DSpectrum is a reverse engineering tool that aims to make it trivial to demodulate digital RF transmissions. It is built on top of the Inspectrum tool which makes it easy to visualize and manually turn a captured digital RF waveform into a string of bits for later analysis by providing a draggable visual overlay that helps with determining various digital signal properties. DSpectrum added features to Inspectrum like automatically converting the waveform into a binary string with thresholding. RF .wav files for these tools can be captured by any capable radio, such as an RTL-SDR or HackRF.
WaveConverter is a tool that helps you extract digital data from RF transmissions that have been captured via Software Defined Radio (SDR). After the user defines the modulation parameters, framing and encoding, WaveConverter will process a stored I-Q file and extract the data from any transmissions that match this definition. Using programmable timing tolerances and glitch filters, WaveConverter is able to extract data from signals that would otherwise appear corrupted.
This software will make the process of reverse engineering signals easier and more error-proof. Because WaveConverter includes the ability to store and retrieve signal protocols (modulation + encoding parameters), we have been generating a database of protocols that we can quickly use to iteratively attack unknown signals.
This tool should be very useful for reverse engineering digital signals, such as those found in keyfobs, wireless doorbells, wireless temperature sensors and any other simple RF device. Simply use an SDR device like an RTL-SDR to capture a sample of the signal of interest and then open it up in WaveConverter to first easily analyze the signal and determine it’s properties, then to automatically demodulate any subsequent signal into a binary string. For more information the documentation can be found here (pdf).
WaveConverter seems to be quite similar in purpose to Inspectrum and DSpectrum which are two Linux tools that are also designed for reverse engineering digital signals.
Recently nullwolf (T.J. Acton) wrote in to let us know about a very useful wrapper for Inspectrum that he has created, called DSpectrum. Inspectrum is a Linux/Mac based tool that makes it very easy to extract a binary string from a digital transmission which can be recorded with any SDR like an RTL-SDR. DSpectrum builds on Inspectrum and further automates the reverse engineering process. He writes:
The wrapper [DSpectrum] assesses the amplitude measurements, or frequency shifts, that are reported by Inspectrum. The wrapper uses the average of the provided values as a threshold. When a cell’s value falls below the threshold, the wrapper determines that the value is a binary ‘0’, and when it is above the threshold, it records the value as a ‘1’. It then returns this raw binary data as output, in addition to the binary’s hex and ascii translations.
Another two features were included: the semi-automatic comparison of two portions of a transmission in the same file, and the semi-automatic comparison of two signals in separate files.
Nullwolf notes that with DSpectrum the time taken for him to reverse engineer signals has dropped from 1 hour down to 5 minutes in some cases.
Over on his YouTube channel user Gareth has uploaded a video that shows a full tutorial on quickly decoding an On Off Keyed (OOK) signal with a HackRF (or RTL-SDR) and the Inspectrum software. Once decoded he then shows how to use a Yardstick One to duplicate the signal.
Inspectrum is a Linux based program that allows you to easily determine various parameters of a digital modulated signal by positioning an overlay over the waveform of a signal recorded with an SDR. Basically Gareth’s process is to first extract signal level values using Inspectrum, then secondly use a simple Python program to turn these values into binary bits, which gives him the data packet. He is then finally able to write another quick Python program to interface with the Yardstick One and retransmit the string.
The Yardstick One is a multipurpose radio (not a SDR) for transmitting modulated signals like OOK.
My quickest and easiest method for OOK signal decoding & replication in 2016
Inspectrum is a Linux and OSX based tool that can be used for analysing captured signals. It is compatible with the IQ files generated from SDRs, such as the RTL-SDR or HackRF.
Over on YouTube user Mike has uploaded a video that demo’s the latest version of Inspectrum. He shows how the tool can be used to quickly browse the waveforms in a captured signal and how it can be used to determine various digital binary signal properties through an overlay that can be dragged to match the bit frequency of the captured signal.
This program looks like it is shaping up to be a very useful tool for those interested in reverse engineering digital signals. The Inspectrum code and installation procedure can be found at https://github.com/miek/inspectrum.