The Age of the Radio is upon us: wireless protocols are a dime a dozen thanks to the explosion of the Internet of Things. While proprietary wireless solutions may offer performance benefits and cost savings over standards like 802.11 or Bluetooth, their security features are rarely well-exercised due to a lack of access to these interfaces. The adoption of Software Defined Radio (SDR) by the security research community has helped shift this balance, however SDR remains a boutique skillset. Join us as we lift the veil on SDR and show that a PhD is not need to pwn the Internet of Things.
This session offers a tutorial on how to apply Software Defined Radio, with an emphasis on the “Radio” part. Rather than glazing over RF basics, we will frame our entire discussion about reverse engineering wireless systems around digital radio fundamentals.
We begin with an offensively short crash course in digital signal processing and RF communication, covering just enough to be dangerous, before introducing a reverse engineering workflow that can be applied to any wireless system. We will show how to use this workflow to recover and inject packets from/into a variety of devices with proprietary modulations, including a popular home automation system and a wireless keyboard.
Attendees should expect to walk away with practical knowledge of how to apply SDR to examine proprietary wireless protocols. We will release GNU Radio flowgraph templates and shell scripts to get attendees started.