50 Points
Hey, welcome to the radio frequency category!
Radio hacking can be a lot of fun, but what's not fun is getting the feds knocking at your door, paying fines, and getting your equipment confiscated. Before we let you dig into this category, let's get some housekeeping items out of the way.
We are not lawyers. We're not your lawyers. This isn't legal advice.
When playing with radios, never transmit unless you know what you're doing. Always check your local laws and legislations before you transmit. In the United States, unauthorized transmission outside of certain frequency bands is illegal and can even be considered a felony offense in some cases. Radio frequency is cool, but don't get in trouble!
You do not need to transmit for any of these challenges. You do not need any radio hardware for any of these challenges. All of these challenges were made to be solved without the need for real-life hardware.
This disclaimer isn't meant to deter. It's meant to educate and communicate that you should educate yourself on the specific legalities for your locality if you want to dive into the world of RF. Once again, this is not legal advice, and you do not need to transmit for any of these challenges.
Now that we've gotten that out of the way, let's give you the flag so you can ungate the rest of this category.
irisctf{its_radioing_time_and_then_you_radio_all_of_them}
By:
skat
409 Points
I was listening to some banger jams on 920 MHz the other day when the broadcast was suddenly interrupted! The channel was just replaced with some erratic bursts of static before it went back to the music. I managed to capture the audio as well as the RF at 2 Msps at the time of the event. What happened?
$ shasum *
96c65f2f404fa6bc27a38a3b822ef2aefb404b92 radio_hijack.mp3
2125e3a21e74dbbc9139e8666e98b2d26676e5f9 rf_capture.zipOn relaxing afternoons, I sometimes like to sit around and just watch the waves -- radio waves, that is!
On one particular afternoon as I was listening at a center frequency of 433 MHz, sampling at 2 Msps with a bandwidth of 2 MHz, I picked up some RF from my neighbor. Every time a signal was transmitted, I saw that some stuff happened around their house, so I think that this is some kind of a home remote control system.
I captured the signals and tried replaying them, but it didn't work! There must be some kind of a mechanism to prevent replay attacks. If you can complete the analysis of the captured signals, then we should be able to transmit our own commands to make their house go berserk!
radio-hijacking.tar.gz
Signal 1(a) and 1(b):
<message: "GARAGE OPEN"> .. <message: "GARAGE CLOSE">
Signal 2(a) and 2(b):
<message: "ROOM 1 LIGHTS ENABLE"> .. <message: "ROOM 1 LIGHTS DISABLE">
Signal 3(a) and 3(b):
<message: "ROOM 2 LIGHTS ENABLE"> .. <message: "ROOM 2 LIGHTS DISABLE">
Signal 4(a) and 4(b):
<message: "FRONT SPRINKLERS ENABLE"> .. <message: "FRONT SPRINKLERS DISABLE">
Signal 5(a) and 5(b):
<message: unknown> .. <message: unknown>
Signal 6(a) and 6(b):
<message: unknown> .. <message: unknown>
Signal 7(a):
<message: unknown>
These signals were transmitted in sequential order, so 1(a) was transmitted first, 1(b) second, 2(a) third, etc.
Kids these days are so used to using Wireshark to analyze wireless traffic, but what if the wireless traffic you're trying to analyze isn't Wi-Fi-based?
$ shasum l1pcap.zip
b984b27669a7751126f18418a6fa0b2f9a79da73 l1pcap.zipI had a conversation with a little birdie over the radio the other day. She told me her name is Laura and she's from a far away place. Then, she sent me the flag.
By:
skat