An Introduction to Software Defined Radio

Photo by Markus Spiske on Unsplash

So, what is the SDR?
SDR (Software Defined Radio) is an analog radio component controlled by a Software.
There are many Hardwares like RTL-SDR or HackRF or … that designed to receive or transmit radio signals from specific range.
for example, HackRF is capable of receiving and transmitting on a frequency range of 1 MHz to 6 GHz while RTL-SDR range is 500kHz to 1.75 GHz.

Radio Modulation

The two primary radio modulations are AM (Amplitude Modulation) and FM (Frequency Modulation).

Both transmit the information in the form of electromagnetic waves. AM works by modulating (varying) the amplitude of the signal or carrier transmitted according to the information being sent, while the frequency remains constant. This differs from FM technology in which information (sound) is encoded by varying the frequency of the wave and the amplitude is kept constant.

In AM, a radio wave known as the “carrier” or “carrier wave” is modulated in amplitude by the signal that is to be transmitted. The frequency and phase remain the same While in FM, a radio wave is modulated in frequency by the signal that is to be transmitted. The amplitude and phase remain the same.

AM has poorer sound quality compared with FM, but is cheaper and can be transmitted over long distances. It has a lower bandwidth so it can have more stations available in any frequency range.

FM is less prone to interference than AM. However, FM signals are impacted by physical barriers. FM has better sound quality due to higher bandwidth.

Radio Spectrum

The radio spectrum is the part of the electromagnetic spectrum with frequencies from 3 Hz to 3,000 GHz (3 THz). Electromagnetic waves in this frequency range, called radio waves, are widely used in modern technology, particularly in telecommunication. To prevent interference between different users, the generation and transmission of radio waves is strictly regulated by national laws, coordinated by an international body, the International Telecommunication Union (ITU).

Radio Attacks

There are various types of radio attacks that can target wireless communication systems. Here are several common examples:

1. Replay Attacks: This type of attack involves capturing a legitimate signal and replaying it later to deceive the target system into accepting the replayed signal as valid.
2. Jamming Attacks: Jamming attacks aim to disrupt wireless communication by emitting radio frequency interference to interfere with the targeted system’s signals, rendering them unusable.
3. Spoofing Attacks: In a spoofing attack, an attacker impersonates a legitimate device or transmitter by mimicking its signals. This can be used to gain unauthorized access or manipulate the target system.
4. Denial-of-Service (DoS) Attacks: DoS attacks target wireless systems by overwhelming them with a high volume of malicious traffic or by exploiting vulnerabilities in the communication protocols, causing the system to become unresponsive or inoperable.
5. Man-in-the-Middle (MitM) Attacks: In a MitM attack, an attacker intercepts and alters wireless communications between two legitimate parties. This allows the attacker to eavesdrop on the communication or even manipulate the transmitted data.
6. Side-Channel Attacks: Side-channel attacks involve analyzing unintended information leaked through physical or electromagnetic characteristics of a system. This information can be exploited to gain knowledge about secret keys or sensitive data.
7. Frequency Hopping Attacks: Frequency hopping spread spectrum (FHSS) systems may be vulnerable to attacks that exploit the predictability or patterns of frequency hopping sequences.
8. Key Extraction Attacks: Key extraction attacks aim to retrieve cryptographic keys used in wireless communication systems by analyzing the transmitted signals or by exploiting vulnerabilities in the implementation of encryption algorithms.

Keyfobs

Keyfobs, or remote controls used for various purposes such as car keyless entry systems or garage door openers.
The most common frequencies used for keyfobs, particularly for car keyless entry systems and garage door openers, are in the range of 315 MHz and 433 MHz. These frequencies fall within the UHF (Ultra High Frequency) band. However, it’s important to note that the specific frequency used can vary depending on the region, manufacturer, and specific application.
typically employ different methods for transmitting signals. Some common methods include:

1. Fixed Code: As mentioned earlier, fixed code keyfobs transmit a pre-determined code or sequence each time the button is pressed. The receiver compares the received code with its stored code and triggers the corresponding action. Fixed code systems are relatively simple but can be vulnerable to code grabbing or replay attacks.
2. Rolling Code: Rolling code keyfobs provide enhanced security compared to fixed code systems. They use an algorithm to generate a unique code for each transmission. The receiver and the keyfob are synchronized and share a starting code. Each time the button is pressed, both the keyfob and the receiver advance to the next code in the sequence. This rolling code mechanism prevents simple replay attacks, as each transmitted code is valid only once.
3. KeeLoq: KeeLoq is a proprietary encryption algorithm used in certain keyfob systems. It combines rolling code technology with encryption, making it more resistant to attacks. KeeLoq-based keyfobs use a shared secret key between the transmitter and receiver to encrypt the transmitted code, ensuring secure communication.
4. Learning Code: In learning code keyfobs, the receiver is initially put into a learning mode. When a button is pressed on the keyfob, it transmits a unique code that the receiver learns and stores. The receiver will then respond only to that specific code. Learning code systems provide individualized codes for each keyfob, enhancing security.

Common Software

When it comes to analyzing data from wireless devices operating at 433 MHz or similar frequencies, there are several software tools and libraries available that can assist in the process. Here are a few popular options:

1. GNU Radio: GNU Radio is a powerful open-source software development toolkit that provides signal processing blocks and a graphical interface for creating radio systems. It allows you to build custom signal processing flowgraphs for receiving and decoding signals at various frequencies, including 433 MHz.
2. Universal Radio Hacker (URH): URH is an open-source tool designed for analyzing, reverse engineering, and manipulating various wireless signals. It provides a user-friendly graphical interface and supports a wide range of modulation schemes and protocols commonly used in wireless communication.
3. RTL-SDR and SDR# (SDRSharp): These are software packages commonly used with RTL-SDR devices. While primarily focused on general-purpose software-defined radio functionality, they also provide spectrum analysis capabilities that can help visualize and analyze signals in the 433 MHz band.
4. Audacity: Audacity is an open-source audio editing software that can be useful for analyzing captured audio from wireless transmissions. While it does not directly decode or analyze wireless protocols, it can assist in visualizing and processing captured audio data.

It’s important to note that the effectiveness of these tools in analyzing specific wireless protocols or door opener data depends on the particular encoding, modulation, and encryption techniques employed by the device in question. Additionally, always ensure that you are using these tools in compliance with legal and ethical considerations.