In our last post, part 2, we successfully captured the binary messages sent from the Score9 scoreboard controller to the receiver. Our main tools were the HackRF One software-defined radio and the Universal Radio Hacker tool. We had the binary, but unfortunately, as we discovered, it was encrypted – this became a serious challenge for us, and that is when we broke out the hardware attacks. Senior Security Engineer Maxwell Dulin has published an outstanding write-up for his approach to this. I recommend that you check it out for an insight into our process.