2020-11-21, 12:30–14:30, Hackfest - Track 1
The session will introduce audiences to the world of RF analysis, As we introduce each new attack, we will draw parallels to similar wired exploits, and highlight attack primitives that are unique to RF. During the session, we'll walk through wireless sniffing, spoofing, cloning, replay, and DoS attacks. These offensive exercises will give one brief idea of how to analyze the devices' security, and the best practice guidelines will help to design them properly.
Session Outline:-
Part A: Overview, Ideas, and Prospectus of the attack and defense in the field of RF Security (Objective is to ensure everyone has clarity of Radio Hacking and How is it Different?)
- Joys of the Past: History of Attack
- Current State of Industry & Sutra for Mitigation:
- A glimpse of the Future
Part B: The learned theory will be reinforced through the use of practical examples and exercises where they can put the tools and techniques into practice.
- What is a Software Defined Radio (SDR)
- SDR Architecture, DSP, Sampling
- Breadth and Depth of DSP
- Phases of SDR Hacking — This will explain how an RF attack takes place, and how to gather information and plan, including initial profiling of our device… beginning with 3 foundation questions before any hacks, i) What does our device do in normal operation ii) How do they connect? iii) Determining the Frequency.
- Setting up and using RTL-SDR, HackRF
- Decode Digital Data
- Customizing and Retransmitting Radio Signals — Next, this will go over to discuss how RF signals are captured and transmitted with a Hands-on demo with HackRF-One, RTL-SDR, and USRP to demonstrate replay attack on keyfobs, door locks, alarms.
- Capturing Signals and Analyzing a Waterfall Plot
- Reverse Engineering Transmissions
- Analyzing Data Formats and Injecting Wireless Packets
- Hands-on Practice with Tools: GNUradio, GQRX, SDR#
- Case Study and Demos