Pentesting devices. Review of hacking devices. Part 2: RF





Disclaimer: This article is for educational purposes only. We do not support and condemn any cybercrime. We hope this article will help you better organize your security on the Internet, forewarned is forearmed.



In recent years, a huge number of pentester devices have appeared in the clearnet, and new ones are constantly appearing. Most are sold in scattered stores around the world (including on aliexpress), and pentesters have a new headache - to choose the right one among dozens of similar devices or to look for another β€œuniversal” solution. Finally, cool specialist and information security consultant Yago Hansen just put together a catalog of cool devices, hardware and accessories that have proven their effectiveness. Now the catalog is of the second version, it contains 177 items from 8 categories. We bring to your attention its adaptation in the form of a cycle of 7 posts (some categories will be combined or divided into two articles due to the difference in volume).



What will happen in the loop:



  • Mini computers
  • RF
  • Wi-Fi + Network
  • RFID & NFC + HID & Keylog
  • Bus
  • Accessories 1/2
  • Accessories 2/2




RF



▍1. RTL-SDR v.3





SDR RX



This USB dongle is the most famous and compatible SDR with RX capabilities. This is an RTL-SDR blog V3 software radio with RTL2832U ADC chip, R820T2 tuner, 1PPM TCXO, SMA F connector and passively cooled aluminum case. Tuning from 500 kHz to 1.7 GHz with bandwidth up to 3.2 MHz (stable 2.4 MHz). Ideal for use as a computer radio scanner with free software such as SDR #, HDSDR, SDR-Radio, GQRX or SDR Touch on Android. Works on Windows, OSX, Linux, Android, and computers like the Raspberry Pi. Great for many applications including general radio, air traffic control, public safety, aircraft ADS-B radar, ACARS, trunking radio, P25 / MotoTRBO digital voice, POCSAG, weather balloons, APRS, NOAA APT / Meteor M2 weather satellites,radio astronomy, DAB, training, or an inexpensive panadapter. This model has several improvements over other brands: it uses an improved R820T2 tuner, TCPO 1PPM, improved components, a redesigned low-noise PCB, improved cooling, additional ESD protection and an SMA F-connector.



Specifications




Price - from 25 euros on Amazon



▍2. Flamingo FM





Wideband FM filter for SDR



High quality high performance bandpass filter designed for software defined radio (SDR) designed and manufactured by NooElec. FM broadcasting can be particularly problematic due to the powerful transmitters used for broadcasting in some areas. These signals can overload the external SDR interface, causing imaging and other problems. This provides sufficient attenuation for FM broadcast frequencies (typically> 40 dB) while minimizing interference to adjacent bands, such as the important VHF band (108-137 MHz). The roll-off of the -3dB filter is 80 MHz and 115 MHz. Low out-of-band insertion loss means the filter can stay in place for virtually any application. As befits a true bandpass filter, you can pass a DC current through it,when it is necessary. DC processing is 250mA (min) and the maximum recommended signal level is + 18dBm (5Vp-p), so there is no problem using a filter for higher power applications.



Specifications




Price - from 17 euros on Amazon



▍3. Flamingo AM





Wideband AM filter for SDR



High quality high performance bandpass filter designed for software defined radio (SDR) designed and manufactured by NooElec. AM broadcast can be particularly problematic due to the powerful transmitters used for broadcasting in some areas. These signals can overload the external SDR interface, causing imaging and other problems. The Flamingo AM is a great companion to our Ham It Up range of high frequency converters. It provides sufficient attenuation for AM broadcast frequencies (typically> 40 dB) while ensuring minimal interference to adjacent bands. The roll-off of the -3dB filter is 350 kHz and 1900 kHz. Minimal out-of-band insertion loss means the filter can stay in place for almost any application, although it is recommended that you remove Distill: AM from the setting.when you are not listening to HF frequencies. Like a true bandpass filter, you can pass DC current when needed. DC processing is 250mA (min) and the maximum recommended signal level is + 18dBm (5Vp-p), so using a filter for higher power applications is not a problem. The Flamingo AM has its own filtering circuit, fully shielded from electromagnetic interference, and its front end is protected by an ESD diode designed for RF applications. The PCB has 2 mounting holes for different mounting options, and the kit includes an SMA hardware (washer and nut).and the maximum recommended signal level is + 18dBm (5Vp-p), so using the filter for higher power applications is not a problem. The Flamingo AM has its own filtering circuit, fully shielded from electromagnetic interference, and its front end is protected by an ESD diode designed for RF applications. The PCB has 2 mounting holes for different mounting options, and the kit includes an SMA hardware (washer and nut).and the maximum recommended signal level is + 18dBm (5Vp-p), so using the filter for higher power applications is not a problem. The Flamingo AM has its own filtering circuit, fully shielded from electromagnetic interference, and its front end is protected by an ESD diode designed for RF applications. The PCB has 2 mounting holes for different mounting options, and the kit includes an SMA hardware (washer and nut).and the kit includes SMA hardware (washer and nut).and the kit includes the SMA hardware (washer and nut).



Specifications




Price - from 17 euros on Amazon



▍4. GPS bandpass filter





Designed specifically for GPS applications



This is a small cost effective bandpass filter centered at 1575.42 MHz with a typical 2.7 dB bandwidth insertion loss. This filter has excellent rejection characteristics: for example, rejection at 850 MHz and 1640 MHz exceeds 40 dB. The filter also provides power control up to +10 dBm and has an operating temperature range of -40 Β° C to + 85 Β° C. Note: you can swap the input to output in this filter as it is symmetrical in terms of S21 = S12. Possible applications: GPS L1 signal reception Rejection of strong signals in cellular, LTE, UHF and 915 MHz ISM 2.4 GHz bands. Filtering in SDR like HackRF, RTL-SDR, USRP, etc.



Specifications




Price - from 20 euros on tindie.com



▍5. HackRF One





The mid-range SDR with TX



HackRF One functionality from Great Scott Gadgets is an SDR capable of transmitting or receiving radio signals from 1 MHz to 6 GHz. HackRF One is an open source hardware platform that can be used as a USB peripheral or programmed to run autonomously. It is designed to test and develop state of the art next generation radio communication technologies. This SDR offers one important improvement over other cheap ones, it allows transmission. But RF quality is not as good as expected, although it is still suitable for PoC.



Specifications




Price - from 260 euros on Amazon



▍6. PortaPack for HackRF One





Transforms HackRF into a portable device



Add PortaPack H1 to SDR HackRF One and forget about your laptop! The PortaPack H1 connects to your HackRF and adds an LCD touchscreen, navigation controls, headphone jack, 2.5ppm clock reference, real-time clock, micro SD card slot, and custom aluminum housing. Just plug in the USB Powerbank and you're ready to explore the RF spectrum wherever you are. PortaPack firmware runs on fast ARM processors in your HackRF. No computer is needed (except for reprogramming its firmware). There are two main forks on github for this adapter, the coolest is github.com/furrtek/portapack-havoc... This firmware offers many different standalone features that will enhance your HackRF One and also allow you to work in SDR mode from your computer.



Specifications




Price - from 220 € (HackRF not included) on sharebrained.com



▍7. PortaPack + HackRF One clone





Updated Chinese clone



There are many Chinese clones of HackRF One available on the Internet today. There are also some Portapack clones, but be careful, some are quite low quality and some don't work with Portapack Havoc firmware. I've personally tested this device and it works just fine and adds completely new functionality. The complete kit includes a new high-quality aluminum case and adds a high-precision TCXO clock (0.5ppm) to add a new feature to Portapack Havoc firmware: GPS spoofing. Instructions and details here: gridrf.com/products/detail/id/11.html



Specifications




Price - from 184 euros (HackRF is included in the Aliexpress kit



▍8. Crazyradio PA





2.4 hertz USB transceiver



It features a 20dBm power amplifier, LNA and comes pre-programmed with Crazyflie compatible firmware. The Power Amplifier expands the range, giving a range of over 1 km along with Crazyflie 2.0 and above 2 km at Crazyradio-to-Crazyradio. Crazyradio PA is not only intended to be used in conjunction with Crazyflie and Crazyflie 2.0. Since it is an open source project with firmware written from scratch and a Python API to use, it is a great component for systems that require more range than Wi-Fi and do not have the same bandwidth requirements. The hardware comes with the latest firmware as well as a bootloader that allows firmware upgrades via USB without the need for additional hardware.It is widely used to hack wireless keyboards and mice, and is supported by bettercap framework.



Specifications






Price - from 50 euros on Amazon



▍9. nRF52840 USB Dongle





Next Generation 2.4 Hertz USB Transceiver



The nRF52840 is a small, inexpensive USB dongle that supports proprietary Bluetooth 5, Bluetooth mesh, Thread, ZigBee, 802.15.4, ANT and 2.4GHz protocols. The Dongle is an ideal target equipment for use with nRF Connect for Desktop, as it is inexpensive but still supports all short-range wireless standards used with Nordic devices. The dongle was designed for use as a wireless HW device along with nRF Connect for Desktop. In addition, the nRF52840 can load compiled custom applications. It has a programmable RGB LED, a green LED, a programmable button, and 15 GPIOs accessible from dotted slots along the edge. Sample implementations are available in the nRF5 SDK under the name PCA10059. NRF52840 dongle is supported by nRF Connect for Desktop,and is also programmable via nRFUtil.



Specifications




Price - from 9 euros at mouser.de



▍10. nRF52840 with antenna





The scaled down nRF52840 with external antenna



Dongle nRF52840 can be used as a development platform for the nRF52840 SoC. It has user-configurable LEDs and a button. In addition to radio communication, the nRF5240 SoC can communicate with a computer via USB. It is very similar to the Nordic PCA10059 USB dongle, but it has fewer pinouts and a button. The nRF528540 is equipped with an LED (LED1), a multi-color RGB LED (LED2), a user-configurable button (SW1). LEDs and buttons are connected to dedicated I / O on the nRF52840 SoC. The nRF52840 is flashed with the Adafruit nRF52 bootloader and the "BLE Peripheral blink" from the nRF5 SDK examples.



Specifications




Price - from 12 euros on aprbrother.com



▍11. nRF52840 with e-paper





nRF52840



With the growing number of connected devices being deployed, energy consumption is becoming a major concern. Technologies such as BLE (Bluetooth Low Energy) are built from the ground up with low power consumption in mind. Another very low power technology is the e-paper display, which is famous for being used by Amazon for Kindle devices. Papyr of Electronut labs combines these two core ideas - low power wireless technology combined with a low power display system. In the Nordic nRF52840 SoC, Papyr can support not only BLE but also network protocols such as Thread, BLE Mesh and Zigbee. Papyr also has a lot of extras - like a built-in NFC antenna for BLE pairing, a CR2477 battery holder, a micro-USB port, additional GPIOs, an RGB LED, etc.Papyr has many uses, such as dynamic labels or displaying sensor data on a mesh network. Papyr can be used wherever you need a connected low power display.



Specifications




Price - from 39 euros on pcbway.com



▍12. Yardstick







The YARD Stick One can transmit or receive digital wireless signals below 1 GHz. It uses the same radio as the popular IM-Me. The radio functions that are available when configuring the IM-Me firmware are now at your fingertips when you connect the YARD Stick One to your computer via USB. The YARD Stick One comes with RfCat firmware installed. RFCat allows you to control your wireless transceiver from an interactive Python shell or from a custom program running on your computer. The YARD Stick One also has a CC bootloader installed, so you can update RFCat or install your own firmware without any additional software. Antenna is not included. ANT500 is recommended as a starter antenna for the YARD Stick One.This tool has been used in various attacks and PoCs to crack wireless keys (car and others).



Specifications




Price - from 120 euros on Amazon



▍13. Ubertooth one





Best Bluetooth



Hacker Ubertooth One is an open source 2.4GHz wireless development platform suitable for experimenting with Bluetooth. Many different covers and cases are sold for it, since by itself it goes without any protection. I recommend purchasing an aluminum case to isolate it from interference and keep your fingers safe. More information: www.davidsopas.com/tag/ubertooth



Specifications




Price - from 155 euros on Amazon



▍14. APImote v.4b





For Hacking IoT Zigbee Protocol ApiMote



is a ZigBee security study hardware designed for researchers, students, enterprises, etc., which is used to study and assess the security of IEEE 802.15.4 / ZigBee systems. ApiMote is pre-flashed with KillerBee firmware, so all you need to do to get started is just connect to your system and use the KillerBee utilities. The ApiMote hardware is designed and developed by River Loop security, and the open source project is available at github.com/riverloopsec/apimote .



Specifications




Price - from 150 euros on Amazon



▍15. Freakduino 2.4 GHz





Decent Alternative for Zigbee Hack



FreakLabs Freakduino v3.0a is designed for rapid prototyping, experimentation, and deployment of wireless designs at low cost. It combines the ease of use of an Arduino IDE, compatibility with a wide range of third-party peripherals and libraries, and built-in wireless radio for an inexpensive wireless prototyping system. The addition of a built-in wireless radio based on the IEEE 802.15.4 protocol (the same radio protocol as the XBee) enables wireless device control or data collection from wireless sensors. A battery has been added so that it can function as a true wireless node without any external power. The chibiArduino wireless protocol stack was designed specifically for this board.It has a simple programming interface and small memory footprint, and has been designed to allow Arduino users to start wirelessly quickly and easily. Rather than having to deal with complex networking software with other wireless devices, you can start transmission from Freakduino using only init, send and receive library commands.

More information at: freaklabs.org/freakduino-v3-0-hardware-user-guide



Specifications




Price - from 27 euros at freaklabsstore.com



▍16. Parani UD100





The



Parani-UD100 Powerful Bluetooth Device is a USB Type 1 Bluetooth adapter that supports up to 300 meters of wireless transmission by default. With patch antennas, the distance can be up to one kilometer in open spaces. The working distance can be further extended to 1000 meters with an optional replaceable antenna. With a longer communication distance than other common USB Bluetooth adapters, it is suitable for industrial or special applications. The Parani-UD100 is perfectly compatible with other SENA Bluetooth devices. Try this software tool: github.com/pwnieexpress/blue_hydra



Specifications




Price - from 40 euros at senanetworks.com



▍17. Bluefruit LE Sniffer





BLE sniffer compatible with Wireshark



Want to know how Bluetooth Low Energy works at the packet level? Debugging your own BLE hardware and trying to figure out where something is going wrong? Or maybe you're writing a dedicated app for your phone or tablet that needs to interface with existing BLE hardware, but you don't know how it works below the surface? The Bluefruit LE Friend is programmed with a custom firmware image that turns it into an easy to use Bluetooth Low Energy sniffer. You can passively capture communication between two BLE devices by passing data to Wireshark, where you can visualize things at the packet level, with useful descriptors to help you figure out the values ​​without having to dig into the 2000 page Bluetooth 4.0 kernel spec. Note:You can only use this device for listening on Bluetooth low energy devices! It will not work on regular Bluetooth devices. Firmware V2 is an improved firmware from Nordic, it now has the best Wireshark streaming software that works with all OSs to listen to BLE in real time. The analyzer firmware cannot be used with the Nordic DFU bootloader firmware, which means that if you want to reprogram this device, you must use the J-Link (and the SWD programmer board). You cannot reprogram it over the air.it now has the best Wireshark streaming software that works with all OSs for real-time BLE listening. The analyzer firmware cannot be used with the Nordic DFU bootloader firmware, which means that if you want to reprogram this device, you must use the J-Link (and the SWD programmer board). You cannot reprogram it over the air.it now has the best Wireshark streaming software that works with all OSs for real-time BLE listening. The analyzer firmware cannot be used with the Nordic DFU bootloader firmware, which means that if you want to reprogram this device, you must use the J-Link (and the SWD programmer board). You cannot reprogram it over the air.



Specifications




Price - from 25 euros at senanetworks.com



▍18. RF power meter





Measures Output Power



Many times I just wanted to check if the radiated output power of a radio signal is acceptable, or if the RF power advertised by the manufacturer is correct. It is a tool to check the ERP (Radiated Power) of any RF device operating at supported frequencies. Most operating systems today limit the power output of Wi-Fi devices by patching drivers in real time. It is very difficult to know what the power of any Wi-Fi device is. With this tool you can do it!



Specifications




Price - from 89 euros at banggood.com



▍19. Lime SDR mini





Another high quality SDR device



The LimeSDR Mini is a hardware platform for the design and prototyping of high performance and logically complex digital and RF designs that use the Lime Microsystems LMS7002M RF transceiver and Altera MAX 10 FPGA. Simply put, the LimeSDR Mini is a smaller, less expensive version of the original LimeSDR. However, it still has advantages - at its core, the LimeSDR Mini uses the same LMS7002M radio transceiver as its older brother. The Mini has two channels instead of four and, by popular demand, SMA connectors instead of micro U.FL connectors. The LimeSDR Mini platform provides students, inventors and developers with a smart and flexible device to manipulate wireless signals so that they can learn.experiment and develop without the limitations of functionality and high cost of proprietary devices.



Specifications




Price - from 159 euros at crowdsupply.com



▍20. USRP B205mini-i





Professional mini-SDR from Ettus Research



The USRP B205mini-i is a 1 Γ— 1 SDR / cognitive radio about the size of a business card. With a wide 70 MHz to 6 GHz frequency range and an industrial-grade Xilinx Spartan-6 XC6SLX150 user-programmable FPGA, this flexible and compact platform is ideal for hobbyists and OEMs alike. The RF interface uses an Analog Devices AD9364 RFIC transceiver with an instantaneous bandwidth of 56 MHz. The board is powered by a high-speed USB 3.0 connection for streaming data to a host computer. The USRP B205mini-i also includes headers for GPIO, JTAG, and synchronization to a 10MHz reference clock or PPS time reference input. The USRP Hardware Driver Software API supports all USRP products and allows users to efficiently develop applications,and then smoothly transition from project to platform as requirements expand.



Specifications




Price - from 942 euros on ettus.com



▍21. Log Periodic Antenna





For a wide range of frequencies The



directional broadband antenna with high gain is suitable for directional radio transmission and reception, signal source reconnaissance and direction finding, wideband signal testing, and so on. The antenna is suitable for UWB positioning module, Wi-Fi 2.4GHz and 5.8GHz and other common frequencies.



Specifications




Price - from 11 euros at banggood.com



▍22. Sub 1 GHz telescopic antenna





The antenna for the HackRF and Yardstick



ANT500 from Great Scott Gadgets is a telescopic antenna designed to operate from 75 MHz to 1 GHz. Its total length ranges from 20 cm to 88 cm. The ANT500 is made of stainless steel and has an SMA connector and adjustable outlet. The ANT500 is a general purpose 50 ohm antenna. It is ideal for use with the HackRF One or YARD Stick One.



Specifications




Price - from 35 euros on Amazon



▍23. 400MHz-4GHz 1W RF amplifier





High Linearity Multipurpose Amplifier



If you are going to work with SDR in a real environment, you will need to generate a signal strong enough to feed your RF PoCs. Depending on the frequency you intend to transmit, you will need to select the appropriate amplifier for it. You will have to look for a multi-functional amplifier that works over a very wide range of frequencies and ranges. This model does not offer professional specifications, but it can be used for your testing and it has a very nice price tag.



Specifications




Price - from 12 euros Aliexpress



▍24. Low Noise RF Amplifier





High Linearity LNA



This is another multipurpose RF amplifier that provides high linearity and low noise gain (LNA) for many types of radio signals. This model is based on the SPF-5189Z RF amplifier chip, which operates in the frequency range from 50 MHz to 4 GHz with a maximum power gain of 22.7 dBm at 1960 MHz. This chip provides ultra-low noise gain with a noise level of about 0.6 dB at 900 MHz. The LNA's linearity is its ability to amplify a signal without distortion. When the LNA is operating linearly, the output power in dB is calculated as the sum of the input signal and the gain. However, when the input signal level exceeds a certain point, the output signal begins to flatten and the LNA stops being linear.



Specifications




Price - from 16 euros on Aliexpress



▍25. LNA 10MHz to 8000MHz





RF Amplifier Up to 40dB



A Low Noise Amplifier (LNA) is an electronic device that amplifies weak signals at its input without adding significant noise. These amplifiers are commonly used in receivers. It is a wideband low noise amplifier that provides excellent gain (35-40 dB between 100 MHz and 2 GHz) and noise figure (3 dB at 2 GHz). LNA is very general purpose and can be used in a number of different occasions like Ham Radio, TV Receiver, etc. The USB power supply means you can charge it from your laptop. Its design provides broadband operation from 10 MHz to 8 GHz at a fraction of the cost of comparable LNAs.



Specifications




Price - from 420 euros on nuand.com



▍26. Lime RFE





LimeSDR



Lime RF Front End SDR (LimeRFE) is an open hardware power amplifier (PA) module with matching filtering circuits and support for LimeSDR, LimeSDR Mini and LimeNET Micro platforms, providing a complete solution for real-world applications. LimeRFE covers three completely different sets of bands: HAM, Cellular and Broadband. Test: www.rtl-sdr.com/limerfe-wspr-tests



Specifications




Prices start at 599 euros at crowdsupply.com



Next section - Wi-Fi & Network, wait for next week.






All Articles