Course 2 – Basic Digital Communications with SDR

Summary

This course teaches you the fundamentals of building digital radios with SDR and gnuradio. A solid understanding of this material better enables InfoSec professionals to put SDRs to work detecting, intercepting and analyzing wireless vulnerabilities. This foundation is also useful for building digital transmitters to exploit RF vulnerabilities or to exfiltrate data.
As with my introductory course, I will continue to teach you gnuradio, and we will employ it for hands-on projects that illustrate each radio concept. This is not a lecture-based course, but one built on 25 different projects.

Course Result

You’ll be able to build basic digital transmitters and receivers using OOK, FSK and PSK. You’ll also understand the building blocks of digital signals: preambles, error-checking and payload encodings. The capstone for the course will put your newfound knowledge to work reverse engineering a digital control system.

Prerequisites

No previous engineering or SDR knowledge is necessary – we start from the beginning.

You will not need to bring anything to the class. You will use our laptops and SDR hardware.

Description

My brother and I co-authored the Field Expedient SDR book series and have taught SDR to students who possessed widely varying degrees of proficiency. Based on these experiences, we believe that it takes four days of training for a newcomer to become proficient building analog and digital radios with gnuradio and SDR.

This course comprises the second half of that four days, and is for those who have taken my first course or have self-taught the basics of analog SDR. Laying a solid foundation better enables InfoSec professionals to put SDRs to work detecting, intercepting and analyzing wireless vulnerabilities. This foundation is also useful for building digital transmitters to exploit RF vulnerabilities or to exfiltrate data.

As with my book series, this class avoids highly mathematical engineering lectures and focuses on teaching through 25 practical, hands-on exercises. Though we avoid the heavy math, we will carefully and methodically study digital radio design so that you can build your own gnuradio flowgraphs with confidence when needed.

We begin by building an On-Off-Keyed (OOK) receiver, and then breaking down each part of it to see how it works and why it works. Then we take a short detour into the world of complex numbers. The goal of this detour is not to work through formal mathematical definitions, but to understand from a functional level how they impact radio design. Next we build the flip-side of our first project – an OOK transmitter.

Next, we dive into the various pieces of a digital signal: the preamble, the header, the payload and the error checking. We’ll then spend some time extracting payloads from digital signals using clock recovery blocks and some simple Python scripts.

We then shift our attention to Frequency Shift Keyed (FSK) systems, building a receiver and a transmitter. We then spend some time optimizing our FSK system, seeing how we can design it to minimize the bandwidth it consumes without impacting performance. This process of optimization will shed light on a number of important characteristics of FSK design.

Then we turn our attention to Phase Shift Keying (PSK). We won’t dive as deeply into PSK as we did with OOK and FSK because there’s so much more to cover with this complicated modulation scheme. We will, however, build a Differential PSK transmitter and receiver and explain the key things to know about its design and function.

Finally, we will put our newfound knowledge to work by doing some reverse engineering. We’ll only have time to work through a handful of simple projects, but it will be enough to get you started on the path to breaking down signals yourself.

Thanks to gnuradio’s excellent simulation capabilities, we’ll work through a number of our projects without plugging in any SDR hardware. This will result in cleaner and more deterministic exercises, but we won’t stop there. We’ll also build and operate the key designs in hardware to build experience working through the kinks that invariably occur in real-world projects. To keep things entertaining, a few of our projects will be competitive, Capture the Flag-style exercises.

When you’ve finished the class, you’ll know how to build scanners to detect RF transmissions, receivers to capture and decode signals, and transmitters to produce your own signals. You’ll also be able to build custom transmit-receive pairs for exfiltrating data. Finally, your new digital radio foundation will prepare you for understanding and implementing the myriad of SDR resources you find online.

Outline

Day 1
  1. Discuss class goals and methods
  2. Goals for Day 1
  3. Review of Basic Analog Receiver
  4. Review of Basic Analog Transmitter
  5. Review of gnuradio usage
  6. Review of Frequency Domain
  7. Digital Baseband versus Analog
  8. Clocking and Synchronization
  9. Project 1 – OOK Receiver
  10. Breaking down the OOK Flowgraph
  11. Event Triggering in QT GUI Widgets
  12. Project 2 – OOK Receiver Improvements
  13. Complex Numbers – Key Things to Know
  14. IQ Sampling
  15. Project 3 – Building Complex Numbers
  16. Adding, Subtracting and Multiplying Complex Numbers
  17. Project 4 – Complex Arithmetic
  18. How Complex Values Relate to Real Values
  19. Magnitude and Phase
  20. Project 5 – Displaying Signals In the Complex Plane
  21. Vector Sources
  22. Project 6 – Building a Digital Baseband Signal
  23. Generating OOK Signals
  24. Project 7 – OOK Transmitter (simulated)
  25. Break for Lunch
  26. How to Test Digital Radios
  27. Project 8 – Combined OOK Transmitter and Receiver Flowgraph
  28. ASK versus OOK
  29. Higher Order ASK
  30. Symbols Defined
  31. Symbol Rate
  32. Breaking Down the Digital Baseband
  33. Preambles
  34. Project 9 – Detecting Preambles
  35. Headers
  36. Payload Encodings
  37. NRZ, Manchester, PWM
  38. Less Common Encodings
  39. Little versus Big Endian
  40. Project 10 – Extracting the Payload with Simple Decimation
  41. Clock Recovery
  42. Project 11 – Extracting the Payload with Clock Recovery
  43. Python for Baseband Processing
  44. Project 12 – Writing Python to Process Baseband Data
  45. Error Checking Algorithms
  46. CRCs – What you Need to Know
  47. Arithmetic Checksums and Parity Bits
  48. Receiving with SDR Hardware
  49. Project 13 – Hardware OOK Receiver
  50. Project 14 (CTF) – Find, Capture, Demod and Decode Mystery Signal
Day 2
  1. Goals for Day 2
  2. Digital Transmitters in Hardware
  3. Legal Issues with SDR Transmission
  4. Project 15 – HW Based OOK Transmitter
  5. End-To-End Digital Communication Challenges
  6. Project 16 (Team CTF) – Send Info from one Team Member to another
  7. Frequency Shift Keying (FSK)
  8. Mark, Space and Higher Order FSK
  9. Modular Digital Radio Design
  10. Project 17 – Convert OOK system to FSK
  11. How Noise Impacts FSK
  12. Channel Models and their Properties
  13. Project 18 – Adding a Channel Model to the FSK System
  14. How to Choose Your FSK Deviation
  15. Optimizing FSK Systems
  16. Project 19 – Improving the FSK System
  17. Project 20 (Team CTF) – Send Info via FSK
  18. Break for Lunch
  19. PSK Theory
  20. Synchronization and Differential PSK
  21. Packed and Unpacked Bytes
  22. Project 21 – Converting FSK System to DPSK
  23. A Brief Introduction to Reverse Engineering
  24. How Capture-Replay Exploits Work
  25. Project 22 – Capture Replay with Simple Remote Controlled System
  26. Breaking Down Mystery Signals
  27. Finding the Signal
  28. Capturing the Signal Efficiently
  29. The FCC database
  30. Project 23 – Capturing Intermittent Signal
  31. Inspecting Signals to Determine Modulation
  32. Project 24 – Determining Modulation of Mystery Signals
  33. Identifying the Preamble
  34. Identifying the Payload Encoding
  35. Determining the Symbol Rate
  36. Project 25 (CTF) – Reverse Engineering Simple Protocol
  37. Class Wrap-Up
  38. Suggested Next Steps for Students