explains how to record and transmit the Radio Radio Frequency signal with gnuradio.
https://www.ruby-forum.com/t/wav-file-source-question/235852
Note:
In windows you also need to set the path in environment variables, please do not forget or ignore to set the environment variables.
Setup:
The below image helps in setting up the 433MHz transmitter with the Arduino on the breadboard and connect the USB cable and search the connected devices if it is connected to your system or not. Now open Arduino IDE and write a simple code that transmits piece of encoded data in the air at 433MHz frequency and compile the code and flash/upload the code into the Arduino. Now your Arduino is ready with a piece of encoded information transmitting into the air at certain intervals with the help of the connected transmitter.
Note:
Before flashing the Arduino, we need to add the ‘SwitchRc’ library in the IDE.
Now open the terminal and type the command “gqrx” in your mac and it will open GUI of the gqrx, before that a popup window will appear with a piece of information in which you need to select your device that is connected to the dongle “RTL-SDR”, select it and click on save settings.
Your gqrx tool is ready and if you want to check whether it is working properly then you have to tune the frequency into local broadcasting FM and start listening to the same. Now set the frequency to (433MHz) and it will show a signal amplification at regular intervals of time. In our gqrx there is a special function that can record the audio and can also replay it which is present at the bottom of the right-side corner.
Now using this record function record the signal and it automatically saves the recorded audio signal in the “ wav ” format.
Open the “Audacity” tool and import the saved wav file previously and it displays the signal in the dashboard. Analyze the signal by estimating the shorter pulse as “zero” and the longer pulse as “one”.
Congratulations! You have successfully decoded the transmitted signal.
Hacks, Exploits & Remediation:
https://datafloq.com/read/understanding-sdr-based-attacks-on-iot/3735
References:
https://www.wirelessinnovation.org/Introduction_to_SDR
https://wiki.gnuradio.org/index.php/TutorialsCoreConcepts
https://github.com/andresv/homebrew-gnuradio/blob/master/README.md
https://www.xquartz.org/index.html
https://ports.macports.org/port/gnuradio/summary
https://aaronscher.com/wireless_com_SDR/MacOSX_install_gnu_radio.html
https://www.wired.com/2010/09/wireless-explainer/
http://spencerwhyte.blogspot.com/2014/03/delay-attack-jam-intercept-and-replay.html?m=1
https://www.wired.com/2015/08/hackers-tiny-device-unlocks-cars-opens-garages/
Wav file references:
https://www.mathworks.com/matlabcentral/answers/386841-how-to-convert-wav-file-into-binary
https://embdev.net/topic/175381
https://www.edaboard.com/showthread.php?176475-matlab-convertion-from-wav-to-binary
https://pythonaudio.blogspot.com/2014/04/3-reading-wave-file.html