Skip to main content
JG is here with you โœจ
Back to Mission Reports

Mission 03: Sub-GHz Control Systems

2026-05-06

Analyze the signaling of common low-power ISM devices and distinguish between legacy and modern security.

capturereplaylooking glass

Complexity Rating

Receive2/5
Decode4/5
Analysis4/5

System Studied

ISM Band OOK/FSK (315/433 MHz)

Hardware Requirement

hackrfflipper

Software Suite

URHinspectrumrtl_433

1. Field Methodology: Capture

I/Q recording of short-burst transmissions from remotes, doorbells, or simple IoT sensors.

Gear Selection NoteThe Flipper Zero is an excellent 'all-in-one' for this mission, but a HackRF provides more detailed signal analysis.

2. Analysis Workflow: Decode

Visualizing the waveform in inspectrum to determine bit timing and symbol structure (Manchester vs. PWM).

0.0msstatic Protocol analysis50.0ms
1011001010110010

Static protocol detected. The binary sequence is constant across sessions, enabling simple I/Q capture and replay exploitation.

3. Findings & Limitations

Fixed-code systems are vulnerable to simple capture-and-replay, whereas modern rolling-code systems prevent such attacks using cryptographic counters.

Legal & Ethical Briefing

Replaying signals to devices you do not own can interfere with local communications and may be illegal. Test only in a controlled lab environment.

What to study next

Study how rolling code (Keeloq) and challenge-response protocols provide modern security.

Continue Mission
Open to AI-Focused Roles

AI Sales โ€ข AI Strategy โ€ข AI Success โ€ข Creative Tech โ€ข Toronto / Remote

Let's connect โ†’
Terms of ServiceLicense AgreementPrivacy Policy
Copyright ยฉ 2026 JMFG. All rights reserved.