Hacking Wireless Microphones

Sep 4, 2025

Slides Recording

Noah starts off meeting

  • Introduction on Alex
    • Will give a talk on hacking wireless mic packs
  • RedTeam will be at K-Day!

Hacking Wireless Microphones by Alex and Dane!

  • Goal for talk
    • FCC regulations
    • FM
    • Squelch
    • Roadblocks along the way
  • Who we are
    • Alex
      • CpE
      • WMTU
      • SLS
      • HARC (Husky Amateur Ham Radio Club)
    • Dane
      • MET
      • Involved in most of the same things as Alex
      • “Shower connoisseur"
  • FCC fines are not cheap, know what you would be getting into before breaking any
  • GNU Radio files from demo will be available after the talk
    • If you are concerned about legality of using any of them, feel free to ask Alex/Dane
  • SDR vs Standard Radio
    • SDR
      • “Best thing since sliced bread”
      • Less efficient than standard radios
      • Usually SDR’s only recieve, but they have a variant that can also transmit (the HackRF One)
    • Standard Radio
      • Typically tuned for range of frequencies
      • Less features than SDRs
  • GNU Radio is a program to make flow diagrams to transmit/receive on SDR radios
  • Use it to pipe raw received signal through filters to get usable audio
    • Basic demo listening to WMTU (91.9 FM, the campus radio station) with the HackRF and GNURadio
  • Purpose of FM vs AM and how they work
    • AM is like talking louder/quieter for different frequencies
    • FM is “like a guitar string vibrating” faster/slower for different frequencies
  • More advanced modulation demo
    • Computer audio to wireless microphone receiver
      • Played quick audio from Spotify song
  • Methods for radio to know when to stay off
    • Tone Squelch
    • Digital (think binary) methods
    • Other methods
  • Tone squelch works well for receivers to prevent noise
    • Need to know senders squelch frequency if going both ways
    • Usually at a set range (commonly 67Hz and a few others)
      • HARC uses 100hz for their repeater
    • Prevents noise from being transmitted out the radio’s speakers
  • CTCSS is squelch standard
    • Unfortunately demo broken at the moment (GNURadio moment)
  • SLX beltpacks in classrooms are being swapped to digital mic packs with “security-through-obscurity” protections
  • Easiest way to find the frequencies they come in on is just scan with SDR
  • How to emulate these microphones (OSINT!)
    • FCC database search
      • All wireless devices sold in the U.S. have a FCC ID printed on them somewhere
      • Pleeeease check FCC frequencies and legality of transmitting on certain frequencies
  • Roadblock 2: FM deviation, essentially volume, Crunchy audio coming through
    • Nyquist–Shannon sampling theorem
      • Sounds scary
      • Actually just means sample rate of audio must be at least double the bandwidth of the signal to avoid “aliasing”
        • Quick demo of what audio aliasing sounds like
  • Cloning Noah’s voice :D
    • Recorded samples of Noah’s voice from the mic pack in last week’s meeting on Hacker Culture
    • Ran through AI voice model
    • Can now speak and have the output audio sound just like Noah’s voice
    • Can now re-inject this deepfaked-audio back into the audio system by pretending to be one of the mic packs
    • Now everyone can hear the audio from this fake “Noah” on the speakers!
  • Closing
    • That’s all we have for today!
    • RedTeam has the HackRF One that was used in this demo in the RedTeam Toolbox!
      • You can check it out from the Toolbox, and use Alex/Dane’s GNURadio scripts to mess around with the technology yourself
    • Come see our booth at K-Day!