From Zero to Hardware Hacker

Ph0wn is a Capture the Flag and workshop event dedicated to smart devices. Our CTF and workshops are consequently connected (sometimes a bit loosely!) to smart devices. For example, we have had CTF challenges involving connected coffee machines, drones, and satellites, as well as workshops on Ghidra for ARM and Hydrabus. Like last year, ph0wn offers a pre-challenge. Here is the write-up. Step 1 The CTF start on ph0wn teaser website with this instructions : ...

I finally gave in and bought a BladeRF. After withdrawing money from my life insurance and the savings intended for a house, I decided to purchase the BladeRF micro A4. The BladeRF is a tool that enables Software-Defined Radio (SDR) on frequencies ranging from 47MHz to 6GHz, with two full-duplex RX TX channels. One of the main advantages of the BladeRF is its compatibility with the majority of open-source radio tools. It is a widely recognized tool in the field, providing extensive documentation and community support. Even though it’s quite common for this type of device, the data processing on an FPGA is remarkable. This feature alone makes it a little gem. Just a small note: I chose a kit with a plastic case, but it’s better to get a metal case to protect the device from interference.In case you’re wondering what to get me for Christmas ;). ...

One of the main goals of purchasing the BladeRF is to delve into GSM hacking, specifically targeting 2G networks (SMS and MMS). This article aims to explore this field, starting with passive reconnaissance as the initial step in our investigation. I am very excited to embark on this journey. However, it is important to note that this activity is legally borderline. I urge you to respect people’s privacy, be mindful of your actions, and avoid intruding into others’ lives. ...

GNU Radio is a software development platform for software-defined radios (SDR), enabling the design, simulation, and implementation of radio communication systems without the need for specific hardware, using a collection of modular signal processing blocks. GNU Radio is part of the SDR ecosystem, supporting researchers, engineers, and enthusiasts in wireless communication and signal analysis. Installation GNU Radio is distributed on numerous Linux distributions through their repositories. Installing it is very simple (for example, on an Ubuntu system): ...

The objective of this article is to share our experiences with RF hacking. It provides useful insights and practical tips for advancing in the field of RF hacking. This account is based on the study of MISC magazine, particularly the special issue number 29, and my work on previous blog posts about hardware hacking. We will review the encountered problems, the bottlenecks, and the solutions that can help resolve this type of issue. We will review the encountered problems, the bottlenecks, and the solutions that can help resolve this type of issue. ...

In the initial post titled “Garage Door Opening,” we encountered a significant obstacle in correctly detecting the signal from the garage remote due to the use of inappropriate equipment. The experiment initially involved a makeshift method using a yardstick—an unconventional choice since it lacks the capabilities of a Software Defined Radio (SDR). SDRs are preferred for their ability to capture signals in their unprocessed form, enabling detailed analysis. Consequently, I opted to buy the “Nesdr Smart v5” from Nooelec because of its immediate availability, which was crucial for the urgency of the project. This model serves as a practical substitute for the highly esteemed and commonly recommended RTL-SDR.com model. ...

Welcome to the “From Zero to Hardware Hacker” series, where I document my foray into the world of hardware hacking. Recently, on the recommendation of my CTF peers, I purchased a Yardstick One. Initially unfamiliar with the specifics, I researched and found that the ANT500 antenna, covering a frequency range of 75 MHz to 1 GHz, is highly recommended for beginners—though I’m still exploring why. As a novice equipped with an affordably priced radio-controlled garage door, I’ve chosen this as my entry point into RF hacking. For security reasons, I will omit certain details like brand names and models. This series will chronicle my journey into a new aspect of cybersecurity: hardware hacking. ...