Monday, September 01, 2014

Learning SDR

I recently launched Software Defined Radio with HackRF, an instructional video series that I hope will make it easier than ever for people to learn the basics of Software Defined Radio (SDR).

When I first learned to use SDR for my wireless security research, it was hard. At first I thought, "I can build radios out of software! I don't know anything about building radios, but I know software. Now with SDR I can build radios!" Unfortunately that wasn't quite true. I quickly learned that, even though I knew a thing or two about software, I knew nothing about Digital Signal Processing (DSP). I also learned that DSP is a lot more complicated than it seemed at first.

Fortunately I happened to be in the best possible place to learn SDR (electronics too) at the time. I was surrounded by RF engineers, and several of them were DSP experts. (I told this story in more detail during a panel discussion at the DEF CON 22 Wireless Village.) Even so, it took me a year or two before I was competent enough to build flexible SDR implementations that were useful for my research. As I finally achieved this goal, I started trying to help other people in the information security community learn to use the technology because I could see that there is no better tool for wireless security research, and especially for reverse engineering of radio signals, than SDR.

The first place I tried to do this was at Black Hat USA 2008. In my talk, Software Radio and the Future of Wireless Security I hoped to teach people the basics of SDR in less than an hour. I thought I could do something like "DSP in five minutes", but, as I developed the presentation, it turned out that I couldn't distill the essentials into such a small amount of time. The following year, Dominic Spill and I volunteered to give a two day SDR workshop at the first ToorCamp. We prepared some material, borrowed a little gear, and set out to teach people the practical skills of working with SDR. This effort was much better, but we had some problems. We only had enough equipment for three to six people, and about thirty showed up. We were in a hot desert full of volcanic ash that invaded all our gear. We had frequent power outages. Despite these challenges, we had a good time, and several people were able to learn some essential skills.

A few weeks later at DEF CON, Sergey Bratus convinced me to make a second attempt at the class in a more favorable setting. We happened to have the conversation while standing next to H1kari who offered a room at ToorCon San Diego, and I've been teaching there every year since then. I think we had five or six people that first year. It went quite well, but it was a challenge getting enough hardware together to allow everyone to fully participate. As the years went by, it became clear that the greatest barrier to entry was the hardware. My classes grew slowly, but they were attended primarily by people who already had SDR equipment. I was accomplishing my goal of teaching security folks about SDR, but I wasn't reaching very many people.

I had been kicking around the idea of trying to build a low cost SDR hardware platform for a long time. In fact, Project Ubertooth was originally intended to be an SDR platform. One of the primary reasons I was interested in building an SDR platform was to be able to provide something that my students could afford, something that could even be rolled into the cost of the class. It took a long time, but I eventually started the HackRF project and later completed HackRF One, an open source hardware platform for SDR. HackRF One is the most affordable general-purpose SDR transceiver in the world, and it allows more people than ever before to learn SDR.

These days I still teach at ToorCon, and I also often teach at other information security events including TROOPERS and Black Hat. The availability of HackRF (and rtl-sdr and more) has made SDR accessible to everyone in the security community and beyond. It is finally possible to bring SDR to a much wider audience, so I have started turning my course content into an online video series.

Software Defined Radio with HackRF is published under an open content license. As I continue to add more videos, I hope that it will become an even more thorough introduction to SDR than I am able to squeeze into a two day class. I hope that with this series and my in-person training, I have finally achieved my dream of making SDR easy to learn. Instead of taking a year, now people can spend a few days of fun experimentation and get started with this exciting technology.

Talking SDR with Robert Ghilduta and Balint Seeber

As usual, the DEF CON Wireless Village put on an excellent program this year at DEF CON 22. In addition to the fantastic Wireless CTF contest, the village put together an impressive schedule of talks worthy of a much larger room.

Among the speakers lined up by the village were Balint Seeber of Ettus Research, Robert Ghilduta of Nuand, and myself of Great Scott Gadgets. Since the three of us were in the same place at the same time, we sat down for a long panel discussion on Software Defined Radio. Thanks to the Wireless Village crew and Adrian Crenshaw, you can now watch video of the conversation.

I'm looking forward next year's Wireless Village. Hopefully with a larger venue for DEF CON 23, the village will have space to seat all of the people who want to attend the events there.