Wireless network is everywhere, you can find WiFi signal anywhere. But the wireless protocol can be analyze without having to be connected with the wireless network. You can investigate unknown wireless protocols with tool called “Universal Radio Hacker (URH)“. Because this tool is one of the tools presented in the blackhat program.
The Universal Radio Hacker (URH) is a tool for analyzing unknown wireless protocols. With the rise of Internet of Things (IoT) such protocols often appear in the wild. Many IoT devices operate on frequencies like 433.92 MHz or 868.3 MHz and use proprietary protocols for communication. Reverse-engineering such protocols can be fascinating (»What does my fridge talks about?«) and reveal serious security leaks e.g. when bypassing smart alarm systems and door locks.
The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include
- hardware interfaces for common Software Defined Radios
- easy demodulation of signals
- assigning participants to keep overview of your data
- customizable decodings to crack even sophisticated encodings like CC1101 data whitening
- assign labels to reveal the logic of the protocol
- automatic reverse engineering of protocol fields
- fuzzing component to find security leaks
- modulation support to inject the data back into the system
- simulation environment to perform stateful attacks
To get started, download the official userguide (PDF), watch the demonstration videos (YouTube) or check out the wiki for more information and supported devices. Scroll down this page to learn how to install URH on your system.
Universal Radio Hacker can be installed via pip or using the package manager of your distribution (if included). Below you find more specific installation instructions for:
On Windows, URH can be installed with it’s MSI Installer. No further dependencies are required.
If you get an error about missing
api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.
URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.
URH you can also be installed with using
python3 -m pip install urh. In case you are running Ubuntu or Debian read on for more specific instructions.
In order to use native device backends, make sure you install the -dev package for your desired SDRs, that is
If your device does not have a
-dev package, e.g. LimeSDR, you need to manually create a symlink to the
.so, like this:
before installing URH, using:
The official URH docker image is available here.
It is recommended to use at least macOS 10.14 when using the DMG available here.
- Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
- (Optional) Install desired native libs e.g.
brew install librtlsdrfor corresponding native device support.
- In a terminal, type:
pip3 install urh.
urhin a terminal to get it started.
If you installed URH via pip you can keep it up to date with
pip3 install --upgrade urh, or, if this should not work
python3 -m pip install --upgrade urh.
If you experience issues after updating URH using the
.msi installer on Windows, please perform a full uninstallation. That is, uninstall URH via Windows and after that remove the installation folder (something like
C:\Program Files\Universal Radio Hacker). Now, install the new version using the recent
If you like to live on bleeding edge, you can run URH from source.
To execute the Universal Radio Hacker without installation, just run:
Note, before first usage the C++ extensions will be built.
To install from source you need to have
python-setuptools installed. You can get it e.g. with
pip install setuptools. Once the setuptools are installed use:
And start the application by typing
urh in a terminal.
- Hacking burger pagers
- Reverse engineer and clone a remote control
- Reverse engineering weather station RF signals
- Reverse engineering wireless blinds
- Attacking Logitech wireless presenters (german article)
- Reverse engineering a 433MHz remote-controlled power socket for use with Arduino
- Hackaday article
- RTL-SDR.com article
- Short tutorial on URH with LimeSDR mini
- Brute forcing a RF Device: a step-by-step guide
See wiki for a list of external decodings provided by our community! Thanks for that!