Digital Forensics Tool: Universal Radio Hacker (URH)
Reading Time: 3 Minutes
Description
The Universal Radio Hacker (URH) by jopohl is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios. URH allows easy demodulation of signals combined with an automatic detection of modulation parameters making it a breeze to identify the bits and bytes that fly over the air. As data often gets encoded before transmission, URH offers customizable decodings to crack even sophisticated encodings like CC1101 data whitening. When it comes to protocol reverse-engineering, URH is helpful in two ways. You can either manually assign protocol fields and message types or let URH automatically infer protocol fields with a rule-based intelligence. Finally, URH entails a fuzzing component aimed at stateless protocols and a simulation environment for stateful attacks.
It can be used to perform Digital Forensics investigations, Reverse engineering but also offensive security assessments.
See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course
Getting started
In order to get started
- view the installation instructions on this page,
- download the official userguide (PDF),
- watch the demonstration videos (YouTube),
- check out the wiki for more information such as supported devices or
- read some articles about URH for inspiration.
Installation
URH runs on Windows, Linux and macOS. See below for OS specific installation instructions.
Windows
On Windows, URH can be installed with its Installer. No further dependencies are required.
If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.
Linux
Installation with pipx
URH is available on PyPi so you can install it, for example, with pipx:
pipx install urh
This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.
In order to access your SDR as non-root user, install the according udev rules. You can find them in the wiki.
Install via Package Manager
URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.
Note: For native support, you must install the according -dev package(s) of your SDR(s) such as hackrf-dev before installing URH.
Docker Images
The official URH docker image is available here. It has all native backends included and ready to operate.
See Also: Offensive Security Tool: Nucleimonst3r
macOS
Using DMG
It is recommended to use at least macOS 12 when using the DMG available here.
With brew
URH is available as a homebrew formula so you can install it with
brew install urh
Running from source (OS-agnostic)
Without installation
To execute the Universal Radio Hacker without installation, just run:
git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py
Note, before first usage the C++ extensions will be built.
Installing from source
To install URH from source you need to have python-setuptools installed. You can get them with python3 -m pip install setuptools. Once the setuptools are installed execute:
git clone https://github.com/jopohl/urh/
cd urh
python setup.py install
And start the application by typing urh in a terminal.
Articles
Hacking stuff with URH
- Hacking Burger Pagers
- Reverse-engineer and Clone a Remote Control
- Reverse-engineering Weather Station RF Signals
- Reverse-engineering Wireless Blinds
- Attacking Logitech Wireless Presenters (German Article)
- Attacking Wireless Keyboards
- Reverse-engineering a 433MHz Remote-controlled Power Socket for use with Arduino
General presentations and tutorials on URH
- Hackaday Article
- RTL-SDR.com Article
- Short Tutorial on URH with LimeSDR Mini
- Brute-forcing a RF Device: a Step-by-step Guide
- Hacking wireless sockets like a NOOB
External decodings
See wiki for a list of external decodings.
Screenshots
Get the data out of raw signals
Keep an overview even on complex protocols
Record and send signals
Clone the repo from here: GitHub Link