Neko

Radio

Brief overview of radio hacking

Last updated: May 4th, 2023

Raw Radio Comms Protocol

Identify Frequency

Using HackRF look for spikes in GQRX when the device sends bursts of data. Capture the data at this frequency and process it in GNURadio to obtain meaningful information. You can use hackrf_transfer to replay captured data.

BLE

Identify BLE devices using a BLE Dongle

Determine characteristics and services are on the target. Use gattool to write data to the devices characteristics.

Capture the pairing packets and use crackle if traffic is encrypted.

Capture traffic while interacting with the target device using Ubertooth One. This can assist in determining if cleartext traffic is in use or if relay attacks are possible.

ZigBee

Find ZigBee channel DUT is operating on.

Capture comms using zb_dump and analyze using wireshark.

Perform replay attacks using zb_replay

Look for keys in captured comms.

More coming soon.