Wireless hacking 20120126
-
Upload
paul-tanner -
Category
Technology
-
view
348 -
download
0
description
Transcript of Wireless hacking 20120126
OSHUG #15 Hacking Commodity Wireless
Paul Tanner@paul_tanner
slideshare.net/paul_tanner
Background
● Why make what you can buy?
● Proprietary tech but with benefits
● Very limited doc● Not easy without
sophisticated tools● Let's mess around
Approach
● Observe the protocol● Increase the doc● Deduce the protocol● Code and test
● Transmitter (easy)● Receiver (hard)
● Iterate (potentially for ever :)
Nah! El-cheapo version
● Some of these devices use 433Mhz signalling
● In which case use audio recording
● PC or Mac + softwaree.g. Audacity
● Otherwise start saving up
RF-to-audio etc
● Ard. shield makes for convenient mounting
● Receiver has digital output and no embedded protocol
● Transmitter likewise● Alternatives available● Could add switches to
power down when not in use.
Some Results
Somewhat inconsistent snapshots but you get the idea
Get Measurements
● Simple program can capture pulse widths
● Inevitably there's noise – shield?
● Triggering needed for infrequent transmissions
● Then add decoder
Magic happens here
● Look for clues e.gBlogs etc
● Expect e.g. Manchester encoding
● Expect redundancy, e.g. checksums
● Hope for inspiration● Test and iterate
Conclusion
● It can be done● Most successful with
output devices● Very hard with
devices that send infrequently
● Online help limited but does exist