Hacking Radio Controlled Outlets

Decoding NRZ ASK

It’s no surprise that there’s a lot of devices out of there that use simple RF communication with minimal security. To explore this, [Gordon] took a look at attacking radio controlled outlets.

He started off with a CC1111 evaluation kit, which supports the RFCat RF attack tool set. RFCat lets you interact with the CC1111 using a Python interface. After flashing the CC1111 with the RFCat firmware, the device was ready to use. Next up, [Gordon] goes into detail about replaying amplitude shift keying messages using the RFCat. He used an Arduino and the rc-switch library to generate signals that are compatible with the outlets.

In order to work with the outlets, the signal had to be sniffed. This was done using RTL-SDR and a low-cost TV tuner dongle. By exporting the sniffed signal and analyzing it, the modulation could be determined. The final step was writing a Python script to replay the messages using the RFCat.

The hack is a good combination of software defined radio techniques, ending with a successful attack. Watch a video of the replay attack after the break.

Comments

  1. Mo says:

    Get a tripod your video make me sea sick.

  2. yatko says:

    nice! do you or anyone else know if there is a software existing or a way how to decode the audio waveform automagically to binary format. so the the output from above audio file would be what you have done manually? I know it’s hard, but you should be able to setup first the analysis like frequency and how a 1 and 0 looks like. then analyize…

    • Roger Muggli says:

      I use Audacity. I record it then chop out the extraneous details. Then expand what is remaining to fill the screen. It is usually pretty crummy yet but if you amplify it and chop off heh peaks it comes out to be a nice waveform. I have looked at my LaCrosse temp. sensor and teh abo e works fine.

  3. Benjamin says:

    rtl_433 can handle alot of OOK radio demodulation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,700 other followers