I find urh a great tool ... except when you absolutely have no idea what kind of signal it is. I usually use inspectrum as a first tool to have a basic idea what the signal looks like. Based on that, I decide how to go further.
Inspectrum is an older tool and has less features then urh, but sometimes simplicity works better.
Kristoff ON1ARF
interesting advice. Thanks!
I do not see that as phone-usage, I'm doing an experiment to see how easy / difficult it is to revert the "i need to know the time, so I grab my phone" reflex back to "I need to know the time, so I look at my wrist".
I'm currently reading some books on how easy it is to manipulate peoples behaviour using 'nudging', this to better understand the social engineering tricks used by hackers.
An chapter in one of these books in how social media use tricks to manupale our behaviour that resemble the tricks used by the gambling industry.
One of the things I find intriging is the size of a smartphones today. If you look at it objectively, they are actually so large that most people would consider it to be annoyting: you have to carry it in a bag, in a pocket of your pants -but you have to take your phone out when you want sit-, or ..you carry it in your hands. Have you noticed how many people have their smartphone in their hand when they walk around? But, of course, if you have something in your hand, it is very easy to open it quickly check your notifications; which reinforces the addiction.
So, that's the thing. People do not find it annoying.
So .. as an experiment, I am trying out how easy / difficult it is to break the habbit.
A small sidenote when (or if) I manage to get my garmin vivosmart HR charges, it does rapport activity per week, number of steps and number of floors I went up on foot per day, even without a smartphone app. So that's at least something :-)
One of the reasons I am looking for a new sportswatch is because I try to reduce my smartphone use and I noticed that I actually took out my smartphone just to check the time.
I have an old garmin vivosmart HR but I do have a problem with the charging cable. Plus I am not able to download the healthstats with my linux 'daily driver' laptop.
Perhaps I should just get a cheap regular watch somewhere? 🤔
I don't. I thought the emoji would have made that clear.
I have been doing cybersecurity awareness lately. We are starting to get over the furst hurdle: make people see the signatures of phishing message. But now we are starting with the 2nd hurdle: make people understand that when they write a genuine post, they should avoid these signatures of phishing, in this case, the "time pressure" argument.
The problem is that the more genuine messages have phising signatures, to more difficult it becomes for people to distinguish a genuine posts from phishing. There is also the risk that you genuine posts will get noted as fake (although that is clearly not the case here :-) )
ah .. currently not available :-/
ah. That looks very interesting. And they have a show here in the EU, and it seems to work with gadgetbridge (thx Lambda RX :-))
Thanks!
my daily driver is a ubuntu laptop so I was first thinking about that, but now that you mention a mobile app, ..yes. that would be nice too.
thanks for the food for thought :-)
A URL 'Free up to some-end-date'. ???
Phishing link? 🤔
Hum , interesting point. If you are a hacker, would you not prefer software to be spread out everywhere so people would be even more confused what is the real source for some application?
I guess people would then just depend on their search engine
Well, in principe I do not see that much different between 'curl | bash', 'sudo apt-get install' or installing an app on your phone. In the end, it all depends on trust.
Considering how complex software has become and on how many libraries from all over the internet any application that does more then 'hello world' depend, I do not see how you can do if you are not prepared to put blind trust into some things.
Concerning CrowdStrike, I am just reading an book on human behaviour (very interesting for everybody who is interested in cybersecurity), and I am just on the chapter about the fear of deciding with unknown parameters vs. the fear of not deciding at all. Any piece of software will brake at some point, so will you wait forever to find something that will not have any vulnerabilities?
I used inspectrum mainly with raw IQ-files from gqrx, so the c16 format is indeed correct.
For me, the great thing about the tool is that it is very visual. (*)
It allows you to get an idea what kind of signal you are looking at (on-off, FSK, PSK, ...) and get a rought idea about timing. That then gives you information to better apply the proper filtering in urh and work from there on. It also allows you to see any "abnormallities" .. e.g. I once came across a signal that sounded to be two-tone FSK, but after closer investigation, you could see that the two tones overlapped (in the time domain).
Concerning the bitstream you demodulated, I am not at all an expert in SIGINT, but I guess we can do some basic research like search forrepeating pattern (that could indicated a start-of-frame indicator), maximum number of consecutive all-0 or all-1 (that can indicate bit-stuffing) etc. The problem with unknown digital signals is that the number of variations of different processing-techniques is almost infinite: scrambling (not encryption, but scrambling) , FEC, ...
(*) The visual element of inspectrum is the reason why I use it in a workshop I give. The workshop I do is similar to the one done by Mike Walters that is on youtube: https://www.youtube.com/watch?v=tGff31uGXQU