Software Defined Radio (SDR) for Hackers: Setting Up Your HackRF One

[Cartographer]

Welcome back, my aspiring SDR hackers!




In the previous tutorials in this series, we used the inexpensive but capable RTL-SDR for our radio hacking adventures. Although the RTL-SDR is very capable of receiving a wide variety of radio signals, it is not capable of sending radio signals. In addition, the frequency range of the RTL-SDR is limited (see my tutorial on SDR hardware comparison here).







In the next few tutorials, we will be using the HackRF One transceiver. The HackRF One is capable of both sending and receiving radio signals. Its biggest limitation--compared to the much more expensive hardware-- is that its is only half-duplex meaning it can only send OR receive, and not both simultaneously. Despite this limitation, it is great for a lot of great hacks such as replay attacks where we capture a transmission and then resend it.










HackRF One was developed by Michael Ossmann as an open source project. The HackRF One became notorious for being used in theautomobile key fob attacks I detailhere and has been shown capable of interfering with military tactical communication and GPS systems.













It is available from Great Scott Gadgets, Amazon and other retailers of electronics for about $320.







Step #1: Connect Your HackRF One




In this first step, you will need to connect your HackRF to a USB port. Then download the HackRF utilities from the Kali repository.




kali > sudo apt install hackrf




Now, with these utilities installed, let's check on the version of our HackRF One.




kali > sudo hackrf_info










This should supply us with some basic info on our device, most importantly the firmware version. As you can see, my HackRF One came with firmware from 2017. There have been a few updates since then so let's update ours to the most current version.




Michael Ossmann, the developer of the HackRF maintains a github repository for all things HackRF at https://github.com/mossmann/hackrf. From there we navigate to the releases directory and see that there is brand new release of the firmware for 2021.03.1. Let's get that firmware and update our HackRF.










Step #2: Update the firmware




Download and extract the new firmware from Ossmann's repository to your Kali system. It will create a directory named appropriately enough, hackrf-2021.03.1. Navigate to that directory and you will see a file named firmware-bin. Change (cd) to that directory.




Now we need to update the firmware. To update the firmware, enter the following command;




kali > hackrf_spiflash -w hackrf_one_usb.bin







Once the firmware has been updated, disconnect and then reconnect the HackRF One.




Now, when we ask the HackRF One device for details using the hackrf_info command, we can see that it has been updated to the most current firmware.







Step #3: Preparing the HackRF One for Windows




We will be using Linux for the HackRF hacks in future tutorials (HackRF doesn't transmit in Windows), but if you want to use your HackRF in Windows, here's how to do it.




First, plug your HackRF One into the USB port. Now, open Zadig and look for the HackRF One under devices. Select HackRF One.

Next, click on the Install Driver.




When the driver installation is complete, Zadig should look like this.







Finally, we need to install a new ExtIO.dll for the HackRF. You can find it at https://github.com/ExtIO_HackRF/releaseslike below.







Download and install it in the same directory as your HDSDR.







Now, click to open HDSDR and you will be greeted with a message asking you to select which hardware you want to use.




Select the ExtIO_HackRF. When you are done, HDSDR will open and use the HackRF One for receiving and processing radio signals




Summary




The HackRF One is a powerful and inexpensive radio transceiver excellent for both sending and receiving radio signals in the 1Mhz to 6 GHZ frequency range. Although it is only half-duplex and USB2.0, it is adequate for many of the hacks we will be doing, such as replay attacks where we capture a signal and replay it. In these circumstances, high performance is not required.




Look for more SDR for Hackers tutorials such as signal jamming, GPS spoofing, remote replay attacks and more.