Close
0%
0%

RF Hacking Hack Chat

Find out what's behind the waterfall

Wednesday, October 12, 2022 12:00 pm PDT Local time zone:
Hack Chat
Similar projects worth following

Christopher Poore will host the Hack Chat on Wednesday, October 12 at noon Pacific.

Time zones got you down? Try our handy time zone converter.

Join

On the time scale of technological history, it really wasn't all that long ago that radio was -- well, boring. We're not talking about the relative entertainment value of the Jack Benny Show or listening to a Brooklyn Dodgers game, but about the fact that for the most part, radio was a one-dimensional medium: what you heard was pretty much all there was to a signal, and radio was rarely used for anything particularly hackable.

Not so today, of course, where anything electronic seems to have at least one radio stuffed into it, and the space around us is filled with a rich soup of fascinating RF signals. For hackers, this is where radio gets interesting -- listening in on those signals, exploring their nature, and figuring out how to put them to use are like red meat for us.

Hacking and reverse engineering opportunities abound in the RF realm, but can sometimes be a bit difficult. What's needed is a framework for pulling those signals out of the ether and putting them into some kind of context. Fortunately, there are plenty of tips and tricks in this space; we talked about one of them, FISSURE, not too long ago. The acronym -- "Frequency Independent SDR-Based Signal Understand and Reverse Engineering" -- about sums up what this framework is all about. But to bring it into further focus, we're lucky enough to have Chris Poore, a Senior Reverse Engineer at Assured Information Security, drop by the Hack Chat. We'll talk about RF reverse engineering in general and FISSURE in particular. Be sure to stop by with your RF hacking and reverse engineering questions and war stories!

  • Hack Chat Transcript, Part 2

    Dan Maloney10/12/2022 at 20:22 0 comments

    Chris Poore12:43 PM
    All the user interaction is through the GUI

    Chris Poore12:43 PM
    If you just want the third-party software, check out the installer

    Chris Poore12:43 PM
    it's great for staging computers or seeing what's out there

    salec12:43 PM
    Except in name and mental attitude towards its object, what are structural differences between a test and an attack?

    kjansky112:44 PM
    Starlink beacons can readily observed with only Ku LNB's without any dishes.

    salec12:45 PM
    I mean, perhaps some patterns used in organizing testing can be basis for organizing attacks

    Paulmsam12:45 PM
    dark theme, a noob friendly walk through lol. scaling the size of the window doesn't scale the entire frame. sweep detector gave me some strange issue if i Rember. wasn't doing the correct frequencies. Maybe a step by step approach if wanted. so that you can go via each tool for the correct outcome?

    Dan Maloney12:45 PM

    https://hackaday.com/2022/09/23/snooping-on-starlink-with-an-rtl-sdr/

    HACKADAY DAN MALONEY

    Snooping On Starlink With An RTL-SDR

    With an ever-growing constellation of Starlink satellites whizzing around over our heads, you might be getting the urge to start experimenting with the high-speed internet service. But at $100 or more a month plus hardware, the barrier to entry is just a little daunting for a lot of us.

    Read this on Hackaday

    morgan12:46 PM
    it looks like better packaing/installer is needed to break away from ubuntu, building on arch presently but it's.... complainy

    Chris Poore12:46 PM
    I will release videos that show examples of how each tab is supposed to work. But if there is something you want it to do, it can usually be done.

    Chris Poore12:46 PM
    I just have to know about it

    David Shamblin12:46 PM
    What would you consider to be the "Hello World" of RFhacking with FISSURE?

    william kennedy joined  the room.12:47 PM

    Chris Poore12:48 PM
    If you're just getting started, there are a couple lessons on different topics. There are links to lessons that others have made.

    Chris Poore12:48 PM
    When I do a demo, I usually pick a simple RF protocol like X10 or TPMS and use it show a general RF reverse engineering process

    Dan Maloney12:49 PM
    I liked that garage door opener demo myself.

    Chris Poore12:49 PM
    That includes things like: monitoring, collection, replay, signal analysis, research, demodulation, injection

    Chris Poore12:50 PM
    you can launch GNU Radio inspection flow graphs with GUIs for monitoring or use some other tool like QSpectrumAnalyzer with a hackrf_sweep

    Chris Poore12:51 PM
    you can record right in the IQ Data tab and crop the files to isolate signals

    Chris Poore12:51 PM
    You can play it back to see if it had effect

    Runn.DMZ12:51 PM
    Hey Chris, have you posted any of your demos and if so where?

    David Shamblin12:51 PM
    TPMS is something I-

    kjansky112:51 PM
    Is there an equivalent drone denial of service/control application

    Andre Lewis12:52 PM
    Can you generate settings for GnuRadio filters etc?

    Monta12:52 PM
    Do you have a link to a video of you doing the TPMS (or X10) reverse engineering process you mentioned?

    morgan12:52 PM
    @salec I did get the installer to run on Arch, but it looks like it has a lot of hardcoded assumptions its on a deb system (sensible-browsers, gnome-terminal, ...)

    David Shamblin12:52 PM
    Something I always wanted to tackle.* I don't know it got cut off. I'll have to try it out. Thanks.

    Chris Poore12:52 PM
    There's an old video from almost two years ago here https://www.ainfosec.com/technologies/fissure/

    Chris Poore12:53 PM
    I don't like pointing people towards it because I need to make a newer video that covers all the new changes

    Chris Poore12:54 PM
    My github has a couple videos for some protocols https://github.com/cpoore1

    Runn.DMZ12:54 PM
    Thanks!

    Chris Poore12:55 PM
    Then there's twitter where I'll post some short ones. Keep an eye out in the future for more comprehensive examples

    Paulmsam12:56 PM
    So I have to decode a msk 2.4ghz signal. I have managed to pack and repack the...

    Read more »

  • Hack Chat Transcript, Part 1

    Dan Maloney10/12/2022 at 20:22 0 comments

    Dan Maloney12:00 PM
    OK folks, let's get it going! Welcome to the Hack Chat, I'm Dan, and Dusan and I will be moderating today as we welcome Chris Poore for a chat about RF Hacking!

    Hi Chris, thanks so much for your time today. Can you tell us a little about your interest in RF and reverse engineering?

    Dusan Petrovic12:00 PM
    Hi everyone!

    salec12:00 PM
    @anarchoN3rd : today the speaker is @Chris Poore

    Chris Poore12:00 PM
    Sure, I work at a cybersecurity company called Assured Information Security (AIS). So it mostly originates from what we do.

    Dan Maloney12:00 PM
    @anarchoN3rd -- Chris Poore is the invited guest, but it's really just a chat among friends. This week it's about RF Hacking

    Chris Poore12:01 PM
    We provide government and commercial customers with industry leading cyber and information security capabilities specializing in research, development, consulting, testing, forensics, remediation and training.

    Chris Poore12:01 PM
    I specifically work on a team that identifies weaknesses, verifies systems, and provides solutions to customers.

    mike joined  the room.12:01 PM

    Chris Poore12:01 PM
    We’re often provided with systems or tasked to look at targets and we have to characterize their operation and assess their security.

    Mark J Hughes12:02 PM
    What tools do you use?

    Mark J Hughes12:02 PM
    What are common vulerabilities you find?

    anarchoN3rd12:02 PM
    @Dan Maloney is there a video I am supposed to be seeing or just a chat?

    Monta joined  the room.12:02 PM

    Paulmsam12:02 PM
    I'm quite curious on where do you start. Besides the usual FCC info :)

    Chris Poore12:02 PM
    Well, it's a pretty diverse team and I specialize in topics related to RF technology

    Dan Maloney12:02 PM
    @anarchoN3rd - just text. We roll old school here ;-)

    Chris Poore12:03 PM
    So pretty much anything with a computer that has a wireless aspect, I've looked at

    kkbennett3 joined  the room.12:03 PM

    neiyer.correal joined  the room.12:03 PM

    Chris Poore12:04 PM
    That covers a lot of tools as you can imagine

    salec12:04 PM
    Does your job also include probing inadvertent emissions security, like project Tempest?

    Chris Poore12:04 PM
    We've had people work on projects like that and are familiar with the technology

    anarchoN3rd12:04 PM
    @Dan Maloney that's pretty cool, actually. Just misunderstood the assignment ;)

    Brendancontest12:05 PM
    I have question about RF. I moved into a place that has an alarm system. I didn’t want it. But would like to play with the sensor they left. Door/movement/water. Is there a way to use these devices.

    Thomas Shaddack12:05 PM
    Does it have to be only about computers emitting data, or can we include other EMI as well, from said tempest to eg. machinery health detection by detection sparking? Detection of cameras and other devices by their EM signatures?

    don.wills12:06 PM
    I too am curious about devices such as those that are part of SimpliSafe.

    Chris Poore12:07 PM
    With certain devices you can repurpose them, but it will usually take a good understanding of the underlying technology

    salec12:07 PM
    @Thomas Shaddack If a tree falls in a wood and there IS someone to hear it ...

    Zach Kost-Smith12:08 PM
    Do you use GNURadio in your work?

    Chris Poore12:08 PM
    There are all these different applications of RF and security so I'm here mostly to promote a project I've been working on that kind of brings it all together in one place

    DuckPaddle12:08 PM
    Do you ever work with 24GHz stuff and do you have any low cost hacks for signal reception?

    Brendancontest12:09 PM
    @chris where would be a good place to find information. I’m pretty sure they are using 915 freq. but with having limited tool to analyze the RF what other option does someone have to play around with the devices?

    Chris Poore12:09 PM
    I'm quite involved with GNU Radio, just got back from GRCon. The project I'm promoting is an RF framework called FISSURE: https://github.com/ainfosec/FISSURE

    Paulmsam12:09 PM
    Fissure? I have installed it, Need a bit of a tutorial on it to...

    Read more »

View all 2 event logs

Enjoy this event?

Share

Discussions

Interested in attending?

Become a member to follow this event or host your own