Back to CyberMap
CyberMap
Home
Team
Contact
From Signal to Data: Decoding
Back to Blog
Signal Master

From Signal to Data: Decoding

Arife Ebrar Üstüner
Arife Ebrar Üstüner
February 23, 20263 Minutes Read

In cybersecurity operations, physical layer security necessitates the analysis of devices operating especially at Sub-GHz frequencies. This study covers the processes of capturing wireless signals, converting them into digital data, and decoding protocol structures.

What are Sub-GHz Protocols?
Sub-GHz represents the world of wireless communication operating below the 1 GHz frequency band. Unlike complex protocols such as Wi-Fi, these devices generally transmit simple digital signals.

Modulation and Encoding
Some of the common Modulation Standards are as follows:

  • OOK (On-Off Keying): The most basic method. The presence of a signal is accepted as “1” and its absence as “0.” It is very common in inexpensive remote controls.
  • ASK (Amplitude Shift Keying): A method where data is transmitted through changes in the amplitude (height) levels of the carrier signal.
  • FSK (Frequency Shift Keying): A method of slightly shifting the frequency to transmit data.
  • GFSK (Gaussian FSK): A smoother version of FSK that prevents signal interference.


Some of the common Encoding Methods are:

  • Manchester Encoding: The bit value is determined by the direction of the signal level transition (from high to low or vice versa).
  • PWM (Pulse Width Modulation): The bit value is determined by the “High” duration of the wave; generally, a long pulse is “1” and a short pulse is “0.”

RF Packet Structure (The Skeleton of Data)
A standard radio frequency packet consists of the following components to ensure coordination between the receiver and transmitter:

  • Preamble: The initial sequence that synchronizes the receiver.
  • Sync Word: The critical code that defines the starting point of the data.
  • Payload and CRC: The actual command data to be transmitted and the error control mechanism.

Operational Methodology and Findings

The analyses performed focused on the 433.92 MHz band:
Hardware: HackRF One and PortaPack (Mayhem Firmware) were used for the signal capture process, while Flipper Zero was used for signal generation.
Digital Analysis: Raw capture data was decoded using the Universal Radio Hacker (URH) software.

Technical Note: As seen in the analysis, Princeton-24 and Nice Flo-12 protocols were tested sequentially within the same capture file. Signal integrity was maintained during the analysis using ASK modulation and a value of 1400 Samples/Symbol.

Digitalization and Thresholding Process

The following steps were applied in URH to obtain meaningful data from the signal:
Packet Anatomy: The Preamble, Sync Word, and Payload blocks were manually marked to reveal the protocol skeleton.
Noise Threshold: A noise filter was applied to mark wave peaks (High) as 1 and the parts where the carrier wave remains silent (Low) as 0.

11111000010001000111011101000111010000111011101110100011101000011101000111010011101110100011101000100010
1001000100011101110100011101000111011101110100011101000111010001110100011101110100011101000100010
10001000100011101110100011101000111011101110100011101000111010001110100011101110100011101000100010
100001000100111011101000111010001110111011101000111010001110100011101001110111010001110100100010
100001001000111011101000111010001110111011101000111010001110100011101001110111010001110100010010...
Raw Bitstream of the Recording


A. Princeton 24-Bit Protocol: The first 20 bits of the 24-bit packet represent the fixed device ID (1AD5A), while the remaining 4 bits represent the functional command data.
B. Nice Flo 12-Bit Protocol: The entire 12-bit data packet directly forms the device ID (407); in this structure, there is no separation between address and data—the whole packet acts as the key.

Further Reading:

  • https://dokumanapi.bys.subu.edu.tr/File/2023/4/14/3cda598a-2271-4269-8908-4fdfafe02dd5.pdf

References:

  • Great Scott Gadgets (HackRF One)greatscottgadgets.com
  • Flipper Zero Documentation, docs.flipperzero.one
  • Universal Radio Hacker (URH) Wiki, URH GitHub Repository
  • Visual Sources, https://notebooklm.google.com/, https://www.technologyuk.net/telecommunications/telecom-principles/digital-modulation-part-one.shtml

Arife Ebrar Üstüner

Arife Ebrar Üstüner

Arife Ebrar Üstüner

Signal Master

Recent Posts

MouseJack Attacks and RF Signal Analysis in nRF24L01+ Chips

May 1, 2026

Rolling Code (KeeLoq) Cryptography and RollJam Attack Architecture in Wireless Access Systems

April 1, 2026

WiFi Traffic Analysis Guide

March 14, 2026

Flipper Zero

March 10, 2026

Wifi Pineapple – Installation in VMware Virtual Machine

March 8, 2026

Cellular Network Discovery Methodology and IMSI Analysis

March 4, 2026

Bit-Level Analysis of Security and Radio Frequency (RF) Signals in Wireless IoT Devices

February 21, 2026
CyberMap Group

CyberMap Group unifies education, research, and hands-on labs to forge innovation in digital defense.

Ecosystem

  • ›R&D Center
  • ›Hardware Laboratory
  • ›Mentorship
  • ›Services

Resources

  • ›Blog
  • ›Hardware Lab Blog
  • ›GitHub

Company

  • ›Corporate Training
  • ›Consultancy
  • ›Penetration Testing
  • ›Team
  • ›Contact

Legal

  • ›Terms of Service
  • ›Privacy Policy
  • ›Cookie Policy
  • ›Disclaimer

© 2026 CyberMap Group

Developed by CyberMap Group.