Sunday, September 29, 2024

Using RTL-SDR under Linux

Using RTL-SDR under Linux


First steps:

```

sudo apt install rtl-sdr gnuradio-dev gqrx

```


This will install GQRX, which is an excellent program to view and listen to the spectrum.

When running GQRX, you need to specify the I/O device. Input should be your RTL-SDR and output should be your soundcard device.

Next, specify an FM radio station and you should be able to tune to it quite easily, remembering to demodulate WFM (Wide FM) Stereo to hear it properly.

Note the spectrum analysis is done by FFT (Fast Fourier Transform) on the signals received by the SDR. This is the brilliancy of using SDRs -- they make cheap spectrum analyzers -- spectrum analyzers used to cost $250k AUD back in the day!

Next you might want to try dump1090, which gets you an airplane's transponder information.

```

sudo apt install dump1090 (or it's dump1090-mutability)

dump1090 --interactive --net

```

Some other interesting things:

NSW Police radio band (unfortunately they use encrypted radios, but it's interesting if you're studying P25 encrypted radio protocol):

https://www.radioreference.com/db/aid/1026

There's something interesting about using encryption (AES-256) -- it means they use a shared key, and for it to be a stream cipher (e.g. CBC or GCM modes), it means everyone has to lock onto some timing signal to synchronize the stream cipher, or else they use the insecure block modes to encrypt their data. Best case is they use a nonce in AES-256-GCM mode.

I wonder if the radios they use are easily buffer overflow hackable... (e.g. imagine sending a dodgy encrypted packet on the air and hacking every police radio at the same time!)

I wish I could get my hands on a police radio to reverse engineer. But I think since they use a standard protocol (P25), all I need is an encrypted P25 radio, e.g. from Motorola, etc.

Something for the people at ASD (Australian Signals Directorate) to play with, I'm sure.

Friday, September 6, 2024

What is a buffer overflow, anyway? By j00n1x

What is a buffer overflow, anyway? By j00n1x



S0 my f3ll0w pupils, j00 w4nt t0 kn0w wh4t a buff3r 0verfl0w is, am i right? J00 w4nt t0 b3 1337?

Let's follow in the footsteps of someone before us: aleph1's article in phr4ck.

https://phrack.org/issues/49/14.html

Okay? Have you read that? D0 j00 f33l l33t n0w?


Using gdb

Using gdb I figured I'll write a mini-tutorial on how to use gdb, because there's not that many places where they teach you how to...