Assessing and Exploiting
Proprietary RF Protocols

Module Outline:

  • Examples when to use

  • Overview of methodology

  • Capturing RF Signals

    • Hardware used for different RF protocols

    • When to use SDR vs rfcat

    • Comparison of different SDR hardware

    • Finding the right frequencies

    • Using the right antenna and using it correctly

    • Exercise: RF spectrum analysis with RTL-SDR and GQRX

    • Exercise: RF signal capture with RTL-SDR and Universal Radio Hacker (URH)

    • Basic analysis of the captured signal

  • Spread Spectrum types and strategies

    • Strategies for recovering frequency hopping

  • Modulation and Demodulation

    • Visual identification of basic modulation types

    • Online samples of basic and complex modulation types

    • Exercise: ASK-OOK demodulation with RTL-SDR and URH

    • Exercise: 2FSK demodulation with RTL-SDR and URH

    • Exercise: Using rfcat and Yardstick One to generate our own RF packets

  • Bitstream to Packets

    • Understanding how data streams are assembled

    • Exercise: Analysis of packets URH

    • Exercise: Defining a protocol inside URH

  • RF Transmission

    • Traffic transmission and exploitation

    • Hardware needed for transmission

    • Signal transmission with URH

    • Exercise: Replaying captured packets with URH and rfcat


  • ControlThings Platform Virtual Machine


  • RTL-SDR + Antenna
    (Used as Software Defined Radio (SDR) device)

  • Great Scott Gadgets YARD Stick One + Antenna
    (Uses TI's Chipcon CC1111 RF chip. Most common Sub 1GHz chip family in ICS, IoT, and medical)