Note: To ensure that all training kits are delivered to the attendees before the start of the trainings, we encourage everyone to register for RF Hacking with Software-Defined Radio before Friday, 11 September 2020. After this day, we cannot ensure that all kits are delivered in time.

Overview

In this 3-day training, students will learn about Software-Defined Radio applied against physical intrusion system (alarms, intercoms, various remotes, etc.). This course provides basics, survival reflexes when testing real-world radio devices, and methods to go further. Comparing to other courses that teach how to use public tools, this class is more about understanding how these tools work and also how to build proper tools to analyze and attack targeted systems.

This course is intended for any:

pentesters who do not want to be limited by public radio tools

developers who want to debug and test their wireless devices

people curious about SDR and security

security researchers

Day 1 - Basics

Day 1 is an introduction to radio that will help students to learn it's concepts and the techniques used today to receive and transmit signal, but also the constraints that we have to deal with in heterogeneous environments:

• Introduction to radio
  • History, evolution, and EU regulations
  • Radio waves
  • Digital Signal Processing
  • Sampling theory
  • Software-Defined Radio
  • Antennas
  • Amplifiers and connectors
• Software-Defined Radio devices
  • Specifications
  • How to choose them
  • Few tips and hacks
• Observations
  • Waterfall and spectrum analyzers
  • Signal identification
  • Modulation/Demodulation
  • Modulation/Demodulation
  • Encoding/Decoding
• Faraday cages and how to design a very cheap one Use of attenuators and software gain parameters

Day 2 - Hands on radio

Day 2 will put the student in the playground of Software-Defined Radio, where every idea can be written to be simulated and then concretized to realize receivers and transmitters depending on the chosen hardware limitations:

• Introduction du GNU Radio Software-Defined Radio
• Processing in the chain
• Practice with GNU Radio Companion
  • Block schemas
  • Generators
  • Sinks and sources
  • Operators
  • Simulations
  • Modules
  • Executing a block in a real SDR device
  • Listening to simple AM and FM signals
  • Transferring signal
  • Optimizing samples processing
  • Features to process samples
  • Creating your own block
• Investigation and handy tools

Day 3 and 4 - Attacking physical intrusion systems

Days 3 and 4 resume and applie previous chapters to study physical intrusion systems and brings useful tricks for Red Team tests as well as pentests:

• Common sub-GHz Remotes
  • Introduction
  • Capturing data
  • Replaying saved samples
  • Analyzing samples (manually and with powerful tools)
  • Rolling codes security
• Devices using the mobile network (2G/3G/4G)
  • Introduction
  • Monitoring
  • Mobile security
  • Existing tools
  • Our feedback in missions
  • Tooling with GNU Radio
  • Fuzzing and triggering bugs with 2G, 3G and 4G protocol stacks over-the-
• Hardware Hacking
  • Introduction and how it could be complementary
  • Survival and practical reflexes
  • Cheap tools and tricks
• Attacking Custom devices
  • Introduction
  • Identification (looking at device's references, components, etc.)
  • Sniffing signals
  • Decoding signals
• Some feedbacks on connected locks

Class requirement

Knowledge of Linux and a programming language such as C, C++, C# or Python is necessary.

Understanding of pentesting (network and applications) or red-teaming

All attendees will need to bring a laptop capable of running VMware virtual machine (8GB of RAM is a minimum)

Basic knowledge of radio is not mandatory but is a plus