The Universal Radio Hacker (URH) is a software for investigating unknown wireless protocols. Features include

• hardware interfaces for common Software Defined Radios
• easy demodulation of signals
• assigning participants to keep an overview of your data
• customizable decodings to crack even sophisticated encodings like CC1101 data whitening
• assign labels to reveal the logic of the protocol
• automatic reverse engineering of protocol fields
• fuzzing component to find security leaks
• modulation support to send the data back to the target
• simulation environment to perform stateful attacks

In order to get started

• view the installation instructions on this page,
• download the official userguide (PDF),
• watch the demonstration videos (YouTube),
• check out the wiki for more information such as supported devices or
• read some articles about URH for inspiration.

If URH is useful for you, please consider giving this repository a ⭐ or make donation via PayPal. We appreciate your support!

Want to stay in touch? 💬 Join our Slack channel!

We encourage researchers who work with URH to cite this WOOT'18 paper or directly use the following BibTeX entry.

@inproceedings {220562,
author = {Johannes Pohl and Andreas Noack},
title = {Universal Radio Hacker: A Suite for Analyzing and Attacking Stateful Wireless Protocols},
booktitle = {12th {USENIX} Workshop on Offensive Technologies ({WOOT} 18)},
year = {2018},
address = {Baltimore, MD},
url = {https://www.usenix.org/conference/woot18/presentation/pohl},
publisher = {{USENIX} Association},
}

Universal Radio Hacker can be installed via pip or using the package manager of your distribution (if included). Below you find more specific installation instructions for:

• Windows
• Linux
  • Install via Package Manager
  • Generic Installation with pip (Ubuntu/Debian)
  • Docker Image
• MacOS
• Updating your installation
• Running from source

On Windows, URH can be installed with its Installer. No further dependencies are required.

If you get an error about missing api-ms-win-crt-runtime-l1-1-0.dll, run Windows Update or directly install KB2999226.

URH is available on PyPi so you can install it with

# IMPORTANT: Make sure your pip is up to date
sudo python3 -m pip install --upgrade pip  # Update your pip installation
sudo python3 -m pip install urh            # Install URH

This is the recommended way to install URH on Linux because it comes with all native extensions precompiled.

In order to access your SDR as non-root user, install the according udev rules. For example, you can install the HackRF udev rules with the following commands.

sudo tee -a /etc/udev/rules.d/52-hackrf.rules >/dev/null <<-EOF
ATTR{idVendor}=="1d50", ATTR{idProduct}=="604b", SYMLINK+="hackrf-jawbreaker-%k", MODE="660", GROUP="plugdev"
ATTR{idVendor}=="1d50", ATTR{idProduct}=="6089", SYMLINK+="hackrf-one-%k", MODE="660", GROUP="plugdev"
ATTR{idVendor}=="1fc9", ATTR{idProduct}=="000c", SYMLINK+="hackrf-dfu-%k", MODE="660", GROUP="plugdev"
EOF
sudo udevadm control --reload-rules

Make sure your current user is in the plugdev group to make these rules work. You find rules for other SDRs by searching for "<SDR name> udev rules" in your favorite search engine.

If you still have problems accessing your SDR the Linux USB autosuspend feature might be interfering. You can disable it by editing your /etc/default/grub as shown here.

URH is included in the repositories of many linux distributions such as Arch Linux, Gentoo, Fedora, openSUSE or NixOS. There is also a package for FreeBSD. If available, simply use your package manager to install URH.

Note: For native support, you must install the according -dev package(s) of your SDR(s) such as hackrf-dev before installing URH.

The official URH docker image is available here. It has all native backends included and ready to operate.

It is recommended to use at least macOS 10.14 when using the DMG available here.

1. Install Python 3 for Mac OS X. If you experience issues with preinstalled Python, make sure you update to a recent version using the given link.
2. (Optional) Install desired native libs e.g. brew install librtlsdr for corresponding native device support.
3. In a terminal, type: pip3 install urh.
4. Type urh in a terminal to get it started.

If you installed URH via pip you can keep it up to date with pip3 install --upgrade urh, or, if this should not work python3 -m pip install --upgrade urh.

If you like to live on bleeding edge, you can run URH from source.

To execute the Universal Radio Hacker without installation, just run:

git clone https://github.com/jopohl/urh/
cd urh/src/urh
./main.py

Note, before first usage the C++ extensions will be built.

To install from source you need to have python-setuptools installed. You can get it e.g. with pip install setuptools. Once the setuptools are installed use:

git clone https://github.com/jopohl/urh/
cd urh
python setup.py install

And start the application by typing urh in a terminal.

• Hacking Burger Pagers
• Reverse-engineer and Clone a Remote Control
• Reverse-engineering Weather Station RF Signals
• Reverse-engineering Wireless Blinds
• Attacking Logitech Wireless Presenters (German Article)
• Attacking Wireless Keyboards
• Reverse-engineering a 433MHz Remote-controlled Power Socket for use with Arduino

• Hackaday Article
• RTL-SDR.com Article
• Short Tutorial on URH with LimeSDR Mini
• Brute-forcing a RF Device: a Step-by-step Guide

See wiki for a list of external decodings provided by our community! Thanks for that!