A Lesson in Blind Reverse Engineering – Signals Intelligence

spread sheet of binary data

In a fit of desperation, I turned to data mining tools and algorithms, but stepped back from the horror of that unspeakable knowledge before my mind was shattered. That way madness lies.

–[Rory O'hare]

Wise words. Wise words, indeed. Who among us hasn’t sat staring into the abyss of seemingly endless data without the slightest clue to what it means or even how to go about figuring out what it means? To literally feel the brain damage seeping in as you start to see ‘ones’ and ‘zeros’ reach out to you from every day electronic devices…like some ghost in the wires. But do not fear, wise hacker! For we have good news to report! [Rory O'hare] has dived into this very abyss, and has emerged successful.

While others were out and about playing games and doing whatever non-hackers do to entertain themselves, [Rory O'hare] decided to reach out and grab some random wireless signals for a little fun and excitement. And what he found was not just a strong, repeating signal at 433Mhz. Not just a signal that oozed with evidence of ASK. What he found was a challenge…a mystery that was begging to be solved. A way to test his skill set. Could he reverse engineer a signal by just looking at the signal alone? Read on, and find out.

 

 

 

Comments

  1. Jerrry Cook says:

    Dibs

  2. gag says:

    Some people have social life, other hack 433MHz dongles.

  3. Karl [k-ww] says:

    The encoding method is the same as used by floppy disk drives. A block of 1’s lets the PLL in the controller chip sync to the data.

  4. andrewjhull says:

    Been there… got the tee shirt… http://forum.arduino.cc/index.php?topic=217828.0

  5. muriani says:

    Windytan (http://www.windytan.com/) likes to do stuff like this as well. She’ll just pick up some signal and think “oooh, what’s this?” and then figure it all out.
    She’s been featured here a couple of times at least. If you’ve seen that dialup modem connection breakdown graphic, that was her.

    SIGINT is all sorts of fun stuff, wish I had the time to devote to learning something like that.

  6. Lutan says:

    Okay, you got me. I will try that too, I will try to find some cool signals with my SDR and try to figure it out. The pdf that the guy wrote was really motivating. I need to do that.

  7. @Bill Sweatman – You’ve got to be kidding us right? Data-Mining? The 1st thing in DM is to pre-format or index the data so it can be easily searched. If you don’t have some sort of standardized search method you may miss a lot of hits. That part becomes mind-numbing trying to make sure the data conforms to your search method or maybe vice versa.

    So you found a SIGINT signal at 433 MHz huh? Well guess what all you’ve found was those remote temperature transmitters for home weather displays. The FCC allows this frequency for low powered home telemetry gadgets. Your picking up your neighbors (or your) home gadget trying to phone home.

    If you really want to do something try SIGINT on POCSAG signals in cities where interesting stuff happens. You’d be surprised who’s still using it. You’ll need POCSAG decoder software for your PC soundcard.

    If you want some real SIGINT fun try capturing some old voice pagers still in use today (very rare). They invariably give out their callback telephone number (i.e. “Harry please call me back at 202-555-1212 right away!”). Try calling back before Harry does (to busy out the line) and say “Did you page me?” they say “No who is this?” you say “You must have paged me by accident… what number did you dial?” – the rest is academic… (social engineering at it’s worse? VERY TEMPORARY FREE PAGING?)

  8. fartface says:

    If you really want a challenge, Decode the C&C channel communication of Geosynchronous Satellites. Or better yet write a ISS telemetry decoder.

  9. fartface says:

    http://www.ea1uro.com/megasat.html

    If you guys really want to reverse engineer something and become internet rockstars… Here is a good place to start.

  10. TheOne says:

    Seriously why is there always people on posts putting the people down? I think this guy documented his work really well, even his mistakes which are sometimes the most important part of a project! We can all learn from this post.

    Everyone starts somewhere, people don’t just jump straight into reverse engineering military grade encryptions!

    Rant off

  11. Phalox says:

    I’m not sure what’s up with all the comments here. He did a pretty nice job coming from nowhere, and he documented it properly. This actually made me want to grab my SDR stick again, and figure out some more.

    I’d really like to thank you for this document and the time you spent on it. Educating yourself and the community is great, no matter the level. People like me (who btw have an engineering degree and had wireless technologies) still learn stuff.

    • Foobar Bazbot says:

      “I’m not sure what’s up with all the comments here.”

      We’re preventing instability. Negative feedback’s a dirty job, but someone’s gotta do it.

  12. matt venn says:

    thanks for the post – I enjoyed reading it

  13. crinch says:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,710 other followers