Introduction to RF and Software-Defined Radio (SDR)

Many wireless devices communicate over very simple radio protocols. With the right tools, it is possible to sniff, decode and even replay or inject such communications. Whether it’s a toy, a garage opener or a wireless intercom, such devices rarely implement any level of security. It’s enough to simply understand the encoding to be able to attack and analyze the underlying communication.

This course is ideally suited for engineers who are new to RF and SDR or who are not familiar with common RF analysis tools.

Day 1

Day one will first introduce radiocommunications, regulations, their evolutions, and basics of radio waves.

Then attendees will learn ways to monitor, identify, and capture signals in the air to analyze them later. During this day attendees will also discover different software, devices, and techniques in practice to intercept signals that would suit their needs. Moreover, we will go through required setups depending on contexts, the need for faraday cages and way to build a very cheap one

Theory

• Introduction to radio * History, evolution, and EU regulations * Radio waves * Modulation techniques * Encoders * Digital Signal Processing * Software-Defined Radio * Antennas * Amplifiers and connectors
• Software-Defined Radio devices * Specifications * How to choose them * Few tips and hacks

Assignment 1:

• Setting a radio environment
• Use of different software for depending on the context to monitor signals
• Listening to AM and FM

Assignment 2:

• Waterfall and spectrum analyzers
• Finding interesting signals
• Capture it for later identification

Assignment 3:

• Building a cheap Faraday cage/shield
• Testing the Faraday cage/shield
• Making proper captures

Day 2

On this day, attendees will learn to analyze captures by different means, methods to identify technologies used for RF communications. After getting enough information about the RF communication, attendees will learn several techniques to attack basic RF communications: interception, reverse engineering, replay, injections, etc.

Theory:

• Introduction to GNU Radio
• Handy tools for reverse engineering purpose

Assignment 4:

• Identify the technology using known parameters
• Reversing captured signals with introduced tools

Assignment 5:

• Improving capture with some processing
• Discovering hidden messages in noisy radio messages

Assignment 6:

• Intercepting a communication
• Replaying signal
• Injecting and Fuzzing messages over-the-air

Class Requirements

• An RF SDR compatible SDR. We recommend the Analog Devices Pluto SDR, which supports Tx/Rx in full duplex.

• We will use the following equipment throughout the course. Students are encouraged to purchase this equipment at their discretion after the course. This equipment will only be necessary for those that are interested in fully reproducing all parts of the assignments themselves. The course will also cover the advantages and disadvantages of each device.

  • HackRF with an upconverter or an Airspy
  • A LimeSDR, BladeRF or USRP for mobile assignments, PlutoSDR/HackRF + an upconverter, or an Airspy
  • Proxmark3
• A working laptop capable of running virtual machines.
• 4GB RAM required, at a minimum.
• 40 GB free Hard disk space.