0:00:00.000,0:00:13.880
<i>33c3 prerol music</i>

0:00:13.880,0:00:18.789
Herald: As mentioned before, Internet of[br]Things, it would be great if it would work

0:00:18.789,0:00:24.539
and one big part of Internet of Things is[br]the Internet part. So stuff has to talk

0:00:24.539,0:00:30.000
and cables are shit. So we use Wi-Fi and[br]other wireless protocols. So our next

0:00:30.000,0:00:35.140
speaker is going to take a very close look[br]at the physical layer of LoRa, a low power

0:00:35.140,0:00:40.780
wireless area network, and he built some[br]stuff to actually sniff what's happening

0:00:40.780,0:00:46.949
and inject stuff. And apparently he[br]offered his sacrifices to the gods. So

0:00:46.949,0:00:50.879
we'll see something. Please give a warm[br]round of applause to Matt Knight.

0:00:50.879,0:00:55.370
<i>applause</i>

0:00:55.370,0:01:00.819
Matt Knight: Thank you for that warm[br]introduction and thank you all for coming.

0:01:00.819,0:01:04.379
I'm really excited to be here. So for the[br]next hour or so, we're going to be talking

0:01:04.379,0:01:08.799
about the LoRa failure. And LoRa is a low[br]power wide area network, wireless

0:01:08.799,0:01:14.590
technology that is designed for the[br]Internet of Things. So first, a little bit

0:01:14.590,0:01:17.630
of background. Myself, a software engineer[br]and a security researcher with bestial

0:01:17.630,0:01:21.060
networks, I have a bachelor's in[br]engineering, electrical engineering and

0:01:21.060,0:01:24.619
better systems from Dartmouth. But really,[br]my interests are in applied RF security

0:01:24.619,0:01:28.469
research. So that means everything from[br]reverse engineering wireless protocols to

0:01:28.469,0:01:31.950
developing functional based bands and[br]software and HDL and also all the way up

0:01:31.950,0:01:35.640
to software networking stocks. So all[br]these things are interesting, interesting

0:01:35.640,0:01:39.630
to me, but I'm really excited about the[br]material we're going to talk about today.

0:01:39.630,0:01:43.109
So before we get started, there aren't[br]going to be any like zero days or

0:01:43.109,0:01:46.510
traditional security related exploits[br]here. But we are going to take apart a

0:01:46.510,0:01:51.220
cutting edge wireless protocol. Let's talk[br]about why that's important in a minute.

0:01:51.220,0:01:54.509
But first, I'd just like to survey the[br]room and get a sense for who's here so I

0:01:54.509,0:01:57.979
can figure out where to spend more of my[br]time. So if you'd be so kind as to raise

0:01:57.979,0:02:02.569
your hand if you've heard of software[br]defined radio. That's a lot of hands.

0:02:02.569,0:02:06.329
That's great. OK, how about raise your[br]hand if you know what is best for you,

0:02:06.329,0:02:13.390
transform is awesome. And how about a[br]symbol in the context of wireless wireless

0:02:13.390,0:02:20.230
systems? OK, cool, this we're going to do[br]well, this is going be fun, so why why is

0:02:20.230,0:02:25.220
this sort of network forensics interesting[br]or why is it relevant? Why is this

0:02:25.220,0:02:28.180
important? The Cisco Internet Business[br]Solutions Group has a figure that I really

0:02:28.180,0:02:32.810
like that states that by 2020 they're[br]going to be 50 billion devices connected

0:02:32.810,0:02:37.580
to the Internet in some way. As we know,[br]with the growth of mobile and the Internet

0:02:37.580,0:02:40.240
of Things, fewer and fewer of those[br]devices are connected with wires every

0:02:40.240,0:02:45.350
year. And as we know, tools like Wireshark[br]and Monitor Mode weren't always a thing,

0:02:45.350,0:02:50.350
even for common interfaces like Wi-Fi and[br]able to 11. Those those tools that we come

0:02:50.350,0:02:53.520
to rely on every day exist because[br]somebody thought to look below the layer

0:02:53.520,0:02:58.580
they had and make it. And I believe that[br]low level security, low level access to

0:02:58.580,0:03:03.310
interfaces is essential for an enabling[br]comprehensive security on various

0:03:03.310,0:03:09.020
interfaces. So we're going to begin by[br]discussing L.P winds at a high level and

0:03:09.020,0:03:11.450
then we're going to do a little bit of a[br]background on some technical radio

0:03:11.450,0:03:15.460
concepts just so we can level out our[br]domain knowledge and inform the rest of

0:03:15.460,0:03:18.930
the conversation. Then I'm going to take[br]you through my recent reverse engineering

0:03:18.930,0:03:23.440
of the law failure that was powered[br]through separate fun radio. And finally,

0:03:23.440,0:03:27.680
I'm going to give you a demo of this tool[br]called Jaala that I've made. That is an

0:03:27.680,0:03:32.000
open source implementation of of this FI[br]that will enable you to begin doing your

0:03:32.000,0:03:38.610
own security research with it. So to[br]begin, what is LoRa, what is this thing?

0:03:38.610,0:03:44.480
It is a wireless Iot protocol and Iot is[br]in red because some of us are are

0:03:44.480,0:03:49.480
marketers. We're all engineers. We know[br]that this is a dirty term. Right? Iot is

0:03:49.480,0:03:53.260
really code for connected embedded devices[br]and there are tons of common standards for

0:03:53.260,0:03:58.290
embedded systems already. Everything like[br]ITOCHU 54 and all of its friends like

0:03:58.290,0:04:03.540
Ziggy and six Lappin, Itochu, eleven wi fi[br]and then also more common things like

0:04:03.540,0:04:08.650
Bluetooth and Bluetooth, low energy. And[br]the list goes on. Right. We've got all

0:04:08.650,0:04:11.650
these standards. What is wrong with them?[br]Why don't we just use just one of these

0:04:11.650,0:04:15.890
existing ones? Well, all the ones we just[br]mentioned all require some degree of local

0:04:15.890,0:04:20.739
provisioning. You need to connect your[br]device to in side or hook your your Zuby

0:04:20.739,0:04:24.421
device up to a coordinator in order to get[br]a communicating. Some of them require

0:04:24.421,0:04:29.820
gateways to talk out to to the Internet.[br]And in the case of eight to 11, it's very

0:04:29.820,0:04:35.270
power intensive. So you can't run a device[br]for a long time on a battery. So what's

0:04:35.270,0:04:40.090
ideal? What about cellular cellular works[br]everywhere? It's easy to install. You

0:04:40.090,0:04:43.320
don't have to worry about any hardware on[br]premises. As long as you can talk to a

0:04:43.320,0:04:48.300
tower, there could be miles away. You're[br]good to go. Well, it's power intensive and

0:04:48.300,0:04:51.880
in the case of certain types of the[br]standards, they're going away. And I'm

0:04:51.880,0:04:57.960
talking about to give us an edge service[br]in in the United States. AT&amp;T, one of the

0:04:57.960,0:05:02.310
largest carriers, is saying they're going[br]to sunset their 2G network in about three

0:05:02.310,0:05:08.080
days in Australia. This has already[br]happened. Telstra, which is one of the

0:05:08.080,0:05:12.100
largest telecom companies in Australia,[br]sunset their GPS service earlier this

0:05:12.100,0:05:19.650
month. And all the other major carriers[br]are soon to follow. So 2G is is works

0:05:19.650,0:05:23.840
everywhere. It's very battery conscious[br]and it's fairly cheap. So this is exactly

0:05:23.840,0:05:30.170
what the Internet of Things needs to to[br]power its communication standards. Now,

0:05:30.170,0:05:34.110
say you're a developer and you want to[br]move on to a new wireless standard that

0:05:34.110,0:05:39.060
won't, you know, deprecate in three days[br]you can either go to 3G or more modern

0:05:39.060,0:05:43.310
cell stack, which which comes with a more[br]expensive radio and harder power

0:05:43.310,0:05:48.100
requirements. Or you can wait for the 3G[br]up, which is the standards body that makes

0:05:48.100,0:05:53.660
and maintains the cellular standards to[br]come out with their Iot focused, with

0:05:53.660,0:05:57.660
their Iot focused standards that are[br]currently in development. And the

0:05:57.660,0:06:01.210
indications that I've gotten state that[br]those won't be ready until the end of next

0:06:01.210,0:06:04.351
year, really at the earliest. So it's[br]gonna be the end of twenty seventeen at

0:06:04.351,0:06:07.800
the beginning of twenty eighteen before we[br]start to see these things in the wild,

0:06:07.800,0:06:12.570
which means that until then there's a[br]massive hole in the market. So if you want

0:06:12.570,0:06:16.190
to, if you want to develop a embedded[br]system that requires this type of

0:06:16.190,0:06:20.070
connectivity, you're going to have to look[br]elsewhere. And that brings us to the topic

0:06:20.070,0:06:23.920
of low power, wide area networks. And you[br]can think of these networks as being just

0:06:23.920,0:06:28.860
like cellular, but optimized for Iot and[br]M2M communications. The architecture is

0:06:28.860,0:06:31.750
almost exactly the same and that you have[br]a network of base stations or gateways

0:06:31.750,0:06:37.020
worldwide and then end nodes uplink[br]directly to those base stations without

0:06:37.020,0:06:41.350
any meshing or routing among themselves.[br]It's just like a star network. Basically,

0:06:41.350,0:06:44.660
you have these nodes, the connect directly[br]to the base station and they have a range

0:06:44.660,0:06:49.850
on the order Miles. It's a very similar[br]topology to cellular. There are tons of

0:06:49.850,0:06:54.949
standards that are there are popping up[br]more and more every day. But the two that

0:06:54.949,0:06:58.949
have the most momentum are LoRa and Sigge[br]Fox. There's been a ton of investment in

0:06:58.949,0:07:03.500
both of these technologies, actually. Just[br]last month, LoRa Ersek Fox closed a

0:07:03.500,0:07:09.669
hundred and fifty million Euro Series F,[br]some late stage funding round in the Wall

0:07:09.669,0:07:13.720
Street Journal, wrote an article recently[br]that stated they were investigating a U.S.

0:07:13.720,0:07:17.260
IPO soon. Additionally, Senate and[br]activity, two of the biggest backers of

0:07:17.260,0:07:22.080
the wharfie have raised a combined fifty[br]one million dollars in the last year or

0:07:22.080,0:07:26.050
two, so one from raising one hundred fifty[br]million dollars, they're absolutely going

0:07:26.050,0:07:30.760
for it. They're investing like crazy in[br]these technologies. So when we say that

0:07:30.760,0:07:33.430
these networks are optimized for the[br]Internet of Things, we're really talking

0:07:33.430,0:07:37.970
about two things. They're battery[br]conscious sic. Fox advertises that they

0:07:37.970,0:07:41.449
can get up to 10 years of battery on the[br]amount of energy and a single AAA battery

0:07:41.449,0:07:45.730
and their long range. And if you turn all[br]the knobs and LoRa just right and have a

0:07:45.730,0:07:50.180
perfect noiseless channel, they advertise[br]that you can get thirteen point six miles

0:07:50.180,0:07:55.270
on one of these very long range devices.[br]And if you compare that with, you know,

0:07:55.270,0:07:59.620
some of the standards we talked about[br]earlier, that's pretty competitive. So how

0:07:59.620,0:08:02.889
how do they do that? How does that work?[br]Well, they've designed the entire system

0:08:02.889,0:08:07.150
around the fact that they're willing to[br]accept compromises in the protocol and the

0:08:07.150,0:08:11.449
functionality of these devices. When I[br]talk about compromises, I'm talking about

0:08:11.449,0:08:16.800
aggressive duty cycling, both transmitting[br]and listening, very sparse data, grams, so

0:08:16.800,0:08:21.500
tiny packet sizes. And they're highly[br]limited, meaning they can't send that many

0:08:21.500,0:08:27.060
packets that often. Now, for example,[br]signal limits. This is built into the FYE

0:08:27.060,0:08:32.789
limits devices to 140 12 byte data grams[br]per day. That's like that's like nothing.

0:08:32.789,0:08:39.469
I think that's less than like a look at to[br]you. It's tiny now and then weightless in

0:08:39.469,0:08:44.879
another LP when standard is uplink only.[br]So it can only send messages up to Gateway

0:08:44.879,0:08:49.120
but can't receive any downlink. So for[br]example, if you had a device deployed, you

0:08:49.120,0:08:53.389
can never deliver firmware to it later[br]unless you rolled a truck to it or climbed

0:08:53.389,0:08:57.439
up the telephone pole to where it's[br]mounted. And finally, LoRa, classi devices

0:08:57.439,0:09:03.050
can only receive downlink for a brief[br]window after they uplink. So if you're if

0:09:03.050,0:09:05.790
you're an application operator and you[br]want to send a message to a device you

0:09:05.790,0:09:09.290
have in the field, you have to wait for[br]that device to call home before you had

0:09:09.290,0:09:13.500
your brief window to tell it what you[br]want. So these systems are built around

0:09:13.500,0:09:16.899
compromises, but that's what enables them[br]to get some pretty incredible performance.

0:09:16.899,0:09:22.950
All right. Let's get into the details with[br]LoRa. So LoRa is an LP when it's developed

0:09:22.950,0:09:28.189
by some tech, which is a French[br]semiconductor company. Biffy was patented

0:09:28.189,0:09:35.910
June in 2014 and LoRa when McCan network[br]STAC was published in January of 2015. So

0:09:35.910,0:09:39.519
this this entire standard is less than two[br]and a half years old. It's brand new and

0:09:39.519,0:09:42.300
it's supported by an industry trade group[br]called the LoRa Alliance, which has

0:09:42.300,0:09:46.731
tripled in size every year since its[br]founding. So growing quite a bit before we

0:09:46.731,0:09:51.160
move on. Just want to clear up some[br]nomenclature that will help us focus in on

0:09:51.160,0:09:57.790
what this talk is going to center on, and[br]that is disambiguate. LoRa and LoRa, when

0:09:57.790,0:10:02.519
LoRa refers strictly to the player, the[br]physical layer of the standard, LoRa when

0:10:02.519,0:10:07.369
defines a Mac and a networking, some upper[br]layer stacks that right on top of LoRa,

0:10:07.369,0:10:12.310
the LoRa Wanne standard, the upper layer[br]has been published and that's public. But

0:10:12.310,0:10:18.069
the FIGLIA itself is totally closed. So[br]the LoRa, when upper layer stack gives

0:10:18.069,0:10:21.851
some information about its topology, it's[br]kind of interesting, suggests that they

0:10:21.851,0:10:27.009
were really thinking about security when[br]they designed it. There are kind of four

0:10:27.009,0:10:31.139
stages in the network all the way out in[br]the field. On your sensor you have the

0:10:31.139,0:10:36.100
node and that connects to Gateway over a[br]wireless link. That's the LoRa link. And

0:10:36.100,0:10:39.689
then once you get into the gateway,[br]everything from there up is all on. It's

0:10:39.689,0:10:44.970
all on IP networks, just standard[br]commercial IP networks. And then they have

0:10:44.970,0:10:48.559
roaming that works on different networks.[br]So you'll be able to take your device and

0:10:48.559,0:10:53.100
move to different areas of coverage and[br]have it all play nicely. And then you can

0:10:53.100,0:10:56.060
hook your application server up to that as[br]well to receive packets to and from the

0:10:56.060,0:10:59.809
network servers. It's all over IP and they[br]actually went as far as to define two

0:10:59.809,0:11:04.720
different mechanisms for encrypting it.[br]There are two different keys. You have the

0:11:04.720,0:11:07.699
network key, which goes from the which[br]covers from the node up to the network

0:11:07.699,0:11:11.209
server, and then you have the application[br]key, which is actually fully end to end.

0:11:11.209,0:11:16.050
It goes from the end device all the way up[br]to the to the application server. So if

0:11:16.050,0:11:19.429
you design that right, the network should[br]never see your traffic unencrypted. And

0:11:19.429,0:11:25.689
they also provide a mechanism for having[br]unique keys per device. It's built into

0:11:25.689,0:11:29.119
the standard, but it's not required. So[br]it's still up to the implementor to to do

0:11:29.119,0:11:33.880
that and get that right. So there are some[br]good thoughts that went into security with

0:11:33.880,0:11:38.319
lawin. However, that's not what we're[br]talking about today. That's all we're

0:11:38.319,0:11:41.179
going to say about lawin. We're just going[br]to tell you it exists that it rides above

0:11:41.179,0:11:45.209
LoRa, but we're not going to go into any[br]more detail than that. So from here on

0:11:45.209,0:11:49.369
out, it's all LoRa all the time. We're[br]just talking about the file here. So let's

0:11:49.369,0:11:52.209
get into what makes that really[br]interesting. One of the big defining

0:11:52.209,0:11:56.589
features of LoRa and Cig Fox, the two[br]biggest LP wins, is that they're designed

0:11:56.589,0:12:00.809
to use what are called isman spectrum.[br]That's what's called in the United States.

0:12:00.809,0:12:05.949
It stands for industrial, scientific and[br]medical. And what's cool about these these

0:12:05.949,0:12:08.839
bands is they're what are called[br]unlicenced, which means that you don't

0:12:08.839,0:12:15.730
need a specific license from the FCC or[br]you or your telecom regulation. Authority

0:12:15.730,0:12:19.689
to operate on it. So if you go and you buy[br]any Wi-Fi router on Amazon, you take it

0:12:19.689,0:12:22.819
home, you plug it in, you don't need to[br]then go and apply for a specific license

0:12:22.819,0:12:28.209
to to be able to communicate on it because[br]it was built to a certain standard. It is

0:12:28.209,0:12:32.110
compliant with those unlicensed band rules[br]and therefore can just work. So these

0:12:32.110,0:12:36.279
these devices use that same spectrum, but[br]to much greater effect, much longer ranges

0:12:36.279,0:12:42.339
in a much different use case. So that's[br]quite novel. And some other things that

0:12:42.339,0:12:46.610
use these technologies are, you know, wi[br]fi, Bluetooth, cordless phones, baby

0:12:46.610,0:12:51.139
monitors, things like that. So you can[br]think of this as occupying the same space

0:12:51.139,0:12:56.610
in the spectrum as these. Now, why is this[br]noteworthy, well, contrasted with the

0:12:56.610,0:13:02.089
cellular model where cellular technologies[br]use what is used protected spectrum, where

0:13:02.089,0:13:06.379
you have to have specific rights to[br]transmit on it in order to to legally use

0:13:06.379,0:13:12.700
it. And regular regulatory authorities[br]sell the spectrum for fortunes. But

0:13:12.700,0:13:14.930
billions of dollars is what the spectrum[br]sells for in the US. I'm sure it's the

0:13:14.930,0:13:19.459
same over here. And I just want to call[br]your attention to how expensive this is on

0:13:19.459,0:13:24.459
the left here we have a picture. It's an[br]excerpt from a document that I found that

0:13:24.459,0:13:28.809
was related to the RFQs TV white space[br]reverse auction. They're trying to

0:13:28.809,0:13:32.879
repurpose a lot of spectrum that used to[br]be used for digital TV. They're selling it

0:13:32.879,0:13:37.619
off. And if you want to come in and buy[br]some really prime low UHF spectrum to use

0:13:37.619,0:13:42.059
for whatever purposes you have, mind you,[br]this is just one TV station in the New

0:13:42.059,0:13:45.399
York area. You can get out your checkbook[br]and write a nine hundred million dollar

0:13:45.399,0:13:51.290
check and take over CBS TV in New York. So[br]getting into the cellular cellular game is

0:13:51.290,0:13:55.989
crazy expensive. It costs a fortune. But[br]there are a lot of us in here. Maybe we

0:13:55.989,0:14:00.989
can pass the hat and and buy some spectrum[br]at the end of this. So as a result of this

0:14:00.989,0:14:04.920
unlicensed nature, there are a number of[br]different models of commercialization that

0:14:04.920,0:14:09.759
are starting to emerge. We have the[br]traditional telecom model we're seeing

0:14:09.759,0:14:14.600
through companies like Senate, which is a[br]company that deploys home heating, heating

0:14:14.600,0:14:18.929
oil tank monitoring solutions in the[br]United States. They're also opening the

0:14:18.929,0:14:23.209
network up for Iot applications to right[br]on top of that traffic as well. And you'd

0:14:23.209,0:14:27.060
operate with them just like you would[br]operate with like Verizon or AT&amp;T or

0:14:27.060,0:14:33.309
Deutsche Telekom or whoever whoever you[br]work with here. Also interesting is I

0:14:33.309,0:14:37.709
believe it's CPN has rolled out Laurer, a[br]commercial or network lawin network

0:14:37.709,0:14:42.449
throughout the entire region of the[br]Netherlands. So countries entirely covered

0:14:42.449,0:14:47.470
with LoRa. So that's the commercial side[br]in the middle. We also have crowdsourced

0:14:47.470,0:14:50.759
networks. The one that I like to talk[br]about is this group called the Things

0:14:50.759,0:14:55.670
Network, where basically they have defined[br]in the cloud the network server

0:14:55.670,0:15:00.680
architecture for operating a worldwide[br]lawin network. So if you want to provide,

0:15:00.680,0:15:04.309
Laurieann, service on the Things Network[br]in your your area, you can get your hands

0:15:04.309,0:15:10.300
on Allura Gateway pointed at their network[br]servers and basically become become a base

0:15:10.300,0:15:14.529
station in their network from your living[br]room, which is kind of cool. So it can

0:15:14.529,0:15:18.030
kind of spread and grow organically based[br]on the needs of of people like me and you

0:15:18.030,0:15:22.959
who want, you know, the sort of service.[br]Then finally all the way up at the up at

0:15:22.959,0:15:27.800
the kind of independent amateur side, we[br]have people like Travis Goodspeed and some

0:15:27.800,0:15:31.600
of his friends that are working on a[br]technology called LoRa Him. And that's

0:15:31.600,0:15:35.049
leveraging the fact that you can actually[br]get more radios that work in workaround

0:15:35.049,0:15:39.420
for thirty three, which is in the I think[br]it's the 70 centimeter hand band in the

0:15:39.420,0:15:43.019
United States. So you can actually put a[br]reasonable amount of power behind LoRa

0:15:43.019,0:15:47.779
into tech based communications in the[br]clear. So they're developing a Allura base

0:15:47.779,0:15:52.569
mesh networking system for doing basic[br]like ASCII packet radio and communicating.

0:15:52.569,0:15:57.970
It's not public yet, but I like Pete. He's[br]blessed me to come and tell you that he's

0:15:57.970,0:16:01.559
that he's working on this and it should be[br]out soon. So there are all sorts of

0:16:01.559,0:16:05.609
different ways to use these technologies.[br]So this is a very different paradigm,

0:16:05.609,0:16:09.859
which we're used to. And it's opening up[br]lots of different opportunities for how

0:16:09.859,0:16:14.420
this technology might be used and grow.[br]OK, so that wraps up our background on

0:16:14.420,0:16:18.680
LoRa. We're about to get into some really[br]technical stuff, but before we do, I want

0:16:18.680,0:16:23.449
to go through a very short crash course on[br]some basic radio fundamentals to try to

0:16:23.449,0:16:27.160
even the playing field so that we can all[br]understand this. And I call it the

0:16:27.160,0:16:31.199
obscenely short radio crash course. But[br]with apologies to any use a real telecom

0:16:31.199,0:16:36.869
whizzes in the room. I think this is[br]probably more appropriate. We're going to

0:16:36.869,0:16:40.009
we're going to blow through this material.[br]And I'm just going to try to pick out a

0:16:40.009,0:16:44.519
few points that are really essential to[br]understanding the rest of this talk. I'll

0:16:44.519,0:16:47.160
tell you what's important and just try to[br]grab those concepts and we'll reiterate

0:16:47.160,0:16:51.089
them later as we go through it. So, again,[br]we're going to be talking about the

0:16:51.089,0:16:56.809
physical layer. And if you think about the[br]Ossi data model that we've all seen, the

0:16:56.809,0:17:00.639
physical layer refers to how your bits,[br]your data get mapped into physical

0:17:00.639,0:17:05.140
phenomena that represent them in reality.[br]And when you're dealing with wireless

0:17:05.140,0:17:11.720
systems, the mapping maps, the bits into[br]into patterns of energy in an RF medium,

0:17:11.720,0:17:16.809
RF sensor radio frequency, and there it's[br]basically electromagnetic waves or energy

0:17:16.809,0:17:23.459
that is just everywhere. And you can[br]manipulate RF by using a device called a

0:17:23.459,0:17:28.309
radio. And radios can either be harder to[br]find where the RF kind of mechanics and

0:17:28.309,0:17:33.159
the protocol are baked into the silicon[br]and are inflexible. Or you can use a

0:17:33.159,0:17:37.279
software defined radio where you have some[br]very general, flexible silicon up front

0:17:37.279,0:17:41.580
that basically just grab some raw[br]information and feeds it to some sort of a

0:17:41.580,0:17:44.490
processor, which can either be a[br]traditional CPU or an FPGA to implement

0:17:44.490,0:17:50.230
some of the more radio specific things and[br]has come a long way in the most most

0:17:50.230,0:17:53.830
recent few years. And it's now incredibly[br]powerful. So we're going to be talking

0:17:53.830,0:17:56.610
about both harder to find radios and[br]tougher to find radios throughout this

0:17:56.610,0:18:02.279
talk. So if you put together a radio[br]coherently, you can start to develop it

0:18:02.279,0:18:08.880
into a fire. And a fire has a has one main[br]component or several components. But one

0:18:08.880,0:18:12.330
of the main components is this notion of[br]the modulation in the modulation is the

0:18:12.330,0:18:16.850
algorithm that defines how your digital[br]values, your bits are mapped into RF

0:18:16.850,0:18:21.710
energy. And there are a few parameters[br]that we can kind of tweak to do that. And

0:18:21.710,0:18:25.260
those are amplitude frequency and phase.[br]And then we can put them together and use

0:18:25.260,0:18:29.850
some combination of them as well. In[br]modulators can modulate either analog or

0:18:29.850,0:18:34.060
digital information. But we're going to be[br]talking about modulating digital

0:18:34.060,0:18:38.620
information today. And an essential[br]concept with that is this notion of a

0:18:38.620,0:18:41.929
symbol. This is something it's very[br]important to remember. And the symbol

0:18:41.929,0:18:46.860
represents a discrete RF energy state that[br]represents some quantity of information.

0:18:46.860,0:18:50.820
So it's discretely sampled. And just think[br]of it as being like a state in your RF

0:18:50.820,0:18:56.720
medium. That means something. And will[br]illustrate this in just a moment. So here

0:18:56.720,0:18:59.600
we have two pictures of two different[br]modulations. And I just want to put these

0:18:59.600,0:19:05.110
up here to help you maybe get a grasp on[br]what a symbol looks like. So on top, we

0:19:05.110,0:19:09.260
have Frequency King, where you can see[br]your signal is alternating between two

0:19:09.260,0:19:12.920
frequencies. When it's on the left, it's[br]swelling on one frequency. When it's on

0:19:12.920,0:19:16.159
the right, it's dwelling on another[br]frequency. Which symbol is present is

0:19:16.159,0:19:20.750
based on where basically what frequency[br]that signal is on at a discretely sampled

0:19:20.750,0:19:25.809
moment in time. So you could think of this[br]as being like, you know, it's a zero when

0:19:25.809,0:19:29.210
the signal is rolling on the first[br]frequency, the one on the left and it's

0:19:29.210,0:19:35.000
one. And the signal is dwelling on the[br]right frequency frequency, too. And you

0:19:35.000,0:19:38.179
can see the see the analog with the bottom[br]modulation off keying where the signal

0:19:38.179,0:19:43.980
being present represents the one in the[br]signal being off represents a zero. So

0:19:43.980,0:19:47.620
hopefully that helps you get a grasp of[br]what it is that we're talking about. There

0:19:47.620,0:19:51.090
are, of course, more complicated Iot[br]fires. We have spread spectrum where data

0:19:51.090,0:19:54.179
can be basically chipped at a higher rate.[br]It'll occupy more spectrum, but it makes

0:19:54.179,0:19:59.990
it more resilient to noise. And then we[br]have some technologies to do that, like

0:19:59.990,0:20:05.490
eight to 15 for us, one that uses a spread[br]spectrum mechanism. So we talked a bit

0:20:05.490,0:20:09.940
about radios just a moment ago. We're[br]going to use two different kinds of radios

0:20:09.940,0:20:14.830
when when going through this talk. First,[br]we have a harder to find radio, which is a

0:20:14.830,0:20:18.300
microchip. LoRa, are in two, nine and[br]three module. And this is basically a

0:20:18.300,0:20:25.019
death word that has a harder to find lower[br]radio built on to it. So this is going to

0:20:25.019,0:20:28.450
be a transmitter they're going to be[br]targeting. And then finally, a receiver is

0:20:28.450,0:20:33.470
the software defined radio right here.[br]This is an ETA USCAP B to ten. It's just a

0:20:33.470,0:20:37.100
commodity software defined radio board.[br]And basically what this thing does is it

0:20:37.100,0:20:41.450
gets raw RF information from the air,[br]serves it to my computer so they can start

0:20:41.450,0:20:46.191
to work with it. With commodity tools like[br]Python, I can do radio, things like that

0:20:46.191,0:20:51.390
to start to process it. One less thing to[br]cover is the fast forward to transform the

0:20:51.390,0:20:57.889
Esperia transform basically takes a signal[br]in decomposes it into all of the the the

0:20:57.889,0:21:02.929
smaller signals, the some carriers, the[br]composite and any periodic signal can be

0:21:02.929,0:21:06.990
models of some of harmonic sine waves. So[br]basically the FFT takes any signal and

0:21:06.990,0:21:13.090
unravels it into the components. And why[br]we care about this is it takes it's

0:21:13.090,0:21:18.340
basically a very easy way for analyzing[br]and visualizing signals in the frequency

0:21:18.340,0:21:21.850
domain. So when we put it take a bunch of[br]50s and put them together, we get this

0:21:21.850,0:21:26.330
picture called a spectrogram where you[br]have time in the the ones we're going to

0:21:26.330,0:21:29.909
be looking at all the time in the Y axis[br]frequency in the Z axis and then sorry,

0:21:29.909,0:21:34.669
frequency in the X axis and power in the Z[br]axis. So the intensity of the color is how

0:21:34.669,0:21:38.950
how powerful that component is at that[br]instant in time. So here you can start to

0:21:38.950,0:21:43.371
visualize all the different signals that[br]are present. OK, raise your hand if you're

0:21:43.371,0:21:51.330
an expert. I see a few heads. Hopefully[br]this is all that we're going to need. I'm

0:21:51.330,0:21:53.789
going to reiterate some of these concepts[br]as we go through. So I really hope that

0:21:53.789,0:21:57.919
doesn't doesn't alarm you, son. You're[br]running for the door. It's going can be

0:21:57.919,0:22:01.610
very visual as we go through it. And[br]hopefully the graphics will help keep this

0:22:01.610,0:22:07.090
all grounded. So let's get into the meat[br]of how this Laurer fireworks. LoRa uses a

0:22:07.090,0:22:10.340
really neat proprietary fire that's built[br]on a modulation called chirp spread

0:22:10.340,0:22:17.169
spectrum success for short. Now, what is a[br]chirp? Chirp is a signal whose frequency

0:22:17.169,0:22:21.320
continuously increases or decreases. You[br]can think of it as being like a sweet

0:22:21.320,0:22:27.480
tone. And if we visualize it, using a[br]spectrogram is before it looks kind of

0:22:27.480,0:22:30.860
like this. In this case, we have a finite[br]amount of bandwidth and the frequency

0:22:30.860,0:22:35.380
either increases or decreases. You can[br]have up chirps or down chirps until it

0:22:35.380,0:22:38.630
reaches the end of its band. And then it[br]wraps around back to the bottom, back to

0:22:38.630,0:22:44.149
the beginning and continues. So here you[br]can see that the frequency that the first

0:22:44.149,0:22:47.540
derivative of frequency is constant. So[br]the frequency is always increasing or

0:22:47.540,0:22:51.070
decreasing at the same rate. And then when[br]it hits the end of the band, it just wraps

0:22:51.070,0:22:56.889
it keeps going. So why use something like[br]success, it has really great it has

0:22:56.889,0:23:01.000
properties that make it really resilient[br]to noise and very performance, low power.

0:23:01.000,0:23:05.090
So all these things with Iot focused[br]radios and having having very long battery

0:23:05.090,0:23:10.259
life, these are properties that lend[br]directly to that sort of efficiency. It's

0:23:10.259,0:23:12.679
also really resilient to multi path and[br]Doppler, which is great for urban and

0:23:12.679,0:23:20.409
mobile uses. So this is an interesting set[br]of sort of features here. Where else do we

0:23:20.409,0:23:26.299
see chirps radar is. I just heard it.[br]Thank you. Yeah. Radar is a really common

0:23:26.299,0:23:31.220
common usage. And you'll see military[br]marine radars sometimes refer to chirps as

0:23:31.220,0:23:36.710
wide band or pulse compression if they're[br]using chirping in the radar scheme. And

0:23:36.710,0:23:40.100
they're also used for scientific over the[br]horizon radars as well. And there's an

0:23:40.100,0:23:44.450
open source project called the New Chirp[br]Sounder that has some some features like

0:23:44.450,0:23:49.419
that for for visualizing these over the[br]horizon scientific radars. And also in a

0:23:49.419,0:23:53.120
past life, I worked on a scientific radar[br]called Super Dhan, which is a similar over

0:23:53.120,0:23:59.080
the horizon radar for visualizing[br]ionospheric activity. Cool. So that's a

0:23:59.080,0:24:02.519
little bit of background on the technology[br]here. So this is kind of my journey into

0:24:02.519,0:24:07.100
into starting to work with LoRa here. In[br]December. Twenty fifteen, I joined this

0:24:07.100,0:24:10.980
company, Bestilo, where I'm currently. And[br]on the research team we have these weekly

0:24:10.980,0:24:14.990
meetings where we get together and we look[br]at new either new R.F. techniques or

0:24:14.990,0:24:17.009
protocols, things that are interesting.[br]And we basically just have a deep

0:24:17.009,0:24:21.549
brainstorm on how they work. And and[br]what's interesting and the first meeting

0:24:21.549,0:24:24.690
that I participated in, it was the first[br]week that I joined. They were mentioning

0:24:24.690,0:24:29.070
they were talking about these L.P[br]technologies. They sounded pretty cool. So

0:24:29.070,0:24:34.529
we broke for Christmas. So I went back to[br]to New York where I'm from, and, you know,

0:24:34.529,0:24:39.659
brought my radio and sort of poking around[br]and seeing what I could find. And my

0:24:39.659,0:24:43.870
colleagues looked in San Francisco,[br]Atlanta, and I also worked in Boston. I

0:24:43.870,0:24:47.809
was there, too. And we didn't see LoRa[br]anywhere in December. Fortunately, a few

0:24:47.809,0:24:53.960
weeks later, I was I was at a meetup and I[br]encountered this company, Senate. I was

0:24:53.960,0:24:57.049
living in Cambridge, Massachusetts, at the[br]time. And they were talking about their

0:24:57.049,0:25:01.220
their home heating oil monitoring network[br]sounded pretty cool. So I looked him up

0:25:01.220,0:25:04.990
later and was watching one of the[br]marketing videos. And there was like a two

0:25:04.990,0:25:08.570
or three second bit where you could see[br]one of their technicians operating a

0:25:08.570,0:25:11.899
computer. Right. And they put up this[br]picture and this looks just like a

0:25:11.899,0:25:16.820
coverage map. Right. So, you know, this[br]could be fake data or it could be live.

0:25:16.820,0:25:22.809
And I took a bit of a closer look and I[br]realized where that is. That's Portsmouth,

0:25:22.809,0:25:26.100
New Hampshire. That's like an hour away[br]from Boston. So there's really only one

0:25:26.100,0:25:32.850
thing to do. So I hop in my car, I drive[br]up to New Hampshire, to Maine border, and

0:25:32.850,0:25:39.500
there's, you know, me behind the wheel, my[br]Saab with the USPI on the dash. And after

0:25:39.500,0:25:42.880
about ten minutes in the Marriott parking[br]lot across the street from there from

0:25:42.880,0:25:47.080
their headquarters, we have our first[br]sighting of LoRa in the wild. There it is.

0:25:47.080,0:25:53.210
It's the first signal I recorded. So let's[br]take a closer look at what we have here.

0:25:53.210,0:25:56.289
So if we look at the top third of the[br]picture, we have a series of repeated up

0:25:56.289,0:25:59.269
trips. You can see the signal is just[br]continuously increasing until it hits the

0:25:59.269,0:26:03.539
band and then it wraps and continues. And[br]knowing what we know about digital

0:26:03.539,0:26:07.509
communication systems, most of them have[br]some notion of a preamble or training

0:26:07.509,0:26:12.269
sequence to tell a receiver that, hey,[br]heads up, you're about to get a packet. So

0:26:12.269,0:26:15.820
probably with that is following that, you[br]can see the chip direction changes right

0:26:15.820,0:26:20.080
in the middle and you have two and a[br]quarter downtowners. And this looks like a

0:26:20.080,0:26:23.950
start, a frame delimiter or a[br]synchronization element. So this tells the

0:26:23.950,0:26:27.880
receiver, hey, heads up, preambles over.[br]You're about to get you're about to get

0:26:27.880,0:26:32.269
the data. You're about to get get the[br]payload here. And finally, you can see the

0:26:32.269,0:26:36.950
chip direction again, changes to the up[br]chirps. But this time the chirps are kind

0:26:36.950,0:26:41.039
of choppy. You see, they jump around[br]throughout the band, you know, just kind

0:26:41.039,0:26:45.230
of arbitrarily. It's not arbitrary,[br]though. That's actually the data being

0:26:45.230,0:26:50.700
encoded into the fire. So here we can see[br]that the chirp frequency, that is the

0:26:50.700,0:26:54.149
first derivative of the frequency, the[br]rate at which the frequency changes

0:26:54.149,0:26:58.890
remains constant. Right. However, the[br]instantaneous frequency may change within

0:26:58.890,0:27:02.370
the band. So you may have these jumps, but[br]remember that the rate at which it's

0:27:02.370,0:27:07.960
changing is always constant. You can just[br]have those discontinuities in those

0:27:07.960,0:27:13.790
instantaneous frequency changes represent[br]data being modulated onto the chirps. You

0:27:13.790,0:27:17.029
can kind of think of this as being like a[br]frequency modulated chirp with an FM

0:27:17.029,0:27:22.149
signal. You have a static carrier, a[br]carrier at a fixed frequency that you're

0:27:22.149,0:27:27.049
modulating to produce that signal. The[br]modulated signal here we're modulating a

0:27:27.049,0:27:31.049
chirp signal to produce the to produce[br]that. So rather than having a fixed

0:27:31.049,0:27:36.879
frequency that you're modulating your[br]modulating this continuous chirp. Cool. So

0:27:36.879,0:27:39.039
let's get our hands dirty. Let's figure[br]out how this thing works and start to pull

0:27:39.039,0:27:43.780
some data out of it before we dove into[br]the modulating it, let's take a look at

0:27:43.780,0:27:48.269
what we know through some open source[br]intelligence. And using open source

0:27:48.269,0:27:51.930
intelligence is a great way to really kind[br]of shortcut the reverse engineering

0:27:51.930,0:27:55.590
process. Because otherwise, you can you[br]can wind up doing a lot more work than you

0:27:55.590,0:28:00.150
have to. So there are a few things that[br]are really useful. We'll talk about these

0:28:00.150,0:28:04.999
as we go through this. This material first[br]thing we found. First thing I found was

0:28:04.999,0:28:09.639
the Simsek European patent application. It[br]was in the EU market, but basically

0:28:09.639,0:28:16.399
defined it modulation. That looked a lot[br]like what Lura could be. That's the number

0:28:16.399,0:28:18.450
if you want to look it up later. But that[br]had some pretty good information in their

0:28:18.450,0:28:25.070
final year. Secondly, we have the law of[br]the law when spek. And again, that's the

0:28:25.070,0:28:29.809
layer to add up spec that's open, not the[br]PHY, but it still has some references and

0:28:29.809,0:28:34.029
define some terms that are likely going to[br]be analogous to the file. So it's still

0:28:34.029,0:28:36.990
pretty useful. And finally, we have two[br]application notes from some tech that were

0:28:36.990,0:28:42.860
pretty juicy. The first one and there are[br]the the 18 one contained a number of

0:28:42.860,0:28:46.190
reference algorithms for implementing a[br]whitening sequence, which is like a

0:28:46.190,0:28:52.380
scrambler. We'll talk through that or[br]we'll talk about that momentarily. And

0:28:52.380,0:28:56.919
then twenty two had just a general[br]overview of the fine, define some terms.

0:28:56.919,0:29:02.800
Also, there was some prior art online.[br]There was a partial implementation in RTL

0:29:02.800,0:29:07.750
Strangelove that didn't really seem to be[br]maintained. It seemed pretty neglected and

0:29:07.750,0:29:12.601
I never really got it to to do anything at[br]all. But we're still good to look at and

0:29:12.601,0:29:16.110
had some really good hints in there. And[br]then there were also some very high level

0:29:16.110,0:29:21.649
observations in the FI in this wiki page[br]based an else decoding LoRa. It was mostly

0:29:21.649,0:29:26.399
just like looking at the spectrum and[br]seeing that it's a chirp modulation and

0:29:26.399,0:29:30.330
example recordings and things like that.[br]So from this documentation, we can start

0:29:30.330,0:29:35.429
to pull out some definitions defined. We[br]have the bandwidth, which is how much

0:29:35.429,0:29:39.130
spectrum the chirp can occupy, the[br]spreading factor, which is the number of

0:29:39.130,0:29:43.950
bits encoded symbol. And remember, the[br]symbol is it's just an RF state rights,

0:29:43.950,0:29:49.169
the number of bits in each RF state within[br]the modulation. And then finally we have

0:29:49.169,0:29:52.370
this thing called the chirp rate, which[br]we've kind of hinted at. It's the first

0:29:52.370,0:29:57.360
derivative of the chirp frequency. So the[br]rate at which that that chirp signal is is

0:29:57.360,0:30:01.220
constantly changing. And we can pull some[br]numbers out of this documentation to

0:30:01.220,0:30:05.289
define those. So we actually have have[br]some common constants for the first two.

0:30:05.289,0:30:10.380
And then we find a formula in one of those[br]documentations that states the rate is a

0:30:10.380,0:30:15.590
function of those first two. And since[br]there's a finite number of values there,

0:30:15.590,0:30:19.919
we can start to iterate and just try all[br]the different frequencies and start to

0:30:19.919,0:30:25.899
find one that that works. So in this case,[br]what is the symbol we've talked about how

0:30:25.899,0:30:31.169
how this modulation is basically frequency[br]modulated chirps. Right. So what we're

0:30:31.169,0:30:35.029
going to try to do with these demodulator[br]is quantify exactly where the chirp jumps

0:30:35.029,0:30:39.600
to whenever we have one of those[br]discontinuities. So let's start working

0:30:39.600,0:30:42.860
through it here. There are really three[br]steps we're going to we're going to

0:30:42.860,0:30:45.331
achieve. We're going to identify the[br]preamble, which is the beginning of the

0:30:45.331,0:30:50.059
frame denoted with the one we're going to[br]find the start of that of the FI data unit

0:30:50.059,0:30:53.320
by look, by looking in, synchronizing[br]against the sink word, which are those

0:30:53.320,0:30:57.090
downshifts that are there. And then[br]finally, step three is we're going to try

0:30:57.090,0:31:00.110
to figure out how to extract the data from[br]these instantaneous frequency transitions.

0:31:00.110,0:31:05.059
And to do that, we need to quantify them.[br]Now, there's a technique that I found

0:31:05.059,0:31:08.799
pretty early on. It was enormously helpful[br]for doing this, and that is to transform

0:31:08.799,0:31:12.990
the signal by describing it. And we'll[br]show you what the result is in just a

0:31:12.990,0:31:17.480
moment. But first, we're going to have to[br]do some math. And math doesn't read

0:31:17.480,0:31:22.559
because it's scary, but it's it's not[br]really it's actually pretty easy. So

0:31:22.559,0:31:25.460
there's a basic basic property of complex[br]signals that states that if you multiply

0:31:25.460,0:31:30.600
two signals together, if you multiply two[br]signals together, the resulting signal has

0:31:30.600,0:31:36.259
the frequency of the frequency of each of[br]the components added together. And from

0:31:36.259,0:31:40.980
that, if we multiply a signal with one[br]frequency against the signal that has the

0:31:40.980,0:31:44.700
negative value of its frequency, the[br]result is zero. We get a deep we get a

0:31:44.700,0:31:49.010
constant signal and we're working at[br]baseband here, which means the center of

0:31:49.010,0:31:53.980
the band is zero hertz so we can see[br]negative frequencies and things like that.

0:31:53.980,0:31:58.650
So if you multiply an up and down chirp[br]together, what do you get? You get

0:31:58.650,0:32:03.980
constant frequency. Now why do I say[br]constant frequency rather than DC? If the

0:32:03.980,0:32:06.730
troops are out of phase with one another,[br]there might be an offset from from zero

0:32:06.730,0:32:12.159
hertz there. So so it might not be[br]perfectly aligned with zero hertz. We

0:32:12.159,0:32:16.980
might do expect to get some offset there.[br]So what happens if you multiply a chirp

0:32:16.980,0:32:21.260
signal like this separately against an up[br]chirp and it down chirp. So to do

0:32:21.260,0:32:24.790
different two different operations[br]produced two different products. What do

0:32:24.790,0:32:29.080
you think is going to happen? Well, if you[br]do that, you get these pretty pictures

0:32:29.080,0:32:33.220
right here, so here you can see those[br]those there's really kind of tricky

0:32:33.220,0:32:36.983
diagonal chirp signals that are cutting[br]all of your spectrum, are hard to measure,

0:32:36.983,0:32:42.659
are translated into these nice, you know,[br]nice signals that are aligned in time. And

0:32:42.659,0:32:47.190
that looks like something we can start to[br]really work with and do something with. So

0:32:47.190,0:32:49.860
we need to quantify those. So, again,[br]remember symbols, we're going to keep

0:32:49.860,0:32:53.249
coming back to this. It's an hour of[br]state. The results represent some number

0:32:53.249,0:32:59.639
of bits and the law, LoRa, has this value[br]called the spreading factor that we found

0:32:59.639,0:33:04.450
some of the documentation that defines the[br]number of bits encoded for symbol. And

0:33:04.450,0:33:06.720
from the picture we saw a little bit[br]earlier, the common values are seven

0:33:06.720,0:33:13.780
through 12 or six or 12. You see you see[br]them both in different markets. So from

0:33:13.780,0:33:17.720
that, how many possible symbols to be[br]expressed? There can be? Well, each bit

0:33:17.720,0:33:22.610
can have, you know, two states is your[br]one. And there are spreading factor number

0:33:22.610,0:33:27.749
of bits. The number of symbols is two to[br]the spreading factor. So how can we start

0:33:27.749,0:33:33.019
to quantify these these symbols and start[br]to pull them out of the fire? So the steps

0:33:33.019,0:33:36.200
that I found that were that were the trick[br]to this were to channelize and resample

0:33:36.200,0:33:41.899
the signal to the bandwidth, decrypt the[br]signal with the look of the signal with a

0:33:41.899,0:33:45.889
locally generated chirp we just talked[br]about. Then we're going to take a fast

0:33:45.889,0:33:50.759
Fauria transform that signal where the[br]number of bends of the 50 that we compute

0:33:50.759,0:33:55.149
is equal to the number of possible[br]symbols. And we'll illustrate this

0:33:55.149,0:33:58.909
momentarily. And then if we do that[br]correctly, then the most powerful

0:33:58.909,0:34:02.679
component in that Pesquería transform,[br]that is the strongest component frequency

0:34:02.679,0:34:06.549
that we get back from that operation is[br]the symbol that we're looking for,

0:34:06.549,0:34:10.100
somebody chirping it. We get it into a[br]form where we really expect her to only be

0:34:10.100,0:34:16.360
one strong component per FFT, whereas if[br]we didn't ditch it when we took the 50 of

0:34:16.360,0:34:20.330
of a chirps worth of symbols, we would see[br]the energy kind of spread all throughout,

0:34:20.330,0:34:23.460
all throughout all the different bits. But[br]by describing it correctly, all that

0:34:23.460,0:34:29.700
energy gets pushed into one bin and we get[br]a single but clear value out of it. So if

0:34:29.700,0:34:33.150
we do that, we get a picture that looks[br]like this in here at the Z axis again, is

0:34:33.150,0:34:38.191
the is the intensity, the power present.[br]And we expect that to be the symbol that

0:34:38.191,0:34:41.630
we're looking for. And here it's aligned[br]in time with the base chip on the left

0:34:41.630,0:34:47.900
there. So here are the steps again. We[br]mentioned this earlier. Let's look for the

0:34:47.900,0:34:53.740
for the preamble. Right. What's a stupid,[br]simple algorithm for finding this? Let's

0:34:53.740,0:34:58.000
do it. Let's do it at 50 and let's look[br]for basically the most powerful component

0:34:58.000,0:35:03.200
being in the same bin for some number of[br]consecutive Fatty's easy fighting. The SFD

0:35:03.200,0:35:06.910
is the same thing. But again, this time[br]we're going to do it on the opposite

0:35:06.910,0:35:11.990
ditcher product. So when we did it, we get[br]back to different streams. We get one of

0:35:11.990,0:35:16.600
the D chirped up, chirps in one of the D[br]chirp downstairs so we can look at the

0:35:16.600,0:35:24.660
opposite stream and do the same algorithm[br]looking for the the safety here. Important

0:35:24.660,0:35:28.410
caveat. Accurately synchronizing on the[br]Safdie is essential for getting good, good

0:35:28.410,0:35:32.720
data out of this, this modulation, because[br]if you have a bad sync then you can wind

0:35:32.720,0:35:36.960
up having your bisley, your symbols, the[br]samples that comprise your symbol spread

0:35:36.960,0:35:42.350
between multiple adjacent fêtes if that[br]happens and you get incorrect data. Now

0:35:42.350,0:35:46.030
let's illustrate what that looks like. If[br]you look at rows thirty nine fifty, you

0:35:46.030,0:35:49.490
can see that visually it's almost[br]impossible to tell which of those two

0:35:49.490,0:35:52.160
readings represents the symbol. You see,[br]there are two different values that are

0:35:52.160,0:35:57.040
really powerful. That's the result of[br]basically basically half of the samples

0:35:57.040,0:36:01.490
from one chirp and basically half of the[br]sample from Chirp N and then half of the

0:36:01.490,0:36:05.580
samples from sample from chirp end plus[br]one wind up in the same FFT. So when we do

0:36:05.580,0:36:08.470
it, we get those two components in there.[br]And it's really it's really ugly and hard

0:36:08.470,0:36:13.560
to work with. So we can solve this by[br]using a technique called overlapping

0:36:13.560,0:36:18.040
Mufti's when looking for our safety[br]synchronization. And basically what that

0:36:18.040,0:36:21.580
means is we're going to process each[br]sample multiple times with the effect of

0:36:21.580,0:36:27.110
getting better resolution in time of our[br]resulting Mufti's. It's more

0:36:27.110,0:36:31.860
computationally intensive, but it gets us[br]much better, better fidelity here. So if

0:36:31.860,0:36:34.970
we do that, this is what the result looks[br]like. It's a little bit hard to see right

0:36:34.970,0:36:39.000
now. I'll get you a better picture in a[br]moment, but basically it's much less

0:36:39.000,0:36:43.740
ambiguous in terms of which symbol is[br]present. So if we use those overlapping

0:36:43.740,0:36:49.400
50s, we can synchronize on that SFD. And[br]then once we know exactly where the first

0:36:49.400,0:36:53.160
symbol of the data unit is and our buffer,[br]we can go back to using non overlapping

0:36:53.160,0:36:58.110
Mufti's, which are more computationally[br]more computationally efficient. And get us

0:36:58.110,0:37:01.550
a nice read on the right here. You can see[br]that again, if we look at lines thirty

0:37:01.550,0:37:05.880
eight and thirty nine, that ambiguity is[br]gone. Right. You can see exactly where the

0:37:05.880,0:37:08.940
most intensive were, the most intense[br]binnaz and therefore which symbol is

0:37:08.940,0:37:12.740
present. And here's the whole frame[br]synchronized. So we got the collisions on

0:37:12.740,0:37:18.730
the left and doesn't look that great on[br]the right it's much clearer. Cool. So

0:37:18.730,0:37:22.890
again we recompute more computationally[br]intensive and then we get out data. Now,

0:37:22.890,0:37:27.590
one last thing we have to do to wrap up[br]the modulation. So doing this again,

0:37:27.590,0:37:31.980
remember, we were talking about the[br]chermayeff, if our troops aren't perfectly

0:37:31.980,0:37:37.290
aligned, then then the resulting[br]deterrence signal might not necessarily be

0:37:37.290,0:37:40.480
off of the same reference. Right. And of[br]course, we don't know what chirp was used

0:37:40.480,0:37:45.170
to generate the signal on the transmitter.[br]So we have to find some way of normalizing

0:37:45.170,0:37:49.620
this data to account for that that that[br]first discrepancy. And we can do that by

0:37:49.620,0:37:53.260
referencing the preamble. And it just so[br]happens that the preamble, when you do it,

0:37:53.260,0:37:56.670
always represents simple value zero. So[br]you can basically just do a modulo

0:37:56.670,0:38:00.250
operation on your receive symbols to[br]rotate that back. So all the symbols are

0:38:00.250,0:38:05.430
referenced off of the preamble and you're[br]good to go. And that's it, right. Not even

0:38:05.430,0:38:11.100
close. We're just getting started, people.[br]Why is that? Because the data here is

0:38:11.100,0:38:15.360
encoded. What is encoding? Basically[br]encoding is a transformation that is

0:38:15.360,0:38:18.600
applied to the data before it's[br]transmitted. Why would you do something

0:38:18.600,0:38:25.290
like that? Because encoding increases over[br]the year. Resiliency. Why? Why is this

0:38:25.290,0:38:29.780
necessary? Right. Remember that we're[br]dealing with unlicensed spectrum. Right.

0:38:29.780,0:38:32.490
This is what the nine hundred megahertz[br]band, which is what LoRa uses in the

0:38:32.490,0:38:36.970
United States, looks looks like look at[br]all that stuff. It's not LoRa, right? That

0:38:36.970,0:38:39.640
stuff is there to ruin your day. It's[br]there to create all sorts of interference

0:38:39.640,0:38:43.870
and make your receiver not work the way[br]you expect. So RF is a really brutal

0:38:43.870,0:38:47.420
environment. There's all sorts of[br]interference. And basically the encoding

0:38:47.420,0:38:51.310
is a way of treating your data so that[br]even if you have a non ideal reception,

0:38:51.310,0:38:56.110
you can still get the data out of the[br]frame. So what do we have here? Remember

0:38:56.110,0:38:58.700
that LoRa's clotheshorse, we have some[br]material that's available through data

0:38:58.700,0:39:03.300
sheets, but we really don't know for sure[br]definitively what's in this file. So,

0:39:03.300,0:39:06.520
again, we're going to go back to open[br]source intelligence to figure out what we

0:39:06.520,0:39:10.050
know and then try to narrow in on how[br]we're going to iterate through this and

0:39:10.050,0:39:15.120
figure out how it works. So from the[br]patent, we have a number of very good

0:39:15.120,0:39:20.550
clues. First of all, it refers to the[br]stage called gray indexing, which, as is

0:39:20.550,0:39:23.740
defined there should add zero tolerance.[br]In the event that you read, a symbol is

0:39:23.740,0:39:28.990
being off by one, off by one bit. But if[br]you if you read a symbol in the incorrect,

0:39:28.990,0:39:33.210
then secondly, you have data whitening,[br]which induces randomness into the frame.

0:39:33.210,0:39:37.490
We'll talk about that momentarily. If[br]interleaving, which scrambles the bits

0:39:37.490,0:39:42.200
within the frame, then you have for error[br]correction, which adds correcting parody

0:39:42.200,0:39:45.240
bits, you can think of it as being a[br]parody bits on steroids rather than

0:39:45.240,0:39:47.860
telling you that just an error occurred.[br]It can actually help you correct the error

0:39:47.860,0:39:53.100
without needing retransmit. So we have[br]four different things to that to comprise

0:39:53.100,0:40:00.700
the encoding there in the patent. Right.[br]So that's awesome. It's easy, right? Why

0:40:00.700,0:40:12.200
is that? Because documentation lies to us[br]and even. And even even the clear, even

0:40:12.200,0:40:19.040
the clearest signals can can can lead us[br]into dead ends. So let me show you how. So

0:40:19.040,0:40:22.650
the grand hexing we read to represent[br]great cotting, which is just a basic

0:40:22.650,0:40:27.990
binary transformation that you can use to[br]treat data whitening. We actually have

0:40:27.990,0:40:31.450
defined in one of the application notes[br]reference designs for the pseudo random

0:40:31.450,0:40:35.120
number generators that you use for use of[br]the whitening. It's like C-code that you

0:40:35.120,0:40:41.320
can copy and paste. So this should be like[br]this should be rock solid. Step three, we

0:40:41.320,0:40:45.520
have an actual algorithm for the EarlyBird[br]that is defined in the patent. I'll show

0:40:45.520,0:40:51.570
you what it is momentarily. And then[br]finally, step four suggests that having a

0:40:51.570,0:40:55.860
human code is used, which is just a[br]standard for error correction mechanism.

0:40:55.860,0:41:01.100
So the first thing to focus on figuring[br]out here is the data whitening. And that's

0:41:01.100,0:41:04.350
a critical step because this is the way[br]the whitening works, is you X or your

0:41:04.350,0:41:08.480
message against a random string. And[br]unless you know what the random string is,

0:41:08.480,0:41:12.520
you're not going to be able to make any[br]sense of what follows it. So figuring out

0:41:12.520,0:41:15.820
that random string is essential to being[br]able to even make sense of what follows

0:41:15.820,0:41:20.770
it. So, again, with whitening, you take[br]your you take your your buffer that's

0:41:20.770,0:41:23.910
going out to the radio and you exhort[br]against a pre computed sort of random

0:41:23.910,0:41:28.580
string that is known to both the[br]transmitter and the receiver. Then when

0:41:28.580,0:41:32.680
the receiver gets in the frame, it[br]explores that the received buffer against

0:41:32.680,0:41:35.660
the same sequence that the transmitter[br]used. And you get back to the original

0:41:35.660,0:41:39.500
data because if you remember, explores its[br]own inverse. So that nicely undoes itself.

0:41:39.500,0:41:44.550
Now, why would we bother with whitening,[br]and that's because having random data is

0:41:44.550,0:41:49.770
really good for receivers similar to[br]Manchester and coding, where basically by

0:41:49.770,0:41:53.820
by encoding the data such that you don't[br]have some number of consecutive values of

0:41:53.820,0:41:58.160
some number of consecutive symbols of the[br]same value. You get this nice random data

0:41:58.160,0:42:01.580
source. What that does is creates lots of[br]edges for your receiver to do clock

0:42:01.580,0:42:06.050
recovery against so you get better[br]reception of longer messages or if your

0:42:06.050,0:42:10.220
clocks are bad. Manchester, of course,[br]comes with the penalty of a reduced bit

0:42:10.220,0:42:14.840
rate. It actually cuts the effective bit[br]rate that you can use into half of the

0:42:14.840,0:42:18.420
battery was whitening, does not. The[br]caveat is that you have to know what the

0:42:18.420,0:42:24.240
string is in order for it to work. So[br]let's find the waiting sequence. We've got

0:42:24.240,0:42:28.340
these algorithms in the in the application[br]note, we've got some examples and strange

0:42:28.340,0:42:35.040
love. None of them worked, so we had to[br]figure this out empirically. How can we do

0:42:35.040,0:42:39.210
that when there's interleaving and for[br]error correction in in the in the pipeline

0:42:39.210,0:42:42.980
here? Right. You know, we can we can send[br]something that might, you know, put the

0:42:42.980,0:42:47.550
whitening in a certain state that we could[br]we could leverage. Right. But we still

0:42:47.550,0:42:49.550
have these unknown transforms and follow[br]it. How are we going to be able to figure

0:42:49.550,0:42:52.880
out what what goes up? How are we going be[br]able to figure out the whitening when

0:42:52.880,0:42:56.910
those operations are in the loop, too?[br]Well, we need to bound the problem and

0:42:56.910,0:43:02.420
make some assumptions that we can start to[br]iterate through this black box problem. So

0:43:02.420,0:43:04.980
we're going to assume that the Forder[br]correction is what the documentation tells

0:43:04.980,0:43:09.680
us. It is the Heming and for and we're[br]also going to make another assumption and

0:43:09.680,0:43:14.650
we're going to set the spreading factor[br]equal to eight bits per symbol. And

0:43:14.650,0:43:17.900
basically, if you do that, then it makes[br]it such that we'll have exactly one

0:43:17.900,0:43:25.480
Heming, eight four code word per eight[br]bits per symbol, because if we set the

0:43:25.480,0:43:29.421
number of total bits in our having error[br]correcting code to eight, if it's

0:43:29.421,0:43:32.540
possible, fits very nicely and should work[br]out well. Now there's another very useful

0:43:32.540,0:43:35.360
property of the Hemingford Error[br]correcting code scheme that we're also

0:43:35.360,0:43:40.560
going to exploit, and that's that Heming[br]eight for contains four data bits and four

0:43:40.560,0:43:48.130
parity bits each. And for 14 of those 16[br]states, again, remember two possible

0:43:48.130,0:43:55.250
states per bit to the power for data bits[br]per code word in each of those in 14 of

0:43:55.250,0:44:00.880
those 16 code word possibilities, other[br]for ones and for zeroes each. However, for

0:44:00.880,0:44:05.640
the four, the word for data Knebel zero.[br]That's four zeros. The code word of that

0:44:05.640,0:44:12.390
is eight zeros. So it's totally non[br]additive. So if we if we send our error

0:44:12.390,0:44:17.450
correcting scheme a string of zeros to[br]apply itself to, it's totally not

0:44:17.450,0:44:22.310
additive. We get back twice as many zeros[br]so we can leverage that to do something to

0:44:22.310,0:44:25.300
try to cancel out that for error[br]correcting stage. So let's go ahead and

0:44:25.300,0:44:30.440
transmit a string of zeros. Right. So,[br]again, if it's hamming it for his resume,

0:44:30.440,0:44:35.610
we expect that stage for the four year[br]curtain code to cancel out, right. What

0:44:35.610,0:44:38.700
about the inner lever? Let's take a look[br]at the algorithm that suggested in the

0:44:38.700,0:44:44.420
pattern. There it is. The key takeaway[br]from this is if this is implemented in a

0:44:44.420,0:44:49.080
way that's similar to this, is this should[br]be totally non additive. So this should

0:44:49.080,0:44:53.910
just move bits around but not add any[br]bits. Right. So if it is in fact non

0:44:53.910,0:44:58.510
additive and all we pass through are a[br]bunch of zeros, what happens when you

0:44:58.510,0:45:02.430
shuffle around a bunch of zeros? You get[br]the same thing out, so that falls away,

0:45:02.430,0:45:06.640
too, right? So we're left with two states,[br]right? We have our symbol grand stage and

0:45:06.640,0:45:11.530
our data waiting stage waiting is what[br]we're solving for. That's our variable and

0:45:11.530,0:45:16.250
gray indexing. The quote unquote indexing[br]is a bit of an ambiguous term, but it

0:45:16.250,0:45:22.270
likely refers to some variant of gray[br]coating, which we mentioned earlier. But

0:45:22.270,0:45:26.320
even if it is gray coating versus gray[br]coating or nothing at all, it's just

0:45:26.320,0:45:29.550
something they didn't implement. That[br]leaves only three permutations here.

0:45:29.550,0:45:32.470
Right. So we've just reduced all the[br]ambiguity of figuring out what this

0:45:32.470,0:45:36.280
decoder is to really figure out what the[br]lighting sequences, to really just

0:45:36.280,0:45:40.830
figuring out which of the three states[br]this for which of the three operations,

0:45:40.830,0:45:47.280
this first gray indexing stages. Right. So[br]if we do that, we try all three. That's

0:45:47.280,0:45:50.110
only three things to attempt in order to[br]derive the whitening sequence from the

0:45:50.110,0:45:53.290
transmitter, because, again, if we send[br]through a string of zeros, what is the

0:45:53.290,0:45:58.890
whitening do? It explores the zeroes[br]against the pseudo random string and what

0:45:58.890,0:46:03.540
does anything extra zero. It's the input.[br]So we can do this and get the transmitter

0:46:03.540,0:46:07.750
to tell us what its whitening sequences so[br]we can implement the receiver, read that

0:46:07.750,0:46:13.220
out, plug it back in and then start to[br]sell for the rest. Cool. Next stage is the

0:46:13.220,0:46:16.840
inner lever. Again, we had that formula[br]from the patent surprise surprise

0:46:16.840,0:46:22.380
implemented. It was no good. So let's[br]figure out how this works now. We're going

0:46:22.380,0:46:28.550
to move very quickly through this because[br]this was the hardest part of all this. And

0:46:28.550,0:46:31.820
I'm going to show you the process without[br]making us all the time of staring at a

0:46:31.820,0:46:38.340
bunch of graph paper and trying things[br]that that kind of went into this. But

0:46:38.340,0:46:40.250
again, just like with the whitening[br]sequence, we're going to exploit

0:46:40.250,0:46:44.590
properties of the Heming fact, reveal[br]patterns in the interleave. So, again, if

0:46:44.590,0:46:47.240
we look at our Heming eight for code words[br]that we know and love that are very

0:46:47.240,0:46:52.800
useful, we're going to use this time the[br]code word for for once, the code word for

0:46:52.800,0:46:59.420
for Hex F, and in that case, the state of[br]that code word is eight once. So if we

0:46:59.420,0:47:02.840
construct a bunch of packets, we're[br]basically we take we take eight symbols.

0:47:02.840,0:47:09.790
We start we take we take four four bytes,[br]which is eight symbols and SFH and we walk

0:47:09.790,0:47:14.600
the position of those ones through our our[br]frame here. We can start to look for

0:47:14.600,0:47:23.500
patterns. Who sees it. I'll save you the[br]trouble. Who sees it. Now look at the the

0:47:23.500,0:47:26.960
bottom row. Second from the right and[br]you'll see the pattern. Basically it's a

0:47:26.960,0:47:32.820
diagonal inner lever. But the first two,[br]the two most significant bits are flipped.

0:47:32.820,0:47:36.060
So if we take this and then read out,[br]basically we can take this and we can

0:47:36.060,0:47:42.130
start to map those diagonal positions into[br]positions within within a interleave

0:47:42.130,0:47:47.190
matrix. So if we do that, we walk through[br]all the different states and map those

0:47:47.190,0:47:53.030
positions out with data that we know we[br]get this nice table. Now, let's put this

0:47:53.030,0:47:57.420
table next to the data that we're looking[br]for. Right. So here we decomposed the

0:47:57.420,0:48:01.490
Heming code words for for the data we in,[br]which is, of course, our beloved dead beef

0:48:01.490,0:48:07.560
on the in the middle column. On the left,[br]we have the the data values, the four data

0:48:07.560,0:48:13.990
bits that we're looking for. And then the[br]column, the right column on the left there

0:48:13.990,0:48:18.000
is are the Perati bits that we're looking[br]for. Again, I'm going to make this easy

0:48:18.000,0:48:21.450
for you. If you stare at this for long[br]enough, you become compelled to reverse

0:48:21.450,0:48:26.000
the order. And then if you continue[br]staring at it, you start to see some

0:48:26.000,0:48:30.340
patterns. That looks like our data, right.[br]So if we go a step further, we can start

0:48:30.340,0:48:36.420
to map in some of these HanTing correcting[br]fields into this this matrix here. So here

0:48:36.420,0:48:41.040
we see the four data are the rightmost[br]rightmost bits. And then we can see that

0:48:41.040,0:48:45.290
Perati bits, one and two correlate very[br]nicely. And if you go a step further, we

0:48:45.290,0:48:52.130
can see that. These are these the Ghiz[br]five in format very closely as well,

0:48:52.130,0:48:55.780
although they're flipped, you'll see that[br]Perati before is actually more significant

0:48:55.780,0:49:00.260
period of three. So we're almost there,[br]right. Although we have left to do is

0:49:00.260,0:49:06.420
applier and we're done. And that's the[br]modulation. That's the whole thing. So,

0:49:06.420,0:49:18.220
again, let's thank you. So, again, let's[br]let's talk briefly about these red

0:49:18.220,0:49:23.380
herrings and try to wrap this up, I want[br]to do a demo before our Q&amp;A. So we had

0:49:23.380,0:49:25.990
these four different encoding stages here,[br]right? We had great documentation for all

0:49:25.990,0:49:29.010
of them. But empirically, after[br]implementing them, we were able to

0:49:29.010,0:49:36.400
establish that, well, three of the three[br]of the four just weren't the case. Right.

0:49:36.400,0:49:40.140
One of them was actually cool, right? One[br]of them was actually what it said it was.

0:49:40.140,0:49:44.500
So. So, yeah. Anyway, how are we able to[br]work through this? I think it's important

0:49:44.500,0:49:48.010
to reflect and try to get some takeaways[br]from this. Hopefully this is useful as you

0:49:48.010,0:49:51.560
approach your reverse engineering[br]challenges. Basically, what was essential

0:49:51.560,0:49:55.230
here was being able to bauen the problem[br]and hold certain things constants that we

0:49:55.230,0:49:58.910
could solve for unknowns. And if you[br]remember, we kind of did this in two

0:49:58.910,0:50:02.920
stages. We were able to cancel out the[br]interleaving in the forward error

0:50:02.920,0:50:08.240
correction and hold that hold that[br]standard, hold that static in order to

0:50:08.240,0:50:11.940
figure out the whitening sequence. And the[br]gray indexing were kind of all in one go.

0:50:11.940,0:50:15.240
And then when we controlled the grand[br]indexing, the whitening sequence, and

0:50:15.240,0:50:19.320
we're pretty confident about what the Ford[br]error correction was, there was really

0:50:19.320,0:50:24.010
only one variable that we really had to[br]had to solve, really only one thing. We

0:50:24.010,0:50:26.100
actually had to go into the bits and[br]really, really kind of dig out of this

0:50:26.100,0:50:30.990
thing. Right. So by making these[br]assumptions, using open source information

0:50:30.990,0:50:35.120
and really bounding the problem and[br]working, working through it, through it,

0:50:35.120,0:50:39.310
coherently able to reverse these four[br]stages down into really one experimental

0:50:39.310,0:50:45.170
variable and just solve for it. So that's[br]that's really the trick here. OK, I'm

0:50:45.170,0:50:48.850
going to blow through this next part to[br]talk very briefly about the structure, the

0:50:48.850,0:50:54.240
Laurer Phi Phi packett. So this is a[br]picture pulled out of one of the one of

0:50:54.240,0:50:59.720
the data sheets. We already talked about[br]the preamble, this repeated chirps. One

0:50:59.720,0:51:03.400
thing that's not pictured here is the[br]single word in the story frame delimiter,

0:51:03.400,0:51:09.050
which is right there. And then we have[br]this thing called the header. Right. And

0:51:09.050,0:51:12.200
it says here that the header is only[br]present in explicit mode. So there's this

0:51:12.200,0:51:16.920
notion of implicit versus explicit header[br]in LoRa. And the explicit header includes

0:51:16.920,0:51:21.330
a finder that that has some information,[br]such as the length of the payload, the

0:51:21.330,0:51:25.760
type of scheme in there that's applied to[br]the remainder of the payload, not the

0:51:25.760,0:51:30.200
header itself, but the rest of it. And[br]then there's also an optional CRC as well.

0:51:30.200,0:51:33.770
It can be included in implicit assumes[br]that the receiver knows the modulation

0:51:33.770,0:51:41.380
parameters and skips that bit. So no[br]problem, right? We can use implicit mode

0:51:41.380,0:51:45.530
to figure out what the whitening sequences[br]and then switch back to explicit mode, use

0:51:45.530,0:51:49.300
the whitening sequence from implicit and[br]figure out what the header is by just

0:51:49.300,0:51:54.160
looking to see what the values are as we[br]change the modulation. Yeah, right. None

0:51:54.160,0:52:00.360
of this is easy, right? Like, really,[br]really nothing. Nothing helps us here. So

0:52:00.360,0:52:03.940
as it turns out, implicit and explicit[br]explicit header modes use different

0:52:03.940,0:52:07.730
whitening sequences. So the header remains[br]unpersuaded, even if we know what the

0:52:07.730,0:52:12.370
implicit whitening sequence is implicit[br]about whitening sequences. So let's see

0:52:12.370,0:52:17.390
what we know. Again, we've got this header[br]here and in this picture tells us the code

0:52:17.390,0:52:21.210
rate is always four eight for the header.[br]So no matter what the code rate, that is

0:52:21.210,0:52:24.650
the the number of bits in the Heming for[br]Hemingford error correcting codes used is

0:52:24.650,0:52:29.620
for the rest of the packet. This code red[br]is always for it. Well, what about the

0:52:29.620,0:52:36.420
spreading factor, as it turns out, the[br]header is always sent at the spreading

0:52:36.420,0:52:40.190
factor, that is to less than the rest of[br]your modulation, the code rate is still

0:52:40.190,0:52:44.500
for the spreading factor for the header is[br]the pretty factor of minus two. So two

0:52:44.500,0:52:48.170
fewer bits per symbol, even if the headers[br]implicit and I have to credit Thomas tell

0:52:48.170,0:52:51.520
Camp for giving me the tip that actually[br]led led to kind of putting this all

0:52:51.520,0:52:57.250
together thanks to him. So again, the[br]first eight symbols, no matter whether

0:52:57.250,0:53:01.301
you're an implicit or explicit mode, are[br]always Senate it minus two and code word

0:53:01.301,0:53:05.880
for it. That's always the case. Also,[br]there's this mode called low data rate

0:53:05.880,0:53:10.260
where if that set on, then all of the[br]symbols in the remaining in the remainder

0:53:10.260,0:53:17.310
of the five, the five packet are also sent[br]at spreading factor F minus two. So it's

0:53:17.310,0:53:19.400
just an extra basically gets you some[br]extra margin in case you're dealing with

0:53:19.400,0:53:24.410
the noisy channel and need to get data for[br]that's the five who want some tools to go

0:53:24.410,0:53:28.760
with it, who's curious about this and[br]wants to start playing with it. Does LoRa

0:53:28.760,0:53:34.290
seem cool? So with that, that brings us to[br]G.R. LoRa, which is an out of frequency

0:53:34.290,0:53:39.090
radio module that I've been working on for[br]for the last couple of months. And it's an

0:53:39.090,0:53:42.230
open source implementation of the fire[br]that works very nicely with the GANU radio

0:53:42.230,0:53:46.830
software, defined radio, digital signal[br]processing toolkit. It's open source

0:53:46.830,0:53:51.951
software, its free software. It's got a[br]great community built up around it. It's

0:53:51.951,0:53:54.951
really cool. If you're curious about ETR,[br]there are loads of good tutorials. And

0:53:54.951,0:53:58.250
even if you're a wizard, well, if you're a[br]wizard, you already know what this is. But

0:53:58.250,0:54:03.730
it's a really, really great, great piece[br]of software and ecosystem. And why is

0:54:03.730,0:54:07.720
having an open source version of this[br]interesting, well, existing interfaces to

0:54:07.720,0:54:12.660
LoRa or layer to and above, both with the[br]the data sheets that we get that go with

0:54:12.660,0:54:17.900
each of the different lower radios and the[br]standards that are available and open.

0:54:17.900,0:54:21.810
It's all layer tuneup. We don't have any[br]insight into what the fi state machine

0:54:21.810,0:54:28.040
actually does. And FIGLIA security really[br]can't be taken for granted. And to to back

0:54:28.040,0:54:32.130
this up, I'm going to point to some eight[br]to 15 for exploits that that kind of

0:54:32.130,0:54:36.510
reinforce this from a couple of years ago.[br]We have traves good speeds packet packet

0:54:36.510,0:54:39.920
that show that he was able to do a full[br]seven layer compromise by basically

0:54:39.920,0:54:45.700
encoding the data that would induce the[br]preamble and subframe symbols for eight to

0:54:45.700,0:54:48.900
15 for within the payload of another[br]message, he was able to get some really

0:54:48.900,0:54:53.840
wonky things to happen to radio state[br]machines in doing so. And related to that,

0:54:53.840,0:54:59.050
we have this wireless intrusion detection[br]system evasion that was done by Travis

0:54:59.050,0:55:02.550
Good and some friends of mine from[br]Dartmouth. Where they were basically able

0:55:02.550,0:55:07.140
to fingerprint how different Itochu for[br]radio state machines work and construct

0:55:07.140,0:55:11.910
packets that would be able to be heard by[br]some but not others. So from that, you

0:55:11.910,0:55:16.140
could basically identify generate versions[br]of packets that weren't totally compliant

0:55:16.140,0:55:20.120
with the standard, but would still be[br]heard by certain receivers and not others.

0:55:20.120,0:55:23.780
So some really tricky stuff here. Phi's[br]really matter. You can't take them for

0:55:23.780,0:55:27.560
granted in the picture of security. So my[br]hope with this is by getting this tool out

0:55:27.560,0:55:31.540
there, we can actually really start to[br]look at the surface and figure out how it

0:55:31.540,0:55:34.930
works and how it can be made better and[br]really start to start to get involved with

0:55:34.930,0:55:40.200
improving the security of this new[br]protocol through some prior to site. Josh

0:55:40.200,0:55:44.990
Blum has a module for both of us, which is[br]a kind of like a competitor to radio. It's

0:55:44.990,0:55:48.800
like another framework. It gets the[br]modulation right. But the decoding is is

0:55:48.800,0:55:52.320
basically off of the documentation so it[br]can talk to itself, but it can't talk to

0:55:52.320,0:55:55.530
actual hardware because it doesn't[br]implement the real decoding stage that we

0:55:55.530,0:56:00.440
had to reverse engineer. And also, there's[br]another Gahler out there made by this guy,

0:56:00.440,0:56:05.001
RPV zero on GitHub. When I first looked at[br]it, it was like this python thing that I

0:56:05.001,0:56:08.540
couldn't quite get to work. I went, What[br]did you get last night? Actually looks

0:56:08.540,0:56:11.540
pretty cool. So you might check that out,[br]too, if you're interested in this. Looks

0:56:11.540,0:56:15.760
like it's it's pretty, pretty solid. So[br]Migiro LoRa implements modulation encoding

0:56:15.760,0:56:20.190
in separate blocks so that you can you can[br]be modular and experiment. So if you want

0:56:20.190,0:56:22.820
to have like a multiple kind of like a[br]common two layer for error correcting

0:56:22.820,0:56:26.260
thing, you better resiliency. You can[br]write that in without having to touch the

0:56:26.260,0:56:30.260
demodulator. Told you a couple for you.[br]Also, there's a very simple asynchronous

0:56:30.260,0:56:35.570
PDU interface for passing data between the[br]blocks and you basically write to it just

0:56:35.570,0:56:39.210
using websocket, which is really easy.[br]I'll demonstrate in a minute and it's just

0:56:39.210,0:56:43.670
like I you know, two fifteen four which is[br]a great eight to 15 four, which is a

0:56:43.670,0:56:49.090
really great module made by Bastiaan, who[br]I think is here really, really cool tool I

0:56:49.090,0:56:53.770
used all the time. So demodulator, the[br]demodulator in the decoding implements the

0:56:53.770,0:56:58.520
process that we just reverse engineered[br]using the stack, the 50s and all that. The

0:56:58.520,0:57:00.720
modulator in the encoder use a more[br]efficient method that does direct

0:57:00.720,0:57:05.280
synthesis of chirps. So rather than like[br]basically computing the fifty results and

0:57:05.280,0:57:08.790
then doing an effect of that, we can[br]actually index into a pre computed chirp

0:57:08.790,0:57:13.320
to make the generation a lot more[br]computationally efficient. If you want the

0:57:13.320,0:57:20.210
source right there just pushed a giant[br]update to it about two hours ago. So if

0:57:20.210,0:57:23.600
you're interested in playing with it,[br]there it is. Let's run through a quick

0:57:23.600,0:57:28.370
demo before we're out of time here. So[br]here's a scenario. I've written you guys a

0:57:28.370,0:57:32.170
poem. I'm going to play you guys a poem.[br]And I want to be able to sniff it and show

0:57:32.170,0:57:38.090
you what it is. Right. So to transmit, we[br]have our ative fruit. It's an idea for

0:57:38.090,0:57:42.650
radio, like an Arduino basically with a[br]lower radio on it. And to receive it,

0:57:42.650,0:57:46.260
we're going to use our USP right down[br]here. And of course, it's all being

0:57:46.260,0:57:53.910
received by G.R. LoRa. So I'm going to[br]jump over to my VM if I can see if I can

0:57:53.910,0:58:12.620
get this up on the other screen. Bear with[br]me one moment. There we go. Show you the

0:58:12.620,0:58:21.980
interview of my password. We're going to[br]start a receiver here and now I'm. Going

0:58:21.980,0:58:33.700
to just open a. Sock it here. And I'm[br]going to. Sir, my transmitter and let's

0:58:33.700,0:59:00.480
see what we have for you. In case you're[br]unsure of what you're looking at. So

0:59:00.480,0:59:04.390
that's all over, LoRa. There are few to[br]do's, if you want to contribute, be happy

0:59:04.390,0:59:09.270
to have you do so, some additional[br]resources if you want to know more. I've

0:59:09.270,0:59:13.010
written this up all in detail in traves[br]good speeds, PIERCEY or ETFO. The most

0:59:13.010,0:59:17.150
recent issue has that in there. Also, if[br]you want to learn more about Radio's NDR,

0:59:17.150,0:59:20.850
my colleague Mark and I are giving a talk[br]at Shukan and Troupers called. So you want

0:59:20.850,0:59:24.040
to talk radio's, which is going to go[br]through how to reverse engineer really

0:59:24.040,0:59:27.860
basic Iot modulations. It'll spend a lot[br]more time on some of the basics and show

0:59:27.860,0:59:32.120
you how to actually apply the stuff[br]yourself to wrap up. LPI plans are

0:59:32.120,0:59:36.480
exploding. They have tons of momentum and[br]are popping up everywhere. RF stacks are

0:59:36.480,0:59:40.130
also becoming more diverse. So when you're[br]talking about securing your wireless air

0:59:40.130,0:59:43.760
space, you're not just worrying worried[br]about Wi-Fi anymore. If you're a corporate

0:59:43.760,0:59:46.770
security administrator, you work in[br]corporate I.T. You also have to worry

0:59:46.770,0:59:49.960
about all these other, like, Iot[br]appliances that are coming into your

0:59:49.960,0:59:54.800
enterprise and are starting to take root.[br]On a technical note, we've shown how to go

0:59:54.800,0:59:58.970
from some obscure modulation into bits.[br]We've also added a new tool to the

0:59:58.970,1:00:03.840
researchers arsenal. I want to thank[br]Bollon Sieber Bestival. He's an incredible

1:00:03.840,1:00:07.300
resource and this would have been possible[br]without him. Also, the open source

1:00:07.300,1:00:12.310
contributors who helped get here helped us[br]all get here. And finally, the Chaos

1:00:12.310,1:00:19.380
Computer Club for organizing 33c3 and[br]having me. So thank you very much. Thank

1:00:19.380,1:00:25.090
you for your attention. And I'd be happy[br]to take your questions.

1:00:25.090,1:00:35.530
<i>Applause</i>

1:00:35.530,1:00:45.700
Herald: We are almost out of time, thank[br]you very much, Matt. We're able to take

1:00:45.700,1:00:50.180
very few and brief questions. So[br]microphone in front, right, please.

1:00:50.180,1:00:54.060
Matt: I remember you. We met in your video[br]conference. Good to see you.

1:00:54.060,1:00:58.480
Mic: Yes. There are two ways to quantify[br]the reliability of a dense LoRa network.

1:00:58.480,1:01:00.920
Matt: Could you repeat that, please?[br]Mic: Is art a ways to quantify the

1:01:00.920,1:01:05.300
reliability of a dense LoRa network?[br]Matt: I'm sure there are. I haven't really

1:01:05.300,1:01:10.540
looked at all at benchmarking or figuring[br]out what kind of the limits are. My

1:01:10.540,1:01:15.110
interest has really been in getting the[br]decoding information extraction done. I

1:01:15.110,1:01:19.340
know that there's a group in San Francisco[br]that's building deep networks that

1:01:19.340,1:01:23.450
building a LoRa product or network of some[br]sort. They've done some benchmarking of

1:01:23.450,1:01:27.590
how LoRa works in cities and they have a[br]blog post. That's pretty good. You might

1:01:27.590,1:01:30.290
check that out.[br]Herald: We have one question from the

1:01:30.290,1:01:33.680
Internet via our Signal Angel?[br]Signal Angel: Our panel on the IAC is

1:01:33.680,1:01:36.240
asking, how long did it take to figure out[br]all of this?

1:01:36.240,1:01:40.970
Matt: So, you know, I first saw LoRa in[br]the wild in January and kind of just let

1:01:40.970,1:01:49.710
the capture sit in my sitting by my hard[br]drive for a while. It probably took about

1:01:49.710,1:01:53.700
four or five weeks of working on this,[br]more or less full time, I was a little bit

1:01:53.700,1:01:56.780
I had some other things working on, too,[br]I'd say probably four weeks from what I

1:01:56.780,1:01:59.780
actually said. All right. Let's figure[br]this thing out to having the initial

1:01:59.780,1:02:04.600
results.[br]Herald: Another question from the rear

1:02:04.600,1:02:09.000
right microphone.[br]Mic: So in decoding those two unknown

1:02:09.000,1:02:15.600
layers, you had your proprietary hardware[br]and you could send it data and it'll it

1:02:15.600,1:02:20.380
won't do the AES and encryption stuff and[br]it just sends that encoding.

1:02:20.380,1:02:24.660
Matt: That's a great question. I kind of[br]skipped over that the microchip LoRa radio

1:02:24.660,1:02:29.230
that I had this guy right here. I also[br]wanted another one that was a LoRa when

1:02:29.230,1:02:34.160
radio. This is a LoRa radio, but actually[br]exposes an API to pause the Maxsted

1:02:34.160,1:02:37.850
machine so you can turn off all the layer[br]two stuff that would add a header in

1:02:37.850,1:02:43.500
encryption, stuff like that, and send what[br]are close to arbitrary frames. And I say

1:02:43.500,1:02:47.880
what are close to arbitrary frames because[br]you can't turn off the implicit header. So

1:02:47.880,1:02:49.910
it's always an implicit or sorry, you[br]can't turn off explicit headers, it's

1:02:49.910,1:02:53.880
always in the explosive header mode. So[br]this more or less exposed raw raw payload

1:02:53.880,1:02:55.880
injection.[br]Mic: OK, thanks.

1:02:55.880,1:03:00.050
Herald: Yeah, we're already in overtime.[br]We're taking one last question from our

1:03:00.050,1:03:02.760
Signal Angel on IRC and then we'll have to[br]wrap up.

1:03:02.760,1:03:06.960
Matt: I'll be happy to hang out and answer[br]questions after the fact too.

1:03:06.960,1:03:11.350
Mic: Now many people are wondering what[br]implications does it have that basically

1:03:11.350,1:03:17.450
the patent is not used at all? So could[br]you could you say that the technology is

1:03:17.450,1:03:22.960
patent free In a way?[br]Matt: I am not a lawyer, but I have known

1:03:22.960,1:03:27.000
lawyers and I know that they're clever[br]enough to not fall for that. So I'm sure

1:03:27.000,1:03:30.850
that I'm sure that the patent was defined[br]as generally as possible. And again, it

1:03:30.850,1:03:35.790
describes a modulation similar to LoRa.[br]I'm again not a lawyer, but I'm almost

1:03:35.790,1:03:43.070
certain that that that that it would be[br]covered. So but that's a clever thought.

1:03:43.070,1:03:50.000
Herald: Thank you, Mike. Please give him a[br]warm round of applause. Thank you again.

1:03:50.000,1:03:52.120
<i>applause</i>

1:03:52.120,1:03:56.160
<i>33c3 postrol music</i>

1:03:56.160,1:04:16.000
Subtitles created by c3subtitles.de[br]in the year 2021. Join, and help us!