• Size: 2.65 MB
  • Uploaded: 2019-03-24 10:16:00
  • Status: Successfully converted

Some snippets from your converted document:

CONVERTING RADIO SIGNALS TO DATA PACKETS Examination of Using GNU Radio Companion for Security Research and Assessment May 15, 2014 Presented by: INGUARDIANS, INC. Security Research and Guidance TABLE OF CONTENTS 1.0 Introduction _______________________________________________________ 3 2.0 Installation and Configuration _________________________________________ 4 3.0 Managing Direct Current Spike _________________________________________ 5 4.0 Isolating The Transmission ____________________________________________ 9 5.0 Actual Demodulation ________________________________________________ 12 6.0 Counting the Bits __________________________________________________ 17 7.0 Analyzing Demodulated Data _________________________________________ 19 8.0 Marking the Packet _________________________________________________ 22 9.0 Testing The Control _________________________________________________ 26 10.0 Conclusion _______________________________________________________ 29 1.0 INTRODUCTION InGuardians, Inc. (InGuardians) has leveraged wireless assessment methodologies since our inception. Wi-Fi assessments involving Enterprise wireless deployments have slowly grown to include analysis of radio technologies leveraging common and custom deployments of Zigbee, Bluetooth, and mesh networking implementations within the Industrial, Scientific and Medical (ISM) radio bands. InGuardians has seen these technologies expand rapidly with the rapid deployment of Smart Grid-based technologies and the proliferation of embedded devices in many industries including utilities, oil and gas, retail, grocery, aviation, and medical. InGuardians’ approach has always been to take the current intelligence from other researchers and expand upon their guidance and theories. Sometimes we have been lucky enough to stumble upon new developments of our own and lead the discovery of new vulnerabilities and issues. Most of the time, like many other security professionals, we have used the data discovered by others to define and refine our techniques while periodically augmenting it with our own information, expertise, and programming skills. InGuardians has continued this learning and leadership role in the radio analysis field by sharing our research, assessment, and development skills with the security community and associated industries as often as possible. Our analysts have presented on these topics at ShmooCon1, Black Hat2, DefCon, S4, and other industry-specific venues. In our quest to fully understand the techniques behind radio assessments, InGuardians has determined there is a lack of specific step-by-step guidance demonstrating some of the many radio analysis techniques. The biggest gap appears to be centered on the use of GNU Radio Companion (GRC) to completely analyze a signal from capture to the data the signal contains. This is partially due to the vast number of implementations that are possible for any device configured to implement a radio as a method of communications and data transfer. But, as with all information technologies, understanding the steps behind one or more scenarios opens doors for other research and tools. To this end, InGuardians offers the following step-by-step guide which outlines our experiences and approach to radio analysis using GRC. These efforts have also resulted in a custom script, GRC Bit Converter3, to help assist security researcher and radio enthusiasts with their personal and professional projects. DISCLAIMER: Several InGuardians have held HAM certifications for many years. However, none of our security analysts have degrees relating to Radio Engineer. The information provided here is accurate to the best of our knowledge. These are techniques gleaned from Mike Ossmann’s radio analysis course4, extensive individual research, and during actual radio analysis assessments. The terms and technique are accurate to the best of our knowledge. This paper will be updated to address any major inaccuracies. Please notify us with any input or clarification. 1 Hop Hacking Hedy: http://code.google.com/p/hedyattack/downloads/list 2 Looking into the Eye of the Meter: http://www.youtube.com/watch?v=hXfpEauUCto 3 GRC Bit Converter: https://github.com/cutaway/grc_bit_converter 4 Great Scott Gadgets: https://greatscottgadgets.com/ 2.0 INSTALLATION AND CONFIGURATION There are many tutorials and guides for purchasing radios, installing GRC, and installing supporting spectrum analysis software. Repeating these sources would be futile. Therefore, the following is a list of hardware and software that InGuardians analysts use as a starting point for research and security assessments. The links provided will change over time and new software and hardware will eventually be released. Thus these resources are only current at the time this guidance was written.  Hardware Resources o USRP – http://home.ettus.com/ o HackRF Jawbreaker – https:/

Recently converted files (publicly available):