Universal Radio Hacker: Investigate Wireless Protocols Like A Boss

Related tags

Security related resources python radio iot security qt hacking wireless sdr rtl-sdr hackrf airspy usrp sdrplay bladerf limesdr
Overview

URH image

Build Status PyPI version Packaging status Blackhat Arsenal 2017 Blackhat Arsenal 2018

The Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.

Getting started

In order to get started

If you like URH, please this repository and join our Slack channel. We appreciate your support!

Citing URH

We encourage researchers working with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.

URH BibTeX entry for your research paper 
@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}

Installation

URH runs on Windows, Linux and macOS. Click on your operating system below to view installation instructions.

Windows

On Windows, URH can be installed with its Installer. No further dependencies are required.

If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.

Linux
Generic Installation with pip (recommended)

URH is available on PyPi so you can install it with

# IMPORTANT: Make sure your pip is up to date
sudo python3 -m pip install --upgrade pip  # Update your pip installation
sudo python3 -m pip install urh            # Install URH

This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.

In order to access your SDR as non-root user, install the according udev rules. You can find them in the wiki.

Install via Package Manager

URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.

Note: For native support, you must install the according -dev package(s) of your SDR(s) such as hackrf-dev before installing URH.

Snap

URH is available as a snap: https://snapcraft.io/urh

Docker Image

The official URH docker image is available here. It has all native backends included and ready to operate.

macOS
Using DMG

It is recommended to use at least macOS 10.14 when using the DMG available here.

With pip
  1. Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
  2. (Optional) Install desired native libs e.g. brew install librtlsdr for corresponding native device support.
  3. In a terminal, type: pip3 install urh.
  4. Type urh in a terminal to get it started.
Update your installation

If you installed URH via pip you can keep it up to date with python3 -m pip install --upgrade urh.

Running from source
Without installation

To execute the Universal Radio Hacker without installation, just run:

git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py

Note, before first usage the C++ extensions will be built.

Installing from source

To install URH from source you need to have python-setuptools installed. You can get them with python3 -m pip install setuptools. Once the setuptools are installed execute:

git clone https://github.com/jopohl/urh/
cd urh
python setup.py install

And start the application by typing urh in a terminal.

Articles

Hacking stuff with URH

General presentations and tutorials on URH

External decodings

See wiki for a list of external decodings provided by our community! Thanks for that!

Screenshots

Get the data out of raw signals

Interpretation phase

Keep an overview even on complex protocols

Analysis phase

Record and send signals

Record

Comments
  • Enable SDRPlay in Windows version

    Enable SDRPlay in Windows version

    I'm unable to enable SDRPlay in windows version .msi

    Not sure if it requires a dll file like other sdr's in the C:\Program Files\Universal Radio Hacker directory Also i have the pothossdr suite installed and am able to use gqrx in windows with the SDRPlay, not sure if that makes a difference or not. image

    bug sdr windows 
    opened by vsboost 62
  • USRP B200: failed to start rx mode

    USRP B200: failed to start rx mode

    Expected Behavior
    Actual Behavior
    Steps To Reproduce

    1. Go to 'FILE'

    2. Click on 'Record signal' / OR Spektrum analyzer

    3. See error

    Screenshots

    https://imgur.com/a/rHIfwZ6

    Platform Specifications
    • OS: [e.g. Arch Linux]
    • URH version: [e.g. 2.5.3]
    • Python version: [e.g. 3.6.3]
    • Installed via [msi win 64] hi i used to run an old version of URH without any issue. i ve seen an update, so i ve uninstalled my current version, installed new one, and now , even it manage my usrp b205 as you can see on the screenshot, it never start rx mode. did i missed something? anything i can do in order to solv it? thank you for your time best regards herve
    windows 
    opened by nocomp 52
  • Installing on windows error

    Installing on windows error

    On windows 7 (Ultimate 64 bit), with python 3.5 (32 bit) I can not install urh via command `

    python -m pip install urh

    I am receiving error ImportError: No module named src.urh.version What should I do to run it on windows

    installation 
    opened by RYucel 32
  • Issues with USRP B200

    Issues with USRP B200

    There seem to be problems with native support for USRP B200 on Windows #589 and OSX #577. Since we do not have a USRP B200 for testing, we need some help. I see two options:

    1. Someone in contact with Ettus can arrange getting a test device for us.
    2. Someone with a USRP B series device helps us with debugging.
    sdr windows macOS help wanted 
    opened by jopohl 22
  • Raspberry Buster can't install

    Raspberry Buster can't install

    Raspberry Buster 2021-01-11 URH can't install

    Actual Behavior

    The same error with 3 diffrerent installation method: command "python setup.py egg_info" failed with error code 1 in /tmp/pip-install-i1mojk0v/pyqt5/

    Steps To Reproduce
    1. The proposed standard solution: sudo apt-get install python3-numpy python3-psutil python3-zmq python3-pyqt5 g++ libpython3-dev python3-pip sudo pip3 install urh
    2. Proposed in bug report sudo python3 -m pip install urh
    3. Proposed in another bug report: sudo su pip3 install urh
    4. See the same error
    Platform Specifications
    • OS: Raspberry Buster 2021-01-11
    • URH version: ?
    • Python version: 3.7, pip: 18.1
    opened by fenyvesi 21
  • request: add MSK modulation type

    request: add MSK modulation type

    i'm working with the cc1101 and this chip has different modulation types, which you can use: ASK, 2-FSK, GFSK, 4-FSK, MSK (offset QPSK with half-sine shaping).

    ASK and GFSK Mode works great, but if time please add also MSK modulation type.

    thx

    feature discussion 
    opened by SpaceTeddy 21
  • Can't enable device in macOS 10.12.2

    Can't enable device in macOS 10.12.2

    I've tried to install urh using pip3 and also build from sources. In each case I was not able to enable rtlsdr in settings (this option is grayed out). librtlsdr is installed. Device is physically connected to the usb and works fine in gqrx or cubicsdr.

    Log from the compilation: http://pastebin.com/ZPWTC9zu

    installation 
    opened by matix2120 21
  • LimeSDR: Failed to receive stream

    LimeSDR: Failed to receive stream

    Expected Behavior

    Capture signals and display them.

    Actual Behavior

    No signals captured. Here's the error on stdout:

    [WARNING::LimeSDR.py::receive_sync] LimeSDR: Failed to receive stream

    I can access the board fine with LimeSuiteGui

    Steps to Reproduce the Problem

    1. build limesuite from git
    2. python3 setup.py install --without-hackrf --without-rtlsdr --without-airspy --without-usrp
    3. urh
    4. try to record on a known strong freq.

    Platform Specifications

    • Python Version: 3.6.0
    • Operating System: linux
    • Version of URH: git master (1.8.4)
    • URH was installed [X] from source

    I think this may be related to issue https://github.com/jopohl/urh/issues/297 but I'm not sure. Filing this in case it's unrelated.

    sdr 
    opened by romeojulietthotel 20
  • Cannot Start HackRF Device Windows 7 x64

    Cannot Start HackRF Device Windows 7 x64

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    Start the HackRF successfully

    Actual Behavior

    I get this error: HackRF-SETUP: HACKRF_ERROR_NOT_FOUND (-5)

    I found this odd because I have the HackRF works under SDR# and gnuradio. I have hackrf tools installed here is the output of 'hackrf_info'

    Found HackRF board.
Board ID Number: 2 (HackRF One)
Firmware Version: 2015.07.2
Part ID Number: 0x00534f62 0x00534f62
Serial Number: 0x00000000 0x00000000 0x14d463dc 0x2f5122e1

    Steps to Reproduce the Problem

    1. Windows 7 x64 with requirements installed
    2. Start urh and enable the hackrf
    3. Attempt to start the device by recording a complex sample.

    Platform Specifications

    • Python Version: 3.0.6
    • Operating System: windows 7 x64
    • Version of URH: 1.6.4.2
    installation windows 
    opened by KR0SIV 19
  • Global python error

    Global python error

    Please use this template for bug reports. If you have a feature request or question just delete everything and write as you like.

    Expected Behavior

    i use an usrp with gnu radio without any issue, everything works fine when launching urh, it doesn t see my gnuradio install and i can modify the path either

    Actual Behavior

    global python error https://imgur.com/a/JJpo3

    Steps to Reproduce the Problem

    1.installed .msi version 2.plugged usrp 3.launched urh

    Platform Specifications

    • Python Version: 2.7.10
    • Operating System: win 10 64b
    • Version of URH: 1.8.14
    • URH was installed: __from .msi
    windows 
    opened by nocomp 18
  • On Windows 10 UI does not render, executable is running though

    On Windows 10 UI does not render, executable is running though

    Expected Behavior

    Upon on clicking the shortcut on the desktop the program should open its main window.

    Actual Behavior

    Actually the Main program window is not showing but proces explorer shows the .exe running

    Steps To Reproduce
    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error
    Screenshots
    Platform Specifications

    Windows 10

    opened by MrBambix 17
  • Y-scale autoscale feature (with a manual trigger)

    Y-scale autoscale feature (with a manual trigger)

    Is your feature request related to a problem?

    Sometimes the otherwise very useful discrete Y-scale levels prove to be a burden and a simple autoscale feature is desired. I need to emphasize that by no means the triggering should be automatic, the auto- part refers to calculating the adaptive (continuous) value upon triggering.

    Describe the solution you'd like

    It would be great to have an autoscale button besides every Y-Scale slider (or in its right-click options). The calculated scaling value should be so that the signal amplitude maximum is (exactly) at 90% of the scale. The autoscale function should also have a logic to set scaling and ofsetting correctly in case of a bipolar or a unipolar signal.

    There are two points/usecases for now. The first is to ease the visual comparison between signals amplitude-wise and the second is to more efficiently use screen estate, especially with smaller screens.

    Describe alternatives you've considered

    Due to HDR nature of RF signals manual amplitude scaling proves to be too rough even for quick visual comparisons. I found no other alternatives in the URH.

    feature 
    opened by drws 0
  • URH with X310 and Twin RX

    URH with X310 and Twin RX

    Expected Behavior

    Select supported sample rate of 50 or 100msps

    Actual Behavior]

    Double Free or Corruption shown in terminal windows upon starting spec a

    [INFO::Device.py::log_retcode] USRP-OPEN (type=x300,addr=192.168.40.2,fpga=HG,name=,serial=31,product=X310): Success [INFO::Device.py::log_retcode] USRP-SET_SUBDEVICE to : Success [INFO::Device.py::log_retcode] USRP-SET_ANTENNA_INDEX to 0: Success [INFO::Device.py::log_retcode] USRP-SET_FREQUENCY to 433.92M: Success [INFO::Device.py::log_retcode] USRP-SET_SAMPLE_RATE to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_BANDWIDTH to 50M: Success [INFO::Device.py::log_retcode] USRP-SET_RF_GAIN to 0.25: Success Odouble free or corruption (out)

    Steps To Reproduce

    Start URH 2.9.3, select spec a, attempt to start with 50M or 100M in Sample rate/bandwidth. Although bandwidth is limited I think to 80MHz wide per channel on the Twin RX.

    Platform Specifications

    Ubuntu 20.04 (DragonOS) w/ UHD 3.15

    Happy to test further while I have this device available. Although, I guess it wouldn't be of much use using such a large sample rate/bandwidth in URH?

    opened by alphafox02 2
  • Better Documentation for urh_cli

    Better Documentation for urh_cli

    Is your feature request related to a problem?
    • I keep getting asked for modulation parameters but there is no documentation of proper syntax and what are my options.
    • Furthermore I am not modulating, I am only passing the -rx parameter and settings things that relate to demodulation so that also has me scratching my head and thinking, what modulation parameters?
    Describe the solution you'd like
    • Just better documentation of the cli interface in general. Some features of the GUI are also undocumented and found them through someone else's question and answer to themselves.
    • ascii files filled with ones and zeros can get huge, an option for binary output of the captures would be great.
    Describe alternatives you've considered
    Additional context
    feature documentation 
    opened by EdwinFairchild 0
  • Demodulation is significantly slower via `urh_cli`

    Demodulation is significantly slower via `urh_cli`

    Expected Behavior

    Messages should be appended to the ProtocolSniffer.messages list as soon as they are available.

    Actual Behavior

    There is a significant lag when using urh_cli compared to the URH GUI. It's almost as if messages are being polled for every 5 seconds (not saying this is the case but for explanation's sake), compared to URH where - when a signal is demodulated, it appears almost instantly.

    Steps To Reproduce

    Compare the delay between urh_cli and URH GUI when demodulating any signal. In my case, it was FSK using default settings, obviously the frequency has been changed.

    Platform Specifications
    • OS: Kali Linux
    • URH version: 2.9.3
    • Python version: 3.10.4
    • Installed via pip
    feature 
    opened by braedinski 1
  • Generate reuasable format from demodulated raw capture data

    Generate reuasable format from demodulated raw capture data

    A few tools out there specifically the FlipperZero capture raw rf data as a demodulated number sequences. Would it be possible to add support for importing and or converting these in the generator or Analysis tools? Ideally I'm looking for a way to transfer captures between devices. So it would be cool if you could also export into this format.

    Here is an example capture:

    Version: 1
Frequency: 315000000
Preset: FuriHalSubGhzPresetOok650Async
Protocol: RAW
RAW_Data: 337 -426 363 -888242 167 -356 105 -368 93 -380 327 -126 353 -126 337 -128 339 -128 337 -128 93 -358 347 -132 333 -122 341 -128 121 -370 101 -368 91 -382 317 -134 141 -362 105 -336 127 -356 95 -370 349 -130 329 -124 337 -128 337 -130 123 -3698 97 -374 129 -338 127 -342 351 -140 325 -142 335 -96 345 -126 337 -128 125 -368 341 -140 305 -132 359 -94 121 -374 101 -368 93 -384 351 -102 141 -364 103 -336 129 -372 103 -360 347 -108 361 -106 339 -130 323 -124 123 -3710 131 -360 103 -358 105 -370 327 -142 335 -128 327 -140 361 -106 343 -102 137 -352 353 -94 345 -138 337 -126 97 -376 105 -370 91 -396 331 -132 101 -358 107 -370 93 -394 101 -362 347 -106 363 -106 339 -130 355 -92 121 -3706 129 -342 129 -338 129 -340 347 -124 339 -128 369 -96 337 -128 339 -124 125 -354 347 -132 333 -122 339 -126 121 -372 101 -366 91 -382 351 -102 143 -362 105 -334 129 -356 93 -372 349 -132 329 -124 335 -128 337 -128 125 -3698 131 -360 103 -376 105 -334 353 -140 333 -126 347 -94 369 -96 371 -96 125 -370 329 -140 337 -126 351 -94 123 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -370 349 -132 329 -124 337 -128 337 -128 125 -3704 97 -392 103 -342 137 -334 353 -138 335 -126 361 -106 359 -106 345 -102 135 -356 357 -106 347 -102 365 -92 121 -374 103 -368 125 -366 331 -132 103 -358 105 -370 93 -394 103 -360 349 -106 361 -106 339 -130 355 -94 121 -3712 133 -358 101 -358 105 -370 363 -106 337 -128 349 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -384 351 -102 143 -362 105 -336 127 -372 105 -360 349 -106 361 -108 339 -128 355 -92 123 -3710 131 -358 103 -358 107 -370 329 -140 337 -126 351 -94 369 -96 369 -98 125 -368 363 -108 335 -128 351 -94 121 -374 101 -368 93 -382 351 -104 141 -362 105 -336 127 -374 103 -360 349 -108 361 -106 339 -130 355 -94 121 -3714 99 -392 103 -358 107 -368 327 -140 335 -128 349 -94 391 -104 359 -106 105 -362 357 -106 347 -140 329 -94 139 -342 127 -360 93 -392 327 -122 121 -350 139 -334 127 -356 93 -372 347 -132 331 -124 335 -128 337 -130 123 -3698 133 -358 103 -378 105 -334 353 -140 335 -126 347 -94 369 -96 371 -96 125 -370 361 -108 337 -128 351 -94 121 -372 101 -368 93 -382 351 -104 141 -362 105 -336 127 -358 93 -372 349 -130 331 -124 337 -128 337 -128 125 -3700 129 -340 129 -340 127 -342 343 -126
    feature 
    opened by ResistanceIsUseless 7
Releases(v2.9.3)
Owner
Dr. Johannes Pohl
Interests: Wireless Security, Infrastructure Automation (DevOps), Artificial Intelligence
Dr. Johannes Pohl
GitHub
Cam-Hacker: Ip Cameras hack with python

Cam-Hacker Hack Cameras Mode Of Execution: apt-get install python3 apt-get insta

Error 4 You 9 Dec 17, 2022
✨ Powerfull & Universal Link Bypasser ✨

✨ Powerfull & Universal Link Bypasser ✨

Vodkarm06 4 Jun 3, 2022
PasswordManager is a command-line program that helps you manage your secret files like passwords

PasswordManager is a command-line program that helps you manage your secret files like passwords. It's very minimalistic and easy to use.

Michael 3 Dec 30, 2021
This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things.

Fuzzing PDFs like its 1990s This is the fuzzer I made to fuzz Preview on macOS and iOS like 8years back when I just started fuzzing things. Some discl

Chaithu 14 Sep 30, 2022
Python lib to automate basic QFT calculations like Wick-contractions.

QFTools Python lib to automate basic QFT calculations like Wick-contractions. Features Wick contractions for real scalar fields Wick contractions for

null 2 Aug 21, 2022
Python directory buster, multiple threads, gobuster-like CLI, web server brute-forcer, URL replace pattern feature.

pybuster v1.1 pybuster is a tool that is used to brute-force URLs of web servers. Features Directory busting (URI) URL replace patterns (put PYBUSTER

Glaukio 1 Jan 5, 2022
Python AVL Protocols Server for Codec 8 and Codec 8 Extended Protocols

pycodecs Package provides python AVL Protocols Server for Codec 8 and Codec 8 Extended Protocols This package will parse the AVL Data and log it in hu

Vardharajulu K N 2 Jun 21, 2022
GNU Radio – the Free and Open Software Radio Ecosystem

GNU Radio is a free & open-source software development toolkit that provides signal processing blocks to implement software radios. It can be used wit

GNU Radio 4.1k Jan 6, 2023
A Telegram UserBot to Play Radio in Voice Chats. This is also the source code of the userbot which is being used for playing Radio in @AsmSafone Channel.

Telegram Radio Player UserBot A Telegram UserBot to Play Radio in Channel or Group Voice Chats. This is also the source code of the userbot which is b

SAF ONE 44 Nov 12, 2022
This Is Advanced Version Of Old Radio Player, An Telegram Bot to Play Radio/Music in Channel or Group Voice Chats.

Telegram Radio Player V2 An Telegram Bot to Play Radio/Music in Channel or Group Voice Chats. This is also the source code of the bot which is being u

SAF ONE 81 Dec 3, 2022
An Advanced Telegram Bot to Play Radio & Music in Voice Chat. This is Also The Source Code of The Bot Which is Being Used For Playing Radio in @AsmSafone Channel ❤️

Telegram Radio Player V3 An Advanced Telegram Bot to Play Nonstop Radio/Music/YouTube Live in Channel or Group Voice Chats. This is also the source co

SAF ONE 421 Jan 5, 2023
Manage your SSH like a boss.

--- storm is a command line tool to manage your ssh connections. features adding, editing, deleting, listing, searching across your SSHConfig. command

Emre Yılmaz 3.9k Jan 3, 2023
Fuzzy string matching like a boss. It uses Levenshtein Distance to calculate the differences between sequences in a simple-to-use package.

Fuzzy string matching like a boss. It uses Levenshtein Distance to calculate the differences between sequences in a simple-to-use package.

SeatGeek 1.2k Jan 1, 2023
ProtOSINT is a Python script that helps you investigate Protonmail accounts and ProtonVPN IP addresses

ProtOSINT ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you i

pixelbubble 249 Dec 23, 2022
🕵️‍♂️ Investigate Google Accounts with emails.

Description GHunt is an OSINT tool to extract information from any Google Account using an email. It can currently extract: Owner's name Last time the

mxrch 13.1k Jan 1, 2023
In this project we investigate the performance of the SetCon model on realistic video footage. Therefore, we implemented the model in PyTorch and tested the model on two example videos.

Contrastive Learning of Object Representations Supervisor: Prof. Dr. Gemma Roig Institutions: Goethe University CVAI - Computational Vision & Artifici

Dirk Neuhäuser 6 Dec 8, 2022
Source-o-grapher is a tool built with the aim to investigate software resilience aspects of Open Source Software (OSS) projects.

Source-o-grapher is a tool built with the aim to investigate software resilience aspects of Open Source Software (OSS) projects.

Aristotle University 5 Jun 28, 2022
ExcelPeek is a tool designed to help investigate potentially malicious Microsoft Excel files.

ExcelPeek is a tool designed to help investigate potentially malicious Microsoft Excel files.

James Slaughter 37 Apr 16, 2022
Epagneul is a tool to visualize and investigate windows event logs

epagneul Epagneul is a tool to visualize and investigate windows event logs. Dep

jurelou 190 Dec 13, 2022
Wifi-Jamming is a simple, yet highly effective method of causing a DoS on a wireless implemented using python pyqt5.

pyqt5-linux-wifi-jamming-tool Linux-Wifi-Jamming is a simple GUI tool, yet highly effective method of causing a DoS on a wireless implemented using py

lafesa 8 Dec 5, 2022