Richard Shmel - Software Defined Radios 101 - DCTLV2025
Name of Training: Software Defined Radios
Trainer(s): Richard Shmel
Dates: August 11-12, 2025
Time: 8:00 am to 5:00 pm PT
Venue: Las Vegas Convention Center
Cost: $2,700
Course Description:
Software Defined Radios (SDRs) are a powerful tool that has made the once-obfuscated domain of the electromagnetic spectrum open to anyone with a low-cost laptop and radio. From both an offensive and defensive perspective, an enormous attack surface, with many legacy devices and protocols, is open for exploitation. SDR 101 is a course designed for cyber security professionals of all skill levels who want to start working with RF signals and SDRs.
This class is a beginner's introduction to practical Software Defined Radio applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn't know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.
Course Outline:
I am a big believer that hands-on learning is the best way to teach students, so I have this course structured around multiple labs/exercises based on real world signals. I picked the HackRF SDR as the course radio because it is probably the best hobbyist radio for the price point, and is fairly easy to work with. I plan on front-loading the first block with any RF theory/lecture so we can quickly move onto basic signals analysis, using live radios, with a few open-source tools. We will then dive into GNUradio, first just using pre-made blocks, but eventually writing our own. We will follow that with more advanced signals analysis and RF attacks on real systems. The course will end with a capstone RF exploitation exercise that will reinforce all learned concepts.
DAY 1
-
Hour 1: Review pre-course videos
- Introduction to RF theory, waveforms, and basic modulation schemes (AM, FM, FSK, PSK, OOK)
- Nyquist sampling and aliasing
- A brief overview of Euler and complex numbers
- IQ sampling theory
- Overview of common Software Defined Radio architectures (what a LO is, overview of ADCs, how samples work, etc.)
-
Hours 2-4:
- Receiving RF samples and interfacing with SDRs
- Exercise/lab 1: Watchtower
- Basic demodulation
- Exercise/lab 2: Soundtracks
- Introduction to spectrum scanning
- Exercise 3: Basic Scanner
- Exercise 4: Advanced Scanner with Baseline
-
Hours 5-6:
- Intro to capturing raw signals with your SDR
- Intro to inspecting raw signals
- Exercise/lab 5: Car Key Fobs
- Advanced signals inspection using open source tools
- Exercise/lab 6: Burst IoT modem
-
Hours 7-8:
- Introduction to GNUradio
- Key GNUradio flow graph components:
- Sources/sinks
- Filters
- Exercise/lab 6: Filters
- Demodulators
- Exercise/lab 7: RF mixer
- Exercise/lab 8: AM/FM Demod to a File
DAY 2
-
Hour 1:
- Continue GNUradio flow graph components
- Review filters, demodulation, sources/sinks
- Resamplers and resampling theory
- Long Exercise/lab 9: Putting it all together: FM radio in GNUradio
-
Hours 2-3:
- Introduction to out-of-tree modules
- Extending GNUradio through scripting and custom blocks
- Exercise/lab 10: Custom Python Blocks 1: Custom Demodulator
- Exercise/lab 11: Custom Python Blocks 2: Burst Extractor
- Advanced topics in RF: Control flow and RF mixing
-
Hour 4:
- Extending GNUradio with OOT modules from the open-source community
- Exercise/lab 11: ADSB interception using an OOT OS block
- Next steps: introduction to clock synchronization and data recovery
-
Hours 5-6:
- Introduction to transmitting
- Building out a signal file
- Exercise 12: Chat Bot
- Types of RF attacks
- Exercise 13: Replay Attack
- Exercise 14: Targeted Signals Reverse Engineering
-
Hours 7-8:
- Capstone exercise: Custom RF PCB exploitation challenge
Difficulty Level:
Beginner. No specific skills or experience needed.
Suggested Prerequisites:
This is a beginner course. Students do not need to have any prior knowledge of RF theory or SDRs. We will do some programming in Python, so a basic understanding is helpful (but not required). Before the course, the instructor will send out some pre-reading and video lectures for students to ensure everyone is starting at the same level.
What Students Should Bring:
Students will need to bring a laptop capable of running a VMware or VirtualBox VM (VMs will be sent out before the class).
Recommended specifications for the laptop are:
- 4 core processor
- 8 GB of RAM
- At least 35 GB of free HDD/SSD space
- One free USB port for the SDR
Students should also bring a pair of headphones for listening to their laptop during the course; this is necessary in a classroom setting to keep the volume at a reasonable level.
Students are free to bring any SDR they own to use during the course. The instructor will happily help students troubleshoot their particular SDR. However, all students will be provided with an instructor HackRF radio for the duration of the course. Owning your own SDR is not required.
Trainer(s) Bio:
Richard Shmel is an experienced research and development engineer focusing on radio communications and digital signals processing applications. He has over a decade of experience as an RF engineer and embedded software developer working on prototype radio systems and DSP frameworks. Disappointed by the lack of introductory SDR material he could give to new engineers, he decided to write his own training courses to help fill the gap. Richard has had the privilege of teaching SDR workshops and training at various local and national cyber security conferences - including DEF CON - for many years now. He is passionate about teaching RF/DSP and wireless technology, and will happily talk for hours on the subject if given the chance. Learn more at https://www.rnstechsolutions.com/.
Registration Terms and Conditions:
Trainings are refundable before July 8, 2025, minus a non-refundable processing fee of $250.
Trainings are non-refundable after July 8, 2025.
Training tickets may be transferred. Please email us at training@defcon.org for specifics.
If a training does not reach the minimum registration requirement, it may be cancelled. In the event the training you choose is cancelled, you will be provided the option of receiving a full refund or transferring to another training (subject to availability).
Failure to attend the training without prior written notification, will be considered a no-show. No refund will be given.
By purchasing this ticket you agree to abide by the DEF CON Training Code of Conduct and the registration terms and conditions listed above.
Several breaks will be included throughout the day. Please note that food is not included.
All courses come with a certificate of completion, contingent upon attendance at all course sessions.