Radio
Brief overview of radio hacking
Last updated: May 4th, 2023Raw Radio Comms Protocol
Identify Frequency
Using HackRF look for spikes in GQRX when
the device sends bursts of data. Capture the
data at this frequency and process it in
GNURadio to obtain meaningful information. You
can use hackrf_transfer
to replay
captured data.
BLE
Identify BLE devices using a BLE Dongle
Determine characteristics and services are on the target. Use gattool to write data to the devices characteristics.
Capture the pairing packets and use crackle if traffic is encrypted.
Capture traffic while interacting with the target device using Ubertooth One. This can assist in determining if cleartext traffic is in use or if relay attacks are possible.
ZigBee
Find ZigBee channel DUT is operating on.
Capture comms using zb_dump
and
analyze using wireshark.
Perform replay attacks using
zb_replay
Look for keys in captured comms.