Assessing and Exploiting
Proprietary RF Protocols

Module Outline:

• Examples when to use

• Overview of methodology

• Capturing RF Signals

  • Hardware used for different RF protocols

  • When to use SDR vs rfcat

  • Comparison of different SDR hardware

  • Finding the right frequencies

  • Using the right antenna and using it correctly

  • Exercise: RF spectrum analysis with RTL-SDR and GQRX

  • Exercise: RF signal capture with RTL-SDR and Universal Radio Hacker (URH)

  • Basic analysis of the captured signal

• Spread Spectrum types and strategies

  • Strategies for recovering frequency hopping

• Modulation and Demodulation

  • Visual identification of basic modulation types

  • Online samples of basic and complex modulation types

  • Exercise: ASK-OOK demodulation with RTL-SDR and URH

  • Exercise: 2FSK demodulation with RTL-SDR and URH

  • Exercise: Using rfcat and Yardstick One to generate our own RF packets

• Bitstream to Packets

  • Understanding how data streams are assembled

  • Exercise: Analysis of packets URH

  • Exercise: Defining a protocol inside URH

• RF Transmission

  • Traffic transmission and exploitation

  • Hardware needed for transmission

  • Signal transmission with URH

  • Exercise: Replaying captured packets with URH and rfcat

Software

• ControlThings Platform Virtual Machine

Hardware

• RTL-SDR + Antenna
  (Used as Software Defined Radio (SDR) device)

• Great Scott Gadgets YARD Stick One + Antenna
  (Uses TI's Chipcon CC1111 RF chip. Most common Sub 1GHz chip family in ICS, IoT, and medical)