During the SANS Pen Test HackFest which was held back in 2017, speaker Katie Knowles who is a security consultant at MWR Infosecurity did a very informative talk on how an RTL-SDR can be used to investigate RF signals. The video has recently been uploaded to YouTube and is shown below. In the talk she goes over how to reverse engineer and understand simple RF protocols, like those used by common RF remote controls found in the home. She then goes on to talk about the basics of software like GNU Radio and rtl_433. The talk blurb reads:
Cranes, trains, theme park rides, sirens, and …ceiling fans? Modern RF protocols have made secure wireless communications easier to implement, but there’s still a horde of simpler RF control systems in the wireless world around us.
Lucky for us, the onset of affordable Software Defined Radios (SDRs) means that exploring these devices is easier than ever! In this talk, Katie examines capturing and understanding basic RF control signals from a common household controller with the affordable RTL-SDR so you can start your own investigations.
With a little knowledge of these protocols we can better explain what makes them risky to the environments we assess, practice thinking in the offensive mindset, and have some fun examining the signals around us.
Slides available here.