HACKING THE WIRELESS WORLD WITH SOFTWARE DEFINED RADIO - 2.0 presented at BlackHatAsia 2015

by Balint Seeber,

Summary : Ever wanted to communicate with a NASA space probe launched in 1978, or spoof a restaurant's pager system? There are surprising similarities! How about use an airport's Primary Surveillance RADAR to build your own bistatic RADAR system and track moving objects? What sorts of RF transactions take place in RFID systems, such as tollbooths, building security, and vehicular keyless entry? Then there's 'printing' steganographic images onto the radio spectrum.
Wireless systems, and their radio signals, are everywhere: consumer, corporate, government, amateur - widely deployed and often vulnerable. If you have ever wondered what sort of information is buzzing around you, this talk will introduce how you can dominate the RF spectrum by 'blindly' analyzing any signal, and then begin reverse engineering it from the physical layer up. I will demonstrate how these techniques can be applied to dissect and hack RF communications systems, such as those above, using open source software and cheap radio hardware. In addition, I'll show how long-term radio data gathering can be used to crack poorly implemented encryption schemes, such as the Radio Data Service's Traffic Message Channel.
I'll also look briefly at some other systems that are close to my heart: reversing satellite communications, tracking aircraft using Mode S and visualizing local airspace in real-time on a 3D map, monitoring the health of aircraft with ACARS (how many faults have been reported by the next plane you'll be traveling on, e.g. do the toilets work?), and hunting down the source of an interfering clandestine radio transmission.
If you have any SDR equipment, bring it along!