Training Objectives:
In this training, we will delve deeper into Software-Defined Radio (SDR). Unlike the "SDR Hacking Essential" course, the goal here is to apply the techniques we've previously learned to target both basic and customized systems. This training will be organized around challenges where attendees will need to reverse both analog and digital signals to obtain flags. Additionally, participants will be tasked with attacking real-world targets (reversing firmware, find vulnerabilities, and exploit them in the air).
Furthermore, this training aims to impart survival SIGINT (Signals Intelligence) techniques to help focus on specific signals in the wild.
What to Expect? | Key Learning Objectives:
- reversing and interacting with real signals, even exotic
- creating custom tools for specific communications
- identifying technologies with SIGTINT techniques
- exploiting custom RF baseband vulnerabilities
Training Detailed Description:
Part 1
In this section, we will start with a guided exercise as a warm-up to refresh our knowledge using an SDR (Software-Defined Radio) device correctly. Subsequently, we will delve into theory and hands-on exercises focusing on SIGINT (Signals Intelligence) techniques for scoping our targets. We will utilize GNU Radio to reverse signal captures and obtain flags. Additionally, we will employ dedicated tools to expedite the reversing process.
Key Radio Concepts Review
- Wireless Connectivity
- Modulation
- Encoding
- Integrity & Encryption
Devices
- Spectrum and Signal Analyzers
- Software-Defined Radio Devices
- Special RF Chips
SIGINT
- Techniques for Quickly Identifying Targeted Transmissions
- SIGINT Tools and Libraries
- Machine and Deep Learning Techniques
GNU Radio
- Building an Analyzer
- Reversing Analog and Digital Communications
- Further Optimizing Flow-Graphs
- Interfacing with Radio Channels
- Accelerating the Reverse Engineering of Basic and Well-Known Signals
- Dumb Fuzzing of Communications
- Reverse Engineering Remote Controls
- Attacking Receivers
- Reversing Custom Signals
- Analyzing Firmware for Vulnerabilities using Ghidra
- Exploiting Vulnerabilities to Obtain Flags
- Reverse Engineering Communications
- Cracking Keys When Possible
- Identifying Vulnerabilities and Conducting Fuzzing with Unicorn/Qiling
- TEMPEST
- EM Side-Channel Attacks
- Zigbee
- Wi-Fi
- or other topics depending on the occasion.
- Security Researchers and Engineers
- Embedded/Wireless Developers
- Hardware Hackers
- Pen Testers
- Government Officers
- RF Chip Designers
- good basics in Linux
- basics in security are a plus
- basic knowledge of SDR and GNU Radio will be a plus
- Tooled VM
- Labs with captures, flow-graph and scripts
- A RF kit capable of transmitting and receiving signals in full-duplex
Tools for SDR
Part 2
In this segment, we will apply what we have learned to attack real targets, including the exploitation of custom RF basebands.
Basic Targets
Custom Targets
Industrial Signals and Protocols with a LoRa Example
Bonus Topics (Time-Permitting or During Coffee Breaks)
Who Should Attend? | Target Audience:
What to Bring? | Software and Hardware Requirements:
A laptop with at least 8 GB memory to run a tooled VM, preferably a x86-64 computer.
A VM will be available for Apple Silicon ARM64, but still in beta version.
What to Bring? | Prerequisite Knowledge and Skills:
Resources Provided at the Training | Deliverables:
ABOUT THE TRAINERS
Sébastien Dudek is the founder of PentHertz Consulting, a company that specializes in wireless and hardware security. He has a strong passion for identifying vulnerabilities in radio communication systems and has published research on various aspects of mobile security, including 5G security, Open RAN, baseband fuzzing, interception, mapping, and more. Additionally, he has conducted research on data transmission using power-line communication technologies, such as HomePlug AV, which includes domestic PLC plugs, as well as their applications in electric cars and charging stations. Sébastien also focuses on practical attacks involving various technologies like Wi-Fi, RFID, and other wireless communication systems.
Today, Sébastien Dudek and his team are actively engaged in the connected car industry, where they work on various wireless communication aspects such as immobilizers, V2X, IVC, and IVI, all connected via 5G and utilizing a variety of interfaces like Bluetooth Classic/BLE, Wi-Fi, RDS, DAP, wBMS, and more.
