Course 2 – Basic Digital Communications with SDR

Summary

This course teaches you the fundamentals of building digital radios with SDR and gnuradio. A solid understanding of this material better enables InfoSec professionals to put SDRs to work detecting, intercepting and analyzing wireless vulnerabilities. This foundation is also useful for building digital transmitters to exploit RF vulnerabilities or to exfiltrate data.
As with my introductory course, I will continue to teach you gnuradio, and we will employ it for hands-on projects that illustrate each radio concept. This is not a lecture-based course, but one built on 25 different projects.

Course Result

You’ll be able to build basic digital transmitters and receivers using OOK, FSK and PSK. You’ll also understand the building blocks of digital signals: preambles, error-checking and payload encodings. The capstone for the course will put your newfound knowledge to work reverse engineering a digital control system.

Prerequisites

You will need to have a working understanding of the material covered in our introductory class, including the basic structure of analog transmitters and receivers, tuning, filtering, and modulation.

You will not need to bring anything to the class. You will use our laptops and SDR hardware.

Description

My brother and I co-authored the Field Expedient SDR book series and have taught SDR to students who possessed widely varying degrees of proficiency. Based on these experiences, we believe that it takes four days of training for a newcomer to become proficient building analog and digital radios with gnuradio and SDR.

This course comprises the second half of that four days, and is for those who have taken my first course or have self-taught the basics of analog SDR. Laying a solid foundation better enables InfoSec professionals to put SDRs to work detecting, intercepting and analyzing wireless vulnerabilities. This foundation is also useful for building digital transmitters to exploit RF vulnerabilities or to exfiltrate data.

As with my book series, this class avoids highly mathematical engineering lectures and focuses on teaching through 25 practical, hands-on exercises. Though we avoid the heavy math, we will carefully and methodically study digital radio design so that you can build your own gnuradio flowgraphs with confidence when needed.

We begin by building an On-Off-Keyed (OOK) receiver, and then breaking down each part of it to see how it works and why it works. Then we take a short detour into the world of complex numbers. The goal of this detour is not to work through formal mathematical definitions, but to understand from a functional level how they impact radio design. Next we build the flip-side of our first project – an OOK transmitter.

Next, we dive into the various pieces of a digital signal: the preamble, the header, the payload and the error checking. We’ll then spend some time extracting payloads from digital signals using clock recovery blocks and some simple Python scripts.

We then shift our attention to Frequency Shift Keyed (FSK) systems, building a receiver and a transmitter. We then spend some time optimizing our FSK system, seeing how we can design it to minimize the bandwidth it consumes without impacting performance. This process of optimization will shed light on a number of important characteristics of FSK design.

Then we turn our attention to Phase Shift Keying (PSK). We won’t dive as deeply into PSK as we did with OOK and FSK because there’s so much more to cover with this complicated modulation scheme. We will, however, build a Differential PSK transmitter and receiver and explain the key things to know about its design and function.

Finally, we will put our newfound knowledge to work by doing some reverse engineering. We’ll only have time to work through a handful of simple projects, but it will be enough to get you started on the path to breaking down signals yourself.

Thanks to gnuradio’s excellent simulation capabilities, we’ll work through a number of our projects without plugging in any SDR hardware. This will result in cleaner and more deterministic exercises, but we won’t stop there. We’ll also build and operate the key designs in hardware to build experience working through the kinks that invariably occur in real-world projects. To keep things entertaining, a few of our projects will be competitive, Capture the Flag-style exercises.

When you’ve finished the class, you’ll know how to build scanners to detect RF transmissions, receivers to capture and decode signals, and transmitters to produce your own signals. You’ll also be able to build custom transmit-receive pairs for exfiltrating data. Finally, your new digital radio foundation will prepare you for understanding and implementing the myriad of SDR resources you find online.

Outline

Day 1
  1. Class goals and methods
  2. Review of Basic Analog Transmitter
  3. Review of Basic Analog Receiver
  4. Review of gnuradio Usage
  5. Review of Frequency Domain
  6. Digital Baseband versus Analog
  7. Clocking and Synchronization
  8. Project – OOK Receiver
  9. Breaking down the OOK Flowgraph
  10. Event Triggering in QT GUI Widgets
  11. Project – OOK Receiver Improvements
  12. Project – OOK Receiver with SDR Hardware
  13. Complex Numbers – Key Things to Know
  14. IQ Sampling
  15. Project – Building Complex Numbers
  16. Adding, Subtracting and Multiplying Complex Numbers
  17. Project – Complex Arithmetic
  18. How Complex Values Relate to Real Values
  19. Magnitude and Phase
  20. Project – Displaying Signals In the Complex Plane
  21. Vector Sources
  22. Project – Building a Digital Baseband Signal
  23. Generating OOK Signals
  24. Project – OOK Transmitter (simulated)
  25. Break for Lunch
  26. How to Test Digital Radios
  27. Project – Combined OOK Transmitter and Receiver Flowgraph
  28. Hardware Transmission and the Law
  29. Project – Transmitting and Receiving OOK Signals with SDR Hardware
  30. ASK versus OOK
  31. Higher Order ASK
  32. Symbols Defined
  33. Symbol Rate
  34. Breaking Down the Digital Baseband
  35. Clock Synchronization
  36. Polyphase Clock Sync Block
  37. Project – Extracting Bits
  38. Preambles
  39. Correlate Access Code Block
  40. Project – Detecting Preambles
  41. Tags
  42. Project – Detecting Preambles (Better)
  43. Correlate Access Code and Tagged Streams
  44. Custom CAC-TS with Fixed Length
  45. Project – Detecting Preambles (Best)
  46. Extracting Raw Payloads
  47. Messages
  48. Project – Simple Message Passing
  49. PDUs
  50. Repack Bits Block
  51. Message Debug Block
  52. Project – Producing Raw Payload Data
  53. Polyphase Clock Sync Tips
  54. Project – Receiving Strings
  55. Project – End-to-End Digital Communication
Day 2
  1. Baseband Structure
  2. Processing Raw Payloads Externally
  3. Project – Saving and Processing Raw Payloads
  4. Payload Encodings
  5. Decoding with Python – Manchester
  6. Decoding with Python – PWM
  7. Project – Decoding the Payload
  8. Less Common Encodings – PIE
  9. Less Common Encodings – PPM
  10. Little versus Big Endian
  11. Error Checking
  12. Arithmetic Checksums and Parity Bits
  13. CRCs – What you Need to Know
  14. Modular Radio Design
  15. Frequency Shift Keying (FSK)
  16. Mark, Space and Higher Order FSK
  17. Modular Digital Radio Design
  18. Quadrature Demod Block
  19. Project – Convert OOK to FSK
  20. GFSK
  21. GMSK
  22. Project – Converting FSK to GMSK
  23. Break for Lunch
  24. How Noise Impacts FSK
  25. Channel Models and their Properties
  26. Project – Adding a Channel Model to the FSK System
  27. Power Squelch
  28. Project (Team CTF) – Send Info via GMSK
  29. PSK Theory
  30. Synchronization and Differential PSK
  31. Packed and Unpacked Bytes
  32. Higher Order PSK
  33. PSK Constellations
  34. Demo of PSK system using the Constellation Modulator
  35. A Brief Introduction to Reverse Engineering
  36. Project (CTF) – Reverse Engineering Simple Protocol
  37. Class Wrap-Up
  38. Suggested Next Steps for Students