RFQuack: A Universal Hardware-Software Toolkit for Wireless Protocol (Security) Analysis and Research

by   Federico Maggi, et al.

Software-defined radios (SDRs) are indispensable for signal reconnaissance and physical-layer dissection, but despite we have advanced tools like Universal Radio Hacker, SDR-based approaches require substantial effort. Contrarily, RF dongles such as the popular Yard Stick One are easy to use and guarantee a deterministic physical-layer implementation. However, they're not very flexible, as each dongle is a static hardware system with a monolithic firmware. We present RFquack, an open-source tool and library firmware that combines the flexibility of a software-based approach with the determinism and performance of embedded RF frontends. RFquack is based on a multi-radio hardware system with swappable RF frontends, and a firmware that exposes a uniform, hardware-agnostic API. RFquack focuses on a structured firmware architecture that allows high- and low-level interaction with the RF frontends. It facilitates the development of host-side scripts and firmware plug-ins, to implement efficient data-processing pipelines or interactive protocols, thanks to the multi-radio support. RFquack has an IPython shell and 9 firmware modules for: spectrum scanning, automatic carrier detection and bitrate estimation, headless operation with remote management, in-flight packet filtering and manipulation, MouseJack, and RollJam (as examples). We used RFquack to setup RF hacking contests, analyze industrial-grade devices and key fobs, on which we found and reported 11 vulnerabilities in their RF protocols.


page 2

page 10

page 12


Open-Access Full-Duplex Wireless in the ORBIT Testbed

In order to support experimentation with full-duplex (FD) wireless, we r...

IoT-Scan: Network Reconnaissance for the Internet of Things

Network reconnaissance is a core networking and security procedure aimed...

Big Data Goes Small: Real-Time Spectrum-Driven Embedded Wireless Networking Through Deep Learning in the RF Loop

The explosion of 5G networks and the Internet of Things will result in a...

RF signal classification in hardware with an RF spintronic neural network

Extracting information from radiofrequency (RF) signals using artificial...

Bluetooth and WiFi Dataset for Real World RF Fingerprinting of Commercial Devices

RF fingerprinting is emerging as a physical layer security scheme to ide...

Implementation of XTEA Encryption Protocol based on IEEE 802.15.4 Wireless Systems

The problem of data security in IEEE 802.15.4 systems on Pololu Wixel de...

Enhancing RF Sensing with Deep Learning: A Layered Approach

In recent years, radio frequency (RF) sensing has gained increasing popu...

Please sign up or login with your details

Forgot password? Click here to reset