This is a brief introduction to software defined radio for beginners, encompassing basic equipment and applications for hobbyists and security researchers alike. We'll cover usage for amateur radio, intelligence, signal identification, signal recording and replay, and denial of service.

The demonstrations will range from the most simple to somewhat complex, but still doable in under 10 minutes. The equipment used ranges from very affordable to professional grade, including the FLipoper Zero and hackRF One.

The overall takeaway is demystifying SDR for enthusiasts and adding tools to security professionals' kits.

Title Panel

Introduction to Software Defined Radio – for offensive and defensive operations

A Primer with Foundations

What this presentation is and isn’t
– Basics for beginners
– Focus is on applications out of the box, not theory
– Not a comprehensive course
– Every application can be done between 2 and 10 minutes with the right software and hardware
– Errors might occur depending on where you are, so don’t expect perfection

SDR in Brief

A brief intro to SDR as a technology
– Radio on a chip
– The module converts the RF to data and back
– The computer processes and presents the data
– The antenna antennas
– Many add-ons and adapters for the whole RF spectrum

Hardware
– HackRF One
– RTL-SDR
– Flipper Zero

Software
– Windows 10
– SDR Sharp
– Dump1080
– Virtual Flight Server
– FZ Xtreme firmware
– HackRF firmware

DEMO – FM Radio

With the RTL-SDR, we tune into an FM broadcast station to demonstrate receive capability, then tune to a VHF and/or UHF frequency and key in a hand-held walkie to demonstrate surveillance applications.

TAKEAWAY: passive surveillance of radio signals

DEMO – ADS-B

With the RTL-SDR, Dump10190, and Virtual Flight Server, we capture aircraft ADS-B transponder signals to identify nearby aircraft flying overhead.

TAKEAWAY: passive surveillance of aircraft

*Video of active collection and display of ADS-B signals on Virtual Flight Server

Use Someone Else’s

List of popular websites that provide feeds from SDR stations worldwide.

TAKEAWAY: Open Source Intelligence from RF without any special equipment

Sub-GHZ is Everywhere

An overview of the upper VHF and lower UHF spectra for industrial control systems, vehicle data, long-range wireless (LoRaWAN), and IoT applications.

Stop and Listen

Get permission before conducting any offensive RF operations. We are using our own equipment and labs for this, and you must either do the same or get permission before trying these on any network you don’t own.

DEMO – Signal Replay

With HackRF and SDR#, we demonstrate the capability to record and replay a sub-GHz signal from a remote control security alarm. This can be used on a vehicle key FOB too.

TAKEAWAY: offensive operations against wireless devices

DEMO – Signal Denial of Service

With HackRF and SDR#, we create a sub-GHz tone louder than another device to deny operations of sub-GHz signals.

TAKEAWAY: offensive operations against wireless devices

Wi-Fi is Everywhere Too

A brief introduction to Wi-Fi and how it can be collected regardless of security measures.

DEMO – Wi-Fi Deauthentication Attack

We demonstrate a denial of service attack using a Flipper Zero and Wi-Fi development board. The FZ will be represented using the qFlipper and showing how to list Wi-Fi beacons to and from a router and end user device. The deauthentication will be shown via the routers admin console. A second step will demonstrate collection of re-authentication packets.

TAKEAWAY: offensive operations against Wi-Fi networks

*Video of Flipper Zero performing a deauth and capture attack, followed by a password crack using Wifite2

Conclusion/Questions