Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

Related tags

Security related resourcespythonradioiotsecurityqthackingwirelesssdrrtl-sdrhackrfairspyusrpsdrplaybladerflimesdr
Overview

URH image

Build Status PyPI version Packaging status Blackhat Arsenal 2017 Blackhat Arsenal 2018

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.

Getting started

In order to get started

If you like URH, please this repository and join our Slack channel. We appreciate your support!

Citing URH

We encourage researchers working with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.

URH BibTeX entry for your research paper 
@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}

Installation

URH runs on Windows, Linux and macOS. Click on your operating system below to view installation instructions.

Windows

On Windows, URH can be installed with its Installer. No further dependencies are required.

If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.

Linux
Generic Installation with pip (recommended)

URH is available on PyPi so you can install it with

# IMPORTANT: Make sure your pip is up to date
sudo python3 -m pip install --upgrade pip  # Update your pip installation
sudo python3 -m pip install urh            # Install URH

This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.

In order to access your SDR as non-root user, install the according udev rules. You can find them in the wiki.

Install via Package Manager

URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.

Note: For native support, you must install the according -dev package(s) of your SDR(s) such as hackrf-dev before installing URH.

Snap

URH is available as a snap: https://snapcraft.io/urh

Docker Image

The official URH docker image is available here. It has all native backends included and ready to operate.

macOS
Using DMG

It is recommended to use at least macOS 10.14 when using the DMG available here.

With pip
  1. Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
  2. (Optional) Install desired native libs e.g. brew install librtlsdr for corresponding native device support.
  3. In a terminal, type: pip3 install urh.
  4. Type urh in a terminal to get it started.
Update your installation

If you installed URH via pip you can keep it up to date with python3 -m pip install --upgrade urh.

Running from source
Without installation

To execute the Universal Radio Hacker without installation, just run:

git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py

Note, before first usage the C++ extensions will be built.

Installing from source

To install URH from source you need to have python-setuptools installed. You can get them with python3 -m pip install setuptools. Once the setuptools are installed execute:

git clone https://github.com/jopohl/urh/
cd urh
python setup.py install

And start the application by typing urh in a terminal.

Articles

Hacking stuff with URH

General presentations and tutorials on URH

External decodings

See wiki for a list of external decodings provided by our community! Thanks for that!

Screenshots

Get the data out of raw signals

Interpretation phase

Keep an overview even on complex protocols

Analysis phase

Record and send signals

Record

Comments
  • Enable SDRPlay in Windows version

    Enable SDRPlay in Windows version

    I'm unable to enable SDRPlay in windows version .msi

    Not sure if it requires a dll file like other sdr's in the C:\Program Files\Universal Radio Hacker directory Also i have the pothossdr suite installed and am able to use gqrx in windows with the SDRPlay, not sure if that makes a difference or not. image

    bug sdr windows 
    opened by vsboost 62
  • USRP B200: failed to start rx mode

    USRP B200: failed to start rx mode

    Expected Behavior
    Actual Behavior
    Steps To Reproduce

    1. Go to 'FILE'

    2. Click on 'Record signal' / OR Spektrum analyzer

    3. See error

    Screenshots

    https://imgur.com/a/rHIfwZ6

    Platform Specifications
    • OS: [e.g. Arch Linux]
    • URH version: [e.g. 2.5.3]
    • Python version: [e.g. 3.6.3]
    • Installed via [msi win 64] hi i used to run an old version of URH without any issue. i ve seen an update, so i ve uninstalled my current version, installed new one, and now , even it manage my usrp b205 as you can see on the screenshot, it never start rx mode. did i missed something? anything i can do in order to solv it? thank you for your time best regards herve
    windows 
    opened by nocomp 52
  • Installing on windows error

    Installing on windows error

    On windows 7 (Ultimate 64 bit), with python 3.5 (32 bit) I can not install urh via command `

    python -m pip install urh

    I am receiving error ImportError: No module named src.urh.version What should I do to run it on windows

    installation 
    opened by RYucel 32
  • Issues with USRP B200

    Issues with USRP B200

    There seem to be problems with native support for USRP B200 on Windows #589 and OSX #577. Since we do not have a USRP B200 for testing, we need some help. I see two options:

    1. Someone in contact with Ettus can arrange getting a test device for us.
    2. Someone with a USRP B series device helps us with debugging.
    sdr windows macOS help wanted 
    opened by jopohl 22
  • Raspberry Buster can't install

    Raspberry Buster can't install

    Raspberry Buster 2021-01-11 URH can't install

    Actual Behavior

    The same error with 3 diffrerent installation method: command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-i1mojk0v/pyqt5/

    Steps To Reproduce
    1. The proposed standard solution: sudo apt-get install python3-numpy python3-psutil python3-zmq python3-pyqt5 g++ libpython3-dev python3-pip sudo pip3 install urh
    2. Proposed in bug report sudo python3 -m pip install urh
    3. Proposed in another bug report: sudo su pip3 install urh
    4. See the same error
    Platform Specifications
    • OS: Raspberry Buster 2021-01-11
    • URH version: ?
    • Python version: 3.7, pip: 18.1
    opened by fenyvesi 21
  • request: add MSK modulation type

    request: add MSK modulation type

    i'm working with the cc1101 and this chip has different modulation types, which you can use: ASK, 2-FSK, GFSK, 4-FSK, MSK (offset QPSK with half-sine shaping).

    ASK and GFSK Mode works great, but if time please add also MSK modulation type.

    thx

    feature discussion 
    opened by SpaceTeddy 21
  • Can't enable device in macOS 10.12.2

    Can't enable device in macOS 10.12.2

    I've tried to install urh using pip3 and also build from sources. In each case I was not able to enable rtlsdr in settings (this option is grayed out). librtlsdr is installed. Device is physically connected to the usb and works fine in gqrx or cubicsdr.

    Log from the compilation: http://pastebin.com/ZPWTC9zu

    installation 
    opened by matix2120 21
  • LimeSDR: Failed to receive stream

    LimeSDR: Failed to receive stream

    Expected Behavior

    Capture signals and display them.

    Actual Behavior

    No signals captured. Here's the error on stdout:

    [WARNING::LimeSDR.py::receive_sync] LimeSDR: Failed to receive stream

    I can access the board fine with LimeSuiteGui

    Steps to Reproduce the Problem

    1. build limesuite from git
    2. python3 setup.py install --without-hackrf --without-rtlsdr --without-airspy --without-usrp
    3. urh
    4. try to record on a known strong freq.

    Platform Specifications

    • Python Version: 3.6.0
    • Operating System: linux
    • Version of URH: git master (1.8.4)
    • URH was installed [X] from source

    I think this may be related to issue https://github.com/jopohl/urh/issues/297 but I'm not sure. Filing this in case it's unrelated.

    sdr 
    opened by romeojulietthotel 20
  • Cannot Start HackRF Device Windows 7 x64

    Cannot Start HackRF Device Windows 7 x64

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    Start the HackRF successfully

    Actual Behavior

    I get this error: HackRF-SETUP: HACKRF_ERROR_NOT_FOUND (-5)

    I found this odd because I have the HackRF works under SDR# and gnuradio. I have hackrf tools installed here is the output of 'hackrf_info'

    Found HackRF board.
Board ID Number: 2 (HackRF One)
Firmware Version: 2015.07.2
Part ID Number: 0x00534f62 0x00534f62
Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f5122e1

    Steps to Reproduce the Problem

    1. Windows 7 x64 with requirements installed
    2. Start urh and enable the hackrf
    3. Attempt to start the device by recording a complex sample.

    Platform Specifications

    • Python Version: 3.0.6
    • Operating System: windows 7 x64
    • Version of URH: 1.6.4.2
    installation windows 
    opened by KR0SIV 19
  • Global python error

    Global python error

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    i use an usrp with gnu radio without any issue, everything works fine when launching urh, it doesn t see my gnuradio install and i can modify the path either

    Actual Behavior

    global python error https://imgur.com/a/JJpo3

    Steps to Reproduce the Problem

    1.installed .msi version 2.plugged usrp 3.launched urh

    Platform Specifications

    • Python Version: 2.7.10
    • Operating System: win 10 64b
    • Version of URH: 1.8.14
    • URH was installed: __from .msi
    windows 
    opened by nocomp 18
  • On Windows 10 UI does not render, executable is running though

    On Windows 10 UI does not render, executable is running though

    Expected Behavior

    Upon on clicking the shortcut on the desktop the program should open its main window.

    Actual Behavior

    Actually the Main program window is not showing but proces explorer shows the .exe running

    Steps To Reproduce
    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error
    Screenshots
    Platform Specifications

    Windows 10

    opened by MrBambix 17
  • Y-scale autoscale feature (with a manual trigger)

    Y-scale autoscale feature (with a manual trigger)

    Is your feature request related to a problem?

    Sometimes the otherwise very useful discrete Y-scale levels prove to be a burden and a simple autoscale feature is desired. I need to emphasize that by no means the triggering should be automatic, the auto- part refers to calculating the adaptive (continuous) value upon triggering.

    Describe the solution you'd like

    It would be great to have an autoscale button besides every Y-Scale slider (or in its right-click options). The calculated scaling value should be so that the signal amplitude maximum is (exactly) at 90% of the scale. The autoscale function should also have a logic to set scaling and ofsetting correctly in case of a bipolar or a unipolar signal.

    There are two points/usecases for now. The first is to ease the visual comparison between signals amplitude-wise and the second is to more efficiently use screen estate, especially with smaller screens.

    Describe alternatives you've considered

    Due to HDR nature of RF signals manual amplitude scaling proves to be too rough even for quick visual comparisons. I found no other alternatives in the URH.

    feature 
    opened by drws 0
  • URH with X310 and Twin RX

    URH with X310 and Twin RX

    Expected Behavior

    Select supported sample rate of 50 or 100msps

    Actual Behavior]

    Double Free or Corruption shown in terminal windows upon starting spec a

    [INFO::Device.py::log_retcode] USRP-OPEN (type=x300,addr=192.168.40.2,fpga=HG,name=,serial=31,product=X310): Success [INFO::Device.py::log_retcode] USRP-SET_SUBDEVICE to : Success [INFO::Device.py::log_retcode] USRP-SET_ANTENNA_INDEX to 0: Success [INFO::Device.py::log_retcode] USRP-SET_FREQUENCY to 433.92M: Success [INFO::Device.py::log_retcode] USRP-SET_SAMPLE_RATE to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_BANDWIDTH to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_RF_GAIN to 0.25: Success Odouble free or corruption (out)

    Steps To Reproduce

    Start URH 2.9.3, select spec a, attempt to start with 50M or 100M in Sample rate/bandwidth. Although bandwidth is limited I think to 80MHz wide per channel on the Twin RX.

    Platform Specifications

    Ubuntu 20.04 (DragonOS) w/ UHD 3.15

    Happy to test further while I have this device available. Although, I guess it wouldn't be of much use using such a large sample rate/bandwidth in URH?

    opened by alphafox02 2
  • Better Documentation for urh_cli

    Better Documentation for urh_cli

    Is your feature request related to a problem?
    • I keep getting asked for modulation parameters but there is no documentation of proper syntax and what are my options.
    • Furthermore I am not modulating, I am only passing the -rx parameter and settings things that relate to demodulation so that also has me scratching my head and thinking, what modulation parameters?
    Describe the solution you'd like
    • Just better documentation of the cli interface in general. Some features of the GUI are also undocumented and found them through someone else's question and answer to themselves.
    • ascii files filled with ones and zeros can get huge, an option for binary output of the captures would be great.
    Describe alternatives you've considered
    Additional context
    feature documentation 
    opened by EdwinFairchild 0
  • Demodulation is significantly slower via `urh_cli`

    Demodulation is significantly slower via `urh_cli`

    Expected Behavior

    Messages should be appended to the ProtocolSniffer.messages list as soon as they are available.

    Actual Behavior

    There is a significant lag when using urh_cli compared to the URH GUI. It's almost as if messages are being polled for every 5 seconds (not saying this is the case but for explanation's sake), compared to URH where - when a signal is demodulated, it appears almost instantly.

    Steps To Reproduce

    Compare the delay between urh_cli and URH GUI when demodulating any signal. In my case, it was FSK using default settings, obviously the frequency has been changed.

    Platform Specifications
    • OS: Kali Linux
    • URH version: 2.9.3
    • Python version: 3.10.4
    • Installed via pip
    feature 
    opened by braedinski 1
  • Generate reuasable format from demodulated raw capture data

    Generate reuasable format from demodulated raw capture data

    A few tools out there specifically the FlipperZero capture raw rf data as a demodulated number sequences. Would it be possible to add support for importing and or converting these in the generator or Analysis tools? Ideally I'm looking for a way to transfer captures between devices. So it would be cool if you could also export into this format.

    Here is an example capture:

    Version: 1
Frequency: 315000000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: RAW
RAW_Data: 337 -426 363 -888242 167 -356 105 -368 93 -380 327 -126 353 -126 337 -128 339 -128 337 -128 93 -358 347 -132 333 -122 341 -128 121 -370 101 -368 91 -382 317 -134 141 -362 105 -336 127 -356 95 -370 349 -130 329 -124 337 -128 337 -130 123 -3698 97 -374 129 -338 127 -342 351 -140 325 -142 335 -96 345 -126 337 -128 125 -368 341 -140 305 -132 359 -94 121 -374 101 -368 93 -384 351 -102 141 -364 103 -336 129 -372 103 -360 347 -108 361 -106 339 -130 323 -124 123 -3710 131 -360 103 -358 105 -370 327 -142 335 -128 327 -140 361 -106 343 -102 137 -352 353 -94 345 -138 337 -126 97 -376 105 -370 91 -396 331 -132 101 -358 107 -370 93 -394 101 -362 347 -106 363 -106 339 -130 355 -92 121 -3706 129 -342 129 -338 129 -340 347 -124 339 -128 369 -96 337 -128 339 -124 125 -354 347 -132 333 -122 339 -126 121 -372 101 -366 91 -382 351 -102 143 -362 105 -334 129 -356 93 -372 349 -132 329 -124 335 -128 337 -128 125 -3698 131 -360 103 -376 105 -334 353 -140 333 -126 347 -94 369 -96 371 -96 125 -370 329 -140 337 -126 351 -94 123 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -370 349 -132 329 -124 337 -128 337 -128 125 -3704 97 -392 103 -342 137 -334 353 -138 335 -126 361 -106 359 -106 345 -102 135 -356 357 -106 347 -102 365 -92 121 -374 103 -368 125 -366 331 -132 103 -358 105 -370 93 -394 103 -360 349 -106 361 -106 339 -130 355 -94 121 -3712 133 -358 101 -358 105 -370 363 -106 337 -128 349 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -384 351 -102 143 -362 105 -336 127 -372 105 -360 349 -106 361 -108 339 -128 355 -92 123 -3710 131 -358 103 -358 107 -370 329 -140 337 -126 351 -94 369 -96 369 -98 125 -368 363 -108 335 -128 351 -94 121 -374 101 -368 93 -382 351 -104 141 -362 105 -336 127 -374 103 -360 349 -108 361 -106 339 -130 355 -94 121 -3714 99 -392 103 -358 107 -368 327 -140 335 -128 349 -94 391 -104 359 -106 105 -362 357 -106 347 -140 329 -94 139 -342 127 -360 93 -392 327 -122 121 -350 139 -334 127 -356 93 -372 347 -132 331 -124 335 -128 337 -130 123 -3698 133 -358 103 -378 105 -334 353 -140 335 -126 347 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -372 349 -130 331 -124 337 -128 337 -128 125 -3700 129 -340 129 -340 127 -342 343 -126
    feature 
    opened by ResistanceIsUseless 7
Releases(v2.9.3)
Owner
Dr. Johannes Pohl
Interests: Wireless Security, Infrastructure Automation (DevOps), Artificial Intelligence
Dr. Johannes Pohl
GitHub Repository
SSH Tool For OSINT and then Cracking.

sshmap SSH Tool For OSINT and then Cracking. Linux Systems Only Usage: Scanner Syntax: scanner start/stop/status - Sarts/stops/sho

Miss Bliss 5 Apr 04, 2022
GDID (Google Dorks for Information Disclosure)

GDID (Google Dorks for Information Disclosure) Script made for your recon automation in Bug Bounty or Pentest. It will help you to find Information Di

Nischacid 5 Mar 10, 2022
Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

Dapunta ID 10 Oct 19, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

29 Nov 09, 2022
Passphrase-wordlist - Shameless clone of passphrase wordlist

This repository is NOT official -- the original repository is located on GitLab

Jeff McJunkin 2 Feb 05, 2022
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

20 Apr 07, 2022
Dumps the payload.bin image found in Android update images.

payload dumper Dumps the payload.bin image found in Android update images. Has significant performance gains over other tools due to using multiproces

Rasmus 7 Nov 17, 2022
Brute force attack tool for Azure AD Autologon/Seamless SSO

Brute force attack tool for Azure AD Autologon

nyxgeek 89 Jan 02, 2023
Python library to remotely extract credentials on a set of hosts.

Python library to remotely extract credentials on a set of hosts.

Pixis 1.5k Dec 31, 2022
Open Source Tool - Cybersecurity Graph Database in Neo4j

GraphKer Open Source Tool - Cybersecurity Graph Database in Neo4j |G|r|a|p|h|K|e|r| { open source tool for a cybersecurity graph database in neo4j } W

Adamantios - Marios Berzovitis 27 Dec 06, 2022
Tool-X is a kali linux hacking Tool installer.

Tool-X is a kali linux hacking Tool installer. Tool-X developed for termux and other Linux based systems. using Tool-X you can install almost 370+ hacking tools in termux app and other linux based di

Rajkumar Dusad 4.2k May 29, 2022
neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

Hamza Elansari 4 Oct 10, 2022
CVE-2021-21972

CVE-2021-21972 % python3 /tmp/CVE_2021_21972.py -i /tmp/urls.txt -n 8 -e [*] Creating tmp.tar containing ../../../../../home/vsphere-ui/.ssh/authoriz

Keith Lee 30 Nov 19, 2022
Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software in packages called containers However, 'security' is a top request on Docker's public roadmap This project aims at vulnerability check for such docker containers. New contributions are accepted

Docker-Vulnerability-Check Docker is an open platform for developing, shipping, and running applications OS-level virtualization to deliver software i

Team Spark 103 Aug 20, 2022
威胁情报播报

Threat-Broadcast 威胁情报播报 运行环境 项目介绍 从以下公开的威胁情报来源爬取并整合最新信息: 360:https://cert.360.cn/warning 奇安信:https://ti.qianxin.com/advisory/ 红后:https://redqueen.tj-u

东方有鱼名为咸 148 Nov 09, 2022
Ensure secure infrastructure and consistency with the firewall rules

Python Port Scanner This script tries to check if it's possible to make a connection with the specific endpoint port. This is very useful to ensure se

Allan Avelar 7 Feb 26, 2022
DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

8 Sep 02, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

Hocky Harijanto 0 Jan 10, 2022
GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

Mathew Payne 121 Dec 14, 2022
A tool for making python source difficult to read.

obscurepy Description A tool for obscuring, or making python source code difficult to read. Table of Contents Installation Limitations Usage Disclaime

Andrew Christiansen 10 Jul 31, 2022