In this training, we will delve deeper into Software-Defined Radio (SDR). Unlike the "SDR Hacking Essential" course, the goal here is to apply the techniques we've previously learned to target both basic and customized systems. This training will be organized around challenges where attendees will need to reverse both analog and digital signals to obtain flags. Additionally, participants will be tasked with attacking real-world targets (reversing firmware, find vulnerabilities, and exploit them in the air).
Furthermore, this training aims to impart survival SIGINT (Signals Intelligence) techniques to help focus on specific signals in the wild.
In this section, we will start with a guided exercise as a warm-up to refresh our knowledge using an SDR (Software-Defined Radio) device correctly. Subsequently, we will delve into theory and hands-on exercises focusing on SIGINT (Signals Intelligence) techniques for scoping our targets. We will utilize GNU Radio to reverse signal captures and obtain flags. Additionally, we will employ dedicated tools to expedite the reversing process.
Key Radio Concepts Review
Devices
SIGINT
GNU Radio
Tools for SDR
In this segment, we will apply what we have learned to attack real targets, including the exploitation of custom RF basebands.
Basic Targets
Custom Targets
Industrial Signals and Protocols with a LoRa Example
Bonus Topics (Time-Permitting or During Coffee Breaks)
A laptop with at least 8 GB memory to run a tooled VM, preferably a x86-64 computer.
A VM will be available for Apple Silicon ARM64, but still in beta version.
Sébastien Dudek is the founder of PentHertz Consulting, a company that specializes in wireless and hardware security. He has a strong passion for identifying vulnerabilities in radio communication systems and has published research on various aspects of mobile security, including 5G security, Open RAN, baseband fuzzing, interception, mapping, and more. Additionally, he has conducted research on data transmission using power-line communication technologies, such as HomePlug AV, which includes domestic PLC plugs, as well as their applications in electric cars and charging stations. Sébastien also focuses on practical attacks involving various technologies like Wi-Fi, RFID, and other wireless communication systems.
Today, Sébastien Dudek and his team are actively engaged in the connected car industry, where they work on various wireless communication aspects such as immobilizers, V2X, IVC, and IVI, all connected via 5G and utilizing a variety of interfaces like Bluetooth Classic/BLE, Wi-Fi, RDS, DAP, wBMS, and more.