Have you ever heard about Universal Radio Hackers (URH)? It is a software for investigating unknown wireless protocols and one of the most amazing github projects! We had a chance to talk with Johannes Pohla and Andreas Noack who created it. We talked about its features, challenges and how URH grow over the time.
Don’t miss it!
[Hakin9 Magazine]: Hello Johannes and Andreas! Thank you for agreeing to the interview, we are honored! How have you been doing? Can you tell us something about yourself?
[Johannes Pohl]: I am a PhD student with a strong focus on offensive security. Programming Python is my passion next to working with Software Defined Radios and hacking wireless protocols or dealing with Artificial Intelligence.
[Andreas Noack]: I am a professor for communication systems at the University of Stralsund, dealing with IT security and cryptography for many years now. From my PhD thesis on, I am engaged with wireless security (wireless lan, meshing). Working with software defined radios was quite new to me as I have a strong cryptographic background.
[H9]: Can you tell us more about Universal Radio Hacker (URH)?
[JP]: The Universal Radio Hacker is a suite for investigating unknown wireless protocols. It helps you in many ways, from capturing the raw wireless signal over getting the bits out of the waveforms to reverse engineering the protocol‘s logic. Furthermore, you can apply fuzzing to your estimation of the protocol and penetrate innocent IoT devices.
[AN]: URH was first developed in 2014, at first under the name automatic hacker that we dropped before going to public. One of our main goals is to provide a user friendly way to analyze signals.
Johannes Pohl (left), [Prof. Dr.] Andreas Noack (right)
[H9]: Where did the idea of creating the Universal Radio Hacker come from?
[JP]: There was this one situation where we were sitting in front of a complex GNU Radio graph and thought to ourselves „Why does this have to be so complicated? We just want the bits!“ At that time, we had to record a signal with GNU Radio, export it to WAV and open that WAV in audacity to manually count bits. This was kind of annoying, not speaking about the dependency hell involved to install GNU Radio at that time.
[AN]: As Johannes said, we just wanted to extract bits from a raw signal, although we didn’t understand the HF black magic at that time. The basic idea was to enable theoretic researchers to deal with the physical, especially wireless, world without strong knowledge in electrical engineering.
[H9]: Who would you recommend URH to? Who do you think needs it the most, and why? Is it just people doing similar work to yours?
[JP]: URH may be useful for anyone dealing with wireless protocols: from the beginner, who wants to see the bits flying through the air, to the cryptograph assessing the security of an IoT protocol implementation.
[AN]: In the first line, URH was designed to support cryptographers and security researchers without deep HF knowledge in analyzing and pentesting proprietary digital wireless protocols. Providing an as-easy-as-possible interface for SDRs, URH is, of course, also suited for all the people that just like to play around with their IoT devices at home.
[H9]: What was the most challenging part in creating URH?
[AN]: Like summarized by Johannes, we had a lot of discussions about usability and the ergonomic design of URH. There was a lot of time going into graphical and usability features that seemed needless at the beginning. However, we are happy about the process when looking at the final outcome.
[H9]: What is needed to start using URH? How much knowledge do you have to possess to use it effectively?
[AN]: Well, some basic HF knowledge (i.e. you know that there are different wireless modulations, you know what ‘sample rate’ means) should be sufficient to start working with URH. We are trying to provide an easy access but working with SDRs can nevertheless become quite complex. Our philosophy is to provide a tradeoff between easy-to-use, i.e. only necessary options are shown by default, and a complex configuration to satisfy professionals at the same time. This is, however, not always that simple…
[JP]: As Andreas said, a basic understanding of HF is required. However, you may also use URH as a „learning by doing“ tool, because we put a lot of effort into generating graphical previews and feedback. For example, you will see your signal oscillating faster in the preview, if you increase the frequency in the modulation dialog.
[H9]: What about the feedback from github community? Does it influence your software?
[JP]: Of course! The feedback of our community is important to us and has a great influence on the development. In the end, we created URH to be both, powerful and easy to use, and therefore are happy to see it used and have the ability to improve it.
[AN]: In the first years of URH, we only had our own viewpoints and technical demands. This changed with the release on GitHub. With all the feedback and features requests (not to forget bug reports) we are able to make URH more ‚universal‘ to use.
[H9]: Have you found any aspect of working with a community difficult?
[JP]: I found the most challenging part to support the various combinations of operating systems and libraries used by community members. Maintaining a cross platform application is harder than it sounds, especially when it comes to compiling C++ extensions with different compilers and even varying standard libraries.
[AN]: There are two different worlds. On the one hand there are beginners, who are, for example, struggling with the installation or some basic functionalities of the program. On the other hand, there are professionals who ask for more features and more complex options. To meet the demands of both worlds, there are sometimes big discussions about whether a feature should be implemented or not.
[H9]: Any plans for the future? Are you planning to expand your tool, add new features?
[JP]: Currently, URH is released in versions 1.x.x.x. We have many plans for future major releases up to version 3.x. Great things are coming :-) Furthermore, we are planning to contribute some scientific papers about wireless reverse engineering and IoT security.
[AN]: To name one, we will get a simulator component in late 2017 that allows us to build a complete wireless protocol over several dependent messages including state machine. With this component, you are able to create, for example, a virtual IoT device that you can talk with, maybe to trigger cryptographic messages that can be cryptanalyzed offline.
[H9]: Do you have any thoughts or experiences you would like to share with our audience? Any good advice?
[JP]: If you maintain an OpenSource project, use GitHub’s awesome integrations! To name a few: TravisCI automatically tests (you follow TDD, right?) your code on each push in your Git repository, CodeClimate monitors the health of your code, e.g. how good your tests cover your code or how many code redundancies you have.
[AN]: A software you develop grows and becomes more complex. If a software reaches a particular size or complexity, you should think about software engineering techniques (e.g. test driven development, as Johannes already suggested). GitHub will support you with several plugins by doing that.
[H9]: Thank you!
The Universal Radio Hacker is a software for investigating unknown wireless protocols. Features include
- hardware interfaces for common Software Defined Radios
- easy demodulation of signals
- assigning participants to keep overview of your data
- customizable decodings to crack even sophisticated encodings like CC1101 data whitening
- assign labels to reveal the logic of the protocol
- fuzzing component to find security leaks
- modulation support to inject the data back into the system
Github – https://github.com/jopohl/urh