Skip to content

Command Line Interface

Johannes Pohl edited this page Oct 20, 2019 · 2 revisions

CLI for Universal Radio Hacker

new in version 2.1

The Universal Radio Hacker comes with a Command Line Interface (CLI) to automate certain tasks easier. For example, you could install URH on a Raspberry Pi, attach a SDR to it, throw it in some corner and let it sniff the wireless traffic for a while.

Using the CLI

After installation, the CLI (urh_cli.py / urh_cli.exe on Windows) will be located inside your installation folder. If you run URH from source you can find it in urh/cli/urh_cli.py.

The CLI comes with an extensive built in help, which you can access with -h or --help.

$ ./cli/urh_cli.py --help  
usage: urh_cli.py [-d DEVICE] [-di DEVICE_IDENTIFIER] [-db {native,gnuradio}]
                  [-f FREQUENCY] [-s SAMPLE_RATE] [-b BANDWIDTH] [-g GAIN]
                  [-if IF_GAIN] [-bb BASEBAND_GAIN] [-a]
                  [-fcorr FREQUENCY_CORRECTION] [-cf CARRIER_FREQUENCY]
                  [-ca CARRIER_AMPLITUDE] [-cp CARRIER_PHASE] [-mo MOD_TYPE]
                  [-bps BITS_PER_SYMBOL] [-pm PARAMETERS [PARAMETERS ...]]
                  [-sps SAMPLES_PER_SYMBOL] [-bl BIT_LENGTH] [-n NOISE]
                  [-c CENTER] [-cs CENTER_SPACING] [-t TOLERANCE] [--hex]
                  [-e ENCODING] [-m MESSAGES [MESSAGES ...]] [-file FILENAME]
                  [-p PAUSE] [-rx] [-tx] [-rt RECEIVE_TIME] [-r] [-h] [-v]
                  [project_file]

This is the Command Line Interface for the Universal Radio Hacker.

positional arguments:
  project_file

Software Defined Radio Settings:
  Configure Software Defined Radio options

  -d DEVICE, --device DEVICE
                        Choose a Software Defined Radio. Allowed values are
                        AirSpy R2, AirSpy Mini, BladeRF, FUNcube, HackRF,
                        LimeSDR, PlutoSDR, RTL-SDR, RTL-TCP, SDRPlay,
                        SoundCard, USRP
  -di DEVICE_IDENTIFIER, --device-identifier DEVICE_IDENTIFIER
  -db {native,gnuradio}, --device-backend {native,gnuradio}
  -f FREQUENCY, --frequency FREQUENCY
                        Center frequency the SDR shall be tuned to
  -s SAMPLE_RATE, --sample-rate SAMPLE_RATE
                        Sample rate to use
  -b BANDWIDTH, --bandwidth BANDWIDTH
                        Bandwidth to use (defaults to sample rate)
  -g GAIN, --gain GAIN  RF gain the SDR shall use
  -if IF_GAIN, --if-gain IF_GAIN
                        IF gain to use (only supported for some SDRs)
  -bb BASEBAND_GAIN, --baseband-gain BASEBAND_GAIN
                        Baseband gain to use (only supported for some SDRs)
  -a, --adaptive-noise  Use adaptive noise when receiving.
  -fcorr FREQUENCY_CORRECTION, --frequency-correction FREQUENCY_CORRECTION
                        Set the frequency correction for SDR (if supported)

Modulation/Demodulation settings:
  Configure the Modulator/Demodulator. Not required in raw mode.In case of
  RX there are additional demodulation options.

  -cf CARRIER_FREQUENCY, --carrier-frequency CARRIER_FREQUENCY
                        Carrier frequency in Hertz (default: 1000.0)
  -ca CARRIER_AMPLITUDE, --carrier-amplitude CARRIER_AMPLITUDE
                        Carrier amplitude (default: 1)
  -cp CARRIER_PHASE, --carrier-phase CARRIER_PHASE
                        Carrier phase in degree (default: 0)
  -mo MOD_TYPE, --modulation-type MOD_TYPE
                        Modulation type must be one of ASK, FSK, PSK, GFSK,
                        OQPSK (default: FSK)
  -bps BITS_PER_SYMBOL, --bits-per-symbol BITS_PER_SYMBOL
                        Bits per symbol e.g. 1 means binary modulation
                        (default: 1).
  -pm PARAMETERS [PARAMETERS ...], --parameters PARAMETERS [PARAMETERS ...]
                        Parameters for modulation. Separate with spaces
  -sps SAMPLES_PER_SYMBOL, --samples-per-symbol SAMPLES_PER_SYMBOL
                        Length of a symbol in samples (default: 100).
  -bl BIT_LENGTH, --bit-length BIT_LENGTH
                        Same as samples per symbol, just there for legacy
                        support (default: 100).
  -n NOISE, --noise NOISE
                        Noise threshold (default: 0.1). Used for RX only.
  -c CENTER, --center CENTER
                        Center between symbols for demodulation (default: 0).
                        Used for RX only.
  -cs CENTER_SPACING, --center-spacing CENTER_SPACING
                        Center spacing between symbols for demodulation
                        (default: 0.1). Value has only effect for modulations
                        with more than 1 bit per symbol. Used only for RX.
  -t TOLERANCE, --tolerance TOLERANCE
                        Tolerance for demodulation in samples (default: 5).
                        Used for RX only.

Data configuration:
  Configure which data to send or where to receive it.

  --hex                 Give messages as hex instead of bits
  -e ENCODING, --encoding ENCODING
                        Specify encoding
  -m MESSAGES [MESSAGES ...], --messages MESSAGES [MESSAGES ...]
                        Messages to send. Give pauses after with a /. Separate
                        with spaces e.g. 1001/42ms 1100/3ns 0001 1111/200. If
                        you give no time suffix after a pause it is assumed to
                        be in samples.
  -file FILENAME, --filename FILENAME
                        Filename to read messages from in send mode. In
                        receive mode messages will be written to this file
                        instead to STDOUT.
  -p PAUSE, --pause PAUSE
                        The default pause which is inserted after a every
                        message which does not have a pause configured.
                        (default: 250ms) Supported time units: s (second), ms
                        (millisecond), µs (microsecond), ns (nanosecond) If
                        you do not give a time suffix the pause is assumed to
                        be in samples.
  -rx, --receive        Enter RX mode
  -tx, --transmit       Enter TX mode
  -rt RECEIVE_TIME, --receive-time RECEIVE_TIME
                        How long to receive messages. (default: 3.0) Any
                        negative value means infinite.
  -r, --raw             Use raw mode i.e. send/receive IQ data instead of
                        bits.

Miscellaneous options:
  -h, --help            show this help message and exit
  -v, --verbose

Example

Here is an example which uses the URH CLI to send to messages to a wireless socket. The first messages switches the socket on. After 500ms the second message switches the socket off.

$ urh_cli.py -d HackRF -f 868.3e6 -s 2e6 -g 0 -if 30 -cf 3.906e3 -mo ASK -sps 16 -p0 0 -p1 1 -m aad3d5ddddcc5d45ddbba000000/500ms aad3c5ddddcc5d45ddbaa00000000 --pause 10s -tx --hex -e "'WSP', 'Wireless Short Packet (WSP)'"
Modulating:	[####################] 100%
Successfully modulated 2 messages
Sending:	[####################] 100%
Clone this wiki locally