Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

Related tags

Security related resourcespythonradioiotsecurityqthackingwirelesssdrrtl-sdrhackrfairspyusrpsdrplaybladerflimesdr
Overview

URH image

Build Status PyPI version Packaging status Blackhat Arsenal 2017 Blackhat Arsenal 2018

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.

Getting started

In order to get started

If you like URH, please this repository and join our Slack channel. We appreciate your support!

Citing URH

We encourage researchers working with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.

URH BibTeX entry for your research paper 
@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}

Installation

URH runs on Windows, Linux and macOS. Click on your operating system below to view installation instructions.

Windows

On Windows, URH can be installed with its Installer. No further dependencies are required.

If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.

Linux
Generic Installation with pip (recommended)

URH is available on PyPi so you can install it with

# IMPORTANT: Make sure your pip is up to date
sudo python3 -m pip install --upgrade pip  # Update your pip installation
sudo python3 -m pip install urh            # Install URH

This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.

In order to access your SDR as non-root user, install the according udev rules. You can find them in the wiki.

Install via Package Manager

URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.

Note: For native support, you must install the according -dev package(s) of your SDR(s) such as hackrf-dev before installing URH.

Snap

URH is available as a snap: https://snapcraft.io/urh

Docker Image

The official URH docker image is available here. It has all native backends included and ready to operate.

macOS
Using DMG

It is recommended to use at least macOS 10.14 when using the DMG available here.

With pip
  1. Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
  2. (Optional) Install desired native libs e.g. brew install librtlsdr for corresponding native device support.
  3. In a terminal, type: pip3 install urh.
  4. Type urh in a terminal to get it started.
Update your installation

If you installed URH via pip you can keep it up to date with python3 -m pip install --upgrade urh.

Running from source
Without installation

To execute the Universal Radio Hacker without installation, just run:

git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py

Note, before first usage the C++ extensions will be built.

Installing from source

To install URH from source you need to have python-setuptools installed. You can get them with python3 -m pip install setuptools. Once the setuptools are installed execute:

git clone https://github.com/jopohl/urh/
cd urh
python setup.py install

And start the application by typing urh in a terminal.

Articles

Hacking stuff with URH

General presentations and tutorials on URH

External decodings

See wiki for a list of external decodings provided by our community! Thanks for that!

Screenshots

Get the data out of raw signals

Interpretation phase

Keep an overview even on complex protocols

Analysis phase

Record and send signals

Record

Comments
  • Enable SDRPlay in Windows version

    Enable SDRPlay in Windows version

    I'm unable to enable SDRPlay in windows version .msi

    Not sure if it requires a dll file like other sdr's in the C:\Program Files\Universal Radio Hacker directory Also i have the pothossdr suite installed and am able to use gqrx in windows with the SDRPlay, not sure if that makes a difference or not. image

    bug sdr windows 
    opened by vsboost 62
  • USRP B200: failed to start rx mode

    USRP B200: failed to start rx mode

    Expected Behavior
    Actual Behavior
    Steps To Reproduce

    1. Go to 'FILE'

    2. Click on 'Record signal' / OR Spektrum analyzer

    3. See error

    Screenshots

    https://imgur.com/a/rHIfwZ6

    Platform Specifications
    • OS: [e.g. Arch Linux]
    • URH version: [e.g. 2.5.3]
    • Python version: [e.g. 3.6.3]
    • Installed via [msi win 64] hi i used to run an old version of URH without any issue. i ve seen an update, so i ve uninstalled my current version, installed new one, and now , even it manage my usrp b205 as you can see on the screenshot, it never start rx mode. did i missed something? anything i can do in order to solv it? thank you for your time best regards herve
    windows 
    opened by nocomp 52
  • Installing on windows error

    Installing on windows error

    On windows 7 (Ultimate 64 bit), with python 3.5 (32 bit) I can not install urh via command `

    python -m pip install urh

    I am receiving error ImportError: No module named src.urh.version What should I do to run it on windows

    installation 
    opened by RYucel 32
  • Issues with USRP B200

    Issues with USRP B200

    There seem to be problems with native support for USRP B200 on Windows #589 and OSX #577. Since we do not have a USRP B200 for testing, we need some help. I see two options:

    1. Someone in contact with Ettus can arrange getting a test device for us.
    2. Someone with a USRP B series device helps us with debugging.
    sdr windows macOS help wanted 
    opened by jopohl 22
  • Raspberry Buster can't install

    Raspberry Buster can't install

    Raspberry Buster 2021-01-11 URH can't install

    Actual Behavior

    The same error with 3 diffrerent installation method: command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-i1mojk0v/pyqt5/

    Steps To Reproduce
    1. The proposed standard solution: sudo apt-get install python3-numpy python3-psutil python3-zmq python3-pyqt5 g++ libpython3-dev python3-pip sudo pip3 install urh
    2. Proposed in bug report sudo python3 -m pip install urh
    3. Proposed in another bug report: sudo su pip3 install urh
    4. See the same error
    Platform Specifications
    • OS: Raspberry Buster 2021-01-11
    • URH version: ?
    • Python version: 3.7, pip: 18.1
    opened by fenyvesi 21
  • request: add MSK modulation type

    request: add MSK modulation type

    i'm working with the cc1101 and this chip has different modulation types, which you can use: ASK, 2-FSK, GFSK, 4-FSK, MSK (offset QPSK with half-sine shaping).

    ASK and GFSK Mode works great, but if time please add also MSK modulation type.

    thx

    feature discussion 
    opened by SpaceTeddy 21
  • Can't enable device in macOS 10.12.2

    Can't enable device in macOS 10.12.2

    I've tried to install urh using pip3 and also build from sources. In each case I was not able to enable rtlsdr in settings (this option is grayed out). librtlsdr is installed. Device is physically connected to the usb and works fine in gqrx or cubicsdr.

    Log from the compilation: http://pastebin.com/ZPWTC9zu

    installation 
    opened by matix2120 21
  • LimeSDR: Failed to receive stream

    LimeSDR: Failed to receive stream

    Expected Behavior

    Capture signals and display them.

    Actual Behavior

    No signals captured. Here's the error on stdout:

    [WARNING::LimeSDR.py::receive_sync] LimeSDR: Failed to receive stream

    I can access the board fine with LimeSuiteGui

    Steps to Reproduce the Problem

    1. build limesuite from git
    2. python3 setup.py install --without-hackrf --without-rtlsdr --without-airspy --without-usrp
    3. urh
    4. try to record on a known strong freq.

    Platform Specifications

    • Python Version: 3.6.0
    • Operating System: linux
    • Version of URH: git master (1.8.4)
    • URH was installed [X] from source

    I think this may be related to issue https://github.com/jopohl/urh/issues/297 but I'm not sure. Filing this in case it's unrelated.

    sdr 
    opened by romeojulietthotel 20
  • Cannot Start HackRF Device Windows 7 x64

    Cannot Start HackRF Device Windows 7 x64

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    Start the HackRF successfully

    Actual Behavior

    I get this error: HackRF-SETUP: HACKRF_ERROR_NOT_FOUND (-5)

    I found this odd because I have the HackRF works under SDR# and gnuradio. I have hackrf tools installed here is the output of 'hackrf_info'

    Found HackRF board.
Board ID Number: 2 (HackRF One)
Firmware Version: 2015.07.2
Part ID Number: 0x00534f62 0x00534f62
Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f5122e1

    Steps to Reproduce the Problem

    1. Windows 7 x64 with requirements installed
    2. Start urh and enable the hackrf
    3. Attempt to start the device by recording a complex sample.

    Platform Specifications

    • Python Version: 3.0.6
    • Operating System: windows 7 x64
    • Version of URH: 1.6.4.2
    installation windows 
    opened by KR0SIV 19
  • Global python error

    Global python error

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    i use an usrp with gnu radio without any issue, everything works fine when launching urh, it doesn t see my gnuradio install and i can modify the path either

    Actual Behavior

    global python error https://imgur.com/a/JJpo3

    Steps to Reproduce the Problem

    1.installed .msi version 2.plugged usrp 3.launched urh

    Platform Specifications

    • Python Version: 2.7.10
    • Operating System: win 10 64b
    • Version of URH: 1.8.14
    • URH was installed: __from .msi
    windows 
    opened by nocomp 18
  • On Windows 10 UI does not render, executable is running though

    On Windows 10 UI does not render, executable is running though

    Expected Behavior

    Upon on clicking the shortcut on the desktop the program should open its main window.

    Actual Behavior

    Actually the Main program window is not showing but proces explorer shows the .exe running

    Steps To Reproduce
    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error
    Screenshots
    Platform Specifications

    Windows 10

    opened by MrBambix 17
  • Y-scale autoscale feature (with a manual trigger)

    Y-scale autoscale feature (with a manual trigger)

    Is your feature request related to a problem?

    Sometimes the otherwise very useful discrete Y-scale levels prove to be a burden and a simple autoscale feature is desired. I need to emphasize that by no means the triggering should be automatic, the auto- part refers to calculating the adaptive (continuous) value upon triggering.

    Describe the solution you'd like

    It would be great to have an autoscale button besides every Y-Scale slider (or in its right-click options). The calculated scaling value should be so that the signal amplitude maximum is (exactly) at 90% of the scale. The autoscale function should also have a logic to set scaling and ofsetting correctly in case of a bipolar or a unipolar signal.

    There are two points/usecases for now. The first is to ease the visual comparison between signals amplitude-wise and the second is to more efficiently use screen estate, especially with smaller screens.

    Describe alternatives you've considered

    Due to HDR nature of RF signals manual amplitude scaling proves to be too rough even for quick visual comparisons. I found no other alternatives in the URH.

    feature 
    opened by drws 0
  • URH with X310 and Twin RX

    URH with X310 and Twin RX

    Expected Behavior

    Select supported sample rate of 50 or 100msps

    Actual Behavior]

    Double Free or Corruption shown in terminal windows upon starting spec a

    [INFO::Device.py::log_retcode] USRP-OPEN (type=x300,addr=192.168.40.2,fpga=HG,name=,serial=31,product=X310): Success [INFO::Device.py::log_retcode] USRP-SET_SUBDEVICE to : Success [INFO::Device.py::log_retcode] USRP-SET_ANTENNA_INDEX to 0: Success [INFO::Device.py::log_retcode] USRP-SET_FREQUENCY to 433.92M: Success [INFO::Device.py::log_retcode] USRP-SET_SAMPLE_RATE to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_BANDWIDTH to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_RF_GAIN to 0.25: Success Odouble free or corruption (out)

    Steps To Reproduce

    Start URH 2.9.3, select spec a, attempt to start with 50M or 100M in Sample rate/bandwidth. Although bandwidth is limited I think to 80MHz wide per channel on the Twin RX.

    Platform Specifications

    Ubuntu 20.04 (DragonOS) w/ UHD 3.15

    Happy to test further while I have this device available. Although, I guess it wouldn't be of much use using such a large sample rate/bandwidth in URH?

    opened by alphafox02 2
  • Better Documentation for urh_cli

    Better Documentation for urh_cli

    Is your feature request related to a problem?
    • I keep getting asked for modulation parameters but there is no documentation of proper syntax and what are my options.
    • Furthermore I am not modulating, I am only passing the -rx parameter and settings things that relate to demodulation so that also has me scratching my head and thinking, what modulation parameters?
    Describe the solution you'd like
    • Just better documentation of the cli interface in general. Some features of the GUI are also undocumented and found them through someone else's question and answer to themselves.
    • ascii files filled with ones and zeros can get huge, an option for binary output of the captures would be great.
    Describe alternatives you've considered
    Additional context
    feature documentation 
    opened by EdwinFairchild 0
  • Demodulation is significantly slower via `urh_cli`

    Demodulation is significantly slower via `urh_cli`

    Expected Behavior

    Messages should be appended to the ProtocolSniffer.messages list as soon as they are available.

    Actual Behavior

    There is a significant lag when using urh_cli compared to the URH GUI. It's almost as if messages are being polled for every 5 seconds (not saying this is the case but for explanation's sake), compared to URH where - when a signal is demodulated, it appears almost instantly.

    Steps To Reproduce

    Compare the delay between urh_cli and URH GUI when demodulating any signal. In my case, it was FSK using default settings, obviously the frequency has been changed.

    Platform Specifications
    • OS: Kali Linux
    • URH version: 2.9.3
    • Python version: 3.10.4
    • Installed via pip
    feature 
    opened by braedinski 1
  • Generate reuasable format from demodulated raw capture data

    Generate reuasable format from demodulated raw capture data

    A few tools out there specifically the FlipperZero capture raw rf data as a demodulated number sequences. Would it be possible to add support for importing and or converting these in the generator or Analysis tools? Ideally I'm looking for a way to transfer captures between devices. So it would be cool if you could also export into this format.

    Here is an example capture:

    Version: 1
Frequency: 315000000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: RAW
RAW_Data: 337 -426 363 -888242 167 -356 105 -368 93 -380 327 -126 353 -126 337 -128 339 -128 337 -128 93 -358 347 -132 333 -122 341 -128 121 -370 101 -368 91 -382 317 -134 141 -362 105 -336 127 -356 95 -370 349 -130 329 -124 337 -128 337 -130 123 -3698 97 -374 129 -338 127 -342 351 -140 325 -142 335 -96 345 -126 337 -128 125 -368 341 -140 305 -132 359 -94 121 -374 101 -368 93 -384 351 -102 141 -364 103 -336 129 -372 103 -360 347 -108 361 -106 339 -130 323 -124 123 -3710 131 -360 103 -358 105 -370 327 -142 335 -128 327 -140 361 -106 343 -102 137 -352 353 -94 345 -138 337 -126 97 -376 105 -370 91 -396 331 -132 101 -358 107 -370 93 -394 101 -362 347 -106 363 -106 339 -130 355 -92 121 -3706 129 -342 129 -338 129 -340 347 -124 339 -128 369 -96 337 -128 339 -124 125 -354 347 -132 333 -122 339 -126 121 -372 101 -366 91 -382 351 -102 143 -362 105 -334 129 -356 93 -372 349 -132 329 -124 335 -128 337 -128 125 -3698 131 -360 103 -376 105 -334 353 -140 333 -126 347 -94 369 -96 371 -96 125 -370 329 -140 337 -126 351 -94 123 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -370 349 -132 329 -124 337 -128 337 -128 125 -3704 97 -392 103 -342 137 -334 353 -138 335 -126 361 -106 359 -106 345 -102 135 -356 357 -106 347 -102 365 -92 121 -374 103 -368 125 -366 331 -132 103 -358 105 -370 93 -394 103 -360 349 -106 361 -106 339 -130 355 -94 121 -3712 133 -358 101 -358 105 -370 363 -106 337 -128 349 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -384 351 -102 143 -362 105 -336 127 -372 105 -360 349 -106 361 -108 339 -128 355 -92 123 -3710 131 -358 103 -358 107 -370 329 -140 337 -126 351 -94 369 -96 369 -98 125 -368 363 -108 335 -128 351 -94 121 -374 101 -368 93 -382 351 -104 141 -362 105 -336 127 -374 103 -360 349 -108 361 -106 339 -130 355 -94 121 -3714 99 -392 103 -358 107 -368 327 -140 335 -128 349 -94 391 -104 359 -106 105 -362 357 -106 347 -140 329 -94 139 -342 127 -360 93 -392 327 -122 121 -350 139 -334 127 -356 93 -372 347 -132 331 -124 335 -128 337 -130 123 -3698 133 -358 103 -378 105 -334 353 -140 335 -126 347 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -372 349 -130 331 -124 337 -128 337 -128 125 -3700 129 -340 129 -340 127 -342 343 -126
    feature 
    opened by ResistanceIsUseless 7
Releases(v2.9.3)
Owner
Dr. Johannes Pohl
Interests: Wireless Security, Infrastructure Automation (DevOps), Artificial Intelligence
Dr. Johannes Pohl
GitHub Repository
Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228

log4j-honeypot-flask Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 This can be

Binary Defense 144 Nov 19, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
wsvuls - website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.]

WSVuls Website vulnerability scanner detect issues [ outdated server software and insecure HTTP headers.] What's WSVuls? WSVuls is a simple and powerf

Anouar Ben Saad 47 Sep 22, 2022
The Modern Hash Identification System

🔗 Don't know what type of hash it is? Name That Hash will name that hash type! 🤖 Identify MD5, SHA256 and 3000+ other hashes ☄ Comes with a neat web app 🔥

1.2k Dec 28, 2022
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

CoolerVoid 167 Dec 19, 2022
Gmail Accounts Hacking

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

Aryan 25 Nov 10, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022
Chapter 1 of the AWS Cookbook

Chapter 1 - Security Set and export your default region: export AWS_REGION=us-east-1 Set your AWS ACCOUNT ID:: AWS_ACCOUNT_ID=$(aws sts get-caller-ide

AWS Cookbook 30 Nov 27, 2022
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

frontal 1 Jan 11, 2022
Python library to prevent XSS(cross site scripting attach) by removing harmful content from data.

A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns va

2 Jul 05, 2022
Rapidly enumerate subdomains and domains using rapiddns.io.

Description Simple python module (unofficial) allowing you to access data from rapiddns.io. You can also use it as a module. As mentioned on the rapid

27 Dec 31, 2022
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
威胁情报播报

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息: 360:https://cert.360.cn/warning 奇安信:https://ti.qianxin.com/advisory/ 红后:https://redqueen.tj-u

东方有鱼名为咸 148 Nov 09, 2022
CVE-2021-22205& GitLab CE/EE RCE

Vuln Impact An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files tha

Al1ex 213 Dec 30, 2022
Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

Cowrie 4.1k Jan 09, 2023
DNS hijacking via dead records automation tool

DeadDNS Multi-threaded DNS hijacking via dead records automation tool How it works 1) Dig provided subdomains file for dead DNS records. 2) Dig the fo

45 Dec 20, 2022
A simple Outline Server Access Key Copy and Paste Web Interface

Outline Keychain A simple Outline Server Access Key Copy and Paste Web Interface Developed for key and password export and copy & paste for other Shad

Zhe 1 Dec 28, 2021
Generate malicious files using recently published bidi-attack (CVE-2021-42574)

CVE-2021-42574 - Code generator Generate malicious files using recently published bidi-attack vulnerability, which was discovered in Unicode Specifica

js-on 7 Nov 09, 2022
A python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Hcoder This is a python base script from which you can hack or clone any person's facebook friendlist or followers accounts which have simple password

Muhammad Hamza 3 Dec 06, 2021