Capturing and Replaying Signals
Intercepting and replaying RF transmissions.
The Replay Attack Concept
A replay attack is the simplest and most common RF weakness: capture a legitimate transmission, then retransmit it later to reproduce its effect. No decryption is required if the receiver accepts the same signal twice.
This works against any device whose command is a fixed, static transmission:
- Cheap garage door openers.
- Basic car key fobs without rolling codes.
- Wireless doorbells, alarm sensors, and remote outlets.
- Some industrial remote controls for cranes and gates.
If a captured signal still works minutes or days later, the system is vulnerable by design.
Finding the Target Frequency
Before capturing, identify where the device transmits. Most consumer remotes live in ISM bands: 315 MHz (North America), 433.92 MHz (Europe and much of the world), 868 MHz, and 915 MHz.
Tune an RTL-SDR across these bands, press the remote, and watch the waterfall for a burst of energy. The FCC ID printed on a device often reveals its exact operating frequency through public regulatory filings.
# Browse the 433 MHz band live and watch the waterfall
gqrx
# Or auto-identify known devices on the air
rtl_433 -f 433.92M -AAll lessons in this course
- RF and SDR Fundamentals
- Bluetooth and BLE Attacks
- RFID and NFC Security
- Capturing and Replaying Signals