Hack-RF one and repeating radio signals

While I was recently playing with my new Hack-RF one some theory popped into my mind:

“If you can repeat certain radio signals it should be possible to let a device think a legit signal is received and it would preform an sort of action,

(for example the signal of a garage door opener should open the garage if replayed).”

So at that point I started searching for radio signals around 433 MHz also known as the ISM band, after poking at some devices around the house I figured that the wireless door opener was transmitting at this frequency.

After doing some research on the device I figured it was likely an OOK transmitter this meant I should be able to decode the signal if I would record it as a AM modulated signal.

And while I was trying to decode the signal the hak5 folks published this page at their website.

What they did was completely decode the signal down to binary level and then feed that data back into another program that would rebuild the signal and then transmit it.

Its a great method but absolutely not efficient because it costs a lot of time to manually decode and rebuild the signal.

So I continued digging in the Hack-RF´s manual pages at great Scott gadgets

After digging for a long night I stumbled across this commando:

<root@ONE :~# hackrf_transfer -r FILENAME -f 433898000 >

which would record the whole baseband the device is tuned in and and then replay it with:

<root@ONE:~# hackrf_transfer -t FILENAME -f 433898000 -x 20>

This should record and replay the baseband (including the signal for the door) and unlock the thing and it did!

With this method it should be possible to do a lot of different things like opening garages (as I mentioned earlier), turn on/off wireless lights, ring wireless doorbells, let simple pagers go nuts and so on.

Leave a Reply

Your email address will not be published. Required fields are marked *