0 00:00:00,000 --> 00:00:30,000 This subtitle is not finished yet. If you are able to, please support us and watch the talk in amara for the last changes: https://c3subtitles.de/talk/747 Thanks! 1 00:00:00,000 --> 00:00:13,880 *33c3 prerol music* 2 00:00:13,880 --> 00:00:18,789 Herald: As mentioned before, Internet of Things, it would be great if it would work 3 00:00:18,789 --> 00:00:24,539 and one big part of Internet of Things is the Internet part. So stuff has to talk 4 00:00:24,539 --> 00:00:30,000 and cables are shit. So we use Wi-Fi and other wireless protocols. So our next 5 00:00:30,000 --> 00:00:35,140 speaker is going to take a very close look at the physical layer of LoRa, a low power 6 00:00:35,140 --> 00:00:40,780 wireless area network, and he built some stuff to actually sniff what's happening 7 00:00:40,780 --> 00:00:46,949 and inject stuff. And apparently he offered his sacrifices to the gods. So 8 00:00:46,949 --> 00:00:50,879 we'll see something. Please give a warm round of applause to Matt Knight. 9 00:00:50,879 --> 00:00:55,370 *applause* 10 00:00:55,370 --> 00:01:00,819 Matt Knight: Thank you for that warm introduction and thank you all for coming. 11 00:01:00,819 --> 00:01:04,379 I'm really excited to be here. So for the next hour or so, we're going to be talking 12 00:01:04,379 --> 00:01:08,799 about the LoRa failure. And LoRa is a low power wide area network, wireless 13 00:01:08,799 --> 00:01:14,590 technology that is designed for the Internet of Things. So first, a little bit 14 00:01:14,590 --> 00:01:17,630 of background. Myself, a software engineer and a security researcher with bestial 15 00:01:17,630 --> 00:01:21,060 networks, I have a bachelor's in engineering, electrical engineering and 16 00:01:21,060 --> 00:01:24,619 better systems from Dartmouth. But really, my interests are in applied RF security 17 00:01:24,619 --> 00:01:28,469 research. So that means everything from reverse engineering wireless protocols to 18 00:01:28,469 --> 00:01:31,950 developing functional based bands and software and HDL and also all the way up 19 00:01:31,950 --> 00:01:35,640 to software networking stocks. So all these things are interesting, interesting 20 00:01:35,640 --> 00:01:39,630 to me, but I'm really excited about the material we're going to talk about today. 21 00:01:39,630 --> 00:01:43,109 So before we get started, there aren't going to be any like zero days or 22 00:01:43,109 --> 00:01:46,510 traditional security related exploits here. But we are going to take apart a 23 00:01:46,510 --> 00:01:51,220 cutting edge wireless protocol. Let's talk about why that's important in a minute. 24 00:01:51,220 --> 00:01:54,509 But first, I'd just like to survey the room and get a sense for who's here so I 25 00:01:54,509 --> 00:01:57,979 can figure out where to spend more of my time. So if you'd be so kind as to raise 26 00:01:57,979 --> 00:02:02,569 your hand if you've heard of software defined radio. That's a lot of hands. 27 00:02:02,569 --> 00:02:06,329 That's great. OK, how about raise your hand if you know what is best for you, 28 00:02:06,329 --> 00:02:13,390 transform is awesome. And how about a symbol in the context of wireless wireless 29 00:02:13,390 --> 00:02:20,230 systems? OK, cool, this we're going to do well, this is going be fun, so why why is 30 00:02:20,230 --> 00:02:25,220 this sort of network forensics interesting or why is it relevant? Why is this 31 00:02:25,220 --> 00:02:28,180 important? The Cisco Internet Business Solutions Group has a figure that I really 32 00:02:28,180 --> 00:02:32,810 like that states that by 2020 they're going to be 50 billion devices connected 33 00:02:32,810 --> 00:02:37,580 to the Internet in some way. As we know, with the growth of mobile and the Internet 34 00:02:37,580 --> 00:02:40,240 of Things, fewer and fewer of those devices are connected with wires every 35 00:02:40,240 --> 00:02:45,350 year. And as we know, tools like Wireshark and Monitor Mode weren't always a thing, 36 00:02:45,350 --> 00:02:50,350 even for common interfaces like Wi-Fi and able to 11. Those those tools that we come 37 00:02:50,350 --> 00:02:53,520 to rely on every day exist because somebody thought to look below the layer 38 00:02:53,520 --> 00:02:58,580 they had and make it. And I believe that low level security, low level access to 39 00:02:58,580 --> 00:03:03,310 interfaces is essential for an enabling comprehensive security on various 40 00:03:03,310 --> 00:03:09,020 interfaces. So we're going to begin by discussing L.P winds at a high level and 41 00:03:09,020 --> 00:03:11,450 then we're going to do a little bit of a background on some technical radio 42 00:03:11,450 --> 00:03:15,460 concepts just so we can level out our domain knowledge and inform the rest of 43 00:03:15,460 --> 00:03:18,930 the conversation. Then I'm going to take you through my recent reverse engineering 44 00:03:18,930 --> 00:03:23,440 of the law failure that was powered through separate fun radio. And finally, 45 00:03:23,440 --> 00:03:27,680 I'm going to give you a demo of this tool called Jaala that I've made. That is an 46 00:03:27,680 --> 00:03:32,000 open source implementation of of this FI that will enable you to begin doing your 47 00:03:32,000 --> 00:03:38,610 own security research with it. So to begin, what is LoRa, what is this thing? 48 00:03:38,610 --> 00:03:44,480 It is a wireless Iot protocol and Iot is in red because some of us are are 49 00:03:44,480 --> 00:03:49,480 marketers. We're all engineers. We know that this is a dirty term. Right? Iot is 50 00:03:49,480 --> 00:03:53,260 really code for connected embedded devices and there are tons of common standards for 51 00:03:53,260 --> 00:03:58,290 embedded systems already. Everything like ITOCHU 54 and all of its friends like 52 00:03:58,290 --> 00:04:03,540 Ziggy and six Lappin, Itochu, eleven wi fi and then also more common things like 53 00:04:03,540 --> 00:04:08,650 Bluetooth and Bluetooth, low energy. And the list goes on. Right. We've got all 54 00:04:08,650 --> 00:04:11,650 these standards. What is wrong with them? Why don't we just use just one of these 55 00:04:11,650 --> 00:04:15,890 existing ones? Well, all the ones we just mentioned all require some degree of local 56 00:04:15,890 --> 00:04:20,739 provisioning. You need to connect your device to in side or hook your your Zuby 57 00:04:20,739 --> 00:04:24,421 device up to a coordinator in order to get a communicating. Some of them require 58 00:04:24,421 --> 00:04:29,820 gateways to talk out to to the Internet. And in the case of eight to 11, it's very 59 00:04:29,820 --> 00:04:35,270 power intensive. So you can't run a device for a long time on a battery. So what's 60 00:04:35,270 --> 00:04:40,090 ideal? What about cellular cellular works everywhere? It's easy to install. You 61 00:04:40,090 --> 00:04:43,320 don't have to worry about any hardware on premises. As long as you can talk to a 62 00:04:43,320 --> 00:04:48,300 tower, there could be miles away. You're good to go. Well, it's power intensive and 63 00:04:48,300 --> 00:04:51,880 in the case of certain types of the standards, they're going away. And I'm 64 00:04:51,880 --> 00:04:57,960 talking about to give us an edge service in in the United States. AT&T, one of the 65 00:04:57,960 --> 00:05:02,310 largest carriers, is saying they're going to sunset their 2G network in about three 66 00:05:02,310 --> 00:05:08,080 days in Australia. This has already happened. Telstra, which is one of the 67 00:05:08,080 --> 00:05:12,100 largest telecom companies in Australia, sunset their GPS service earlier this 68 00:05:12,100 --> 00:05:19,650 month. And all the other major carriers are soon to follow. So 2G is is works 69 00:05:19,650 --> 00:05:23,840 everywhere. It's very battery conscious and it's fairly cheap. So this is exactly 70 00:05:23,840 --> 00:05:30,170 what the Internet of Things needs to to power its communication standards. Now, 71 00:05:30,170 --> 00:05:34,110 say you're a developer and you want to move on to a new wireless standard that 72 00:05:34,110 --> 00:05:39,060 won't, you know, deprecate in three days you can either go to 3G or more modern 73 00:05:39,060 --> 00:05:43,310 cell stack, which which comes with a more expensive radio and harder power 74 00:05:43,310 --> 00:05:48,100 requirements. Or you can wait for the 3G up, which is the standards body that makes 75 00:05:48,100 --> 00:05:53,660 and maintains the cellular standards to come out with their Iot focused, with 76 00:05:53,660 --> 00:05:57,660 their Iot focused standards that are currently in development. And the 77 00:05:57,660 --> 00:06:01,210 indications that I've gotten state that those won't be ready until the end of next 78 00:06:01,210 --> 00:06:04,351 year, really at the earliest. So it's gonna be the end of twenty seventeen at 79 00:06:04,351 --> 00:06:07,800 the beginning of twenty eighteen before we start to see these things in the wild, 80 00:06:07,800 --> 00:06:12,570 which means that until then there's a massive hole in the market. So if you want 81 00:06:12,570 --> 00:06:16,190 to, if you want to develop a embedded system that requires this type of 82 00:06:16,190 --> 00:06:20,070 connectivity, you're going to have to look elsewhere. And that brings us to the topic 83 00:06:20,070 --> 00:06:23,920 of low power, wide area networks. And you can think of these networks as being just 84 00:06:23,920 --> 00:06:28,860 like cellular, but optimized for Iot and M2M communications. The architecture is 85 00:06:28,860 --> 00:06:31,750 almost exactly the same and that you have a network of base stations or gateways 86 00:06:31,750 --> 00:06:37,020 worldwide and then end nodes uplink directly to those base stations without 87 00:06:37,020 --> 00:06:41,350 any meshing or routing among themselves. It's just like a star network. Basically, 88 00:06:41,350 --> 00:06:44,660 you have these nodes, the connect directly to the base station and they have a range 89 00:06:44,660 --> 00:06:49,850 on the order Miles. It's a very similar topology to cellular. There are tons of 90 00:06:49,850 --> 00:06:54,949 standards that are there are popping up more and more every day. But the two that 91 00:06:54,949 --> 00:06:58,949 have the most momentum are LoRa and Sigge Fox. There's been a ton of investment in 92 00:06:58,949 --> 00:07:03,500 both of these technologies, actually. Just last month, LoRa Ersek Fox closed a 93 00:07:03,500 --> 00:07:09,669 hundred and fifty million Euro Series F, some late stage funding round in the Wall 94 00:07:09,669 --> 00:07:13,720 Street Journal, wrote an article recently that stated they were investigating a U.S. 95 00:07:13,720 --> 00:07:17,260 IPO soon. Additionally, Senate and activity, two of the biggest backers of 96 00:07:17,260 --> 00:07:22,080 the wharfie have raised a combined fifty one million dollars in the last year or 97 00:07:22,080 --> 00:07:26,050 two, so one from raising one hundred fifty million dollars, they're absolutely going 98 00:07:26,050 --> 00:07:30,760 for it. They're investing like crazy in these technologies. So when we say that 99 00:07:30,760 --> 00:07:33,430 these networks are optimized for the Internet of Things, we're really talking 100 00:07:33,430 --> 00:07:37,970 about two things. They're battery conscious sic. Fox advertises that they 101 00:07:37,970 --> 00:07:41,449 can get up to 10 years of battery on the amount of energy and a single AAA battery 102 00:07:41,449 --> 00:07:45,730 and their long range. And if you turn all the knobs and LoRa just right and have a 103 00:07:45,730 --> 00:07:50,180 perfect noiseless channel, they advertise that you can get thirteen point six miles 104 00:07:50,180 --> 00:07:55,270 on one of these very long range devices. And if you compare that with, you know, 105 00:07:55,270 --> 00:07:59,620 some of the standards we talked about earlier, that's pretty competitive. So how 106 00:07:59,620 --> 00:08:02,889 how do they do that? How does that work? Well, they've designed the entire system 107 00:08:02,889 --> 00:08:07,150 around the fact that they're willing to accept compromises in the protocol and the 108 00:08:07,150 --> 00:08:11,449 functionality of these devices. When I talk about compromises, I'm talking about 109 00:08:11,449 --> 00:08:16,800 aggressive duty cycling, both transmitting and listening, very sparse data, grams, so 110 00:08:16,800 --> 00:08:21,500 tiny packet sizes. And they're highly limited, meaning they can't send that many 111 00:08:21,500 --> 00:08:27,060 packets that often. Now, for example, signal limits. This is built into the FYE 112 00:08:27,060 --> 00:08:32,789 limits devices to 140 12 byte data grams per day. That's like that's like nothing. 113 00:08:32,789 --> 00:08:39,469 I think that's less than like a look at to you. It's tiny now and then weightless in 114 00:08:39,469 --> 00:08:44,879 another LP when standard is uplink only. So it can only send messages up to Gateway 115 00:08:44,879 --> 00:08:49,120 but can't receive any downlink. So for example, if you had a device deployed, you 116 00:08:49,120 --> 00:08:53,389 can never deliver firmware to it later unless you rolled a truck to it or climbed 117 00:08:53,389 --> 00:08:57,439 up the telephone pole to where it's mounted. And finally, LoRa, classi devices 118 00:08:57,439 --> 00:09:03,050 can only receive downlink for a brief window after they uplink. So if you're if 119 00:09:03,050 --> 00:09:05,790 you're an application operator and you want to send a message to a device you 120 00:09:05,790 --> 00:09:09,290 have in the field, you have to wait for that device to call home before you had 121 00:09:09,290 --> 00:09:13,500 your brief window to tell it what you want. So these systems are built around 122 00:09:13,500 --> 00:09:16,899 compromises, but that's what enables them to get some pretty incredible performance. 123 00:09:16,899 --> 00:09:22,950 All right. Let's get into the details with LoRa. So LoRa is an LP when it's developed 124 00:09:22,950 --> 00:09:28,189 by some tech, which is a French semiconductor company. Biffy was patented 125 00:09:28,189 --> 00:09:35,910 June in 2014 and LoRa when McCan network STAC was published in January of 2015. So 126 00:09:35,910 --> 00:09:39,519 this this entire standard is less than two and a half years old. It's brand new and 127 00:09:39,519 --> 00:09:42,300 it's supported by an industry trade group called the LoRa Alliance, which has 128 00:09:42,300 --> 00:09:46,731 tripled in size every year since its founding. So growing quite a bit before we 129 00:09:46,731 --> 00:09:51,160 move on. Just want to clear up some nomenclature that will help us focus in on 130 00:09:51,160 --> 00:09:57,790 what this talk is going to center on, and that is disambiguate. LoRa and LoRa, when 131 00:09:57,790 --> 00:10:02,519 LoRa refers strictly to the player, the physical layer of the standard, LoRa when 132 00:10:02,519 --> 00:10:07,369 defines a Mac and a networking, some upper layer stacks that right on top of LoRa, 133 00:10:07,369 --> 00:10:12,310 the LoRa Wanne standard, the upper layer has been published and that's public. But 134 00:10:12,310 --> 00:10:18,069 the FIGLIA itself is totally closed. So the LoRa, when upper layer stack gives 135 00:10:18,069 --> 00:10:21,851 some information about its topology, it's kind of interesting, suggests that they 136 00:10:21,851 --> 00:10:27,009 were really thinking about security when they designed it. There are kind of four 137 00:10:27,009 --> 00:10:31,139 stages in the network all the way out in the field. On your sensor you have the 138 00:10:31,139 --> 00:10:36,100 node and that connects to Gateway over a wireless link. That's the LoRa link. And 139 00:10:36,100 --> 00:10:39,689 then once you get into the gateway, everything from there up is all on. It's 140 00:10:39,689 --> 00:10:44,970 all on IP networks, just standard commercial IP networks. And then they have 141 00:10:44,970 --> 00:10:48,559 roaming that works on different networks. So you'll be able to take your device and 142 00:10:48,559 --> 00:10:53,100 move to different areas of coverage and have it all play nicely. And then you can 143 00:10:53,100 --> 00:10:56,060 hook your application server up to that as well to receive packets to and from the 144 00:10:56,060 --> 00:10:59,809 network servers. It's all over IP and they actually went as far as to define two 145 00:10:59,809 --> 00:11:04,720 different mechanisms for encrypting it. There are two different keys. You have the 146 00:11:04,720 --> 00:11:07,699 network key, which goes from the which covers from the node up to the network 147 00:11:07,699 --> 00:11:11,209 server, and then you have the application key, which is actually fully end to end. 148 00:11:11,209 --> 00:11:16,050 It goes from the end device all the way up to the to the application server. So if 149 00:11:16,050 --> 00:11:19,429 you design that right, the network should never see your traffic unencrypted. And 150 00:11:19,429 --> 00:11:25,689 they also provide a mechanism for having unique keys per device. It's built into 151 00:11:25,689 --> 00:11:29,119 the standard, but it's not required. So it's still up to the implementor to to do 152 00:11:29,119 --> 00:11:33,880 that and get that right. So there are some good thoughts that went into security with 153 00:11:33,880 --> 00:11:38,319 lawin. However, that's not what we're talking about today. That's all we're 154 00:11:38,319 --> 00:11:41,179 going to say about lawin. We're just going to tell you it exists that it rides above 155 00:11:41,179 --> 00:11:45,209 LoRa, but we're not going to go into any more detail than that. So from here on 156 00:11:45,209 --> 00:11:49,369 out, it's all LoRa all the time. We're just talking about the file here. So let's 157 00:11:49,369 --> 00:11:52,209 get into what makes that really interesting. One of the big defining 158 00:11:52,209 --> 00:11:56,589 features of LoRa and Cig Fox, the two biggest LP wins, is that they're designed 159 00:11:56,589 --> 00:12:00,809 to use what are called isman spectrum. That's what's called in the United States. 160 00:12:00,809 --> 00:12:05,949 It stands for industrial, scientific and medical. And what's cool about these these 161 00:12:05,949 --> 00:12:08,839 bands is they're what are called unlicenced, which means that you don't 162 00:12:08,839 --> 00:12:15,730 need a specific license from the FCC or you or your telecom regulation. Authority 163 00:12:15,730 --> 00:12:19,689 to operate on it. So if you go and you buy any Wi-Fi router on Amazon, you take it 164 00:12:19,689 --> 00:12:22,819 home, you plug it in, you don't need to then go and apply for a specific license 165 00:12:22,819 --> 00:12:28,209 to to be able to communicate on it because it was built to a certain standard. It is 166 00:12:28,209 --> 00:12:32,110 compliant with those unlicensed band rules and therefore can just work. So these 167 00:12:32,110 --> 00:12:36,279 these devices use that same spectrum, but to much greater effect, much longer ranges 168 00:12:36,279 --> 00:12:42,339 in a much different use case. So that's quite novel. And some other things that 169 00:12:42,339 --> 00:12:46,610 use these technologies are, you know, wi fi, Bluetooth, cordless phones, baby 170 00:12:46,610 --> 00:12:51,139 monitors, things like that. So you can think of this as occupying the same space 171 00:12:51,139 --> 00:12:56,610 in the spectrum as these. Now, why is this noteworthy, well, contrasted with the 172 00:12:56,610 --> 00:13:02,089 cellular model where cellular technologies use what is used protected spectrum, where 173 00:13:02,089 --> 00:13:06,379 you have to have specific rights to transmit on it in order to to legally use 174 00:13:06,379 --> 00:13:12,700 it. And regular regulatory authorities sell the spectrum for fortunes. But 175 00:13:12,700 --> 00:13:14,930 billions of dollars is what the spectrum sells for in the US. I'm sure it's the 176 00:13:14,930 --> 00:13:19,459 same over here. And I just want to call your attention to how expensive this is on 177 00:13:19,459 --> 00:13:24,459 the left here we have a picture. It's an excerpt from a document that I found that 178 00:13:24,459 --> 00:13:28,809 was related to the RFQs TV white space reverse auction. They're trying to 179 00:13:28,809 --> 00:13:32,879 repurpose a lot of spectrum that used to be used for digital TV. They're selling it 180 00:13:32,879 --> 00:13:37,619 off. And if you want to come in and buy some really prime low UHF spectrum to use 181 00:13:37,619 --> 00:13:42,059 for whatever purposes you have, mind you, this is just one TV station in the New 182 00:13:42,059 --> 00:13:45,399 York area. You can get out your checkbook and write a nine hundred million dollar 183 00:13:45,399 --> 00:13:51,290 check and take over CBS TV in New York. So getting into the cellular cellular game is 184 00:13:51,290 --> 00:13:55,989 crazy expensive. It costs a fortune. But there are a lot of us in here. Maybe we 185 00:13:55,989 --> 00:14:00,989 can pass the hat and and buy some spectrum at the end of this. So as a result of this 186 00:14:00,989 --> 00:14:04,920 unlicensed nature, there are a number of different models of commercialization that 187 00:14:04,920 --> 00:14:09,759 are starting to emerge. We have the traditional telecom model we're seeing 188 00:14:09,759 --> 00:14:14,600 through companies like Senate, which is a company that deploys home heating, heating 189 00:14:14,600 --> 00:14:18,929 oil tank monitoring solutions in the United States. They're also opening the 190 00:14:18,929 --> 00:14:23,209 network up for Iot applications to right on top of that traffic as well. And you'd 191 00:14:23,209 --> 00:14:27,060 operate with them just like you would operate with like Verizon or AT&T or 192 00:14:27,060 --> 00:14:33,309 Deutsche Telekom or whoever whoever you work with here. Also interesting is I 193 00:14:33,309 --> 00:14:37,709 believe it's CPN has rolled out Laurer, a commercial or network lawin network 194 00:14:37,709 --> 00:14:42,449 throughout the entire region of the Netherlands. So countries entirely covered 195 00:14:42,449 --> 00:14:47,470 with LoRa. So that's the commercial side in the middle. We also have crowdsourced 196 00:14:47,470 --> 00:14:50,759 networks. The one that I like to talk about is this group called the Things 197 00:14:50,759 --> 00:14:55,670 Network, where basically they have defined in the cloud the network server 198 00:14:55,670 --> 00:15:00,680 architecture for operating a worldwide lawin network. So if you want to provide, 199 00:15:00,680 --> 00:15:04,309 Laurieann, service on the Things Network in your your area, you can get your hands 200 00:15:04,309 --> 00:15:10,300 on Allura Gateway pointed at their network servers and basically become become a base 201 00:15:10,300 --> 00:15:14,529 station in their network from your living room, which is kind of cool. So it can 202 00:15:14,529 --> 00:15:18,030 kind of spread and grow organically based on the needs of of people like me and you 203 00:15:18,030 --> 00:15:22,959 who want, you know, the sort of service. Then finally all the way up at the up at 204 00:15:22,959 --> 00:15:27,800 the kind of independent amateur side, we have people like Travis Goodspeed and some 205 00:15:27,800 --> 00:15:31,600 of his friends that are working on a technology called LoRa Him. And that's 206 00:15:31,600 --> 00:15:35,049 leveraging the fact that you can actually get more radios that work in workaround 207 00:15:35,049 --> 00:15:39,420 for thirty three, which is in the I think it's the 70 centimeter hand band in the 208 00:15:39,420 --> 00:15:43,019 United States. So you can actually put a reasonable amount of power behind LoRa 209 00:15:43,019 --> 00:15:47,779 into tech based communications in the clear. So they're developing a Allura base 210 00:15:47,779 --> 00:15:52,569 mesh networking system for doing basic like ASCII packet radio and communicating. 211 00:15:52,569 --> 00:15:57,970 It's not public yet, but I like Pete. He's blessed me to come and tell you that he's 212 00:15:57,970 --> 00:16:01,559 that he's working on this and it should be out soon. So there are all sorts of 213 00:16:01,559 --> 00:16:05,609 different ways to use these technologies. So this is a very different paradigm, 214 00:16:05,609 --> 00:16:09,859 which we're used to. And it's opening up lots of different opportunities for how 215 00:16:09,859 --> 00:16:14,420 this technology might be used and grow. OK, so that wraps up our background on 216 00:16:14,420 --> 00:16:18,680 LoRa. We're about to get into some really technical stuff, but before we do, I want 217 00:16:18,680 --> 00:16:23,449 to go through a very short crash course on some basic radio fundamentals to try to 218 00:16:23,449 --> 00:16:27,160 even the playing field so that we can all understand this. And I call it the 219 00:16:27,160 --> 00:16:31,199 obscenely short radio crash course. But with apologies to any use a real telecom 220 00:16:31,199 --> 00:16:36,869 whizzes in the room. I think this is probably more appropriate. We're going to 221 00:16:36,869 --> 00:16:40,009 we're going to blow through this material. And I'm just going to try to pick out a 222 00:16:40,009 --> 00:16:44,519 few points that are really essential to understanding the rest of this talk. I'll 223 00:16:44,519 --> 00:16:47,160 tell you what's important and just try to grab those concepts and we'll reiterate 224 00:16:47,160 --> 00:16:51,089 them later as we go through it. So, again, we're going to be talking about the 225 00:16:51,089 --> 00:16:56,809 physical layer. And if you think about the Ossi data model that we've all seen, the 226 00:16:56,809 --> 00:17:00,639 physical layer refers to how your bits, your data get mapped into physical 227 00:17:00,639 --> 00:17:05,140 phenomena that represent them in reality. And when you're dealing with wireless 228 00:17:05,140 --> 00:17:11,720 systems, the mapping maps, the bits into into patterns of energy in an RF medium, 229 00:17:11,720 --> 00:17:16,809 RF sensor radio frequency, and there it's basically electromagnetic waves or energy 230 00:17:16,809 --> 00:17:23,459 that is just everywhere. And you can manipulate RF by using a device called a 231 00:17:23,459 --> 00:17:28,309 radio. And radios can either be harder to find where the RF kind of mechanics and 232 00:17:28,309 --> 00:17:33,159 the protocol are baked into the silicon and are inflexible. Or you can use a 233 00:17:33,159 --> 00:17:37,279 software defined radio where you have some very general, flexible silicon up front 234 00:17:37,279 --> 00:17:41,580 that basically just grab some raw information and feeds it to some sort of a 235 00:17:41,580 --> 00:17:44,490 processor, which can either be a traditional CPU or an FPGA to implement 236 00:17:44,490 --> 00:17:50,230 some of the more radio specific things and has come a long way in the most most 237 00:17:50,230 --> 00:17:53,830 recent few years. And it's now incredibly powerful. So we're going to be talking 238 00:17:53,830 --> 00:17:56,610 about both harder to find radios and tougher to find radios throughout this 239 00:17:56,610 --> 00:18:02,279 talk. So if you put together a radio coherently, you can start to develop it 240 00:18:02,279 --> 00:18:08,880 into a fire. And a fire has a has one main component or several components. But one 241 00:18:08,880 --> 00:18:12,330 of the main components is this notion of the modulation in the modulation is the 242 00:18:12,330 --> 00:18:16,850 algorithm that defines how your digital values, your bits are mapped into RF 243 00:18:16,850 --> 00:18:21,710 energy. And there are a few parameters that we can kind of tweak to do that. And 244 00:18:21,710 --> 00:18:25,260 those are amplitude frequency and phase. And then we can put them together and use 245 00:18:25,260 --> 00:18:29,850 some combination of them as well. In modulators can modulate either analog or 246 00:18:29,850 --> 00:18:34,060 digital information. But we're going to be talking about modulating digital 247 00:18:34,060 --> 00:18:38,620 information today. And an essential concept with that is this notion of a 248 00:18:38,620 --> 00:18:41,929 symbol. This is something it's very important to remember. And the symbol 249 00:18:41,929 --> 00:18:46,860 represents a discrete RF energy state that represents some quantity of information. 250 00:18:46,860 --> 00:18:50,820 So it's discretely sampled. And just think of it as being like a state in your RF 251 00:18:50,820 --> 00:18:56,720 medium. That means something. And will illustrate this in just a moment. So here 252 00:18:56,720 --> 00:18:59,600 we have two pictures of two different modulations. And I just want to put these 253 00:18:59,600 --> 00:19:05,110 up here to help you maybe get a grasp on what a symbol looks like. So on top, we 254 00:19:05,110 --> 00:19:09,260 have Frequency King, where you can see your signal is alternating between two 255 00:19:09,260 --> 00:19:12,920 frequencies. When it's on the left, it's swelling on one frequency. When it's on 256 00:19:12,920 --> 00:19:16,159 the right, it's dwelling on another frequency. Which symbol is present is 257 00:19:16,159 --> 00:19:20,750 based on where basically what frequency that signal is on at a discretely sampled 258 00:19:20,750 --> 00:19:25,809 moment in time. So you could think of this as being like, you know, it's a zero when 259 00:19:25,809 --> 00:19:29,210 the signal is rolling on the first frequency, the one on the left and it's 260 00:19:29,210 --> 00:19:35,000 one. And the signal is dwelling on the right frequency frequency, too. And you 261 00:19:35,000 --> 00:19:38,179 can see the see the analog with the bottom modulation off keying where the signal 262 00:19:38,179 --> 00:19:43,980 being present represents the one in the signal being off represents a zero. So 263 00:19:43,980 --> 00:19:47,620 hopefully that helps you get a grasp of what it is that we're talking about. There 264 00:19:47,620 --> 00:19:51,090 are, of course, more complicated Iot fires. We have spread spectrum where data 265 00:19:51,090 --> 00:19:54,179 can be basically chipped at a higher rate. It'll occupy more spectrum, but it makes 266 00:19:54,179 --> 00:19:59,990 it more resilient to noise. And then we have some technologies to do that, like 267 00:19:59,990 --> 00:20:05,490 eight to 15 for us, one that uses a spread spectrum mechanism. So we talked a bit 268 00:20:05,490 --> 00:20:09,940 about radios just a moment ago. We're going to use two different kinds of radios 269 00:20:09,940 --> 00:20:14,830 when when going through this talk. First, we have a harder to find radio, which is a 270 00:20:14,830 --> 00:20:18,300 microchip. LoRa, are in two, nine and three module. And this is basically a 271 00:20:18,300 --> 00:20:25,019 death word that has a harder to find lower radio built on to it. So this is going to 272 00:20:25,019 --> 00:20:28,450 be a transmitter they're going to be targeting. And then finally, a receiver is 273 00:20:28,450 --> 00:20:33,470 the software defined radio right here. This is an ETA USCAP B to ten. It's just a 274 00:20:33,470 --> 00:20:37,100 commodity software defined radio board. And basically what this thing does is it 275 00:20:37,100 --> 00:20:41,450 gets raw RF information from the air, serves it to my computer so they can start 276 00:20:41,450 --> 00:20:46,191 to work with it. With commodity tools like Python, I can do radio, things like that 277 00:20:46,191 --> 00:20:51,390 to start to process it. One less thing to cover is the fast forward to transform the 278 00:20:51,390 --> 00:20:57,889 Esperia transform basically takes a signal in decomposes it into all of the the the 279 00:20:57,889 --> 00:21:02,929 smaller signals, the some carriers, the composite and any periodic signal can be 280 00:21:02,929 --> 00:21:06,990 models of some of harmonic sine waves. So basically the FFT takes any signal and 281 00:21:06,990 --> 00:21:13,090 unravels it into the components. And why we care about this is it takes it's 282 00:21:13,090 --> 00:21:18,340 basically a very easy way for analyzing and visualizing signals in the frequency 283 00:21:18,340 --> 00:21:21,850 domain. So when we put it take a bunch of 50s and put them together, we get this 284 00:21:21,850 --> 00:21:26,330 picture called a spectrogram where you have time in the the ones we're going to 285 00:21:26,330 --> 00:21:29,909 be looking at all the time in the Y axis frequency in the Z axis and then sorry, 286 00:21:29,909 --> 00:21:34,669 frequency in the X axis and power in the Z axis. So the intensity of the color is how 287 00:21:34,669 --> 00:21:38,950 how powerful that component is at that instant in time. So here you can start to 288 00:21:38,950 --> 00:21:43,371 visualize all the different signals that are present. OK, raise your hand if you're 289 00:21:43,371 --> 00:21:51,330 an expert. I see a few heads. Hopefully this is all that we're going to need. I'm 290 00:21:51,330 --> 00:21:53,789 going to reiterate some of these concepts as we go through. So I really hope that 291 00:21:53,789 --> 00:21:57,919 doesn't doesn't alarm you, son. You're running for the door. It's going can be 292 00:21:57,919 --> 00:22:01,610 very visual as we go through it. And hopefully the graphics will help keep this 293 00:22:01,610 --> 00:22:07,090 all grounded. So let's get into the meat of how this Laurer fireworks. LoRa uses a 294 00:22:07,090 --> 00:22:10,340 really neat proprietary fire that's built on a modulation called chirp spread 295 00:22:10,340 --> 00:22:17,169 spectrum success for short. Now, what is a chirp? Chirp is a signal whose frequency 296 00:22:17,169 --> 00:22:21,320 continuously increases or decreases. You can think of it as being like a sweet 297 00:22:21,320 --> 00:22:27,480 tone. And if we visualize it, using a spectrogram is before it looks kind of 298 00:22:27,480 --> 00:22:30,860 like this. In this case, we have a finite amount of bandwidth and the frequency 299 00:22:30,860 --> 00:22:35,380 either increases or decreases. You can have up chirps or down chirps until it 300 00:22:35,380 --> 00:22:38,630 reaches the end of its band. And then it wraps around back to the bottom, back to 301 00:22:38,630 --> 00:22:44,149 the beginning and continues. So here you can see that the frequency that the first 302 00:22:44,149 --> 00:22:47,540 derivative of frequency is constant. So the frequency is always increasing or 303 00:22:47,540 --> 00:22:51,070 decreasing at the same rate. And then when it hits the end of the band, it just wraps 304 00:22:51,070 --> 00:22:56,889 it keeps going. So why use something like success, it has really great it has 305 00:22:56,889 --> 00:23:01,000 properties that make it really resilient to noise and very performance, low power. 306 00:23:01,000 --> 00:23:05,090 So all these things with Iot focused radios and having having very long battery 307 00:23:05,090 --> 00:23:10,259 life, these are properties that lend directly to that sort of efficiency. It's 308 00:23:10,259 --> 00:23:12,679 also really resilient to multi path and Doppler, which is great for urban and 309 00:23:12,679 --> 00:23:20,409 mobile uses. So this is an interesting set of sort of features here. Where else do we 310 00:23:20,409 --> 00:23:26,299 see chirps radar is. I just heard it. Thank you. Yeah. Radar is a really common 311 00:23:26,299 --> 00:23:31,220 common usage. And you'll see military marine radars sometimes refer to chirps as 312 00:23:31,220 --> 00:23:36,710 wide band or pulse compression if they're using chirping in the radar scheme. And 313 00:23:36,710 --> 00:23:40,100 they're also used for scientific over the horizon radars as well. And there's an 314 00:23:40,100 --> 00:23:44,450 open source project called the New Chirp Sounder that has some some features like 315 00:23:44,450 --> 00:23:49,419 that for for visualizing these over the horizon scientific radars. And also in a 316 00:23:49,419 --> 00:23:53,120 past life, I worked on a scientific radar called Super Dhan, which is a similar over 317 00:23:53,120 --> 00:23:59,080 the horizon radar for visualizing ionospheric activity. Cool. So that's a 318 00:23:59,080 --> 00:24:02,519 little bit of background on the technology here. So this is kind of my journey into 319 00:24:02,519 --> 00:24:07,100 into starting to work with LoRa here. In December. Twenty fifteen, I joined this 320 00:24:07,100 --> 00:24:10,980 company, Bestilo, where I'm currently. And on the research team we have these weekly 321 00:24:10,980 --> 00:24:14,990 meetings where we get together and we look at new either new R.F. techniques or 322 00:24:14,990 --> 00:24:17,009 protocols, things that are interesting. And we basically just have a deep 323 00:24:17,009 --> 00:24:21,549 brainstorm on how they work. And and what's interesting and the first meeting 324 00:24:21,549 --> 00:24:24,690 that I participated in, it was the first week that I joined. They were mentioning 325 00:24:24,690 --> 00:24:29,070 they were talking about these L.P technologies. They sounded pretty cool. So 326 00:24:29,070 --> 00:24:34,529 we broke for Christmas. So I went back to to New York where I'm from, and, you know, 327 00:24:34,529 --> 00:24:39,659 brought my radio and sort of poking around and seeing what I could find. And my 328 00:24:39,659 --> 00:24:43,870 colleagues looked in San Francisco, Atlanta, and I also worked in Boston. I 329 00:24:43,870 --> 00:24:47,809 was there, too. And we didn't see LoRa anywhere in December. Fortunately, a few 330 00:24:47,809 --> 00:24:53,960 weeks later, I was I was at a meetup and I encountered this company, Senate. I was 331 00:24:53,960 --> 00:24:57,049 living in Cambridge, Massachusetts, at the time. And they were talking about their 332 00:24:57,049 --> 00:25:01,220 their home heating oil monitoring network sounded pretty cool. So I looked him up 333 00:25:01,220 --> 00:25:04,990 later and was watching one of the marketing videos. And there was like a two 334 00:25:04,990 --> 00:25:08,570 or three second bit where you could see one of their technicians operating a 335 00:25:08,570 --> 00:25:11,899 computer. Right. And they put up this picture and this looks just like a 336 00:25:11,899 --> 00:25:16,820 coverage map. Right. So, you know, this could be fake data or it could be live. 337 00:25:16,820 --> 00:25:22,809 And I took a bit of a closer look and I realized where that is. That's Portsmouth, 338 00:25:22,809 --> 00:25:26,100 New Hampshire. That's like an hour away from Boston. So there's really only one 339 00:25:26,100 --> 00:25:32,850 thing to do. So I hop in my car, I drive up to New Hampshire, to Maine border, and 340 00:25:32,850 --> 00:25:39,500 there's, you know, me behind the wheel, my Saab with the USPI on the dash. And after 341 00:25:39,500 --> 00:25:42,880 about ten minutes in the Marriott parking lot across the street from there from 342 00:25:42,880 --> 00:25:47,080 their headquarters, we have our first sighting of LoRa in the wild. There it is. 343 00:25:47,080 --> 00:25:53,210 It's the first signal I recorded. So let's take a closer look at what we have here. 344 00:25:53,210 --> 00:25:56,289 So if we look at the top third of the picture, we have a series of repeated up 345 00:25:56,289 --> 00:25:59,269 trips. You can see the signal is just continuously increasing until it hits the 346 00:25:59,269 --> 00:26:03,539 band and then it wraps and continues. And knowing what we know about digital 347 00:26:03,539 --> 00:26:07,509 communication systems, most of them have some notion of a preamble or training 348 00:26:07,509 --> 00:26:12,269 sequence to tell a receiver that, hey, heads up, you're about to get a packet. So 349 00:26:12,269 --> 00:26:15,820 probably with that is following that, you can see the chip direction changes right 350 00:26:15,820 --> 00:26:20,080 in the middle and you have two and a quarter downtowners. And this looks like a 351 00:26:20,080 --> 00:26:23,950 start, a frame delimiter or a synchronization element. So this tells the 352 00:26:23,950 --> 00:26:27,880 receiver, hey, heads up, preambles over. You're about to get you're about to get 353 00:26:27,880 --> 00:26:32,269 the data. You're about to get get the payload here. And finally, you can see the 354 00:26:32,269 --> 00:26:36,950 chip direction again, changes to the up chirps. But this time the chirps are kind 355 00:26:36,950 --> 00:26:41,039 of choppy. You see, they jump around throughout the band, you know, just kind 356 00:26:41,039 --> 00:26:45,230 of arbitrarily. It's not arbitrary, though. That's actually the data being 357 00:26:45,230 --> 00:26:50,700 encoded into the fire. So here we can see that the chirp frequency, that is the 358 00:26:50,700 --> 00:26:54,149 first derivative of the frequency, the rate at which the frequency changes 359 00:26:54,149 --> 00:26:58,890 remains constant. Right. However, the instantaneous frequency may change within 360 00:26:58,890 --> 00:27:02,370 the band. So you may have these jumps, but remember that the rate at which it's 361 00:27:02,370 --> 00:27:07,960 changing is always constant. You can just have those discontinuities in those 362 00:27:07,960 --> 00:27:13,790 instantaneous frequency changes represent data being modulated onto the chirps. You 363 00:27:13,790 --> 00:27:17,029 can kind of think of this as being like a frequency modulated chirp with an FM 364 00:27:17,029 --> 00:27:22,149 signal. You have a static carrier, a carrier at a fixed frequency that you're 365 00:27:22,149 --> 00:27:27,049 modulating to produce that signal. The modulated signal here we're modulating a 366 00:27:27,049 --> 00:27:31,049 chirp signal to produce the to produce that. So rather than having a fixed 367 00:27:31,049 --> 00:27:36,879 frequency that you're modulating your modulating this continuous chirp. Cool. So 368 00:27:36,879 --> 00:27:39,039 let's get our hands dirty. Let's figure out how this thing works and start to pull 369 00:27:39,039 --> 00:27:43,780 some data out of it before we dove into the modulating it, let's take a look at 370 00:27:43,780 --> 00:27:48,269 what we know through some open source intelligence. And using open source 371 00:27:48,269 --> 00:27:51,930 intelligence is a great way to really kind of shortcut the reverse engineering 372 00:27:51,930 --> 00:27:55,590 process. Because otherwise, you can you can wind up doing a lot more work than you 373 00:27:55,590 --> 00:28:00,150 have to. So there are a few things that are really useful. We'll talk about these 374 00:28:00,150 --> 00:28:04,999 as we go through this. This material first thing we found. First thing I found was 375 00:28:04,999 --> 00:28:09,639 the Simsek European patent application. It was in the EU market, but basically 376 00:28:09,639 --> 00:28:16,399 defined it modulation. That looked a lot like what Lura could be. That's the number 377 00:28:16,399 --> 00:28:18,450 if you want to look it up later. But that had some pretty good information in their 378 00:28:18,450 --> 00:28:25,070 final year. Secondly, we have the law of the law when spek. And again, that's the 379 00:28:25,070 --> 00:28:29,809 layer to add up spec that's open, not the PHY, but it still has some references and 380 00:28:29,809 --> 00:28:34,029 define some terms that are likely going to be analogous to the file. So it's still 381 00:28:34,029 --> 00:28:36,990 pretty useful. And finally, we have two application notes from some tech that were 382 00:28:36,990 --> 00:28:42,860 pretty juicy. The first one and there are the the 18 one contained a number of 383 00:28:42,860 --> 00:28:46,190 reference algorithms for implementing a whitening sequence, which is like a 384 00:28:46,190 --> 00:28:52,380 scrambler. We'll talk through that or we'll talk about that momentarily. And 385 00:28:52,380 --> 00:28:56,919 then twenty two had just a general overview of the fine, define some terms. 386 00:28:56,919 --> 00:29:02,800 Also, there was some prior art online. There was a partial implementation in RTL 387 00:29:02,800 --> 00:29:07,750 Strangelove that didn't really seem to be maintained. It seemed pretty neglected and 388 00:29:07,750 --> 00:29:12,601 I never really got it to to do anything at all. But we're still good to look at and 389 00:29:12,601 --> 00:29:16,110 had some really good hints in there. And then there were also some very high level 390 00:29:16,110 --> 00:29:21,649 observations in the FI in this wiki page based an else decoding LoRa. It was mostly 391 00:29:21,649 --> 00:29:26,399 just like looking at the spectrum and seeing that it's a chirp modulation and 392 00:29:26,399 --> 00:29:30,330 example recordings and things like that. So from this documentation, we can start 393 00:29:30,330 --> 00:29:35,429 to pull out some definitions defined. We have the bandwidth, which is how much 394 00:29:35,429 --> 00:29:39,130 spectrum the chirp can occupy, the spreading factor, which is the number of 395 00:29:39,130 --> 00:29:43,950 bits encoded symbol. And remember, the symbol is it's just an RF state rights, 396 00:29:43,950 --> 00:29:49,169 the number of bits in each RF state within the modulation. And then finally we have 397 00:29:49,169 --> 00:29:52,370 this thing called the chirp rate, which we've kind of hinted at. It's the first 398 00:29:52,370 --> 00:29:57,360 derivative of the chirp frequency. So the rate at which that that chirp signal is is 399 00:29:57,360 --> 00:30:01,220 constantly changing. And we can pull some numbers out of this documentation to 400 00:30:01,220 --> 00:30:05,289 define those. So we actually have have some common constants for the first two. 401 00:30:05,289 --> 00:30:10,380 And then we find a formula in one of those documentations that states the rate is a 402 00:30:10,380 --> 00:30:15,590 function of those first two. And since there's a finite number of values there, 403 00:30:15,590 --> 00:30:19,919 we can start to iterate and just try all the different frequencies and start to 404 00:30:19,919 --> 00:30:25,899 find one that that works. So in this case, what is the symbol we've talked about how 405 00:30:25,899 --> 00:30:31,169 how this modulation is basically frequency modulated chirps. Right. So what we're 406 00:30:31,169 --> 00:30:35,029 going to try to do with these demodulator is quantify exactly where the chirp jumps 407 00:30:35,029 --> 00:30:39,600 to whenever we have one of those discontinuities. So let's start working 408 00:30:39,600 --> 00:30:42,860 through it here. There are really three steps we're going to we're going to 409 00:30:42,860 --> 00:30:45,331 achieve. We're going to identify the preamble, which is the beginning of the 410 00:30:45,331 --> 00:30:50,059 frame denoted with the one we're going to find the start of that of the FI data unit 411 00:30:50,059 --> 00:30:53,320 by look, by looking in, synchronizing against the sink word, which are those 412 00:30:53,320 --> 00:30:57,090 downshifts that are there. And then finally, step three is we're going to try 413 00:30:57,090 --> 00:31:00,110 to figure out how to extract the data from these instantaneous frequency transitions. 414 00:31:00,110 --> 00:31:05,059 And to do that, we need to quantify them. Now, there's a technique that I found 415 00:31:05,059 --> 00:31:08,799 pretty early on. It was enormously helpful for doing this, and that is to transform 416 00:31:08,799 --> 00:31:12,990 the signal by describing it. And we'll show you what the result is in just a 417 00:31:12,990 --> 00:31:17,480 moment. But first, we're going to have to do some math. And math doesn't read 418 00:31:17,480 --> 00:31:22,559 because it's scary, but it's it's not really it's actually pretty easy. So 419 00:31:22,559 --> 00:31:25,460 there's a basic basic property of complex signals that states that if you multiply 420 00:31:25,460 --> 00:31:30,600 two signals together, if you multiply two signals together, the resulting signal has 421 00:31:30,600 --> 00:31:36,259 the frequency of the frequency of each of the components added together. And from 422 00:31:36,259 --> 00:31:40,980 that, if we multiply a signal with one frequency against the signal that has the 423 00:31:40,980 --> 00:31:44,700 negative value of its frequency, the result is zero. We get a deep we get a 424 00:31:44,700 --> 00:31:49,010 constant signal and we're working at baseband here, which means the center of 425 00:31:49,010 --> 00:31:53,980 the band is zero hertz so we can see negative frequencies and things like that. 426 00:31:53,980 --> 00:31:58,650 So if you multiply an up and down chirp together, what do you get? You get 427 00:31:58,650 --> 00:32:03,980 constant frequency. Now why do I say constant frequency rather than DC? If the 428 00:32:03,980 --> 00:32:06,730 troops are out of phase with one another, there might be an offset from from zero 429 00:32:06,730 --> 00:32:12,159 hertz there. So so it might not be perfectly aligned with zero hertz. We 430 00:32:12,159 --> 00:32:16,980 might do expect to get some offset there. So what happens if you multiply a chirp 431 00:32:16,980 --> 00:32:21,260 signal like this separately against an up chirp and it down chirp. So to do 432 00:32:21,260 --> 00:32:24,790 different two different operations produced two different products. What do 433 00:32:24,790 --> 00:32:29,080 you think is going to happen? Well, if you do that, you get these pretty pictures 434 00:32:29,080 --> 00:32:33,220 right here, so here you can see those those there's really kind of tricky 435 00:32:33,220 --> 00:32:36,983 diagonal chirp signals that are cutting all of your spectrum, are hard to measure, 436 00:32:36,983 --> 00:32:42,659 are translated into these nice, you know, nice signals that are aligned in time. And 437 00:32:42,659 --> 00:32:47,190 that looks like something we can start to really work with and do something with. So 438 00:32:47,190 --> 00:32:49,860 we need to quantify those. So, again, remember symbols, we're going to keep 439 00:32:49,860 --> 00:32:53,249 coming back to this. It's an hour of state. The results represent some number 440 00:32:53,249 --> 00:32:59,639 of bits and the law, LoRa, has this value called the spreading factor that we found 441 00:32:59,639 --> 00:33:04,450 some of the documentation that defines the number of bits encoded for symbol. And 442 00:33:04,450 --> 00:33:06,720 from the picture we saw a little bit earlier, the common values are seven 443 00:33:06,720 --> 00:33:13,780 through 12 or six or 12. You see you see them both in different markets. So from 444 00:33:13,780 --> 00:33:17,720 that, how many possible symbols to be expressed? There can be? Well, each bit 445 00:33:17,720 --> 00:33:22,610 can have, you know, two states is your one. And there are spreading factor number 446 00:33:22,610 --> 00:33:27,749 of bits. The number of symbols is two to the spreading factor. So how can we start 447 00:33:27,749 --> 00:33:33,019 to quantify these these symbols and start to pull them out of the fire? So the steps 448 00:33:33,019 --> 00:33:36,200 that I found that were that were the trick to this were to channelize and resample 449 00:33:36,200 --> 00:33:41,899 the signal to the bandwidth, decrypt the signal with the look of the signal with a 450 00:33:41,899 --> 00:33:45,889 locally generated chirp we just talked about. Then we're going to take a fast 451 00:33:45,889 --> 00:33:50,759 Fauria transform that signal where the number of bends of the 50 that we compute 452 00:33:50,759 --> 00:33:55,149 is equal to the number of possible symbols. And we'll illustrate this 453 00:33:55,149 --> 00:33:58,909 momentarily. And then if we do that correctly, then the most powerful 454 00:33:58,909 --> 00:34:02,679 component in that Pesquería transform, that is the strongest component frequency 455 00:34:02,679 --> 00:34:06,549 that we get back from that operation is the symbol that we're looking for, 456 00:34:06,549 --> 00:34:10,100 somebody chirping it. We get it into a form where we really expect her to only be 457 00:34:10,100 --> 00:34:16,360 one strong component per FFT, whereas if we didn't ditch it when we took the 50 of 458 00:34:16,360 --> 00:34:20,330 of a chirps worth of symbols, we would see the energy kind of spread all throughout, 459 00:34:20,330 --> 00:34:23,460 all throughout all the different bits. But by describing it correctly, all that 460 00:34:23,460 --> 00:34:29,700 energy gets pushed into one bin and we get a single but clear value out of it. So if 461 00:34:29,700 --> 00:34:33,150 we do that, we get a picture that looks like this in here at the Z axis again, is 462 00:34:33,150 --> 00:34:38,191 the is the intensity, the power present. And we expect that to be the symbol that 463 00:34:38,191 --> 00:34:41,630 we're looking for. And here it's aligned in time with the base chip on the left 464 00:34:41,630 --> 00:34:47,900 there. So here are the steps again. We mentioned this earlier. Let's look for the 465 00:34:47,900 --> 00:34:53,740 for the preamble. Right. What's a stupid, simple algorithm for finding this? Let's 466 00:34:53,740 --> 00:34:58,000 do it. Let's do it at 50 and let's look for basically the most powerful component 467 00:34:58,000 --> 00:35:03,200 being in the same bin for some number of consecutive Fatty's easy fighting. The SFD 468 00:35:03,200 --> 00:35:06,910 is the same thing. But again, this time we're going to do it on the opposite 469 00:35:06,910 --> 00:35:11,990 ditcher product. So when we did it, we get back to different streams. We get one of 470 00:35:11,990 --> 00:35:16,600 the D chirped up, chirps in one of the D chirp downstairs so we can look at the 471 00:35:16,600 --> 00:35:24,660 opposite stream and do the same algorithm looking for the the safety here. Important 472 00:35:24,660 --> 00:35:28,410 caveat. Accurately synchronizing on the Safdie is essential for getting good, good 473 00:35:28,410 --> 00:35:32,720 data out of this, this modulation, because if you have a bad sync then you can wind 474 00:35:32,720 --> 00:35:36,960 up having your bisley, your symbols, the samples that comprise your symbol spread 475 00:35:36,960 --> 00:35:42,350 between multiple adjacent fêtes if that happens and you get incorrect data. Now 476 00:35:42,350 --> 00:35:46,030 let's illustrate what that looks like. If you look at rows thirty nine fifty, you 477 00:35:46,030 --> 00:35:49,490 can see that visually it's almost impossible to tell which of those two 478 00:35:49,490 --> 00:35:52,160 readings represents the symbol. You see, there are two different values that are 479 00:35:52,160 --> 00:35:57,040 really powerful. That's the result of basically basically half of the samples 480 00:35:57,040 --> 00:36:01,490 from one chirp and basically half of the sample from Chirp N and then half of the 481 00:36:01,490 --> 00:36:05,580 samples from sample from chirp end plus one wind up in the same FFT. So when we do 482 00:36:05,580 --> 00:36:08,470 it, we get those two components in there. And it's really it's really ugly and hard 483 00:36:08,470 --> 00:36:13,560 to work with. So we can solve this by using a technique called overlapping 484 00:36:13,560 --> 00:36:18,040 Mufti's when looking for our safety synchronization. And basically what that 485 00:36:18,040 --> 00:36:21,580 means is we're going to process each sample multiple times with the effect of 486 00:36:21,580 --> 00:36:27,110 getting better resolution in time of our resulting Mufti's. It's more 487 00:36:27,110 --> 00:36:31,860 computationally intensive, but it gets us much better, better fidelity here. So if 488 00:36:31,860 --> 00:36:34,970 we do that, this is what the result looks like. It's a little bit hard to see right 489 00:36:34,970 --> 00:36:39,000 now. I'll get you a better picture in a moment, but basically it's much less 490 00:36:39,000 --> 00:36:43,740 ambiguous in terms of which symbol is present. So if we use those overlapping 491 00:36:43,740 --> 00:36:49,400 50s, we can synchronize on that SFD. And then once we know exactly where the first 492 00:36:49,400 --> 00:36:53,160 symbol of the data unit is and our buffer, we can go back to using non overlapping 493 00:36:53,160 --> 00:36:58,110 Mufti's, which are more computationally more computationally efficient. And get us 494 00:36:58,110 --> 00:37:01,550 a nice read on the right here. You can see that again, if we look at lines thirty 495 00:37:01,550 --> 00:37:05,880 eight and thirty nine, that ambiguity is gone. Right. You can see exactly where the 496 00:37:05,880 --> 00:37:08,940 most intensive were, the most intense binnaz and therefore which symbol is 497 00:37:08,940 --> 00:37:12,740 present. And here's the whole frame synchronized. So we got the collisions on 498 00:37:12,740 --> 00:37:18,730 the left and doesn't look that great on the right it's much clearer. Cool. So 499 00:37:18,730 --> 00:37:22,890 again we recompute more computationally intensive and then we get out data. Now, 500 00:37:22,890 --> 00:37:27,590 one last thing we have to do to wrap up the modulation. So doing this again, 501 00:37:27,590 --> 00:37:31,980 remember, we were talking about the chermayeff, if our troops aren't perfectly 502 00:37:31,980 --> 00:37:37,290 aligned, then then the resulting deterrence signal might not necessarily be 503 00:37:37,290 --> 00:37:40,480 off of the same reference. Right. And of course, we don't know what chirp was used 504 00:37:40,480 --> 00:37:45,170 to generate the signal on the transmitter. So we have to find some way of normalizing 505 00:37:45,170 --> 00:37:49,620 this data to account for that that that first discrepancy. And we can do that by 506 00:37:49,620 --> 00:37:53,260 referencing the preamble. And it just so happens that the preamble, when you do it, 507 00:37:53,260 --> 00:37:56,670 always represents simple value zero. So you can basically just do a modulo 508 00:37:56,670 --> 00:38:00,250 operation on your receive symbols to rotate that back. So all the symbols are 509 00:38:00,250 --> 00:38:05,430 referenced off of the preamble and you're good to go. And that's it, right. Not even 510 00:38:05,430 --> 00:38:11,100 close. We're just getting started, people. Why is that? Because the data here is 511 00:38:11,100 --> 00:38:15,360 encoded. What is encoding? Basically encoding is a transformation that is 512 00:38:15,360 --> 00:38:18,600 applied to the data before it's transmitted. Why would you do something 513 00:38:18,600 --> 00:38:25,290 like that? Because encoding increases over the year. Resiliency. Why? Why is this 514 00:38:25,290 --> 00:38:29,780 necessary? Right. Remember that we're dealing with unlicensed spectrum. Right. 515 00:38:29,780 --> 00:38:32,490 This is what the nine hundred megahertz band, which is what LoRa uses in the 516 00:38:32,490 --> 00:38:36,970 United States, looks looks like look at all that stuff. It's not LoRa, right? That 517 00:38:36,970 --> 00:38:39,640 stuff is there to ruin your day. It's there to create all sorts of interference 518 00:38:39,640 --> 00:38:43,870 and make your receiver not work the way you expect. So RF is a really brutal 519 00:38:43,870 --> 00:38:47,420 environment. There's all sorts of interference. And basically the encoding 520 00:38:47,420 --> 00:38:51,310 is a way of treating your data so that even if you have a non ideal reception, 521 00:38:51,310 --> 00:38:56,110 you can still get the data out of the frame. So what do we have here? Remember 522 00:38:56,110 --> 00:38:58,700 that LoRa's clotheshorse, we have some material that's available through data 523 00:38:58,700 --> 00:39:03,300 sheets, but we really don't know for sure definitively what's in this file. So, 524 00:39:03,300 --> 00:39:06,520 again, we're going to go back to open source intelligence to figure out what we 525 00:39:06,520 --> 00:39:10,050 know and then try to narrow in on how we're going to iterate through this and 526 00:39:10,050 --> 00:39:15,120 figure out how it works. So from the patent, we have a number of very good 527 00:39:15,120 --> 00:39:20,550 clues. First of all, it refers to the stage called gray indexing, which, as is 528 00:39:20,550 --> 00:39:23,740 defined there should add zero tolerance. In the event that you read, a symbol is 529 00:39:23,740 --> 00:39:28,990 being off by one, off by one bit. But if you if you read a symbol in the incorrect, 530 00:39:28,990 --> 00:39:33,210 then secondly, you have data whitening, which induces randomness into the frame. 531 00:39:33,210 --> 00:39:37,490 We'll talk about that momentarily. If interleaving, which scrambles the bits 532 00:39:37,490 --> 00:39:42,200 within the frame, then you have for error correction, which adds correcting parody 533 00:39:42,200 --> 00:39:45,240 bits, you can think of it as being a parody bits on steroids rather than 534 00:39:45,240 --> 00:39:47,860 telling you that just an error occurred. It can actually help you correct the error 535 00:39:47,860 --> 00:39:53,100 without needing retransmit. So we have four different things to that to comprise 536 00:39:53,100 --> 00:40:00,700 the encoding there in the patent. Right. So that's awesome. It's easy, right? Why 537 00:40:00,700 --> 00:40:12,200 is that? Because documentation lies to us and even. And even even the clear, even 538 00:40:12,200 --> 00:40:19,040 the clearest signals can can can lead us into dead ends. So let me show you how. So 539 00:40:19,040 --> 00:40:22,650 the grand hexing we read to represent great cotting, which is just a basic 540 00:40:22,650 --> 00:40:27,990 binary transformation that you can use to treat data whitening. We actually have 541 00:40:27,990 --> 00:40:31,450 defined in one of the application notes reference designs for the pseudo random 542 00:40:31,450 --> 00:40:35,120 number generators that you use for use of the whitening. It's like C-code that you 543 00:40:35,120 --> 00:40:41,320 can copy and paste. So this should be like this should be rock solid. Step three, we 544 00:40:41,320 --> 00:40:45,520 have an actual algorithm for the EarlyBird that is defined in the patent. I'll show 545 00:40:45,520 --> 00:40:51,570 you what it is momentarily. And then finally, step four suggests that having a 546 00:40:51,570 --> 00:40:55,860 human code is used, which is just a standard for error correction mechanism. 547 00:40:55,860 --> 00:41:01,100 So the first thing to focus on figuring out here is the data whitening. And that's 548 00:41:01,100 --> 00:41:04,350 a critical step because this is the way the whitening works, is you X or your 549 00:41:04,350 --> 00:41:08,480 message against a random string. And unless you know what the random string is, 550 00:41:08,480 --> 00:41:12,520 you're not going to be able to make any sense of what follows it. So figuring out 551 00:41:12,520 --> 00:41:15,820 that random string is essential to being able to even make sense of what follows 552 00:41:15,820 --> 00:41:20,770 it. So, again, with whitening, you take your you take your your buffer that's 553 00:41:20,770 --> 00:41:23,910 going out to the radio and you exhort against a pre computed sort of random 554 00:41:23,910 --> 00:41:28,580 string that is known to both the transmitter and the receiver. Then when 555 00:41:28,580 --> 00:41:32,680 the receiver gets in the frame, it explores that the received buffer against 556 00:41:32,680 --> 00:41:35,660 the same sequence that the transmitter used. And you get back to the original 557 00:41:35,660 --> 00:41:39,500 data because if you remember, explores its own inverse. So that nicely undoes itself. 558 00:41:39,500 --> 00:41:44,550 Now, why would we bother with whitening, and that's because having random data is 559 00:41:44,550 --> 00:41:49,770 really good for receivers similar to Manchester and coding, where basically by 560 00:41:49,770 --> 00:41:53,820 by encoding the data such that you don't have some number of consecutive values of 561 00:41:53,820 --> 00:41:58,160 some number of consecutive symbols of the same value. You get this nice random data 562 00:41:58,160 --> 00:42:01,580 source. What that does is creates lots of edges for your receiver to do clock 563 00:42:01,580 --> 00:42:06,050 recovery against so you get better reception of longer messages or if your 564 00:42:06,050 --> 00:42:10,220 clocks are bad. Manchester, of course, comes with the penalty of a reduced bit 565 00:42:10,220 --> 00:42:14,840 rate. It actually cuts the effective bit rate that you can use into half of the 566 00:42:14,840 --> 00:42:18,420 battery was whitening, does not. The caveat is that you have to know what the 567 00:42:18,420 --> 00:42:24,240 string is in order for it to work. So let's find the waiting sequence. We've got 568 00:42:24,240 --> 00:42:28,340 these algorithms in the in the application note, we've got some examples and strange 569 00:42:28,340 --> 00:42:35,040 love. None of them worked, so we had to figure this out empirically. How can we do 570 00:42:35,040 --> 00:42:39,210 that when there's interleaving and for error correction in in the in the pipeline 571 00:42:39,210 --> 00:42:42,980 here? Right. You know, we can we can send something that might, you know, put the 572 00:42:42,980 --> 00:42:47,550 whitening in a certain state that we could we could leverage. Right. But we still 573 00:42:47,550 --> 00:42:49,550 have these unknown transforms and follow it. How are we going to be able to figure 574 00:42:49,550 --> 00:42:52,880 out what what goes up? How are we going be able to figure out the whitening when 575 00:42:52,880 --> 00:42:56,910 those operations are in the loop, too? Well, we need to bound the problem and 576 00:42:56,910 --> 00:43:02,420 make some assumptions that we can start to iterate through this black box problem. So 577 00:43:02,420 --> 00:43:04,980 we're going to assume that the Forder correction is what the documentation tells 578 00:43:04,980 --> 00:43:09,680 us. It is the Heming and for and we're also going to make another assumption and 579 00:43:09,680 --> 00:43:14,650 we're going to set the spreading factor equal to eight bits per symbol. And 580 00:43:14,650 --> 00:43:17,900 basically, if you do that, then it makes it such that we'll have exactly one 581 00:43:17,900 --> 00:43:25,480 Heming, eight four code word per eight bits per symbol, because if we set the 582 00:43:25,480 --> 00:43:29,421 number of total bits in our having error correcting code to eight, if it's 583 00:43:29,421 --> 00:43:32,540 possible, fits very nicely and should work out well. Now there's another very useful 584 00:43:32,540 --> 00:43:35,360 property of the Hemingford Error correcting code scheme that we're also 585 00:43:35,360 --> 00:43:40,560 going to exploit, and that's that Heming eight for contains four data bits and four 586 00:43:40,560 --> 00:43:48,130 parity bits each. And for 14 of those 16 states, again, remember two possible 587 00:43:48,130 --> 00:43:55,250 states per bit to the power for data bits per code word in each of those in 14 of 588 00:43:55,250 --> 00:44:00,880 those 16 code word possibilities, other for ones and for zeroes each. However, for 589 00:44:00,880 --> 00:44:05,640 the four, the word for data Knebel zero. That's four zeros. The code word of that 590 00:44:05,640 --> 00:44:12,390 is eight zeros. So it's totally non additive. So if we if we send our error 591 00:44:12,390 --> 00:44:17,450 correcting scheme a string of zeros to apply itself to, it's totally not 592 00:44:17,450 --> 00:44:22,310 additive. We get back twice as many zeros so we can leverage that to do something to 593 00:44:22,310 --> 00:44:25,300 try to cancel out that for error correcting stage. So let's go ahead and 594 00:44:25,300 --> 00:44:30,440 transmit a string of zeros. Right. So, again, if it's hamming it for his resume, 595 00:44:30,440 --> 00:44:35,610 we expect that stage for the four year curtain code to cancel out, right. What 596 00:44:35,610 --> 00:44:38,700 about the inner lever? Let's take a look at the algorithm that suggested in the 597 00:44:38,700 --> 00:44:44,420 pattern. There it is. The key takeaway from this is if this is implemented in a 598 00:44:44,420 --> 00:44:49,080 way that's similar to this, is this should be totally non additive. So this should 599 00:44:49,080 --> 00:44:53,910 just move bits around but not add any bits. Right. So if it is in fact non 600 00:44:53,910 --> 00:44:58,510 additive and all we pass through are a bunch of zeros, what happens when you 601 00:44:58,510 --> 00:45:02,430 shuffle around a bunch of zeros? You get the same thing out, so that falls away, 602 00:45:02,430 --> 00:45:06,640 too, right? So we're left with two states, right? We have our symbol grand stage and 603 00:45:06,640 --> 00:45:11,530 our data waiting stage waiting is what we're solving for. That's our variable and 604 00:45:11,530 --> 00:45:16,250 gray indexing. The quote unquote indexing is a bit of an ambiguous term, but it 605 00:45:16,250 --> 00:45:22,270 likely refers to some variant of gray coating, which we mentioned earlier. But 606 00:45:22,270 --> 00:45:26,320 even if it is gray coating versus gray coating or nothing at all, it's just 607 00:45:26,320 --> 00:45:29,550 something they didn't implement. That leaves only three permutations here. 608 00:45:29,550 --> 00:45:32,470 Right. So we've just reduced all the ambiguity of figuring out what this 609 00:45:32,470 --> 00:45:36,280 decoder is to really figure out what the lighting sequences, to really just 610 00:45:36,280 --> 00:45:40,830 figuring out which of the three states this for which of the three operations, 611 00:45:40,830 --> 00:45:47,280 this first gray indexing stages. Right. So if we do that, we try all three. That's 612 00:45:47,280 --> 00:45:50,110 only three things to attempt in order to derive the whitening sequence from the 613 00:45:50,110 --> 00:45:53,290 transmitter, because, again, if we send through a string of zeros, what is the 614 00:45:53,290 --> 00:45:58,890 whitening do? It explores the zeroes against the pseudo random string and what 615 00:45:58,890 --> 00:46:03,540 does anything extra zero. It's the input. So we can do this and get the transmitter 616 00:46:03,540 --> 00:46:07,750 to tell us what its whitening sequences so we can implement the receiver, read that 617 00:46:07,750 --> 00:46:13,220 out, plug it back in and then start to sell for the rest. Cool. Next stage is the 618 00:46:13,220 --> 00:46:16,840 inner lever. Again, we had that formula from the patent surprise surprise 619 00:46:16,840 --> 00:46:22,380 implemented. It was no good. So let's figure out how this works now. We're going 620 00:46:22,380 --> 00:46:28,550 to move very quickly through this because this was the hardest part of all this. And 621 00:46:28,550 --> 00:46:31,820 I'm going to show you the process without making us all the time of staring at a 622 00:46:31,820 --> 00:46:38,340 bunch of graph paper and trying things that that kind of went into this. But 623 00:46:38,340 --> 00:46:40,250 again, just like with the whitening sequence, we're going to exploit 624 00:46:40,250 --> 00:46:44,590 properties of the Heming fact, reveal patterns in the interleave. So, again, if 625 00:46:44,590 --> 00:46:47,240 we look at our Heming eight for code words that we know and love that are very 626 00:46:47,240 --> 00:46:52,800 useful, we're going to use this time the code word for for once, the code word for 627 00:46:52,800 --> 00:46:59,420 for Hex F, and in that case, the state of that code word is eight once. So if we 628 00:46:59,420 --> 00:47:02,840 construct a bunch of packets, we're basically we take we take eight symbols. 629 00:47:02,840 --> 00:47:09,790 We start we take we take four four bytes, which is eight symbols and SFH and we walk 630 00:47:09,790 --> 00:47:14,600 the position of those ones through our our frame here. We can start to look for 631 00:47:14,600 --> 00:47:23,500 patterns. Who sees it. I'll save you the trouble. Who sees it. Now look at the the 632 00:47:23,500 --> 00:47:26,960 bottom row. Second from the right and you'll see the pattern. Basically it's a 633 00:47:26,960 --> 00:47:32,820 diagonal inner lever. But the first two, the two most significant bits are flipped. 634 00:47:32,820 --> 00:47:36,060 So if we take this and then read out, basically we can take this and we can 635 00:47:36,060 --> 00:47:42,130 start to map those diagonal positions into positions within within a interleave 636 00:47:42,130 --> 00:47:47,190 matrix. So if we do that, we walk through all the different states and map those 637 00:47:47,190 --> 00:47:53,030 positions out with data that we know we get this nice table. Now, let's put this 638 00:47:53,030 --> 00:47:57,420 table next to the data that we're looking for. Right. So here we decomposed the 639 00:47:57,420 --> 00:48:01,490 Heming code words for for the data we in, which is, of course, our beloved dead beef 640 00:48:01,490 --> 00:48:07,560 on the in the middle column. On the left, we have the the data values, the four data 641 00:48:07,560 --> 00:48:13,990 bits that we're looking for. And then the column, the right column on the left there 642 00:48:13,990 --> 00:48:18,000 is are the Perati bits that we're looking for. Again, I'm going to make this easy 643 00:48:18,000 --> 00:48:21,450 for you. If you stare at this for long enough, you become compelled to reverse 644 00:48:21,450 --> 00:48:26,000 the order. And then if you continue staring at it, you start to see some 645 00:48:26,000 --> 00:48:30,340 patterns. That looks like our data, right. So if we go a step further, we can start 646 00:48:30,340 --> 00:48:36,420 to map in some of these HanTing correcting fields into this this matrix here. So here 647 00:48:36,420 --> 00:48:41,040 we see the four data are the rightmost rightmost bits. And then we can see that 648 00:48:41,040 --> 00:48:45,290 Perati bits, one and two correlate very nicely. And if you go a step further, we 649 00:48:45,290 --> 00:48:52,130 can see that. These are these the Ghiz five in format very closely as well, 650 00:48:52,130 --> 00:48:55,780 although they're flipped, you'll see that Perati before is actually more significant 651 00:48:55,780 --> 00:49:00,260 period of three. So we're almost there, right. Although we have left to do is 652 00:49:00,260 --> 00:49:06,420 applier and we're done. And that's the modulation. That's the whole thing. So, 653 00:49:06,420 --> 00:49:18,220 again, let's thank you. So, again, let's let's talk briefly about these red 654 00:49:18,220 --> 00:49:23,380 herrings and try to wrap this up, I want to do a demo before our Q&A. So we had 655 00:49:23,380 --> 00:49:25,990 these four different encoding stages here, right? We had great documentation for all 656 00:49:25,990 --> 00:49:29,010 of them. But empirically, after implementing them, we were able to 657 00:49:29,010 --> 00:49:36,400 establish that, well, three of the three of the four just weren't the case. Right. 658 00:49:36,400 --> 00:49:40,140 One of them was actually cool, right? One of them was actually what it said it was. 659 00:49:40,140 --> 00:49:44,500 So. So, yeah. Anyway, how are we able to work through this? I think it's important 660 00:49:44,500 --> 00:49:48,010 to reflect and try to get some takeaways from this. Hopefully this is useful as you 661 00:49:48,010 --> 00:49:51,560 approach your reverse engineering challenges. Basically, what was essential 662 00:49:51,560 --> 00:49:55,230 here was being able to bauen the problem and hold certain things constants that we 663 00:49:55,230 --> 00:49:58,910 could solve for unknowns. And if you remember, we kind of did this in two 664 00:49:58,910 --> 00:50:02,920 stages. We were able to cancel out the interleaving in the forward error 665 00:50:02,920 --> 00:50:08,240 correction and hold that hold that standard, hold that static in order to 666 00:50:08,240 --> 00:50:11,940 figure out the whitening sequence. And the gray indexing were kind of all in one go. 667 00:50:11,940 --> 00:50:15,240 And then when we controlled the grand indexing, the whitening sequence, and 668 00:50:15,240 --> 00:50:19,320 we're pretty confident about what the Ford error correction was, there was really 669 00:50:19,320 --> 00:50:24,010 only one variable that we really had to had to solve, really only one thing. We 670 00:50:24,010 --> 00:50:26,100 actually had to go into the bits and really, really kind of dig out of this 671 00:50:26,100 --> 00:50:30,990 thing. Right. So by making these assumptions, using open source information 672 00:50:30,990 --> 00:50:35,120 and really bounding the problem and working, working through it, through it, 673 00:50:35,120 --> 00:50:39,310 coherently able to reverse these four stages down into really one experimental 674 00:50:39,310 --> 00:50:45,170 variable and just solve for it. So that's that's really the trick here. OK, I'm 675 00:50:45,170 --> 00:50:48,850 going to blow through this next part to talk very briefly about the structure, the 676 00:50:48,850 --> 00:50:54,240 Laurer Phi Phi packett. So this is a picture pulled out of one of the one of 677 00:50:54,240 --> 00:50:59,720 the data sheets. We already talked about the preamble, this repeated chirps. One 678 00:50:59,720 --> 00:51:03,400 thing that's not pictured here is the single word in the story frame delimiter, 679 00:51:03,400 --> 00:51:09,050 which is right there. And then we have this thing called the header. Right. And 680 00:51:09,050 --> 00:51:12,200 it says here that the header is only present in explicit mode. So there's this 681 00:51:12,200 --> 00:51:16,920 notion of implicit versus explicit header in LoRa. And the explicit header includes 682 00:51:16,920 --> 00:51:21,330 a finder that that has some information, such as the length of the payload, the 683 00:51:21,330 --> 00:51:25,760 type of scheme in there that's applied to the remainder of the payload, not the 684 00:51:25,760 --> 00:51:30,200 header itself, but the rest of it. And then there's also an optional CRC as well. 685 00:51:30,200 --> 00:51:33,770 It can be included in implicit assumes that the receiver knows the modulation 686 00:51:33,770 --> 00:51:41,380 parameters and skips that bit. So no problem, right? We can use implicit mode 687 00:51:41,380 --> 00:51:45,530 to figure out what the whitening sequences and then switch back to explicit mode, use 688 00:51:45,530 --> 00:51:49,300 the whitening sequence from implicit and figure out what the header is by just 689 00:51:49,300 --> 00:51:54,160 looking to see what the values are as we change the modulation. Yeah, right. None 690 00:51:54,160 --> 00:52:00,360 of this is easy, right? Like, really, really nothing. Nothing helps us here. So 691 00:52:00,360 --> 00:52:03,940 as it turns out, implicit and explicit explicit header modes use different 692 00:52:03,940 --> 00:52:07,730 whitening sequences. So the header remains unpersuaded, even if we know what the 693 00:52:07,730 --> 00:52:12,370 implicit whitening sequence is implicit about whitening sequences. So let's see 694 00:52:12,370 --> 00:52:17,390 what we know. Again, we've got this header here and in this picture tells us the code 695 00:52:17,390 --> 00:52:21,210 rate is always four eight for the header. So no matter what the code rate, that is 696 00:52:21,210 --> 00:52:24,650 the the number of bits in the Heming for Hemingford error correcting codes used is 697 00:52:24,650 --> 00:52:29,620 for the rest of the packet. This code red is always for it. Well, what about the 698 00:52:29,620 --> 00:52:36,420 spreading factor, as it turns out, the header is always sent at the spreading 699 00:52:36,420 --> 00:52:40,190 factor, that is to less than the rest of your modulation, the code rate is still 700 00:52:40,190 --> 00:52:44,500 for the spreading factor for the header is the pretty factor of minus two. So two 701 00:52:44,500 --> 00:52:48,170 fewer bits per symbol, even if the headers implicit and I have to credit Thomas tell 702 00:52:48,170 --> 00:52:51,520 Camp for giving me the tip that actually led led to kind of putting this all 703 00:52:51,520 --> 00:52:57,250 together thanks to him. So again, the first eight symbols, no matter whether 704 00:52:57,250 --> 00:53:01,301 you're an implicit or explicit mode, are always Senate it minus two and code word 705 00:53:01,301 --> 00:53:05,880 for it. That's always the case. Also, there's this mode called low data rate 706 00:53:05,880 --> 00:53:10,260 where if that set on, then all of the symbols in the remaining in the remainder 707 00:53:10,260 --> 00:53:17,310 of the five, the five packet are also sent at spreading factor F minus two. So it's 708 00:53:17,310 --> 00:53:19,400 just an extra basically gets you some extra margin in case you're dealing with 709 00:53:19,400 --> 00:53:24,410 the noisy channel and need to get data for that's the five who want some tools to go 710 00:53:24,410 --> 00:53:28,760 with it, who's curious about this and wants to start playing with it. Does LoRa 711 00:53:28,760 --> 00:53:34,290 seem cool? So with that, that brings us to G.R. LoRa, which is an out of frequency 712 00:53:34,290 --> 00:53:39,090 radio module that I've been working on for for the last couple of months. And it's an 713 00:53:39,090 --> 00:53:42,230 open source implementation of the fire that works very nicely with the GANU radio 714 00:53:42,230 --> 00:53:46,830 software, defined radio, digital signal processing toolkit. It's open source 715 00:53:46,830 --> 00:53:51,951 software, its free software. It's got a great community built up around it. It's 716 00:53:51,951 --> 00:53:54,951 really cool. If you're curious about ETR, there are loads of good tutorials. And 717 00:53:54,951 --> 00:53:58,250 even if you're a wizard, well, if you're a wizard, you already know what this is. But 718 00:53:58,250 --> 00:54:03,730 it's a really, really great, great piece of software and ecosystem. And why is 719 00:54:03,730 --> 00:54:07,720 having an open source version of this interesting, well, existing interfaces to 720 00:54:07,720 --> 00:54:12,660 LoRa or layer to and above, both with the the data sheets that we get that go with 721 00:54:12,660 --> 00:54:17,900 each of the different lower radios and the standards that are available and open. 722 00:54:17,900 --> 00:54:21,810 It's all layer tuneup. We don't have any insight into what the fi state machine 723 00:54:21,810 --> 00:54:28,040 actually does. And FIGLIA security really can't be taken for granted. And to to back 724 00:54:28,040 --> 00:54:32,130 this up, I'm going to point to some eight to 15 for exploits that that kind of 725 00:54:32,130 --> 00:54:36,510 reinforce this from a couple of years ago. We have traves good speeds packet packet 726 00:54:36,510 --> 00:54:39,920 that show that he was able to do a full seven layer compromise by basically 727 00:54:39,920 --> 00:54:45,700 encoding the data that would induce the preamble and subframe symbols for eight to 728 00:54:45,700 --> 00:54:48,900 15 for within the payload of another message, he was able to get some really 729 00:54:48,900 --> 00:54:53,840 wonky things to happen to radio state machines in doing so. And related to that, 730 00:54:53,840 --> 00:54:59,050 we have this wireless intrusion detection system evasion that was done by Travis 731 00:54:59,050 --> 00:55:02,550 Good and some friends of mine from Dartmouth. Where they were basically able 732 00:55:02,550 --> 00:55:07,140 to fingerprint how different Itochu for radio state machines work and construct 733 00:55:07,140 --> 00:55:11,910 packets that would be able to be heard by some but not others. So from that, you 734 00:55:11,910 --> 00:55:16,140 could basically identify generate versions of packets that weren't totally compliant 735 00:55:16,140 --> 00:55:20,120 with the standard, but would still be heard by certain receivers and not others. 736 00:55:20,120 --> 00:55:23,780 So some really tricky stuff here. Phi's really matter. You can't take them for 737 00:55:23,780 --> 00:55:27,560 granted in the picture of security. So my hope with this is by getting this tool out 738 00:55:27,560 --> 00:55:31,540 there, we can actually really start to look at the surface and figure out how it 739 00:55:31,540 --> 00:55:34,930 works and how it can be made better and really start to start to get involved with 740 00:55:34,930 --> 00:55:40,200 improving the security of this new protocol through some prior to site. Josh 741 00:55:40,200 --> 00:55:44,990 Blum has a module for both of us, which is a kind of like a competitor to radio. It's 742 00:55:44,990 --> 00:55:48,800 like another framework. It gets the modulation right. But the decoding is is 743 00:55:48,800 --> 00:55:52,320 basically off of the documentation so it can talk to itself, but it can't talk to 744 00:55:52,320 --> 00:55:55,530 actual hardware because it doesn't implement the real decoding stage that we 745 00:55:55,530 --> 00:56:00,440 had to reverse engineer. And also, there's another Gahler out there made by this guy, 746 00:56:00,440 --> 00:56:05,001 RPV zero on GitHub. When I first looked at it, it was like this python thing that I 747 00:56:05,001 --> 00:56:08,540 couldn't quite get to work. I went, What did you get last night? Actually looks 748 00:56:08,540 --> 00:56:11,540 pretty cool. So you might check that out, too, if you're interested in this. Looks 749 00:56:11,540 --> 00:56:15,760 like it's it's pretty, pretty solid. So Migiro LoRa implements modulation encoding 750 00:56:15,760 --> 00:56:20,190 in separate blocks so that you can you can be modular and experiment. So if you want 751 00:56:20,190 --> 00:56:22,820 to have like a multiple kind of like a common two layer for error correcting 752 00:56:22,820 --> 00:56:26,260 thing, you better resiliency. You can write that in without having to touch the 753 00:56:26,260 --> 00:56:30,260 demodulator. Told you a couple for you. Also, there's a very simple asynchronous 754 00:56:30,260 --> 00:56:35,570 PDU interface for passing data between the blocks and you basically write to it just 755 00:56:35,570 --> 00:56:39,210 using websocket, which is really easy. I'll demonstrate in a minute and it's just 756 00:56:39,210 --> 00:56:43,670 like I you know, two fifteen four which is a great eight to 15 four, which is a 757 00:56:43,670 --> 00:56:49,090 really great module made by Bastiaan, who I think is here really, really cool tool I 758 00:56:49,090 --> 00:56:53,770 used all the time. So demodulator, the demodulator in the decoding implements the 759 00:56:53,770 --> 00:56:58,520 process that we just reverse engineered using the stack, the 50s and all that. The 760 00:56:58,520 --> 00:57:00,720 modulator in the encoder use a more efficient method that does direct 761 00:57:00,720 --> 00:57:05,280 synthesis of chirps. So rather than like basically computing the fifty results and 762 00:57:05,280 --> 00:57:08,790 then doing an effect of that, we can actually index into a pre computed chirp 763 00:57:08,790 --> 00:57:13,320 to make the generation a lot more computationally efficient. If you want the 764 00:57:13,320 --> 00:57:20,210 source right there just pushed a giant update to it about two hours ago. So if 765 00:57:20,210 --> 00:57:23,600 you're interested in playing with it, there it is. Let's run through a quick 766 00:57:23,600 --> 00:57:28,370 demo before we're out of time here. So here's a scenario. I've written you guys a 767 00:57:28,370 --> 00:57:32,170 poem. I'm going to play you guys a poem. And I want to be able to sniff it and show 768 00:57:32,170 --> 00:57:38,090 you what it is. Right. So to transmit, we have our ative fruit. It's an idea for 769 00:57:38,090 --> 00:57:42,650 radio, like an Arduino basically with a lower radio on it. And to receive it, 770 00:57:42,650 --> 00:57:46,260 we're going to use our USP right down here. And of course, it's all being 771 00:57:46,260 --> 00:57:53,910 received by G.R. LoRa. So I'm going to jump over to my VM if I can see if I can 772 00:57:53,910 --> 00:58:12,620 get this up on the other screen. Bear with me one moment. There we go. Show you the 773 00:58:12,620 --> 00:58:21,980 interview of my password. We're going to start a receiver here and now I'm. Going 774 00:58:21,980 --> 00:58:33,700 to just open a. Sock it here. And I'm going to. Sir, my transmitter and let's 775 00:58:33,700 --> 00:59:00,480 see what we have for you. In case you're unsure of what you're looking at. So 776 00:59:00,480 --> 00:59:04,390 that's all over, LoRa. There are few to do's, if you want to contribute, be happy 777 00:59:04,390 --> 00:59:09,270 to have you do so, some additional resources if you want to know more. I've 778 00:59:09,270 --> 00:59:13,010 written this up all in detail in traves good speeds, PIERCEY or ETFO. The most 779 00:59:13,010 --> 00:59:17,150 recent issue has that in there. Also, if you want to learn more about Radio's NDR, 780 00:59:17,150 --> 00:59:20,850 my colleague Mark and I are giving a talk at Shukan and Troupers called. So you want 781 00:59:20,850 --> 00:59:24,040 to talk radio's, which is going to go through how to reverse engineer really 782 00:59:24,040 --> 00:59:27,860 basic Iot modulations. It'll spend a lot more time on some of the basics and show 783 00:59:27,860 --> 00:59:32,120 you how to actually apply the stuff yourself to wrap up. LPI plans are 784 00:59:32,120 --> 00:59:36,480 exploding. They have tons of momentum and are popping up everywhere. RF stacks are 785 00:59:36,480 --> 00:59:40,130 also becoming more diverse. So when you're talking about securing your wireless air 786 00:59:40,130 --> 00:59:43,760 space, you're not just worrying worried about Wi-Fi anymore. If you're a corporate 787 00:59:43,760 --> 00:59:46,770 security administrator, you work in corporate I.T. You also have to worry 788 00:59:46,770 --> 00:59:49,960 about all these other, like, Iot appliances that are coming into your 789 00:59:49,960 --> 00:59:54,800 enterprise and are starting to take root. On a technical note, we've shown how to go 790 00:59:54,800 --> 00:59:58,970 from some obscure modulation into bits. We've also added a new tool to the 791 00:59:58,970 --> 01:00:03,840 researchers arsenal. I want to thank Bollon Sieber Bestival. He's an incredible 792 01:00:03,840 --> 01:00:07,300 resource and this would have been possible without him. Also, the open source 793 01:00:07,300 --> 01:00:12,310 contributors who helped get here helped us all get here. And finally, the Chaos 794 01:00:12,310 --> 01:00:19,380 Computer Club for organizing 33c3 and having me. So thank you very much. Thank 795 01:00:19,380 --> 01:00:25,090 you for your attention. And I'd be happy to take your questions. 796 01:00:25,090 --> 01:00:35,530 *Applause* 797 01:00:35,530 --> 01:00:45,700 Herald: We are almost out of time, thank you very much, Matt. We're able to take 798 01:00:45,700 --> 01:00:50,180 very few and brief questions. So microphone in front, right, please. 799 01:00:50,180 --> 01:00:54,060 Matt: I remember you. We met in your video conference. Good to see you. 800 01:00:54,060 --> 01:00:58,480 Mic: Yes. There are two ways to quantify the reliability of a dense LoRa network. 801 01:00:58,480 --> 01:01:00,920 Matt: Could you repeat that, please? Mic: Is art a ways to quantify the 802 01:01:00,920 --> 01:01:05,300 reliability of a dense LoRa network? Matt: I'm sure there are. I haven't really 803 01:01:05,300 --> 01:01:10,540 looked at all at benchmarking or figuring out what kind of the limits are. My 804 01:01:10,540 --> 01:01:15,110 interest has really been in getting the decoding information extraction done. I 805 01:01:15,110 --> 01:01:19,340 know that there's a group in San Francisco that's building deep networks that 806 01:01:19,340 --> 01:01:23,450 building a LoRa product or network of some sort. They've done some benchmarking of 807 01:01:23,450 --> 01:01:27,590 how LoRa works in cities and they have a blog post. That's pretty good. You might 808 01:01:27,590 --> 01:01:30,290 check that out. Herald: We have one question from the 809 01:01:30,290 --> 01:01:33,680 Internet via our Signal Angel? Signal Angel: Our panel on the IAC is 810 01:01:33,680 --> 01:01:36,240 asking, how long did it take to figure out all of this? 811 01:01:36,240 --> 01:01:40,970 Matt: So, you know, I first saw LoRa in the wild in January and kind of just let 812 01:01:40,970 --> 01:01:49,710 the capture sit in my sitting by my hard drive for a while. It probably took about 813 01:01:49,710 --> 01:01:53,700 four or five weeks of working on this, more or less full time, I was a little bit 814 01:01:53,700 --> 01:01:56,780 I had some other things working on, too, I'd say probably four weeks from what I 815 01:01:56,780 --> 01:01:59,780 actually said. All right. Let's figure this thing out to having the initial 816 01:01:59,780 --> 01:02:04,600 results. Herald: Another question from the rear 817 01:02:04,600 --> 01:02:09,000 right microphone. Mic: So in decoding those two unknown 818 01:02:09,000 --> 01:02:15,600 layers, you had your proprietary hardware and you could send it data and it'll it 819 01:02:15,600 --> 01:02:20,380 won't do the AES and encryption stuff and it just sends that encoding. 820 01:02:20,380 --> 01:02:24,660 Matt: That's a great question. I kind of skipped over that the microchip LoRa radio 821 01:02:24,660 --> 01:02:29,230 that I had this guy right here. I also wanted another one that was a LoRa when 822 01:02:29,230 --> 01:02:34,160 radio. This is a LoRa radio, but actually exposes an API to pause the Maxsted 823 01:02:34,160 --> 01:02:37,850 machine so you can turn off all the layer two stuff that would add a header in 824 01:02:37,850 --> 01:02:43,500 encryption, stuff like that, and send what are close to arbitrary frames. And I say 825 01:02:43,500 --> 01:02:47,880 what are close to arbitrary frames because you can't turn off the implicit header. So 826 01:02:47,880 --> 01:02:49,910 it's always an implicit or sorry, you can't turn off explicit headers, it's 827 01:02:49,910 --> 01:02:53,880 always in the explosive header mode. So this more or less exposed raw raw payload 828 01:02:53,880 --> 01:02:55,880 injection. Mic: OK, thanks. 829 01:02:55,880 --> 01:03:00,050 Herald: Yeah, we're already in overtime. We're taking one last question from our 830 01:03:00,050 --> 01:03:02,760 Signal Angel on IRC and then we'll have to wrap up. 831 01:03:02,760 --> 01:03:06,960 Matt: I'll be happy to hang out and answer questions after the fact too. 832 01:03:06,960 --> 01:03:11,350 Mic: Now many people are wondering what implications does it have that basically 833 01:03:11,350 --> 01:03:17,450 the patent is not used at all? So could you could you say that the technology is 834 01:03:17,450 --> 01:03:22,960 patent free In a way? Matt: I am not a lawyer, but I have known 835 01:03:22,960 --> 01:03:27,000 lawyers and I know that they're clever enough to not fall for that. So I'm sure 836 01:03:27,000 --> 01:03:30,850 that I'm sure that the patent was defined as generally as possible. And again, it 837 01:03:30,850 --> 01:03:35,790 describes a modulation similar to LoRa. I'm again not a lawyer, but I'm almost 838 01:03:35,790 --> 01:03:43,070 certain that that that that it would be covered. So but that's a clever thought. 839 01:03:43,070 --> 01:03:50,000 Herald: Thank you, Mike. Please give him a warm round of applause. Thank you again. 840 01:03:50,000 --> 01:03:52,120 *applause* 841 01:03:52,120 --> 01:03:56,160 *33c3 postrol music* 842 01:03:56,160 --> 01:04:16,000 Subtitles created by c3subtitles.de in the year 2021. Join, and help us!