As the popularity of IoT devices grow, it’s only natural that security holes in some of the systems will become apparent. IoT Devices May Be Susceptible to Replay Attacks with a Raspberry Pi and RTL-SDR Dongle andAttack Some Wireless Devices With A Raspberry Pi And An RTL-SDR articles tell that an easy way to make a wireless replay attack attack against RF controlled devices is demonstrated on rtl-sdr.com, As RTL-SDR shows us that all you need to record and replay the 433MHz modulation signal is a Raspberry Pi, one of the RTL-SDR dongles (for software-defined radio), and a wire for an antenna (you don’t need to build special hardware like 433.92MHz OOK frame cloner).
The folks at RTL-SDR.com put up a guide to recording these open data bursts on a Raspberry Pi and playing them back by transmitting them from the Pi itself.Tutorial: Replay Attacks with an RTL-SDR, Raspberry Pi and RPiTX tutorial shows how to perform replay attacks on simple OOK modulated 433 MHz ISM band devices using an RTL-SDR dongle and RPiTX. The RTL-SDR will be used to record an AM audio file of the signal, and then RPiTX software will do it’s magic to transform that recording into a file that can be transmitted back on the same frequency via one of the Raspberry Pi’s GPIO pins. The article has ha nice Replay Attacks at 433 MHz with RTL-SDR and a Raspberry Pi running RPiTX video that shows how it works:
The video shows how to perform a simple record and replay attack on 433 MHz ISM band devices using nothing more than an RTL-SDR and Raspberry Pi. The Raspberry Pi runs RPiTX which allows it to transmit from a GPIO port with just a wire attached. No extra transmitter hardware is required.
For RF signal experimenters those tools allow much more than just replaying remote control signals. RPiTX Turns Rasberry Pi into Versatile Radio Transmitter few years back article tells that using just an appropriately-sized wire connected to one of the GPIO pins, the Raspberry Pi is capable of broadcasting using FM, AM, SSB, SSTV, or FSQ signals. This greatly increases the potential of this simple computer-turned-transmitter and anyone should be able to get a lot of use out of it. Transmitting FM, AM, SSB, SSTV and FSQ with just a Raspberry Pi tells that PiTx is a software which permit to transmit HF directly through a pin of Raspberry Pi GPIO. Unlike PiFM which transmit only in FM, PiTx is able to perform multi modulation (FM,AM,SSB,SSTV,FSQ) : it has an I/Q input to be agnostic.Pitx is now a real TRANSMIT SDR at very low cost. Be aware that it generate lot of harmonics (you need to add filtering to pass radio regulations – there is a Pi shield for that). Here is PiTxSDR video:
Building a Ham Transceiver with an RTL-SDR, Raspberry Pi and Rpitx about a Qtcsdr sotware that runs on the Raspberry Pi and interfaces with an RTL-SDR dongle and RpiTx to create a simple transceiver radio. As always with this type of thing only transmit if you are licensed and take care with the transmitted distance and filter the antenna output when transmitting. GitHub page the author mentions that a Raspberry Pi shield called the QRPi filter + amplifier is currently in development (white paper). To get idea of it, take a look at Testing qtcsdr: receiving the transmission with an RTL-SDR via attenuator video:
In the end I must say that I am amazed what can be done with such cheap radio hardware (RTL-SDR and Raspberry Pi). rpitx is a radio transmitter for Raspberry Pi (B, B+, PI2, PI3 and PI zero) that transmits RF directly to GPIO. It can handle frequencies from 5 KHz up to 500 MHz. Plug a wire (acts as antenna) on GPIO 18, means Pin 12 of the GPIO header (header P1). The software can accept an I/Q signal as an input, so now a Pi can be used as a general purpose SDR transmitter. Check out Application note on using GNU Radio and csdr with rpitx and Evariste Courjaud, F5OEO: Rpitx : Raspberry Pi SDR transmitter for the masses video:
I am amazed that it can go to this high frequencies and all this can be made with Raspberry Pi with some software magic.
8 Comments
Tomi Engdahl says:
Unlocking a Subaru with a Raspberry Pi, a 433MHz Radio, and an Unpatched Exploit
The Subaru #fobrob exploit
https://blog.hackster.io/unlocking-a-subaru-with-a-raspberry-pi-a-433mhz-radio-and-an-unpatched-exploit-de0f88dc7c2c
Tomi Engdahl says:
Build your own Raspberry Pi Pirate Radio
https://pimylifeup.com/raspberry-pi-pirate-radio/
In this tutorial, we will be showing you the basics of how to setup a Raspberry Pi Pirate Radio utilizing the FM Transmitter software and a piece of wire.
Basically, this piece of software allows you to broadcast a FM signal through your GPIO 4 pin. This means you can setup your own little radio station, however please be noted that the sound quality and range will be quite poor due to the signal been limited to mono and that most wires aren’t the best antennas.
Tomi Engdahl says:
Raspberry-Pi DVB Transmitter: The Benefits of Open-Source Hardware
https://www.eeweb.com/profile/paul-dillien/articles/raspberry-pi-dvb-transmitter-the-benefits-of-open-source-hardware
Is this Raspberry-Pi-based device the world’s smallest DVB (Digital Video Broadcasting) transmitter?
Lime Microsystems is one company that evangelizes an open-source philosophy and provides full details of its wireless chips. As a result, the open-source community has embraced the software defined radio (SDR) boards from Lime and is creating some exciting applications, which greatly extend the functionality of the device through the use of a natively enabled app store.
This digital TV transmitter, which is based on a combination of a LimeSDR Mini and a Raspberry Pi Zero, provides a perfect example.
This setup processes the camera output into a DVB2 compliant transport stream and onwards to the SDR, while the receiver features a decoder and display chain to drive an HDMI output (it also includes a spectrum analyzer). The demo uses RF tuned to 1.2GHz, which sits within the 10MHz to 3.5GHz range of the Mini. Designers can download the app to provide a DVB (Digital Video Broadcasting) video link and customize it to their exact requirements.
The open-source community is busy creating a wide variety of wireless applications using LimeSDR products, and then making these applications available for “app enabled” products. In addition to the video example discussed above, there are already designs for narrow and wideband FM transceivers, a spectrum analyzer using a UDOO X86 single board computer, a GSM base station using a Raspberry Pi and — with the addition of a Lime frequency range extender — the LimeSDR transmits and receives LTE signals at 10GHz.
Tomi Engdahl says:
Filter your Pi and be a Responsible Pirate
https://hackaday.com/2018/04/03/filter-your-pi-and-be-a-responsible-pirate/
At this point it’s pretty well-known that you can tack a long wire to the Raspberry Pi’s GPIO, install some software, and you’ve got yourself the worlds easiest pirate FM radio station. We say that it’s a “pirate” station because, despite being ridiculously easy to do, broadcasting on these frequencies without a license is illegal. Even if you had a license, the Raspberry Pi with a dangling bit of wire will be spewing out all kinds of unintentional noise, making it a no-go for any legitimate purposes.
In an effort to address that issue, [Naich] has written up a couple posts on his blog which not only discuss why the Pi is such a poor transmitter, but shows how you can build a filter to help improve the situation.
[Naich] then goes on to show how you can build a DIY filter “hat” for the Pi that not only cuts down a lot of the undesirable chatter, but even boosts the intended signal a bit.
Taming the PiFM Transmitter (Part 2)
http://naich.net/wordpress/index.php/taming-the-pifm-transmitter-part-2/
Tomi Engdahl says:
#44 Hacking and Cloning a Garage Door Opener using SDR Radio
https://www.youtube.com/watch?v=LE1CvGWqSsw
In this video I re-engineer a 40MHz garage door opener and build a small one for my Harley. I use SDR radio and Audacity to do the hacking and an AD9850 DDS and an Arduino to create a clone. The principle shown here can also be used for openers or key fobs operating on other frequencies.
Tomi Engdahl says:
MW transmitter using Arduino nano
https://www.stdiscovery.gq/2020/04/mw-transmitter-using-arduino-nano-code.html
https://www.stdiscovery.gq/
Tomi Engdahl says:
Raspberry Pi Broadcasts UHF Channels to CRT TVs
By Ash Hill 20 days ago
Share your screen or send videos to an old television over UHF.
https://www.tomshardware.com/news/raspberry-pi-broadcasts-uhf-to-crt-tvs
Tomi Engdahl says:
This “Raspberry PIrate TV” Transmitter Is a Pocket-Size Gadget for Testing Old TV Tuners
Designed to slip into your pocket, this simple gadget is great for testing the tuners on secondhand vintage TV equipment.
https://www.hackster.io/news/this-raspberry-pirate-tv-transmitter-is-a-pocket-size-gadget-for-testing-old-tv-tuners-6b1585e82565