频道栏目
首页 > 安全 > 网站安全 > 正文

如何利用HackRF进行实时广播

2017-07-17 10:59:48      个评论      
收藏   我要投稿

什么是HackRF?

HackRF是一个开源硬件工程,由Mike Ossmann发起且被美国国防部高级研究计划局(DRAPA)赞助。由于这是一个开源项目,某些中国厂商现在也在生产和销售HackRF one,这里先不予讨论。

背部介绍:

\

unbox后:

\

如何理解HackRF?

将HackRF类比为电脑的声卡是理解HackRF最简单的方法,声卡可以将从麦克风等设备输入的原始声音转换为数字信号,然后以文件形式存储在电脑中,最后从数字信号还原成模拟波形,放大后通过扬声器发声。而HackRF也一样,不过后者接收的是无线电信号。

另附HackRF的原理图:

\
\
\

目前较为知名的三款设备分别是USRP, BladeRF和HackRF(点击这里查看所有软件无线电设备),下图为这三款设备的详细参数对比。由图可见,HackRF的频率覆盖范围广,价格也相对便宜,美中不足的是仅为半双工(要不可以做一个雷达),且为USB2.0接口。

\

利用HackRF实现实时广播

系统:Kali linux //如果你只想在Windows系统下玩转HackRF(我觉得玩不转),点击下载驱动

所需工具:gnuradio,hackrf_transfer

使用HackRF广播时务必注意”-x”参数的大小,并留意当地无线电法规!

现在从最简单的重放广播开始吧,Kali linux中似乎已经预装了hackrf和gnuradio,如果你发现你的机器上没有,那么先安装hackrf及其依赖(固件版本已经有2017.2版本,如需更新固件,可以参考这里)

apt-get install hackrf

打开收音机,调到你所在地区的任意广播频道,记下频率,如98.0Mhz。(你也可以用gqrx来操作,不过由于HackRF为半双工的原因,所以本文没有使用gqrx)

接下来需要使用 hackrf_transfer录制和发送。下面是一些参数说明

Usage:

-h # this help

[-d serial_number] # Serial number of desired HackRF.

-r # Receive data into file (use '-' for stdout).

-t # Transmit data from file (use '-' for stdin).

-w # Receive data into file with WAV header and automatic name.

# This is for SDR# compatibility and may not work with other software.

[-f freq_hz] # Frequency in Hz [0MHz to 7250MHz].

[-i if_freq_hz] # Intermediate Frequency (IF) in Hz [2150MHz to 2750MHz].

[-o lo_freq_hz] # Front-end Local Oscillator (LO) frequency in Hz [84MHz to 5400MHz].

[-m image_reject] # Image rejection filter selection, 0=bypass, 1=low pass, 2=high pass.

[-a amp_enable] # RX/TX RF amplifier 1=Enable, 0=Disable.

[-p antenna_enable] # Antenna port power, 1=Enable, 0=Disable.

[-l gain_db] # RX LNA (IF) gain, 0-40dB, 8dB steps

[-g gain_db] # RX VGA (baseband) gain, 0-62dB, 2dB steps

[-x gain_db] # TX VGA (IF) gain, 0-47dB, 1dB steps

[-s sample_rate_hz] # Sample rate in Hz (4/8/10/12.5/16/20MHz, default 10MHz).

[-n num_samples] # Number of samples to transfer (default is unlimited).

[-S buf_size] # Enable receive streaming with buffer size buf_size.

[-c amplitude] # CW signal source mode, amplitude 0-127 (DC value to DAC).

[-R] # Repeat TX mode (default is off)

[-b baseband_filter_bw_hz] # Set baseband filter bandwidth in Hz.

Possible values: 1.75/2.5/3.5/5/5.5/6/7/8/9/10/12/14/15/20/24/28MHz, default 0.75 * sample_rate_hz.

[-C ppm] # Set Internal crystal clock error in ppm.

[-H hw_sync_enable] # Synchronise USB transfer using GPIO pins.

开始录制:

hackrf_transfer -r 1.raw -f 98000000 -g 30 -l 24 -a 1 -p 1 -s 8000000 -b 4000000

ctrl+c停止录制之后/root中会有一个1.raw文件,这时使用hackrf_transfer进行发射:

hackrf_transfer -t 1.raw -f 98000000 -x 32 -a 1 -p 1 -s 8000000 -b 4000000 -R

这时收音机里会重复播放你刚刚录制的那一段声音。

拓展:小区的升降门,汽车的远程开门甚至是GPS信号等等都在HackRF的频率覆盖范围内,重放?各位亲们自己体会。

进阶:使用gnuradio播放自己的音乐

创建一个grc文件,将以下代码粘贴进去

flow_graph>

timestamp>Tue May 6 16:27:36 2014timestamp>

block>

key>optionskey>

param>

key>authorkey>

value>value>

param>

param>

key>window_sizekey>

value>1280, 1024value>

param>

param>

key>categorykey>

value>Customvalue>

param>

param>

key>commentkey>

value>value>

param>

param>

key>descriptionkey>

value>value>

param>

param>

key>_enabledkey>

value>Truevalue>

param>

param>

key>_coordinatekey>

value>(186, 53)value>

param>

param>

key>_rotationkey>

value>0value>

param>

param>

key>generate_optionskey>

value>wx_guivalue>

param>

param>

key>hier_block_src_pathkey>

value>.:value>

param>

param>

key>idkey>

value>wbfm_tx_hackrfvalue>

param>

param>

key>max_noutskey>

value>0value>

param>

param>

key>qt_qss_themekey>

value>value>

param>

param>

key>realtime_schedulingkey>

value>value>

param>

param>

key>run_commandkey>

value>{python} -u {filename}value>

param>

param>

key>run_optionskey>

value>promptvalue>

param>

param>

key>runkey>

value>Truevalue>

param>

param>

key>thread_safe_setterskey>

value>value>

param>

param>

key>titlekey>

value>value>

param>

block>

block>

key>analog_wfm_txkey>

param>

key>audio_ratekey>

value>32000value>

param>

param>

key>aliaskey>

value>value>

param>

param>

key>commentkey>

value>value>

param>

param>

key>affinitykey>

value>value>

param>

param>

key>_enabledkey>

value>Truevalue>

param>

param>

key>_coordinatekey>

value>(281, 374)value>

param>

param>

key>_rotationkey>

value>0value>

param>

param>

key>idkey>

value>analog_wfm_tx_0value>

param>

param>

key>max_devkey>

value>75e3value>

param>

param>

key>maxoutbufkey>

value>0value>

param>

param>

key>minoutbufkey>

value>0value>

param>

param>

key>fhkey>

value>5value>

param>

param>

key>quad_ratekey>

value>320000value>

param>

param>

key>taukey>

value>300e-6value>

param>

block>

block>

key>blocks_stream_muxkey>

param>

key>aliaskey>

value>value>

param>

param>

key>commentkey>

value>value>

param>

param>

key>affinitykey>

value>value>

param>

param>

key>_enabledkey>

value>Truevalue>

param>

param>

key>_coordinatekey>

value>(423, 184)value>

param>

param>

key>_rotationkey>

value>0value>

param>

param>

key>idkey>

value>blocks_stream_mux_0value>

param>

param>

key>lengthskey>

value>1, 1value>

param>

param>

key>maxoutbufkey>

value>0value>

param>

param>

key>minoutbufkey>

value>0value>

param>

param>

key>num_inputskey>

value>2value>

param>

param>

key>typekey>

value>floatvalue>

param>

param>

key>vlenkey>

value>1value>

param>

block>

block>

key>blocks_wavfile_sourcekey>

param>

key>aliaskey>

value>value>

param>

param>

key>commentkey>

value>value>

param>

param>

key>affinitykey>

value>value>

param>

param>

key>_enabledkey>

value>Truevalue>

param>

param>

key>filekey>

value>/root/WBFM/1.wavvalue>

param>

param>

key>_coordinatekey>

value>(211, 184)value>

param>

param>

key>_rotationkey>

value>0value>

param>

param>

key>idkey>

value>blocks_wavfile_source_0value>

param>

param>

key>maxoutbufkey>

value>0value>

param>

param>

key>minoutbufkey>

value>0value>

param>

param>

key>nchankey>

value>2value>

param>

param>

key>repeatkey>

value>Truevalue>

param>

block>

block>

key>fractional_interpolator_xxkey>

param>

key>aliaskey>

value>value>

param>

param>

key>commentkey>

value>value>

param>

key>bw31key>

value>0value>

param>

key>if_gain9key>

value>20value>

param>

param>

key>gain9key>

value>10value>

param>

param>

key>commentkey>

value>value>

param>

param>

key>affinitykey>

value>value>

param>

param>

key>argskey>

value>value>

param>

param>

key>_enabledkey>

value>Truevalue>

param>

param>

key>_coordinatekey>

value>(706, 350)value>

param>

param>

key>_rotationkey>

value>0value>

param>

param>

key>idkey>

value>osmosdr_sink_0value>

param>

param>

key>typekey>

value>fc32value>

param>

param>

key>clock_source0key>

value>value>

param>

param>

key>time_source0key>

value>value>

param>

param>

key>clock_source1key>

value>value>

param>

param>

key>time_source1key>

value>value>

param>

param>

key>clock_source2key>

value>value>

param>

param>

key>time_source2key>

value>value>

param>

param>

key>clock_source3key>

value>value>

param>

param>

key>time_source3key>

value>value>

param>

param>

key>clock_source4key>

value>value>

param>

param>

key>time_source4key>

value>value>

param>

param>

key>clock_source5key>

value>value>

param>

param>

key>time_source5key>

value>value>

param>

param>

key>clock_source6key>

value>value>

param>

param>

key>time_source6key>

value>value>

param>

param>

key>clock_source7key>

value>value>

param>

param>

key>time_source7key>

value>value>

param>

param>

key>nchankey>

value>1value>

param>

param>

key>num_mboardskey>

value>1value>

param>

param>

key>sample_ratekey>

value>8e6value>

param>

param>

key>synckey>

value>value>

param>

block>

block>

key>rational_resampler_xxxkey>

param>

key>aliaskey>

value>value>

param>

param>

key>commentkey>

value>value>

param>

param>

key>affinitykey>

value>value>

param>

param>

key>decimkey>

value>1value>

param>

param>

key>_enabledkey>

value>Truevalue>

param>

param>

key>fbwkey>

value>0value>

param>

param>

key>_coordinatekey>

value>(507, 373)value>

param>

param>

key>_rotationkey>

value>0value>

param>

param>

key>idkey>

value>rational_resampler_xxx_0value>

param>

param>

key>interpkey>

value>8value>

param>

param>

key>maxoutbufkey>

value>0value>

param>

param>

key>minoutbufkey>

value>0value>

param>

param>

key>tapskey>

value>value>

param>

param>

key>typekey>

value>cccvalue>

param>

block>

connection>

source_block_id>analog_wfm_tx_0source_block_id>

sink_block_id>rational_resampler_xxx_0sink_block_id>

source_key>0source_key>

sink_key>0sink_key>

connection>

connection>

source_block_id>audio_source_0source_block_id>

sink_block_id>fractional_interpolator_xx_0sink_block_id>

source_key>0source_key>

sink_key>0sink_key>

connection>

connection>

source_block_id>fractional_interpolator_xx_0source_block_id>

sink_block_id>analog_wfm_tx_0sink_block_id>

source_key>0source_key>

sink_key>0sink_key>

connection>

connection>

source_block_id>rational_resampler_xxx_0source_block_id>

sink_block_id>osmosdr_sink_0sink_block_id>

source_key>0source_key>

sink_key>0sink_key>

connection>

flow_graph>

同理,不过这回的声音源的麦克风,在实验的时候如果街坊邻居正在听广播就尴尬咯~所以建议发射的数值低一些。

\

最后要说的是:

请遵守当地无线电法规!

请遵守当地无线电法规!

请遵守当地无线电法规!

上一篇:Nginx range 过滤器整形溢出漏洞 (CVE–2017–7529)预警分析
下一篇:挖洞经验|我如何在Twitter上发现了一个CSP绕过+XSS漏洞
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训

版权所有: 红黑联盟--致力于做实用的IT技术学习网站