Lab401 Workshop: RF Hacking with Software-Defined Radio
Introduction
In this 3-day workshop, clients will learn about Software-Defined Radio applied against physical intrusion system (alarms, intercoms, various remotes, etc.). This course provides basics, survival reflexes when testing real-world radio devices and methods to go further. Compared to similar workshops, this class focuses on building a deep of understanding of publicly available tools, and how to build custom tools to analyze and attack targeted systems.
Featuring theoretical and practical elements with emphasis on one-on-one attention, clients will leave with immediately practical techniques for attacking radio devices in real-world environments, such as red-teaming and pentesting.
Sébastien Dudek
RF Security Expert
Sébastien Dudek is the founder and a security engineer at PentHertz.
He has been particularly passionate about flaws in radio-communication systems, and published researches on mobile security (baseband fuzzing, interception, mapping, etc.), and on data transmission systems using the power-line (Power-Line Communication, HomePlug AV) like domestic PLC plugs, as well as electric cars and charging stations.
He also focuses on practical attacks with various technologies such as Wi-Fi, RFID and other systems that involve wireless communications.
Intended Public
- Pentesters who want their own custom RF tools
- Pentesters who want to debug their wireless devices
- RF, SDR & Security enthusiasts
- Security Professionals
- Law enforcement / government
Prerequisites
- Knowledge of Linux & a programming language (C, C++, C# or Python) required.
- Understanding of pentester (network & application) or red-teaming.
- Laptop capable of running VMWare virtual machines (8GB RAM Minimum)
- Basic knowledge of radio is a plus
Take-home materials
- Training material
- Full Duplex RX/TX device (70 - 6000MHz, 20MHz Bandwidth)
- Customisable RF Transmitter, useful for future engagements
Upcoming Dates
- 📅 April 27-29, 2020 📍 Santa Clara, USA 🇬🇧
- 📅 June 15-17, 2020 📍 Paris, France 🇫🇷/🇬🇧
Signup for an upcoming workshop
Signup for workshopDetailed Course Overview
Day One
Basics
Day 1 introduces radio concepts - from basics to modern implementations, the techniques required to receive and transmit signals, and operating with real-world environmental factors.
Also covered are attenuators, software gain configuration and faraday cages.
- History, evolution, and EU regulations
- Radio waves
- Digital Signal Processing
- Sampling theory
- Software-Defined Radio
- Antennas
- Amplifiers and connectors
- Specifications
- How to choose
- Tips, tricks & hacks
- Waterfall & Spectrum Analyzers
- Signal Identification
- Modulation/Demodulation
- Encoding / Decoding
Day Two
Hands on with radio
Hands on with Software-Defined Radio: taking an idea from theoretical to simulation and finally implementation.
Day two focuses specifically on GNU Radio SDR Software and other useful tools.
- Introduction
- Chain-Processing
- Hands-on
- Useful companion tools
- Block schemas
- Generators
- Sinks and sources
- Operators
- Simulations
- Modules
- Executing a block in a real SDR device
- Listening to simple AM and FM signals
- Transferring signal
- Optimizing samples processing
- Features to process samples
- Creating your own block
Day Three
Attacking physical intrusion systems
Day 3 applies previously learned theory and techniques to penetration real-world RF security systems, with specific focus on practical tricks for Red Teamers and Pentesters:- Introduction
- Capturing data
- Replaying saved samples
- Analyzing samples (manually and with powerful tools)
- Rolling codes security
- Introduction
- Monitoring
- Mobile security
- Existing tools
- Our feedback in missions
- Tooling with GNU Radio
- Fuzzing and triggering bugs with 2G, 3G and 4G protocol stacks
- Introduction and how it could be complementary
- Survival and practical reflexes
- Cheap tools and tricks
- Introduction
- Identification (looking at device's references, components, etc.)
- Sniffing signals
- Decoding signals
- Introductory concepts
- Thoughts on connected locks
How to participate?
Workshops are regularly scheduled, with the additional possibility of private sessions if required. To stay informed about upcoming workshop dates, subscribe to our Workshop mailing list.