Radio Hack Box - Tool to Demonstrate Vulnerabilities in Wireless Input Devices

ID KITPLOIT:5468802247139467895
Type kitploit
Reporter KitPloit
Modified 2017-03-30T14:35:06


The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES.


  • Raspberry Pi
  • Raspberry Pi Radio Hack Box shield (a LCD, some LEDs, and some buttons)
  • nRF24LU1+ USB radio dongle with flashed nrf-research-firmware by the Bastille Threat Research Team, e. g.
  • Python2
  • PyUSB

Automatic startup
For automatically starting the Radio Hack Box process on the Raspberry Pi after a reboot, either use the provided init.d script or the following crontab entry:

@reboot python2 /home/pi/radiohackbox/ &

The Radio Hack Box currently has four simple push buttons for

  • start/stop recording
  • start playback (replay attack)
  • start attack (keystroke injection attack)
  • start scanning A graceful shutdown of the Radio Hack Box without corrupting the file system can be performed by pressing the SCAN button directly followed by the RECORD button .

Demo Video
A demo video illustrating replay and keystroke injection attacks against an AES encrypted wireless keyboard using the SySS Radio Hack Box a.k.a. Cherry Picker is available on YouTube:

Pi Radio Hack Box Shield
The hand-crafted Pi shield simply consists of an LCD, some LEDs, some buttons, resistors, and wires soldered to a perfboard.

Download radio-hackbox