Caleb Madrigal

Programming, Hacking, Math, and Art

 

Digital Radio Signal Generation

Recently, I was curious if I could generate a digital radio signal from scratch just using math, and use that signal to control this radio-controlled outlet that I have.

Here's the Github source: https://github.com/calebmadrigal/radio-hacking-scripts/blob/master/radio_signal_generation.ipynb

Generating radio signals

I want to be able to generate modulated digital signals such as this one...

original radio signal

original radio signal

This is a binary signal coded with On-off keying (also known as Amplitude-shift keying).

I'm taking the long pulses to mean "1" and the short pulses to mean "0", so this signal is transmitting the digital code, "0110100010000000".

In [2]:
# Imports and boilerplate to make graphs look better
%matplotlib inline
import matplotlib.pyplot as plt
import numpy as np
import scipy
import wave
from ...

HackRF Replay Attack Jeep

I've recently been getting into Software-defined Radio (SDR), mostly using a HackRF - a radio tranceiver capable of operating from 1MHz to 6GHz (which is a huge range).

One of the most simple (and most interesting attacks) which can be done with SDR is what's called a Replay Attack. It works by simply recording a signal, and then rebroadcasting it. I was able to use this attack to lock and unlock my Jeep Patriot (2006) with my computer. Here's how...

First I recorded the "unlock" and "lock" signals from my keyless entry remote using this "flowgraph" in Gnu Radio Companion:

Record flowgraph

A couple things to note about this flow graph:

  • The frequency is 315 MHz (the frequency at which pretty much all keyless entry)
  • It records at ...

Editing radio signals with Audacity

You can capture radio signals with Software-defined Radios (SDR), such as the HackRF. Gnu Radio is the main software I use for receiving and transmitting radio signals, but I've found Audacity, a program meant primarily for editing sound files, to be a great program for viewing and editing radio signals.

So I had these remote-controlled outlets (which I bought at Home Depot):

Remote-controlled outlets

And I wanted to see what their wireless communication looked like...

So first I recorded the signals of the different outlets with this Gnu Radio Companion flowgraph:

Record flowgraph

A few things to note about this flowgraph:

  • It records at around 315 MHz, the frequency at which the remote transmits (which I found by looking up it's FCC ID code online)
  • It records 2 million samples ...

HackRF Setup OSX 2016

These are some pretty raw notes I took while installing the software for using a HackRF on OSX. This is the software I installed:

  • Gnu Radio (which comes with Gnu Radio Companion)
  • Osmocom Gnu Radio Blocks
  • gqrx

Gnu Radio Installation

Installed gnuradio via Homebrew

brew update

brew tap robotastic/homebrew-hackrf
brew install gnuradio --with-qt

brew install hackrf
brew install --HEAD rtlsdr
brew link --overwrite rtlsdr

This got GNU Radio and GNU Radio Companion installed, but then I needed to install the Osmocom Gnu Radio Blocks so that Gnu Radio could communicate with the HackRF.

Installing Osmocom Gnu Radio Blocks

This didn't work:

brew install --HEAD gr-osmosdr

Build with directions here: http://sdr.osmocom.org/trac/wiki/GrOsmoSDR

Had to add this to /Users/caleb/Documents/gnu_radio/repos ...