Wireless Networks

Table of Contents


  • Fix ToC
  • Add 101 stuff


  • Ghosts from the Past: Authentication bypass and OEM backdoors in WiMAX routers

  • Funtenna - Transmitter: XYZ Embedded device + RF Funtenna Payload

  • CC1101-FSK

    • Jam and replay attack on vehicle keyless entry systems.
  • Fluxion

    • Fluxion is a remake of linset by vk496 with (hopefully) less bugs and more functionality. It's compatible with the latest release of Kali (rolling). The attack is mostly manual, but experimental versions will automatically handle most functionality from the stable releases.
  • gr-lora

    • This is an open-source implementation of the LoRa CSS PHY, based on the blind signal analysis conducted by @matt-knight. The original research that guided this implementation may be found at https://github.com/matt-knight/research
  • An Auditing Tool for Wi-Fi or Wired Ethernet Connections - Matthew Sullivan

  • gr-nrsc5

    • A GNU Radio implementation of HD Radio (NRSC-5)
  • Taming Mr Hayes: Mitigating Signaling Based Attacks on Smartphones

    • Malicious injection of cellular signaling traffic from mobile phones is an emerging security issue. The respective attacks can be performed by hijacked smartphones and by malware resident on mobile phones. Until today there are no protection mechanisms in place to prevent signaling based attacks other than implementing expensive additions to the cellular core network. In this work we present a protection system that resides on the mobile phone. Our solution works by partitioning the phone software stack into the application operating system and the communication partition. The application system is a standard fully featured Android sys tem. On the other side, communication to the cellular network is mediated by a flexible monitoring and enforcement system running on the communication partition. We implemented and evaluated our protection system on a real smartphone. Our evaluation shows that it can mitigate all currently know n signaling based attacks and in addition can protect users fr om cellular Trojans. Cellular Networks in Use:
  • In use in North America:

  • In use in Europe:

  • In use in Asia:

  • In use in Africa:

  • In use in South America:

  • Wireless Keyboard Sniffer

  • krackattacks-scripts

  • hdfm

    • hdfm displays weather and traffic maps received from iHeartRadio HD radio stations. It relies on nrsc5 to decode and dump the radio station data for it to process and display.
  • nexmon

    • Nexmon is our C-based firmware patching framework for Broadcom/Cypress WiFi chips that enables you to write your own firmware patches, for example, to enable monitor mode with radiotap headers and frame injection.
End Sort


BlueTooth BlueTooth

Cellular Networks


  • FunCube dongle
  • RZUSBstick
    • The starter kit accelerates development, debugging, and demonstration for a wide range of low power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee networks. The kit includes one USB stick with a 2.4GHz transceiver and a USB connector. The included AT86RF230 transceiver's high sensitivity supports the longest range for wireless products. The AT90USB1287 incorporates fast USB On-the-Go.
  • Gr0SMoSDR
    • PyBOMBS (Python Build Overlay Managed Bundle System) is the new GNU Radio install management system for resolving dependencies and pulling in out-of-tree projects. One of the main purposes of PyBOMBS is to aggregate out-of-tree projects, which means that PyBOMBS needs to have new recipes for any new project. We have done a lot of the initial work to get known projects into the PyBOMBS system as is, but we will need project developers for new OOT projects or other projects not currently listed to help us out with this effort.
  • UAV Transponders & Tracker Kits - UST

802.11 - WiFi

RFID - Radio Frequency Identification

RF RetroReflectors

Satellite Related

Software Defined Radio

Zigbee Wireless Networks


  • 101
  • Articles/Presentations/Talks/Writeups
    • Stealthy and Persistent Back Door for Z-Wave Gateways
      • Z-Wave is a proprietary wireless protocol that is gaining market share in home automation and security systems. However, very little work has been done to investigate the security implications of these sub-GHz devices. In this talk we review recent work on hacking Z-Wave networks, and introduce a new attack that creates a persistent back door. This attack maintains a stealthy, parallel, and persistent control channel with all Z-Wave devices in the home. We will demonstrate the attack against a commercial Z-Wave security system.
    • Honey, I'm Home!! Hacking Z-Wave Home Automation Systems - video
  • Tools