YouTube Tutorial: Eavesdropping on DECT6.0 Cordless Phones with a HackRF and GR-DECT2

Back in December of last year Corrosive from his YouTube channel SignalsEverywhere showed us a demo video of him receiving unecrypted DECT digital cordless phones with his HackRF.

DECT is an acronym for 'Digital Enhanced Cordless Telecommunications', and is the wireless standard used by modern digital cordless phones as well as some digital baby monitors. In most countries DECT communications take place at 1880 - 1900 MHz, and in the USA at 1920 - 1930 MHz. Some modern cordless phones now use encryption on their DECT signal, but many older models do not, and most baby monitors do not either. However, DECT encryption is known to be weak, and can be broken with some effort.

In his latest video Corrosive shows us how to install GR-DECT2 on Linux, which is the GNU Radio based decoding software required to decode the DECT signal. He then goes on to show how the software can be used and finally provides some optimizations tips.

DECT 6.0 Cordless Phone Eavesdropping {Install GR-DECT2 and Decode with HackRF SDR}

4 comments

  1. Not Sure

    Very interesting indeed.

    I went the other way, and bought a Com-on-air device (PCMCIA), so I had to buy an adapter to mount that in my PC. AND I had to run it under 32 bit image. Not cheap.

    However, the performance was lacking, so I opened it, and soldered a suitable external antenna connector to improve range.

    But WOW did it work well. And sorry to say its functionality looked somewhat more ‘refined’ than your demo. The downside being that it only dumped to a .wav file or something – long time since I’ve used it. But in the built-up place that is the UK – there were LOTS of unencrypted handsets to listen to, and the Com-on-air changed freq with the handsets too.

    I saw that someone paid a developer to pipe that output to audio in real time, and not just dump to a file. Almost considered that too, but you know how life gets in the way…

    I will try this with my ettus device, given that I saw a .grc file in your video for it.

    • Corrosive of SignalsEverywhere

      The com-on-air is some NICE hardware. I agree 100% and the scanning is superb but man is it expensive.

      You know you can listen in near-real time with that. I paid a developer to modify it years ago.
      https://github.com/KR0SIV/dedected

      Just re-compile the above into the folder over top of your existing installation.
      That’ll do live playback and it’ll start on the US band.

      It’s an older video but I do have a demo of the com-on-air card as well.
      https://www.youtube.com/watch?v=MycM38SjHjg

      oh, I see you’ve already found the software XD Yeah that was me.

      I’m working to improve the dect2 software to auto-follow the handset freq. Hopefully that will go as planned.

Post a comment

You may use the following HTML:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.