You’ll be able to build basic digital transmitters and receivers using OOK, FSK and PSK. You’ll also understand the building blocks of digital signals: preambles, error-checking and payload encodings. The capstone for the course will put your newfound knowledge to work reverse engineering a digital control system.
No previous engineering or SDR knowledge is necessary – we start from the beginning.
You will not need to bring anything to the class. You will use our laptops and SDR hardware.
My brother and I co-authored the Field Expedient SDR book series and have taught SDR to students who possessed widely varying degrees of proficiency. Based on these experiences, we believe that it takes four days of training for a newcomer to become proficient building analog and digital radios with gnuradio and SDR.
This course comprises the second half of that four days, and is for those who have taken my first course or have self-taught the basics of analog SDR. Laying a solid foundation better enables InfoSec professionals to put SDRs to work detecting, intercepting and analyzing wireless vulnerabilities. This foundation is also useful for building digital transmitters to exploit RF vulnerabilities or to exfiltrate data.
As with my book series, this class avoids highly mathematical engineering lectures and focuses on teaching through 25 practical, hands-on exercises. Though we avoid the heavy math, we will carefully and methodically study digital radio design so that you can build your own gnuradio flowgraphs with confidence when needed.
We begin by building an On-Off-Keyed (OOK) receiver, and then breaking down each part of it to see how it works and why it works. Then we take a short detour into the world of complex numbers. The goal of this detour is not to work through formal mathematical definitions, but to understand from a functional level how they impact radio design. Next we build the flip-side of our first project – an OOK transmitter.
Next, we dive into the various pieces of a digital signal: the preamble, the header, the payload and the error checking. We’ll then spend some time extracting payloads from digital signals using clock recovery blocks and some simple Python scripts.
We then shift our attention to Frequency Shift Keyed (FSK) systems, building a receiver and a transmitter. We then spend some time optimizing our FSK system, seeing how we can design it to minimize the bandwidth it consumes without impacting performance. This process of optimization will shed light on a number of important characteristics of FSK design.
Then we turn our attention to Phase Shift Keying (PSK). We won’t dive as deeply into PSK as we did with OOK and FSK because there’s so much more to cover with this complicated modulation scheme. We will, however, build a Differential PSK transmitter and receiver and explain the key things to know about its design and function.
Finally, we will put our newfound knowledge to work by doing some reverse engineering. We’ll only have time to work through a handful of simple projects, but it will be enough to get you started on the path to breaking down signals yourself.
Thanks to gnuradio’s excellent simulation capabilities, we’ll work through a number of our projects without plugging in any SDR hardware. This will result in cleaner and more deterministic exercises, but we won’t stop there. We’ll also build and operate the key designs in hardware to build experience working through the kinks that invariably occur in real-world projects. To keep things entertaining, a few of our projects will be competitive, Capture the Flag-style exercises.
When you’ve finished the class, you’ll know how to build scanners to detect RF transmissions, receivers to capture and decode signals, and transmitters to produce your own signals. You’ll also be able to build custom transmit-receive pairs for exfiltrating data. Finally, your new digital radio foundation will prepare you for understanding and implementing the myriad of SDR resources you find online.
- Discuss class goals and methods
- Goals for Day 1
- Review of Basic Analog Receiver
- Review of Basic Analog Transmitter
- Review of gnuradio usage
- Review of Frequency Domain
- Digital Baseband versus Analog
- Clocking and Synchronization
- Project 1 – OOK Receiver
- Breaking down the OOK Flowgraph
- Event Triggering in QT GUI Widgets
- Project 2 – OOK Receiver Improvements
- Complex Numbers – Key Things to Know
- IQ Sampling
- Project 3 – Building Complex Numbers
- Adding, Subtracting and Multiplying Complex Numbers
- Project 4 – Complex Arithmetic
- How Complex Values Relate to Real Values
- Magnitude and Phase
- Project 5 – Displaying Signals In the Complex Plane
- Vector Sources
- Project 6 – Building a Digital Baseband Signal
- Generating OOK Signals
- Project 7 – OOK Transmitter (simulated)
- Break for Lunch
- How to Test Digital Radios
- Project 8 – Combined OOK Transmitter and Receiver Flowgraph
- ASK versus OOK
- Higher Order ASK
- Symbols Defined
- Symbol Rate
- Breaking Down the Digital Baseband
- Project 9 – Detecting Preambles
- Payload Encodings
- NRZ, Manchester, PWM
- Less Common Encodings
- Little versus Big Endian
- Project 10 – Extracting the Payload with Simple Decimation
- Clock Recovery
- Project 11 – Extracting the Payload with Clock Recovery
- Python for Baseband Processing
- Project 12 – Writing Python to Process Baseband Data
- Error Checking Algorithms
- CRCs – What you Need to Know
- Arithmetic Checksums and Parity Bits
- Receiving with SDR Hardware
- Project 13 – Hardware OOK Receiver
- Project 14 (CTF) – Find, Capture, Demod and Decode Mystery Signal
- Goals for Day 2
- Digital Transmitters in Hardware
- Legal Issues with SDR Transmission
- Project 15 – HW Based OOK Transmitter
- End-To-End Digital Communication Challenges
- Project 16 (Team CTF) – Send Info from one Team Member to another
- Frequency Shift Keying (FSK)
- Mark, Space and Higher Order FSK
- Modular Digital Radio Design
- Project 17 – Convert OOK system to FSK
- How Noise Impacts FSK
- Channel Models and their Properties
- Project 18 – Adding a Channel Model to the FSK System
- How to Choose Your FSK Deviation
- Optimizing FSK Systems
- Project 19 – Improving the FSK System
- Project 20 (Team CTF) – Send Info via FSK
- Break for Lunch
- PSK Theory
- Synchronization and Differential PSK
- Packed and Unpacked Bytes
- Project 21 – Converting FSK System to DPSK
- A Brief Introduction to Reverse Engineering
- How Capture-Replay Exploits Work
- Project 22 – Capture Replay with Simple Remote Controlled System
- Breaking Down Mystery Signals
- Finding the Signal
- Capturing the Signal Efficiently
- The FCC database
- Project 23 – Capturing Intermittent Signal
- Inspecting Signals to Determine Modulation
- Project 24 – Determining Modulation of Mystery Signals
- Identifying the Preamble
- Identifying the Payload Encoding
- Determining the Symbol Rate
- Project 25 (CTF) – Reverse Engineering Simple Protocol
- Class Wrap-Up
- Suggested Next Steps for Students