Radio Hack Box – Tool to Demonstrate Vulnerabilities in Wireless Input Devices

The SySS Radio Hack Box is a proof-of-concept software tool to demonstrate the replay and keystroke injection vulnerabilities of the wireless keyboard Cherry B.Unlimited AES.


  • Raspberry Pi
  • Raspberry Pi Radio Hack Box shield (a LCD, some LEDs, and some buttons)
  • nRF24LU1+ USB radio dongle with flashed nrf-research-firmware by the Bastille Threat Research Team, e. g.
  • Python2
  • PyUSB

Automatic startup
For automatically starting the Radio Hack Box process on the Raspberry Pi after a reboot, either use the provided init.d script or the following crontab entry:

@reboot python2 /home/pi/radiohackbox/ &

The Radio Hack Box currently has four simple push buttons for

  • start/stop recording
  • start playback (replay attack)
  • start attack (keystroke injection attack)
  • start scanning

A graceful shutdown of the Radio Hack Box without corrupting the file system can be performed by pressing the SCAN button directly followed by the RECORD button.

Demo Video
A demo video illustrating replay and keystroke injection attacks against an AES encrypted wireless keyboard using the SySS Radio Hack Box a.k.a. Cherry Picker is available on YouTube:

Pi Radio Hack Box Shield
The hand-crafted Pi shield simply consists of an LCD, some LEDs, some buttons, resistors, and wires soldered to a perfboard.





Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: