The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include
- hardware interfaces for common Software Defined Radios
- easy demodulation of signals
- assigning participants to keep an overview of your data
- customizable decodings to crack even sophisticated encodings like CC1101 data whitening
- assign labels to reveal the logic of the protocol
- automatic reverse engineering of protocol fields
- fuzzing component to find security leaks
- modulation support to send the data back to the target
- simulation environment to perform stateful attacks
In order to get started
- view the installation instructions on this page,
- download the official userguide (PDF),
- watch the demonstration videos (YouTube),
- check out the wiki for more information such as supported devices or
- read some articles about URH for inspiration.
If URH is useful for you, please consider giving this repository a ⭐ or make donation via PayPal. We appreciate your support!
Want to stay in touch? 💬 Join our Slack channel!
We encourage researchers who work with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.
@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}
Universal Radio Hacker can be installed via pip or using the package manager of your distribution (if included). Below you find more specific installation instructions for:
On Windows, URH can be installed with its Installer. No further dependencies are required.
If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll
, run Windows Update or directly install KB2999226.
URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.
URH you can also be installed with using python3 -m pip install urh
.
In case you are running Ubuntu or Debian read on for more specific instructions.
In order to use native device backends, make sure you install the -dev package for your desired SDRs, that is libairspy-dev
, libhackrf-dev
, librtlsdr-dev
, libuhd-dev
.
If your device does not have a -dev
package, e.g. LimeSDR, you need to manually create a symlink to the .so
, like this:
sudo ln -s /usr/lib/x86_64-linux-gnu/libLimeSuite.so.17.02.2 /usr/lib/x86_64-linux-gnu/libLimeSuite.so
before installing URH, using:
sudo apt-get update
sudo apt-get install python3-numpy python3-psutil python3-zmq python3-pyqt5 g++ libpython3-dev python3-pip cython3
sudo pip3 install urh
The official URH docker image is available here.
It is recommended to use at least macOS 10.14 when using the DMG available here.
- Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
- (Optional) Install desired native libs e.g.
brew install librtlsdr
for corresponding native device support. - In a terminal, type:
pip3 install urh
. - Type
urh
in a terminal to get it started.
If you installed URH via pip you can keep it up to date with pip3 install --upgrade urh
, or, if this should not work python3 -m pip install --upgrade urh
.
If you like to live on bleeding edge, you can run URH from source.
To execute the Universal Radio Hacker without installation, just run:
git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py
Note, before first usage the C++ extensions will be built.
To install from source you need to have python-setuptools
installed. You can get it e.g. with pip install setuptools
.
Once the setuptools are installed use:
git clone https://github.com/jopohl/urh/
cd urh
python setup.py install
And start the application by typing urh
in a terminal.
- Hacking Burger Pagers
- Reverse-engineer and Clone a Remote Control
- Reverse-engineering Weather Station RF Signals
- Reverse-engineering Wireless Blinds
- Attacking Logitech Wireless Presenters (German Article)
- Attacking Wireless Keyboards
- Reverse-engineering a 433MHz Remote-controlled Power Socket for use with Arduino
- Hackaday Article
- RTL-SDR.com Article
- Short Tutorial on URH with LimeSDR Mini
- Brute-forcing a RF Device: a Step-by-step Guide
See wiki for a list of external decodings provided by our community! Thanks for that!