Sniffing RF hardware communication packets

posted Feb 7th 2011 11:04am by Mike Szczys
filed under: radio hacks, security hacks

[Travis Goodspeed] put together a proof of concept hack that sniffs wireless keyboard data packets. He’s using the Next HOPE badge that he designed as the hardware platform for these tests. It has an nRF24L01+ radio on-board which can easily communicate with 2.4 GHz devices.

The real trick comes in getting that radio to listen for all traffic, then to narrow that traffic down to just the device from which you want data. He covers the protocol that is used, and his method of getting around MAC address verification on the hardware. In the end he can listen to all keyboard data without the target’s knowledge, and believes that it is possible to inject data using just the hardware on the badge.

Comments [6]

tagged: keyboard, next hope, nRF24L01+, RF, travis goodspeed

6 Responses to Sniffing RF hardware communication packets

Digital says:

February 7, 2011 at 11:28 am

man, you could easily make people think that they had some old school “back oriface” installed on their system if you could inject…

just saying.

Reply Report comment

Michael L. says:

February 7, 2011 at 12:03 pm

Really, rickrolling someone with the Next HOPE badge? That would be hilarious, and annoying. Good writeup though. Security isn’t really my forte but even I understood 99% of what was going on.

Reply Report comment

Gert says:

February 7, 2011 at 12:04 pm

And even if its wired you could electromagnetically read it out from a distance.

I’m building me a shielded keyboard.

Reply Report comment