Software-defined radios (SDRs) are indispensable for signal reconnaissance and physical-layer dissection, but despite we have advanced tools like Universal Radio Hacker, SDR-based approaches require substantial effort. Contrarily, RF dongles such as the popular Yard Stick One are easy to use and guarantee a deterministic physical-layer implementation. However, they're not very flexible, as each dongle is a static hardware system with a monolithic firmware. We present RFquack, an open-source tool and library firmware that combines the flexibility of a software-based approach with the determinism and performance of embedded RF frontends. RFquack is based on a multi-radio hardware system with swappable RF frontends, and a firmware that exposes a uniform, hardware-agnostic API. RFquack focuses on a structured firmware architecture that allows high- and low-level interaction with the RF frontends. It facilitates the development of host-side scripts and firmware plug-ins, to implement efficient data-processing pipelines or interactive protocols, thanks to the multi-radio support. RFquack has an IPython shell and 9 firmware modules for: spectrum scanning, automatic carrier detection and bitrate estimation, headless operation with remote management, in-flight packet filtering and manipulation, MouseJack, and RollJam (as examples). We used RFquack to setup RF hacking contests, analyze industrial-grade devices and key fobs, on which we found and reported 11 vulnerabilities in their RF protocols.
翻译:软件定义的无线电台(SDRs)对于信号侦察和物理解剖是不可或缺的,但是尽管我们拥有通用无线电黑客号等先进工具,但基于特别提款权的方法需要大量的努力。相反,RFdolgles(如流行的Yard Stick One ) 等RFdgle(RF) 很容易使用,并且可以保证具有确定性的物理解剖。然而,它们并不十分灵活,因为每个Dolgle(SDR)是一个固定的硬件系统,有一个单一的固态软件。我们提供了RFquack(RF),一个开放源码工具,以及图书馆过滤器(RF),它把基于软件的方法的灵活性与嵌入的RF前端的确定性功能和性能结合起来。RFDukmack(R)基于一个多射线硬件硬件硬件硬件系统系统(RFRF),它用来支持一个高效的IP-处理管道或远程解析协议(RF),它用的是RF(RF)的服务器(RF) 和(RF)的滚动和(RF)模型(RF),它使用了一个不动和(RF) 和(RF)的服务器(RF) 和(RB)的滚动) 机和(RB) 机和(RF),用来的滚动) 机和(RB) 机和(RF) 机和(RB) 机)。