Skip to content

Lab401 Workshop: RF Hacking with Software-Defined Radio

Lab401 Workshop: RF Hacking with Software-Defined Radio

Introduction

In this 3-day workshop, clients will learn about Software-Defined Radio applied against physical intrusion system (alarms, intercoms, various remotes, etc.). This course provides basics, survival reflexes when testing real-world radio devices and methods to go further. Compared to similar workshops, this class focuses on building a deep of understanding of publicly available tools, and how to build custom tools to analyze and attack targeted systems.

Featuring theoretical and practical elements with emphasis on one-on-one attention, clients will leave with immediately practical techniques for attacking radio devices in real-world environments, such as red-teaming and pentesting.


Sébastien Dudek

RF Security Expert

Sébastien Dudek is the founder and a security engineer at PentHertz.

He has been particularly passionate about flaws in radio-communication systems, and published researches on mobile security (baseband fuzzing, interception, mapping, etc.), and on data transmission systems using the power-line (Power-Line Communication, HomePlug AV) like domestic PLC plugs, as well as electric cars and charging stations.

He also focuses on practical attacks with various technologies such as Wi-Fi, RFID and other systems that involve wireless communications.

Intended Public

  • Pentesters who want their own custom RF tools
  • Pentesters who want to debug their wireless devices
  • RF, SDR & Security enthusiasts
  • Security Professionals
  • Law enforcement / government

Prerequisites

  • Knowledge of Linux & a programming language (C, C++, C# or Python) required.
  • Understanding of pentester (network & application) or red-teaming.
  • Laptop capable of running VMWare virtual machines (8GB RAM Minimum)
  • Basic knowledge of radio is a plus

Take-home materials

  • Training material
  • Full Duplex RX/TX device (70 - 6000MHz, 20MHz Bandwidth)
  • Customisable RF Transmitter, useful for future engagements

Upcoming Dates

  • 📅 April 27-29, 2020 📍 Santa Clara, USA 🇬🇧
  • 📅 June 15-17, 2020 📍 Paris, France 🇫🇷/🇬🇧
Signup for an upcoming workshop
Signup for workshop
Subscribe for event updates

Detailed Course Overview

Day One

Basics

Day 1 introduces radio concepts - from basics to modern implementations, the techniques required to receive and transmit signals, and operating with real-world environmental factors.

Also covered are attenuators, software gain configuration and faraday cages.

Introduction to radio
  • History, evolution, and EU regulations
  • Radio waves
  • Digital Signal Processing
  • Sampling theory
  • Software-Defined Radio
  • Antennas
  • Amplifiers and connectors
Software-Defined Radio devices
  • Specifications
  • How to choose
  • Tips, tricks & hacks
Signal Interpretation
  • Waterfall & Spectrum Analyzers
  • Signal Identification
  • Modulation/Demodulation
  • Encoding / Decoding

Day Two

Hands on with radio

Hands on with Software-Defined Radio: taking an idea from theoretical to simulation and finally implementation.

Day two focuses specifically on GNU Radio SDR Software and other useful tools.

GNU Radio SDR
  • Introduction
  • Chain-Processing
  • Hands-on
  • Useful companion tools
GNU Radio Hands On
  • Block schemas
  • Generators
  • Sinks and sources
  • Operators
  • Simulations
  • Modules
GNU Radio Continued
  • Executing a block in a real SDR device
  • Listening to simple AM and FM signals
  • Transferring signal
  • Optimizing samples processing
  • Features to process samples
  • Creating your own block

Day Three

Attacking physical intrusion systems

Day 3 applies previously learned theory and techniques to penetration real-world RF security systems, with specific focus on practical tricks for Red Teamers and Pentesters:
Common sub-GHz Remotes
  • Introduction
  • Capturing data
  • Replaying saved samples
  • Analyzing samples (manually and with powerful tools)
  • Rolling codes security
Cellular Devices (2G/3G/4G)
  • Introduction
  • Monitoring
  • Mobile security
  • Existing tools
  • Our feedback in missions
  • Tooling with GNU Radio
  • Fuzzing and triggering bugs with 2G, 3G and 4G protocol stacks
Hardware Hacking
  • Introduction and how it could be complementary
  • Survival and practical reflexes
  • Cheap tools and tricks
Attacking unknown devices
  • Introduction
  • Identification (looking at device's references, components, etc.)
  • Sniffing signals
  • Decoding signals
Connected Locks
  • Introductory concepts
  • Thoughts on connected locks

How to participate?

Workshops are regularly scheduled, with the additional possibility of private sessions if required. To stay informed about upcoming workshop dates, subscribe to our Workshop mailing list.

Signup for an upcoming workshop
Signup for workshop
Subscribe for event updates