Hardwear.io Security Trainings and Conference USA 2026

  • 26th – 30th May 2026
  • Santa Clara Marriott, USA
Share:
Advanced

LoRaPWN: from custom/industrial to drone Hacking

Training Objectives

LoRa PHY is used in many domains including industrial systems, IoT, drones, but also many other contexts when communication needs to be reliable over long distances. Indeed, on top of this physical layer, several MAC stacks such as LoRaWAN, Meshtastic, Helium, ELRS, and custom implementations have appeared, even in military contexts.

In this training, we use the power and flexibility of Software-Defined Radio to spot, monitor, analyze, and interact with these communications by dealing with very low-level complexity and analyzing interactions at the MAC level.

This training goes beyond our “SDR Hacking advanced” focusing specifically on a signal that is widely used when long range communications is needed.

Key Learning Objectives

  • Spotting an locating LoRa signals
  • Automating captures and dealing with hopping techniques
  • Analyzing and building a processing chain
  • Working around encryption techniques and planning attacks
  • Building a transmission chain with Software-Defined Radio

Detailed Description

Module 1: Basics

This part will provide essential reminders from the Hacking with SDR courses and advance into LoRa aspects, showing all important properties to understand, how to spot this kind of signal, and analyze it with the power of Software-Defined Radio:

  • SIGINT basics around LoRa
  • LoRa PHY properties and characteristics
  • Capturing and decoding basic LoRa packets
  • Real-world cases using unsecured LoRa PHY communication
  • Signal identification and analysis techniques

 

Module 2: LoRaWAN

After examining basic LoRa PHY communications, we advance to discussing LoRaWAN radio and network security models and angles to exploit them:

  • Case studies of industrial systems
  • Monitoring frequency bands and traffic patterns
  • LoRaWAN security mechanisms and encryption
  • Attacks on cryptographic keys
  • Deciphering encrypted communications
  • Attacking the protocol stack and infrastructure
  • Join procedures and device provisioning vulnerabilities

 

Module 3: Meshtastic

Meshtastic is a fascinating concept used to create different kinds of nodes with simplicity through a dedicated mobile app. Leveraging LoRa PHY, it is common to see mesh networks spanning 2 km or more, providing a great way to reach connected objects, enable long-distance chatting, and accomplish tasks without operator infrastructure:

  • Context and architecture of Meshtastic networks
  • Security mechanisms and encryption protocols
  • Default band plans and custom frequency configurations
  • Attacking encrypted communications and key management
  • Mesh topology analysis and network mapping
  • Privacy considerations and anonymity attacks

 

Module 4: Drones

Drones can use different protocols, but here we focus on ELRS (ExpressLRS) using LoRa, which is interesting as it is used by most FPV pilots, especially budget setups:

  • Introduction to ELRS protocol and implementation
  • Monitoring control and telemetry channels
  • Analyzing and interacting with drone communications
  • Flight control protocol analysis

Who Should Attend?

  • Penetration Testers
  • Security Researchers and Engineers
  • Embedded/Wireless Developers
  • Hardware and Wireless Security Professionals
  • Government Officers and Defense Personnel
  • IoT Security Specialists

Prerequisites

  • Strong fundamentals in Linux command line and system administration
  • Basic understanding of security principles and methodologies
  • Foundational knowledge of Software-Defined Radio and GNU Radio
  • Familiarity with wireless communication concepts
  • Basic understanding of cryptography and protocol analysis

Software & Hardware Requirements

  • A laptop with at least 8 GB memory, preferably an x86-64 computer running Linux (Windows compatible but with reduced reliability for our platform)
  • A VM will be available for Apple Silicon ARM64 systems
    Alternatively, you can bring a Raspberry Pi 5 (with screen, keyboard, and mouse)
  • USB ports available for SDR hardware

What You Get

  • An RF Swift dedicated image with pre-configured tools
  • Comprehensive labs with signal captures, flow-graphs, and analysis scripts
  • Complete RF kit including HydraSDR RFOne and antennas for 433 MHz, 868 MHz, and 2.4 GHz bands
  • Reference materials and documentation for continued learning
  • Access to training datasets and example configurations

Training Details

  • Date: 26th to 28th May 2026
  • Time: 9:00am to 5:00pm PDT
  • Venue: Santa Clara Marriott
  • Level: Advanced
Register Now

About Trainer

Sébastien Dudek

Sébastien Dudek is the founder of PentHertz Consulting, a company specializing in wireless and hardware security. He has a strong passion for identifying vulnerabilities in radio communication systems and has published research on various aspects of mobile security, including 5G security, Open RAN, baseband fuzzing, interception, mapping, and more. Additionally, he has conducted research on data transmission using power-line communication technologies, such as HomePlug AV, which includes domestic PLC plugs, as well as their applications in electric cars and charging stations. Sébastien also focuses on practical attacks involving various technologies like Wi-Fi, RFID, Automotive and other wireless communication systems.

Today, Sébastien Dudek and his team are actively engaged in the defense, space, and drone industries, where they work on various wireless communication aspects such as RF security, 5G, Open RAN, baseband fuzzing, and a variety of wireless protocols including Bluetooth Classic/BLE, Wi-Fi, RFID, and more.