文章目录

#环境搭建

mac上搭建hackrf实验环境,参考了hackrf.net的文章。总体来说使用port安装还是比较简单的。主要就是时间真的很长很长。。。

#驱动测试

运行hackrf_info查看有如下输出信息,说明hackrf驱动正常

Found HackRF board 0:
Board ID Number: 2 (HackRF One)
Firmware Version: git-815d1f6
Part ID Number: 0xa000dddd 0x00ddddda
Serial Number: 0x00000000 0x00000000 0x5asdfasdc0 0x2asdfs4b

#抓包重放

一开始看了一些文章不得要领。其实基本的重放攻击很简单。只要使用hackrf_transfer命令就可以。

hackrf_transfer命令参数如下:

➜  ~  hackrf_transfer
receive -r and receive_wav -w options are mutually exclusive
Usage:
    [-d serial_number] # Serial number of desired HackRF.
    -r <filename> # Receive data into file.
    -t <filename> # Transmit data from file.
    -w # Receive data into file with WAV header and automatic name.
       # This is for SDR# compatibility and may not work with other software.
    [-f freq_hz] # Frequency in Hz [0MHz to 7250MHz].
    [-i if_freq_hz] # Intermediate Frequency (IF) in Hz [2150MHz to 2750MHz].
    [-o lo_freq_hz] # Front-end Local Oscillator (LO) frequency in Hz [84MHz to 5400MHz].
    [-m image_reject] # Image rejection filter selection, 0=bypass, 1=low pass, 2=high pass.
    [-a amp_enable] # RX/TX RF amplifier 1=Enable, 0=Disable.
    [-p antenna_enable] # Antenna port power, 1=Enable, 0=Disable.
    [-l gain_db] # RX LNA (IF) gain, 0-40dB, 8dB steps
    [-g gain_db] # RX VGA (baseband) gain, 0-62dB, 2dB steps
    [-x gain_db] # TX VGA (IF) gain, 0-47dB, 1dB steps
    [-s sample_rate_hz] # Sample rate in Hz (8/10/12.5/16/20MHz, default 10MHz).
    [-n num_samples] # Number of samples to transfer (default is unlimited).
    [-c amplitude] # CW signal source mode, amplitude 0-127 (DC value to DAC).
    [-R] # Repeat TX mode (default is off)
    [-b baseband_filter_bw_hz] # Set baseband filter bandwidth in MHz.
    Possible values: 1.75/2.5/3.5/5/5.5/6/7/8/9/10/12/14/15/20/24/28MHz, default < sample_rate_hz.

youtube视频教程

常用参数解释:

-r 接受数据写入文件
-f 监听的频率 单位是Hz,所以443Mhz 应该监听-f 44300000000
-s 取样比率,单位是Hz,默认是10Mhz
-n 取样数量,默认不限制
-R 循环发射模式。默认关
-x TX VGA (IF) 增益,范围0-47dB,必须是1的倍数。
-a amp-enable

所以最常见的无线门铃的重放使用以下两个命令即可。

hackrf_transfer -r door2.iq -f 433920000 

过滤433920000hz频率的通信,写入到文件door2.iq

重放命令:

hackrf_transfer -t door2.iq -f 433920000 -a 1 -l 30 -x 40

经过测试发现,有时候抓的包重放会失败。不知道是硬件问题还是这种粗犷的重放方式本身有可能出错。

文章目录