Software-Defined Radio Hacking: Initiation | Instytut PWN

Newsletter

WORKSHOP - Security PWNing Conference 2019

Software-Defined Radio Hacking: Initiation

Number of tickets is limited!

This training teaches students how radio works, how to analyze a targeted signal and how to interface with it using SDR (Software-Defined Radio).

The class allows attendees to discover current radio techonologies a pentester or a vulnerability researcher can stumble upon missions. By understanding different radio technologies, attendees will get the necessary reflexes to attack current and future systems via the radio interface with the use of SDR software and hardware.

Prerequisites

This training is aimed at security professional willing to discover radio technologies and have hands-on sessions.
– Knowledge of Linux and a programming language such as C, C++, C# or Python is necessary.
– Basic knowledge of security and radio is a plus
– All attendees will need to bring a laptop capable of running VMware virtual machine (8GB of RAM is a minimum)

Scientific Program

Day 1 | 9:00 - 17:00
9:00
1. Introduction to radio
  • History, evolution, and regulations
  • Radio waves
  • Software-Defined Radio
  • Antennas
  • Gain impacts with amplificators and connectors
2. Observations
  • Tools: Waterfall and spectrum analysers
  • Signal identification
  • Modulation/Demodulation
  • Encoding/Decoding
13:30-14:00
Lunch
-17:00
3. Hands-on Software-Defined Radio
  • Hardware
  • Introduction to GnuRadio
  • Practice with GnuRadio Companion
  • Block schemas
  • Simulations
  • Executing a block in a real SDR device
  • Listening to simple AM and FM signals
  • Features to process samples
Day 2 | 9.00 - 17.00
9:00
4. Attacking devices
  • Common sub-GHz Remotes
    – Capturing data
    – Replaying saved samples
    – Analysing samples: manually and with powerful tools like URH
    – Rolling codes: security level, possible attacks
  •  Devices using the mobile network (2G/3G/4G)
    – Monitoring
    – Existing tools: OpenBTS, YateBTS, srsLTE, etc.
    – Interception techniques in 2G/3G and 4G + our feedback in missions
    – Tooling with GnuRadio
    – Weird mobile features
  • Attacking Custom devices
    – Identification: looking at device’s references, components, etc.
    – Sniffing signals
    – Decoding signals and limits
    – Hardware hacking to break some limits
13:30-14:00
Lunch
-17:00
Bonus: PWNing session if we have time => create your communication system, break other attendee's system, or bring your IoT device to break

Speakers

Sebastian Dudek
Information security expert working for the Synacktiv company. For over 7 years he has been particularly passionate about flaws in radiocomm... more
Sebastian Dudek
Information security expert working for the Synacktiv company. For over 7 years he has been particularly passionate about flaws in radiocommunication. Author of several presentations on mobile security (Baseband fuzzing, interception, mapping, etc.) and in data transmission systems with power lines (Power-Line Communication, HomePlug AV). He is also interested in other sort of practical attacks on various technologies such as Wi-Fi, RFID and other emission systems  that he encounters during his Red Team penetration tests performed professionally.