Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

Related tags

Security related resourcespythonradioiotsecurityqthackingwirelesssdrrtl-sdrhackrfairspyusrpsdrplaybladerflimesdr
Overview

URH image

Build Status PyPI version Packaging status Blackhat Arsenal 2017 Blackhat Arsenal 2018

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.

Getting started

In order to get started

If you like URH, please this repository and join our Slack channel. We appreciate your support!

Citing URH

We encourage researchers working with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.

URH BibTeX entry for your research paper 
@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}

Installation

URH runs on Windows, Linux and macOS. Click on your operating system below to view installation instructions.

Windows

On Windows, URH can be installed with its Installer. No further dependencies are required.

If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.

Linux
Generic Installation with pip (recommended)

URH is available on PyPi so you can install it with

# IMPORTANT: Make sure your pip is up to date
sudo python3 -m pip install --upgrade pip  # Update your pip installation
sudo python3 -m pip install urh            # Install URH

This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.

In order to access your SDR as non-root user, install the according udev rules. You can find them in the wiki.

Install via Package Manager

URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.

Note: For native support, you must install the according -dev package(s) of your SDR(s) such as hackrf-dev before installing URH.

Snap

URH is available as a snap: https://snapcraft.io/urh

Docker Image

The official URH docker image is available here. It has all native backends included and ready to operate.

macOS
Using DMG

It is recommended to use at least macOS 10.14 when using the DMG available here.

With pip
  1. Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
  2. (Optional) Install desired native libs e.g. brew install librtlsdr for corresponding native device support.
  3. In a terminal, type: pip3 install urh.
  4. Type urh in a terminal to get it started.
Update your installation

If you installed URH via pip you can keep it up to date with python3 -m pip install --upgrade urh.

Running from source
Without installation

To execute the Universal Radio Hacker without installation, just run:

git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py

Note, before first usage the C++ extensions will be built.

Installing from source

To install URH from source you need to have python-setuptools installed. You can get them with python3 -m pip install setuptools. Once the setuptools are installed execute:

git clone https://github.com/jopohl/urh/
cd urh
python setup.py install

And start the application by typing urh in a terminal.

Articles

Hacking stuff with URH

General presentations and tutorials on URH

External decodings

See wiki for a list of external decodings provided by our community! Thanks for that!

Screenshots

Get the data out of raw signals

Interpretation phase

Keep an overview even on complex protocols

Analysis phase

Record and send signals

Record

Comments
  • Enable SDRPlay in Windows version

    Enable SDRPlay in Windows version

    I'm unable to enable SDRPlay in windows version .msi

    Not sure if it requires a dll file like other sdr's in the C:\Program Files\Universal Radio Hacker directory Also i have the pothossdr suite installed and am able to use gqrx in windows with the SDRPlay, not sure if that makes a difference or not. image

    bug sdr windows 
    opened by vsboost 62
  • USRP B200: failed to start rx mode

    USRP B200: failed to start rx mode

    Expected Behavior
    Actual Behavior
    Steps To Reproduce

    1. Go to 'FILE'

    2. Click on 'Record signal' / OR Spektrum analyzer

    3. See error

    Screenshots

    https://imgur.com/a/rHIfwZ6

    Platform Specifications
    • OS: [e.g. Arch Linux]
    • URH version: [e.g. 2.5.3]
    • Python version: [e.g. 3.6.3]
    • Installed via [msi win 64] hi i used to run an old version of URH without any issue. i ve seen an update, so i ve uninstalled my current version, installed new one, and now , even it manage my usrp b205 as you can see on the screenshot, it never start rx mode. did i missed something? anything i can do in order to solv it? thank you for your time best regards herve
    windows 
    opened by nocomp 52
  • Installing on windows error

    Installing on windows error

    On windows 7 (Ultimate 64 bit), with python 3.5 (32 bit) I can not install urh via command `

    python -m pip install urh

    I am receiving error ImportError: No module named src.urh.version What should I do to run it on windows

    installation 
    opened by RYucel 32
  • Issues with USRP B200

    Issues with USRP B200

    There seem to be problems with native support for USRP B200 on Windows #589 and OSX #577. Since we do not have a USRP B200 for testing, we need some help. I see two options:

    1. Someone in contact with Ettus can arrange getting a test device for us.
    2. Someone with a USRP B series device helps us with debugging.
    sdr windows macOS help wanted 
    opened by jopohl 22
  • Raspberry Buster can't install

    Raspberry Buster can't install

    Raspberry Buster 2021-01-11 URH can't install

    Actual Behavior

    The same error with 3 diffrerent installation method: command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-i1mojk0v/pyqt5/

    Steps To Reproduce
    1. The proposed standard solution: sudo apt-get install python3-numpy python3-psutil python3-zmq python3-pyqt5 g++ libpython3-dev python3-pip sudo pip3 install urh
    2. Proposed in bug report sudo python3 -m pip install urh
    3. Proposed in another bug report: sudo su pip3 install urh
    4. See the same error
    Platform Specifications
    • OS: Raspberry Buster 2021-01-11
    • URH version: ?
    • Python version: 3.7, pip: 18.1
    opened by fenyvesi 21
  • request: add MSK modulation type

    request: add MSK modulation type

    i'm working with the cc1101 and this chip has different modulation types, which you can use: ASK, 2-FSK, GFSK, 4-FSK, MSK (offset QPSK with half-sine shaping).

    ASK and GFSK Mode works great, but if time please add also MSK modulation type.

    thx

    feature discussion 
    opened by SpaceTeddy 21
  • Can't enable device in macOS 10.12.2

    Can't enable device in macOS 10.12.2

    I've tried to install urh using pip3 and also build from sources. In each case I was not able to enable rtlsdr in settings (this option is grayed out). librtlsdr is installed. Device is physically connected to the usb and works fine in gqrx or cubicsdr.

    Log from the compilation: http://pastebin.com/ZPWTC9zu

    installation 
    opened by matix2120 21
  • LimeSDR: Failed to receive stream

    LimeSDR: Failed to receive stream

    Expected Behavior

    Capture signals and display them.

    Actual Behavior

    No signals captured. Here's the error on stdout:

    [WARNING::LimeSDR.py::receive_sync] LimeSDR: Failed to receive stream

    I can access the board fine with LimeSuiteGui

    Steps to Reproduce the Problem

    1. build limesuite from git
    2. python3 setup.py install --without-hackrf --without-rtlsdr --without-airspy --without-usrp
    3. urh
    4. try to record on a known strong freq.

    Platform Specifications

    • Python Version: 3.6.0
    • Operating System: linux
    • Version of URH: git master (1.8.4)
    • URH was installed [X] from source

    I think this may be related to issue https://github.com/jopohl/urh/issues/297 but I'm not sure. Filing this in case it's unrelated.

    sdr 
    opened by romeojulietthotel 20
  • Cannot Start HackRF Device Windows 7 x64

    Cannot Start HackRF Device Windows 7 x64

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    Start the HackRF successfully

    Actual Behavior

    I get this error: HackRF-SETUP: HACKRF_ERROR_NOT_FOUND (-5)

    I found this odd because I have the HackRF works under SDR# and gnuradio. I have hackrf tools installed here is the output of 'hackrf_info'

    Found HackRF board.
Board ID Number: 2 (HackRF One)
Firmware Version: 2015.07.2
Part ID Number: 0x00534f62 0x00534f62
Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f5122e1

    Steps to Reproduce the Problem

    1. Windows 7 x64 with requirements installed
    2. Start urh and enable the hackrf
    3. Attempt to start the device by recording a complex sample.

    Platform Specifications

    • Python Version: 3.0.6
    • Operating System: windows 7 x64
    • Version of URH: 1.6.4.2
    installation windows 
    opened by KR0SIV 19
  • Global python error

    Global python error

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    i use an usrp with gnu radio without any issue, everything works fine when launching urh, it doesn t see my gnuradio install and i can modify the path either

    Actual Behavior

    global python error https://imgur.com/a/JJpo3

    Steps to Reproduce the Problem

    1.installed .msi version 2.plugged usrp 3.launched urh

    Platform Specifications

    • Python Version: 2.7.10
    • Operating System: win 10 64b
    • Version of URH: 1.8.14
    • URH was installed: __from .msi
    windows 
    opened by nocomp 18
  • On Windows 10 UI does not render, executable is running though

    On Windows 10 UI does not render, executable is running though

    Expected Behavior

    Upon on clicking the shortcut on the desktop the program should open its main window.

    Actual Behavior

    Actually the Main program window is not showing but proces explorer shows the .exe running

    Steps To Reproduce
    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error
    Screenshots
    Platform Specifications

    Windows 10

    opened by MrBambix 17
  • Y-scale autoscale feature (with a manual trigger)

    Y-scale autoscale feature (with a manual trigger)

    Is your feature request related to a problem?

    Sometimes the otherwise very useful discrete Y-scale levels prove to be a burden and a simple autoscale feature is desired. I need to emphasize that by no means the triggering should be automatic, the auto- part refers to calculating the adaptive (continuous) value upon triggering.

    Describe the solution you'd like

    It would be great to have an autoscale button besides every Y-Scale slider (or in its right-click options). The calculated scaling value should be so that the signal amplitude maximum is (exactly) at 90% of the scale. The autoscale function should also have a logic to set scaling and ofsetting correctly in case of a bipolar or a unipolar signal.

    There are two points/usecases for now. The first is to ease the visual comparison between signals amplitude-wise and the second is to more efficiently use screen estate, especially with smaller screens.

    Describe alternatives you've considered

    Due to HDR nature of RF signals manual amplitude scaling proves to be too rough even for quick visual comparisons. I found no other alternatives in the URH.

    feature 
    opened by drws 0
  • URH with X310 and Twin RX

    URH with X310 and Twin RX

    Expected Behavior

    Select supported sample rate of 50 or 100msps

    Actual Behavior]

    Double Free or Corruption shown in terminal windows upon starting spec a

    [INFO::Device.py::log_retcode] USRP-OPEN (type=x300,addr=192.168.40.2,fpga=HG,name=,serial=31,product=X310): Success [INFO::Device.py::log_retcode] USRP-SET_SUBDEVICE to : Success [INFO::Device.py::log_retcode] USRP-SET_ANTENNA_INDEX to 0: Success [INFO::Device.py::log_retcode] USRP-SET_FREQUENCY to 433.92M: Success [INFO::Device.py::log_retcode] USRP-SET_SAMPLE_RATE to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_BANDWIDTH to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_RF_GAIN to 0.25: Success Odouble free or corruption (out)

    Steps To Reproduce

    Start URH 2.9.3, select spec a, attempt to start with 50M or 100M in Sample rate/bandwidth. Although bandwidth is limited I think to 80MHz wide per channel on the Twin RX.

    Platform Specifications

    Ubuntu 20.04 (DragonOS) w/ UHD 3.15

    Happy to test further while I have this device available. Although, I guess it wouldn't be of much use using such a large sample rate/bandwidth in URH?

    opened by alphafox02 2
  • Better Documentation for urh_cli

    Better Documentation for urh_cli

    Is your feature request related to a problem?
    • I keep getting asked for modulation parameters but there is no documentation of proper syntax and what are my options.
    • Furthermore I am not modulating, I am only passing the -rx parameter and settings things that relate to demodulation so that also has me scratching my head and thinking, what modulation parameters?
    Describe the solution you'd like
    • Just better documentation of the cli interface in general. Some features of the GUI are also undocumented and found them through someone else's question and answer to themselves.
    • ascii files filled with ones and zeros can get huge, an option for binary output of the captures would be great.
    Describe alternatives you've considered
    Additional context
    feature documentation 
    opened by EdwinFairchild 0
  • Demodulation is significantly slower via `urh_cli`

    Demodulation is significantly slower via `urh_cli`

    Expected Behavior

    Messages should be appended to the ProtocolSniffer.messages list as soon as they are available.

    Actual Behavior

    There is a significant lag when using urh_cli compared to the URH GUI. It's almost as if messages are being polled for every 5 seconds (not saying this is the case but for explanation's sake), compared to URH where - when a signal is demodulated, it appears almost instantly.

    Steps To Reproduce

    Compare the delay between urh_cli and URH GUI when demodulating any signal. In my case, it was FSK using default settings, obviously the frequency has been changed.

    Platform Specifications
    • OS: Kali Linux
    • URH version: 2.9.3
    • Python version: 3.10.4
    • Installed via pip
    feature 
    opened by braedinski 1
  • Generate reuasable format from demodulated raw capture data

    Generate reuasable format from demodulated raw capture data

    A few tools out there specifically the FlipperZero capture raw rf data as a demodulated number sequences. Would it be possible to add support for importing and or converting these in the generator or Analysis tools? Ideally I'm looking for a way to transfer captures between devices. So it would be cool if you could also export into this format.

    Here is an example capture:

    Version: 1
Frequency: 315000000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: RAW
RAW_Data: 337 -426 363 -888242 167 -356 105 -368 93 -380 327 -126 353 -126 337 -128 339 -128 337 -128 93 -358 347 -132 333 -122 341 -128 121 -370 101 -368 91 -382 317 -134 141 -362 105 -336 127 -356 95 -370 349 -130 329 -124 337 -128 337 -130 123 -3698 97 -374 129 -338 127 -342 351 -140 325 -142 335 -96 345 -126 337 -128 125 -368 341 -140 305 -132 359 -94 121 -374 101 -368 93 -384 351 -102 141 -364 103 -336 129 -372 103 -360 347 -108 361 -106 339 -130 323 -124 123 -3710 131 -360 103 -358 105 -370 327 -142 335 -128 327 -140 361 -106 343 -102 137 -352 353 -94 345 -138 337 -126 97 -376 105 -370 91 -396 331 -132 101 -358 107 -370 93 -394 101 -362 347 -106 363 -106 339 -130 355 -92 121 -3706 129 -342 129 -338 129 -340 347 -124 339 -128 369 -96 337 -128 339 -124 125 -354 347 -132 333 -122 339 -126 121 -372 101 -366 91 -382 351 -102 143 -362 105 -334 129 -356 93 -372 349 -132 329 -124 335 -128 337 -128 125 -3698 131 -360 103 -376 105 -334 353 -140 333 -126 347 -94 369 -96 371 -96 125 -370 329 -140 337 -126 351 -94 123 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -370 349 -132 329 -124 337 -128 337 -128 125 -3704 97 -392 103 -342 137 -334 353 -138 335 -126 361 -106 359 -106 345 -102 135 -356 357 -106 347 -102 365 -92 121 -374 103 -368 125 -366 331 -132 103 -358 105 -370 93 -394 103 -360 349 -106 361 -106 339 -130 355 -94 121 -3712 133 -358 101 -358 105 -370 363 -106 337 -128 349 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -384 351 -102 143 -362 105 -336 127 -372 105 -360 349 -106 361 -108 339 -128 355 -92 123 -3710 131 -358 103 -358 107 -370 329 -140 337 -126 351 -94 369 -96 369 -98 125 -368 363 -108 335 -128 351 -94 121 -374 101 -368 93 -382 351 -104 141 -362 105 -336 127 -374 103 -360 349 -108 361 -106 339 -130 355 -94 121 -3714 99 -392 103 -358 107 -368 327 -140 335 -128 349 -94 391 -104 359 -106 105 -362 357 -106 347 -140 329 -94 139 -342 127 -360 93 -392 327 -122 121 -350 139 -334 127 -356 93 -372 347 -132 331 -124 335 -128 337 -130 123 -3698 133 -358 103 -378 105 -334 353 -140 335 -126 347 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -372 349 -130 331 -124 337 -128 337 -128 125 -3700 129 -340 129 -340 127 -342 343 -126
    feature 
    opened by ResistanceIsUseless 7
Releases(v2.9.3)
Owner
Dr. Johannes Pohl
Interests: Wireless Security, Infrastructure Automation (DevOps), Artificial Intelligence
Dr. Johannes Pohl
GitHub Repository
An intranet tool for easily intranet pentesting

IntarKnife v1.0 a tool can be used in intarnet for easily pentesting moudle hash spray U can use this tool to spray hash on a webshell IntraKnife.exe

4 Nov 24, 2021
For educational purposes only. (Uzbek Edition)

DISCLAIMER 💣 Ushbu skriptdagi materiallar bilan bog'liq har qanday xatti-harakatlar faqat sizning javobgarligingizdir. Ushbu skriptdagi ma'lumotlarda

Husniddin Murodov 1 Feb 12, 2022
EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。

EyeJo EyeJo是一款自动化资产风险评估平台,可以协助甲方安全人员或乙方安全人员对授权的资产中进行排查,快速发现存在的薄弱点和攻击面。 免责声明 本平台集成了大量的互联网公开工具,主要是方便安全人员整理、排查资产、安全测试等,切勿用于非法用途。使用者存在危害网络安全等任何非法行为,后果自负,作

429 Dec 31, 2022
OSINT Cybersecurity Tools

OSINT Cybersecurity Tools Welcome to the World of OSINT: An ongoing collection of awesome tools and frameworks, best security software practices, libr

Paul Veillard, P. Eng 7 Jul 01, 2022
Blinder is a tool that will help you simplify the exploitation of blind SQL injection

Blinder Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely,

10 Dec 06, 2022
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

HubbleStack 368 Jan 04, 2023
Exploiting CVE-2021-44228 in Unifi Network Application for remote code execution and more

Log4jUnifi Exploiting CVE-2021-44228 in Unifi Network Application for remote cod

96 Jan 02, 2023
Lazarus analysis tools and research report

Lazarus Research This repository publishes analysis reports and analysis tools for Operation Dream Job and Operation JTrack for Lazarus. Tools Python

JPCERT Coordination Center 50 Sep 13, 2022
Laravel RCE (CVE-2021-3129)

CVE-2021-3129 - Laravel RCE About The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability. This script allows you to wri

Joshua van der Poll 21 Dec 27, 2022
Using python 3 and Flask an MVC system where the AES 128 CBC and Trivium algorithms

This project was developed using python 3 and Flask, it is an MVC system where the AES 128 CBC and Trivium algorithms can be tested through a communication between the computer and a device such as a

Brandon Israel Camacho Reyes 1 Dec 26, 2021
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

之乎者也 2.8k Dec 29, 2022
RCE Exploit for Gitlab < 13.9.4

GitLab-Wiki-RCE RCE Exploit for Gitlab 13.9.4 RCE via unsafe inline Kramdown options when rendering certain Wiki pages Allows any user with push acc

Enox 52 Nov 09, 2022
Script Crack Facebook Premium 🚶‍♂

premium Script Crack Facebook Premium 🚶‍♂ In Script Install Script $ pkg update && pkg upgrade $ termux-setup-storage $ pkg install python $ pkg inst

Yumasaa 2 Dec 19, 2021
OMIGOD! OM I GOOD? A free scanner to detect VMs vulnerable to one of the

omigood (OM I GOOD?) This repository contains a free scanner to detect VMs vulnerable to one of the "OMIGOD" vulnerabilities discovered by Wiz's threa

Marco Simioni 13 Jul 13, 2022
CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

lulz 117 Nov 28, 2022
Provides script to download and format public IP lists related to the Log4j exploit.

Provides script to download and format public IP lists related to the Log4j exploit. Current format includes: plain list, Cisco ASA Network Group.

Gianluca Ulivi 1 Jan 02, 2022
Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口

Glass是一款针对资产列表的快速指纹识别工具,通过调用Fofa/ZoomEye/Shodan/360等api接口快速查询资产信息并识别重点资产的指纹,也可针对IP/IP段或资产列表进行快速的指纹识别。

s7ck Team 764 Jan 05, 2023
Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

K A R T H I K 15 Dec 01, 2022
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

A python script to decrypt media files encrypted using the Android application 'Decrypting 'LOCKED Secret Calculator Vault''. Will identify PIN / pattern.

3 Sep 26, 2022