Tagged: cordless phones

Listening in to a DECT Digital Cordless Phone with a HackRF

Over on YouTube SignalsEverywhere (aka Corrosive) has uploaded a new video where he shows a demonstration of him listening in to a DECT digital cordless phone with his HackRF. 

DECT is an acronym for 'Digital Enhanced Cordless Telecommunications', and is the wireless standard used by modern digital cordless phones as well as some digital baby monitors. In most countries DECT communications take place at 1880 - 1900 MHz, and in the USA at 1920 - 1930 MHz. Some modern cordless phones now use encryption on their DECT signal, but many older models do not, and most baby monitors do not either. However, DECT encryption is known to be weak, and can be broken with some effort.

In his video Corrosive uses gr-dect2, a GNU Radio based program that can decode unencrypted DECT signals. In the video he shows it decoding a DECT call from his cordless phone in real time.

Demonstration Listening to DECT Phone Call with a HackRF SDR

re-DECTed: An RTL-SDR DECT Decoder

Over on GitHub programmer ‘znuh’ has uploaded a new RTL-SDR compatible GNURadio based tool for DECT decoding. DECT is an acronym for ‘Digital Enhanced Cordless Telecommunications’, and is the wireless standard used by modern digital cordless phones. In most countries DECT communications take place at 1880 – 1900 MHz, and in the USA at 1920 – 1930 MHz. So in order to receive these frequencies you’ll need an RTL-SDR with an E4000 chip, or some other compatible SDR that can tune this high.

It appears that the decoder is not actually able to decode audio (at least not yet or without extra work perhaps), but it can at least output the DECT packets to Wireshark for analysis. This may be of interest to those wanting to learn more about the DECT protocol.

Update: Over on the Reddit thread for this software the original poster ‘sanjuro’ has given a hint on how to (in theory) decode the audio, he writes:

In theory you only need to dump B-field data into a file and then play with g726 codec. See documentation from previous de-DECTed project http://wiki.securityweekly.com/wiki/index.php/Episode158

The re-DECTed decoder outputting packets to Wireshark.
The re-DECTed decoder outputting packets to Wireshark.