Sniffing the Airwaves with RTL-SDR presented at HackInTheBox 2014

by Yashin Mehaboobe,

Summary : Radio communication is one of those areas in which most solutions use security through obscurity. Till now the high cost of obtaining a software defined radio has discouraged security geeks from playing with radio security. However a recent discovery that some TV tuner cards allowed you to capture a wide variety of frequencies from the air lead to the growth of the RTL-SDR community. This lab session will be about using RTL-SDR to sniff various wireless communication devices such as wireless door openers, car keyfobs, aircraft communication and ship broadcasting.
I’ll guide attendees through the usage of various tools which are used in the field such as gnuradio, baudline, SDRSharp, rtl-sdr and others. Also covered will be a review of how various devices handle radio security (or lack thereof). The lab will also include tips to figuring out what type of communication is taking place by looking at a radio signature and extracting data from the raw radio signals. Another important section will cover off the shelf hardware available for RTL-SDR and how to improve it using self crafted antennas. The lab will also cover how to identify which antenna to use according to the situation and how to craft the antenna.
Attendees will also be shown how a $20 dongle can be used in decoding satellite communications as well as some other data in the same band such as telemetry data from the Chinese Yutu moon rover. This will also cover details such as capturing above and below the ranges of the RTL-SDR using downconverters and upconverters respectively. There will be a short primer on radio fundamentals including various modulation techniques and band classification.