Signal Replay Testing Methodologies
One of the most effective techniques in a security auditor’s arsenal is Signal Replay Testing. By capturing a raw signal at the physical layer and re-transmitting it later, you can often test the resilience of authentication and rolling-code protections without ever needing to decode the underlying protocol. Mycelium’s native support for raw IQ buffers makes this process seamless.
Step 1: The High-Fidelity Capture
The key to a successful replay is capturing the signal with enough sample density to preserve the waveform’s phase and amplitude characteristics. We use the Receive_IQ action to bypass demodulation and pull raw samples directly into memory.
Step 2: Analyzing the Capture
Once saved, the .cf32 file can be opened in external tools like Inspectrum or URH to verify the capture quality. However, Mycelium can also reload this file directly back into its internal data buffer for immediate replay.
Step 3: Seamless Replay Testing
To execute the test, we load the saved file and use the Transmit_IQ action. This action takes the packed complex floats in the buffer and streams them directly to the SDR’s digital-to-analog converter (DAC).
Why this is Powerful
By working at the IQ level, Mycelium doesn't care if the signal is encoded with Manchester, NRZI, or a proprietary spreading code. It treats the electromagnetic spectrum like a tape recorder—capturing and playing back "physical reality."
Conclusion
Signal Replay tests are a fundamental part of any wireless system's security architecture. Mycelium's streamlined IQ handling turns a complex DSP task into a reliable, two-step operation for security auditors.
← Back to Blog