RFSec-ToolKit V1.7

RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools which are from the github platform,and Hacking Tutorial from youtube、blog post, including SDR、2G GSM、3G 、4G LTE 、5G、NFC&RFID、ZigBee and so on.

SDR Resources

SDR-HardWare to be used

RTL2832U:RTL-SDR is a very cheap software defined radio that uses a DVB-T TV tuner dongle based on the RTL2832U chipset.

HackRF:low cost software radio platform greatscottgadgets.com/

BladeRF:bladeRF is a Software Defined Radio (SDR) platform designed to enable a community of hobbyists, and professionals to explore and experiment with the multidisciplinary facets of RF communication. Nuand.com

USRP: The USRP software defined radio products are designed for RF applications from DC to 6 GHz, including multiple antenna (MIMO) systems. ettus.com

LimeSDR:LimeSDR is a low cost, open source, apps-enabled software defined radio (SDR) platform that can be used to support just about any type of wireless communication standard.Lime Microsystems


GQRX:Software defined radio receiver powered by GNU Radio and Qt

SDRSharp:Airspy is a popular, affordable SDR (software defined radio) based communication receiver with the highest performance and the smallest form factor. It is a serious alternative to both cost sensitive and higher end scanners while featuring the best radio browsing experience of the market thanks to the tight integration with the de facto standard SDR# software.@airspy_com

HDSDR:HDSDR is a freeware Software Defined Radio (SDR) program for Microsoft Windows 2000/XP/Vista/7/8/8.1/10.

CubicSDR:Cross-Platform Software-Defined Radio Application

OpenUSRP:using LimeSDR to simulate USRP B210,OpenUSRP can using LimeSDR to simulate USRP B210 Device

kalibrate-rtl:GSM frequency scanner and frequency offset calculator use with rtl-sdr devices

kalibrate-hackrf:kalibrate for hackrf

kalibrate-bladeRF:kalibrate for bladeRF

GNURadio:GNU Radio is a Free & Open-Source Toolkit for Software Radio GNURadio.org

gr-recipes:Main GNU Radio recipe repository for use with PyBOMBS

gr-etcetera:This repository stores additional recipes for GNU Radio.

RangeNetworks/dev:A collection of tools to make working with the numerous software components as painless as possible.

OpenBTS:GSM+GPRS Radio Access Network Node

YateBTS:YateBTS is a software implementation of a GSM/GPRS radio access network based on Yate and is compatible with both GSM/GPRS SS7 MAP and LTE IMS core networks integrated in our YateUCN unified core network server.

OpenLTE: OpenLTE is an open source implementation of the 3GPP LTE specifications. The focus is on transmission and reception of the downlink.

OpenBTS-UMTS:3G UMTS Data Radio Access Network Node

srsLTE:srsLTE is a free and open-source LTE library for SDR UE and eNodeB developed by SRS

srsUE:srsUE is a software radio LTE UE developed by SRS . It is written in C++ and builds upon the srsLTE library

srsGUI:srsGUI is a free and open-source graphics library for SDR using Qt and Qwt. The library provides a number of useful plots for graphing real and complex numbers.

IMDEA-OWL:OWL stands for Online Watcher of LTE. imdeaOWL is a free and open-source LTE control channel decoder developed by IMDEA Networks Institute and based on srsLTE, an LTE library for SDR UE and eNodeB developed by SRS

OpenAirInterface:The OpenAirInterface Software Alliance is a non-profit consortium to develop ecosystem for open source software/hardware development for the core network and both access network and user equipment (EUTRAN) of 3GPP cellular networks.

OsmocomBB: OsmocomBB is an Free Software / Open Source GSM Baseband software implementation. It intends to completely replace the need for a proprietary GSM baseband software.

OpenBSC:This is a project aiming to create a Free Software, (A)GPL-licensed software implementations for the GSM/3GPP protocol stacks and elements.


gr-gsm:Gnuradio blocks and tools for receiving GSM transmissions

gr-lte:The gr-lte project is an Open Source Software Package which aims to provide a GNU Radio LTE Receiver to receive, synchronize and decode LTE signals.

LTE-Cell-Scanner:OpenCL, SDR, TDD/FDD LTE cell scanner, full stack from A/D samples to SIB ASN1 messages decoded in PDSCH, (optimized for RTL-SDR HACKRF and BladeRF board)

gps-sdr-sim:GPS-SDR-SIM generates GPS baseband signal data streams, which can be converted to RF using software-defined radio (SDR) platforms, such as bladeRF, HackRF, and USRP.

gr-fosphor:GNURadio block for spectrum visualization using GPU

gr-nordic:GNU Radio module and Wireshark dissector for the Nordic Semiconductor nRF24L Enhanced Shockburst protocol.

gr-lora:GNU Radio OOT module implementing the LoRa PHY

gr-ieee802-11:IEEE 802.11 a/g/p transceiver for GNU Radio that is fitted for operation with Ettus N210s and B210s.

gr-keyfob:Transceiver for Hella wireless car key fobs.

gr-rds:FM RDS/TMC Transceiver

gr-radar:GNU Radio Radar Toolbox

gr-air-modes:gr-air-modes implements a software-defined radio receiver for Mode S transponder signals, including ADS-B reports from equipped aircraft.

gr-ais:Automatic Information System decoder for shipborne position reporting for the Gnuradio project

gr-dvbt:DVB-T implementation in gnuradio

spectrum_painter:A tool to converts images to IQ streams that look like this when viewed in a waterfall plot.

gr-paint:An OFDM Spectrum Painter for GNU Radio Tutorial

gr-baz:Collection of new blocks for GNU Radio

Environment Build Tools

HomeBrew:The missing package manager for macOS

MacPort:The MacPorts Project is an open-source community initiative to design an easy-to-use system for compiling, installing, and upgrading either command-line

Pybom:PyBOMBS (Python Build Overlay Managed Bundle System) is the new GNU Radio install management system for resolving dependencies and pulling in out-of-tree projects.

RFSignal Reverse Tools

Audacity:Audacity® is free, open source, cross-platform audio software for multi-track recording and editing.

Baudline:Baudline is a time-frequency browser designed for scientific visualization of the spectral domain. Signal analysis is performed by Fourier, correlation, and raster transforms that create colorful spectrograms with vibrant detail.

Inspectrum:inspectrum is a tool for analysing captured signals, primarily from software-defined radio receivers.

Dspectrum:Automated RF/SDR Signal Analysis [Reverse Engineering]

rtl_433:Application using librtlsdr to decode the temperature from a wireless temperature sensor

ooktools:On-off keying tools for your SD-arrrR leonjza.github.io

YouTuBe Video Tutorial

Roberto Nóbrega: Michael Ossmann Software Defined Radio with HackRF )https://www.youtube.com/user/liquen17/playlists

Hardware Hacking By Samy Kamkar https://www.youtube.com/user/s4myk

Radio Hacking: Cars, Hardware, and more! – Samy Kamkar – AppSec California 2016 https://www.youtube.com/watch?v=1RipwqJG50c

GNURadio: GRCon https://www.youtube.com/channel/UCceoapZVEDCQ4s8y16M7Fng

Balint256:GNU Radio Tutorial Series、Cyberspectrumhttps://www.youtube.com/user/balint256

Crazy Danish Hacker: https://www.youtube.com/channel/UClg0eyJTbAZaYuz3mhwfBBQ/playlists

Ettusresearch https://www.youtube.com/user/ettusresearch/feed

Anders Brownworth Well Tempered HackerOpenBTS https://www.youtube.com/playlist?list=PL892EE6BB9D10192F

Gareth’s SDR Tutorial https://www.youtube.com/channel/UCYJO5ecRhbWARNcsDIFffPg

Software Defined Radio Academy https://www.youtube.com/channel/UC1GAlgAQrkjeeLmIkCB8pgQ

雪碧 0xroot’s SDR Hacking https://www.youtube.com/channel/UC1GAlgAQrkjeeLmIkCB8pgQ

26C3: Using OpenBSC for fuzzing of GSM handsets https://www.youtube.com/watch?v=oGPOscdLPFQ

27c3: SMS-o-Death https://www.youtube.com/watch?v=J-lUL3E-uPc

27c3: Wideband GSM Sniffing https://www.youtube.com/watch?v=fH_fXSr-FhU&feature=youtu.be 28c3: Introducing Osmo-GMR https://www.youtube.com/watch?v=BSW-V94uZZQ&feature=youtu.be

29C3: Further hacks on the Calypso platform https://www.youtube.com/watch?v=xFjVcxMpA6c&feature=youtu.be

[FOSDEM 2014] osmocom: Overview of our SDR projects https://www.youtube.com/watch?v=hsKvdga2eQg&feature=youtu.be

Sylvain Munaut: osmo-gmr: What’s up with sat-phones ?https://www.youtube.com/watch?v=ROppOLeB6_I&feature=youtu.be

DeepSec 2010 OsmocomBB A tool for GSM protocol level security analysis of GSM networkshttps://www.youtube.com/watch?v=9cBJV3yTaQo&feature=youtu.be

DeepSec 2010: Targeted DOS Attack and various fun with GSM Um by Sylvain Munaut https://www.youtube.com/watch?v=7tc4hD7ckZY&feature=youtu.be

About mahyar

OrcID: 0000-0001-8875-3362 PhD Candidate (National Academy of Sciences of Ukraine - Institute for Telecommunications and Global Information) MCP - MCSA - MCSE - MCTS MCITP: Enterprise AdministratorCCNA, CCNP (R&S , Security)ISO/IEC 27001 Lead Auditor

Check Also

Post Exploitation Hacking Techniques

we’ll talk about post exploitation hacking techniques you can use after having a meterpreter shell …