Introduction:

This class is a beginner's introduction to practical Software Defined Radio applications and development with an emphasis on exercise-based learning. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the duration of the course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a capstone RF exploitation exercise. SDR 101 is a course designed for cyber security professionals of all skill levels who want to start working with RF signals and SDRs.

Software Defined Radios (SDRs) are a powerful tool that has made the once-obfuscated domain of the electromagnetic spectrum open to anyone with a low-cost laptop and radio. From both an offensive and defensive perspective, an enormous attack surface with many legacy devices and protocols is open for exploitation. Disappointed by the lack of introductory SDR material, RNS Technology Solutions decided to build a introductory training course to help fill the gap. This course is structured around multiple labs and exercises based on real world signals; and built on the premise that hand-on learning is the best way to teach students. The course begins with a block on required RF theory that quickly transitions into basic signals analysis, using live radios, with a few open-source tools. We will then dive into GNUradio, first just using pre-made blocks, but eventually writing our own toolsets. We will follow that with more advanced signals analysis and RF attacks on real systems. The course will end with a capstone RF exploitation exercise that will reinforce all learned concepts.

Suggested Prerequisites:

This is a beginner course. Students do not need to have any prior knowledge of RF theory or SDRs. We will do some programming in Python, so a basic understanding is helpful (but not required). Before the course, the instructor will send out some pre-reading and video lectures for students to ensure everyone is starting at the same level.

Course Details and Topics Covered:

• Introduction to RF theory, waveforms, and basic modulation schemes

  • Amplitude Modulation (AM)

  • Frequency Modulation (FM)

  • Phase Modulation (PM)

  • Frequency Shift Keying (FSK)

  • Phase Shift Keyeing (PSK)

  • On-Off-Keying (OOK)

• Advanced modulation schemes:

  • Quadrature Amplitude Modulation (QAM) 

• Nyquist sampling and aliasing

• A brief overview of Euler and complex numbers

• IQ sampling theory

• FFT and time-domain vs. frequency-domain

• Overview of common Software Defined Radio architectures

• Introduction and interfacing with SDRs

• Basic demodulation exercises

• Introduction to spectrum scanning.

• Baseline scanning and anomaly detection.

• Capturing raw signals with your SDR.

• Inspecting raw signals.

• Advanced signals inspection using Python.

• Introduction to GNUradio.

• Key GNUradio flow graph components:

  • Sources

  • Sinks

  • Filters

  • Demodulators

  • Mixers

• GNUradio resamplers and resampling theory.

• Introduction to out-of-tree (OOT) modules.

• Extending GNUradio through scripting.

• Extending GNUradio with OOT modules from the open-source community.

• Extending GNUradio with user-developed custom blocks.

• Introduction to transmitting.

• Building IQ files.

• Overview of common RF attacks:

  • Replay

  • Jamming

  • Spoofing

• Countermeasures to RF attacks.

• Targeted signals reverse-engineering.

• Capstone exercise: Custom RF PCB exploitation challenge.

Course Length:

This course is available in 4-day and 5-day versions depending on customer requirements and any additional special RF topics requested.

Introduction:

This class is an intermediate exploration of practical Software Defined Radio applications for students who are already familiar with SDRs. Similar to SDR101, SDR201 is designed around hands-on exercises and student engagement that drives learning reinforcement. This course will explore intermediate DSP topics such as correlation and convolution, energy detection, symbol timing recovery, and advanced modulation and demodulation techniques. Students will incrementally build a fully functioning SDR-based transceiver that, by the end of the course, will be be able to interface with a commercial IoT system.

Suggested Prerequisites:

This is an intermediate course. Students must have prior knowledge of basic RF theory and have done some work with SDRs. We will make extensive use of GNUradio; attendees should be familiar with the framework and have completed GNUradio's custom block tutorials. A basic understanding of Python is required, as students will be writing many of their own programs and tools. This course is the natural progression of topics covered in SDR101, and this class starts with the assumption that students have a basic understanding of the topics listed in the SDR101 course details. 

Course Details and Topics Covered:

• Review of SDR101 topics:

  • Basic modulation schemes

  • IQ data

  • Time and frequency domain

  • GNUradio custom blocks with Python

• Fourier transform properties

• Energy detection:

  • basic thresholding

  • adaptive thresholding and AGC

  • burst detection with delay-divide

  • Adaptive RF mixing

• Correlation and convolution:

  • time-domain application

  • frequency-domain application

  • practical uses

  • unique sequence identification

• Carrier frequency offset and recovery

• Symbol timing recovery

  • Phase-locked loops

  • Matched filtering

  • Zero-crossing, rising-edge, falling-edge, and peak detection

  • Costas loop

  • Common clock recovery methods

    • Free running methods

    • Burst methods

• Advanced modulations and multiplexing

  • Review QAM

  • MSK and multi-FSK

  • Multi-PSK

  • FDMA, TDMA, CDMA

  • DSSS

  • OFDM

  • FHSS

  • CSSS

• Techniques for IQ data generation in Python and GNUradio

• Capstone: full RF transceiver targeting a commercial IoT device 

Course Length:

This course is available in 4-day and 5-day versions depending on customer requirements and any additional special RF topics requested.

Placeholder: course is still under development.