The fifth generation mobile communications protocol (5G) is perhaps the most complicated wireless protocol ever made. Featuring wildly fast download speeds, beam forming base stations, and of course non-standard additions, it’s rather daunting prospect to analyze for the home hacker and researcher alike. But this didn’t stop the ASSET Research Group from developing a 5G sniffer and downlink injector.
The crux of the project is focused around real-time sniffing using one of two Universal Software Radio Peripheral (USRP) software-defined radios (SDRs), and a substantial quantity of compute power. This sniffed data can even be piped into Wireshark for filtering. The frequency is hard-coded into the sniffer for improved performance with the n78 and n41 bands having been tested as of writing. While we expect most of you don’t have the supported USRP hardware, they provided a sample capture file for anyone to analyze.
The other main feature of the project is an exploitation framework with numerous attack vectors developed by ASSET and others. By turning an SDR into a malicious 5G base station, numerous vulnerabilities and “features” can be exploited to with results ranging from downgrading the connection to 4G, fingerprinting and much more. It even includes an attack method we preciously covered called 5Ghull which can cause device failure requiring removal of the SIM Card. These vulnerabilities offer a unique look inside the inner workings of 5G.
If you too are interested in 5G sniffing but don’t have access to the hardware needed, check out this hack turning a Qualcomm phone into a 5G sniffer!
Beamforming is intimidating enought for me, that I just stay out of any of that. I get flashbacks from my basic attempts into trying to get the basics.
Is there like a module or device that does all that scary math and engineer for you?
We covered a few DIY Beamforming receiver projects such as this one with 21 RTL-SDRs back in 2021. https://hackaday.com/2021/08/04/phase-coherent-beamforming-sdr/
And this beam-forming Pluto SDR project a couple weeks ago. https://hackaday.com/2025/08/05/real-time-beamforming-with-software-defined-radio/
It may take some time to see beamforming transmitters trickle down into the hacker world, given how reletivly new (and expensive) they are to consumer electronics. It’s certainly possible to see a beamforming transmitter project using, for example, a bunch of TI CC1101s.
Such a project would probably work similarly to this ultrasonic speaker (just in RF not audio). https://hackaday.com/2025/03/04/build-a-parametric-speaker-of-your-own/
Worth noting: the recently released SignalSDR Pro ( https://github.com/signalens/signalsdrpro ) can emulate the USRP B210 in hardware (FPGA), at half the price of the USRP B210.
Still expensive, but much more approachable than 2k or 10k USD !