Media

DragonOS FocalX Passive Sniffing LTE IMSI + BTLE Security Research (bladeRF, Ubertooth, B205, X310)

**Title**: LTE IMSI Sniffing and Bluetooth Low Energy Security ...

**Title**: LTE IMSI Sniffing and Bluetooth Low Energy Security Research

**Description**:

In this video, we'll take another look at LTE IMSI sniffing. I'll also show, to my surprise, Mirage and the Ubertooth ...Bluetooth working and doing some BTLE sniffing.

📡 **LTE IMSI Sniffing**:
We start with LTE IMSI sniffing using the powerful LTEsniffer w/ updates, running on an X310 with two daughterboards. I'm keeping it legal and ethical by using my own equipment and closely monitoring the legal implications. You can explore the details of this project on GitHub

https://github.com/SysSec-KAIST/LTESniffer

I'll demonstrate how this setup can monitor both uplink and downlink LTE traffic, highlighting the importance of protecting sensitive data in the world of cellular networks.

📶 **Creating My Own LTE Network**:
To show you LTE IMSI sniffing in action, I've set up my own LTE network using srsRAN. This opens up exciting possibilities for network exploration and understanding the technology behind it.

🌐 **Bluetooth Low Energy (BLE) Vulnerabilities**:
Transitioning into the world of Bluetooth Low Energy, I introduce you to Mirage, a powerful and modular framework dedicated to wireless analysis. You can find more information about Mirage at https://github.com/RCayre/mirage
Using a BladeRF, I create a simulated wireless connection between two clients. While Mirage is running, an Ubertooth One is actively sniffing for new BLE connections. This demonstrates the potential security risks and vulnerabilities present in BLE devices and how they can be exploited.

🔒 **Legal and Ethical Considerations**:
Throughout the video, I emphasize the importance of ethical research and respecting legal boundaries when exploring security vulnerabilities. My commitment to ethical hacking and responsible disclosure is paramount in all my endeavors.

WarDragon S available here (when in stock):
https://cemaxecuter.com/?product=wardragon-s

Don't miss out on staying connected:
Catch updates on Twitter: https://twitter.com/cemaxecuter

Supporting the channel:
If you appreciate the value this content brings, I invite you to consider extending your support through Patreon: https://www.patreon.com/cemaxecuter[+] Show More

DragonOS FocalX Pushing NRSC5 Album Art w/ 4G TailScale Link (hackRF, RTLSDR v4, GR-NRSC5, NRSC5)

Title: NRSC5 Reception and Remote Control with GR-NRSC5, GNU Radio, ...

Title: NRSC5 Reception and Remote Control with GR-NRSC5, GNU Radio, HackRF, and RTLSDR V4

Description:

In this video, I explore NRSC5 reception and remote cellular control using GR-NRSC5, GNU Radio, HackRF, and ...the RTLSDR. Why you ask? I just wanted to talk about several different things and this seemed to be a logical and interesting way to tie it all together.

GitHub Repositories:

SIM7600A Cellular HAT Setup: https://github.com/alphafox02/simcom_wwan-setup
GR-NRSC5: https://github.com/argilo/gr-nrsc5
NRSC5 Application: https://github.com/theori-io/nrsc5
NRSC5 GUI: https://github.com/cmnybo/nrsc5-gui

I start with building the applications and also setting up the SIM7600A Cellular HAT. I start off connected to the NUC via Ethernet and VNC from my desktop, but by the end I'm connected w/ cell service and SSH thanks to a renew of my extra Tmobile prepaid SIM card laying around.

We'll delve into the essentials, including the NRSC5 RTLSDR application and the NRSC5 GUI, crucial components for our mission. While I initially aim to use an EPIC SDR on the remote NUC, we'll pivot to the HackRF by Great Scott Gadgets along the way.

Once the hardware is sorted, we'll create a functional flow graph and validate it with SigDigger and the RTLSDR v4 to ensure the NRSC5 signal is visible in the spectrum.

I'll demonstrate how to run the NRSC5 application with the GUI and the RTLSDR v4 on my desktop. Through SSH, I'll initiate the NRSC5 transmitting flow graph on the Intel Nuc, followed by confirmation of successful reception and decoding of NRSC5 back on my desktop.

Lastly, I'll introduce a Python script from the GR-NRSC5 repository, allowing me to easily push album art from my desktop to the remote Intel Nuc. Thanks to TailScale and the Internet, the Intel NUC receives this data using the cellular HAT, subsequently altering the album art on my desktop.

Don't miss out on staying connected:
Catch updates on Twitter: https://twitter.com/cemaxecuter

Supporting the channel:
If you appreciate the value this content brings, I invite you to consider extending your support through Patreon: https://www.patreon.com/cemaxecuter.[+] Show More

DragonOS FocalX Decoding Train Telemetry w/ SoftEOT/PyEOT (RTLSDR V4, WINE AppImage, GR 3.10)

**Setting Up Train Radio Frequency Decoding: HOT, EOT, and DPU ...

**Setting Up Train Radio Frequency Decoding: HOT, EOT, and DPU Signals**

Join me in this laid-back tutorial where I guide you through the process of setting up software for decoding train ...radio frequencies, specifically focusing on HOT (Head of Train), EOT (End of Train), and DPU (Distributed Power Unit) signals. If you're interested in making these pieces of software work seamlessly together, this video is a must-watch.

In this video, I provide step-by-step instructions on configuring the necessary software components to successfully decode train radio frequencies. Instead of delving into the specifics of each signal, I'll show you how to get all the pieces of software running smoothly. Please note that to use SoftEOT and SoftDPU on Linux, you'll need Wine.

**PyEOT: Comprehensive Explanation**

If you're curious about the details of HOT, EOT, and DPU signals, I recommend checking out this explanatory video by the author of PyEOT: [Author's PyEOT Video](https://www.youtube.com/watch?v=vloWB0LHT_4). He provides an in-depth understanding of these signals and the PyEOT software.

**Getting Started with SoftEOT and SoftDPU**

This video demonstrates the successful setup of SoftEOT and SoftDPU. To access these tools, sign up and gain approved membership on this platform: [SoftEOT Group](https://groups.io/g/SoftEOT)

**PyEOT Software**

For those interested in exploring the PyEOT software, you can find the project here: [PyEOT GitHub](https://github.com/ereuter/PyEOT). In this video I was unable to decode EOT at the time of recording due to nothing close by, but sure enough after stopping the video and letting PyEOT run for some time, I was able to again successfully decode numbers EOT packets.

**Radio Frontend and Signal Processing**

I utilized SDR++ as the radio front-end to capture signals, followed by processing the data using SoftEOT/SoftDPU over audio connections. Remember to utilize the audio mixer to fine-tune and optimize audio feeds. You can create virtual audio sinks for added flexibility.

Overall, this video showcases the successful setup of software for decoding HOT, EOT, and DPU signals. While I don't delve into the signal specifics, I hope this tutorial proves helpful for fellow train enthusiasts and tech fan alike.

**Disclaimer: Educational Purpose and Legal Considerations**

Please note that the content of this video is intended for educational purposes only. It's not intended to encourage or promote any unauthorized access, interference with train operations, or any other illegal activities. Always adhere to local laws and regulations when using the information provided in this video.

Exploring train radio frequencies and decoding signals is a fascinating topic, but it's important to respect the law and the safety regulations set by relevant authorities. Never attempt to access railroad property or interfere with operations without proper authorization.

Don't miss out on staying connected:
Catch updates on Twitter: https://twitter.com/cemaxecuter

Supporting the channel:
If you appreciate the value this content brings, I invite you to consider extending your support through Patreon: https://www.patreon.com/cemaxecuter.[+] Show More

DragonOS FocalX Messages from MQTT to Elastic Stack Word Cloud (SDR4space, WhisperCPP) Part 2

📡 Unlocking Advanced Data Analysis with SDR4space! 📡 In this video ...

DragonOS FocalX WarDragon w/ Elastic Stack + MQTT (SDR4space) Part 1

Welcome to the inaugural video where we embark on the journey of ...

DragonOS FocalX WarDragon w/ SDRConnect + Fldigi RX Morse Code from PortaPack (hackRF, RSPdx)

🔴 Title: Setting up SDRConnect in DragonOS FocalX with PortaPack H2+ ...

DragonOS FocalX DEFCON Remote RF Spectrum Monitoring w/ SDR4space + WhisperCPP (KrakenSDR, HaLow-U)

DEFCON was such an incredible experience, and I genuinely want to ...

DEFCON was such an incredible experience, and I genuinely want to express my gratitude to everyone who played a part in getting me there and making it an unforgettable time. ...A heartfelt shout-out goes to the RF Village – your support and hospitality meant a lot to me!

During my stay at DEFCON, I managed to put together a video that showcases some last-minute modifications I made to SDR4space. I couldn't have done it without the help of Lama_Blue, who pitched in with some programming assistance just in the nick of time. I also had the opportunity to set up two remote KrakenSDR stations, initially intended for direction finding, but they quickly pivoted to detecting FM-based communications.

The core idea behind this project was to create a network of interconnected stations using WiFi HaLow (802.11ah). Among these stations, two were equipped with KrakenSDRs and compact SteamDeck/Mini PCs. The third station was a laptop running DragonOS FocalX, just like the others. The video will walk you through how I got the MQTT service up and running to collect data from all these distant stations.

For the stations equipped with KrakenSDRs, I utilized SDR4space along with an internal SDR to monitor two different frequencies simultaneously. When any activity was detected, SDR4space captured the IQ data, performed FM demodulation, and sent out a wav file to WhisperCPP. Once the wav file was transcribed, the resulting message was transmitted via WiFi HaLow to the MQTT server hosted on the laptop.

This time around, the new SDR4space script on each station incorporated more functionalities, such as including GPS information, frequency details, messages, and supplementary data. This was a substantial improvement over my previous attempts. To keep a real-time track of the data flowing into the MQTT database, I relied on MQTT Explorer, which proved to be incredibly useful.

As I look ahead, I'm contemplating the possibility of utilizing the Elastic Stack to delve deeper into the data stored in the MQTT database, allowing for more comprehensive insights. The potential of this endeavor is both promising and thrilling, and I'm eager to see where it takes me.

Once again, a heartfelt thanks for making DEFCON an enriching and enjoyable experience for me. Your support truly means the world to me, and I'm grateful for the opportunity to be a part of such a fantastic event.

As always, If you find this video helpful
Follow @cemaxecuter on Twitter for more DragonOS and SDR info.
Become a patron @ https://www.patreon.com/cemaxecuter[+] Show More

DragonOS FocalX SDR4space w/ Remote PlutoSDR Spectrum Survey (ALFA HaLow-U, 802.11AH)

Here's a short video with a slight spin on a previous SDR4space ...

DragonOS FocalX Configuring GR-DECT2 w/ AntSDR E200 (GR 3.10, SDR++, PlutoSDR)

The purpose of this video is to show the small changes needed to run ...

DragonOS FocalX RTSA Pro + SpectranV6 + SigDigger w/ HTTP Stream (Guest appearance by hackRF)

Figured while I had it working, why not quickly detail how to get ...

DragonOS FocalX DSD FME + GQRX and Ice9 Bluetooth Sniffer Wideband Updates/Usage (hackRF, bladeRF)

Short video reminding users how to pull in the latest updates for ...

DragonOS FocalX Sniff and Transmit ZigBee w/ HackRF + B205 (GNURadio, SDRAngel)

Here's a way to sniff/capture ZigBee packets w/ a hackRF + GNU Radio ...

Cart

DragonOS FocalX Passive Sniffing LTE IMSI + BTLE Security Research (bladeRF, Ubertooth, B205, X310)