The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
Getting started
In order to get started
- view the installation instructions on this page,
- download the official userguide (PDF),
- watch the demonstration videos (YouTube),
- check out the wiki for more information such as supported devices or
- read some articles about URH for inspiration.
If you like URH, please
Citing URH
We encourage researchers working with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.
URH BibTeX entry for your research paper
@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}
Installation
URH runs on Windows, Linux and macOS. Click on your operating system below to view installation instructions.
Windows
On Windows, URH can be installed with its Installer. No further dependencies are required.
If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll
, run Windows Update or directly install KB2999226.
Linux
Generic Installation with pip (recommended)
URH is available on PyPi so you can install it with
# IMPORTANT: Make sure your pip is up to date
sudo python3 -m pip install --upgrade pip # Update your pip installation
sudo python3 -m pip install urh # Install URH
This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.
In order to access your SDR as non-root user, install the according udev rules. You can find them in the wiki.
Install via Package Manager
URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.
Note: For native support, you must install the according -dev
package(s) of your SDR(s) such as hackrf-dev
before installing URH.
Docker Image
The official URH docker image is available here. It has all native backends included and ready to operate.
macOS
With pip
- Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
- (Optional) Install desired native libs e.g.
brew install librtlsdr
for corresponding native device support. - In a terminal, type:
pip3 install urh
. - Type
urh
in a terminal to get it started.
Update your installation
If you installed URH via pip you can keep it up to date with python3 -m pip install --upgrade urh
.
Running from source
Without installation
To execute the Universal Radio Hacker without installation, just run:
git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py
Note, before first usage the C++ extensions will be built.
Installing from source
To install URH from source you need to have python-setuptools
installed. You can get them with python3 -m pip install setuptools
. Once the setuptools are installed execute:
git clone https://github.com/jopohl/urh/
cd urh
python setup.py install
And start the application by typing urh
in a terminal.
Articles
Hacking stuff with URH
- Hacking Burger Pagers
- Reverse-engineer and Clone a Remote Control
- Reverse-engineering Weather Station RF Signals
- Reverse-engineering Wireless Blinds
- Attacking Logitech Wireless Presenters (German Article)
- Attacking Wireless Keyboards
- Reverse-engineering a 433MHz Remote-controlled Power Socket for use with Arduino
General presentations and tutorials on URH
- Hackaday Article
- RTL-SDR.com Article
- Short Tutorial on URH with LimeSDR Mini
- Brute-forcing a RF Device: a Step-by-step Guide
External decodings
See wiki for a list of external decodings provided by our community! Thanks for that!