Software-Defined Radio Hacking: Initiation | Instytut PWN
WORKSHOP - Security PWNing Conference 2019

Software-Defined Radio Hacking: Initiation

This training teaches students how radio works, how to analyze a targeted signal and how to interface with it using SDR (Software-Defined Radio).

The class allows attendees to discover current radio techonologies a pentester or a vulnerability researcher can stumble upon missions. By understanding different radio technologies, attendees will get the necessary reflexes to attack current and future systems via the radio interface with the use of SDR software and hardware.


This training is aimed at security professional willing to discover radio technologies and have hands-on sessions.
– Knowledge of Linux and a programming language such as C, C++, C# or Python is necessary.
– Basic knowledge of security and radio is a plus
– All attendees will need to bring a laptop capable of running VMware virtual machine (8GB of RAM is a minimum)

Scientific Program

Day 1 | 9:00 - 17:00
1. Introduction to radio
  • History, evolution, and regulations
  • Radio waves
  • Software-Defined Radio
  • Antennas
  • Gain impacts with amplificators and connectors
2. Observations
  • Tools: Waterfall and spectrum analysers
  • Signal identification
  • Modulation/Demodulation
  • Encoding/Decoding
3. Hands-on Software-Defined Radio
  • Hardware
  • Introduction to GnuRadio
  • Practice with GnuRadio Companion
  • Block schemas
  • Simulations
  • Executing a block in a real SDR device
  • Listening to simple AM and FM signals
  • Features to process samples
Day 2 | 9.00 - 17.00
4. Attacking devices
  • Common sub-GHz Remotes
    – Capturing data
    – Replaying saved samples
    – Analysing samples: manually and with powerful tools like URH
    – Rolling codes: security level, possible attacks
  •  Devices using the mobile network (2G/3G/4G)
    – Monitoring
    – Existing tools: OpenBTS, YateBTS, srsLTE, etc.
    – Interception techniques in 2G/3G and 4G + our feedback in missions
    – Tooling with GnuRadio
    – Weird mobile features
  • Attacking Custom devices
    – Identification: looking at device’s references, components, etc.
    – Sniffing signals
    – Decoding signals and limits
    – Hardware hacking to break some limits
Bonus: PWNing session if we have time => create your communication system, break other attendee's system, or bring your IoT device to break


Sebastian Dudek
Information security expert working for the Synacktiv company. For over 7 years he has been particularly passionate about flaws in radiocomm... more