1
00:00:00,000 --> 00:00:13,880
33c3 prerol music
2
00:00:13,880 --> 00:00:18,789
Herald: As mentioned before, Internet of
Things, it would be great if it would work
3
00:00:18,789 --> 00:00:24,539
and one big part of Internet of Things is
the Internet part. So stuff has to talk
4
00:00:24,539 --> 00:00:30,000
and cables are shit. So we use Wi-Fi and
other wireless protocols. So our next
5
00:00:30,000 --> 00:00:35,140
speaker is going to take a very close look
at the physical layer of LoRa, a low power
6
00:00:35,140 --> 00:00:40,780
wireless area network, and he built some
stuff to actually sniff what's happening
7
00:00:40,780 --> 00:00:46,949
and inject stuff. And apparently he
offered his sacrifices to the gods. So
8
00:00:46,949 --> 00:00:50,879
we'll see something. Please give a warm
round of applause to Matt Knight.
9
00:00:50,879 --> 00:00:55,370
applause
10
00:00:55,370 --> 00:01:00,819
Matt Knight: Thank you for that warm
introduction and thank you all for coming.
11
00:01:00,819 --> 00:01:04,379
I'm really excited to be here. So for the
next hour or so, we're going to be talking
12
00:01:04,379 --> 00:01:08,799
about the LoRa failure. And LoRa is a low
power wide area network, wireless
13
00:01:08,799 --> 00:01:14,590
technology that is designed for the
Internet of Things. So first, a little bit
14
00:01:14,590 --> 00:01:17,630
of background. Myself, a software engineer
and a security researcher with bestial
15
00:01:17,630 --> 00:01:21,060
networks, I have a bachelor's in
engineering, electrical engineering and
16
00:01:21,060 --> 00:01:24,619
better systems from Dartmouth. But really,
my interests are in applied RF security
17
00:01:24,619 --> 00:01:28,469
research. So that means everything from
reverse engineering wireless protocols to
18
00:01:28,469 --> 00:01:31,950
developing functional based bands and
software and HDL and also all the way up
19
00:01:31,950 --> 00:01:35,640
to software networking stocks. So all
these things are interesting, interesting
20
00:01:35,640 --> 00:01:39,630
to me, but I'm really excited about the
material we're going to talk about today.
21
00:01:39,630 --> 00:01:43,109
So before we get started, there aren't
going to be any like zero days or
22
00:01:43,109 --> 00:01:46,510
traditional security related exploits
here. But we are going to take apart a
23
00:01:46,510 --> 00:01:51,220
cutting edge wireless protocol. Let's talk
about why that's important in a minute.
24
00:01:51,220 --> 00:01:54,509
But first, I'd just like to survey the
room and get a sense for who's here so I
25
00:01:54,509 --> 00:01:57,979
can figure out where to spend more of my
time. So if you'd be so kind as to raise
26
00:01:57,979 --> 00:02:02,569
your hand if you've heard of software
defined radio. That's a lot of hands.
27
00:02:02,569 --> 00:02:06,329
That's great. OK, how about raise your
hand if you know what is best for you,
28
00:02:06,329 --> 00:02:13,390
transform is awesome. And how about a
symbol in the context of wireless wireless
29
00:02:13,390 --> 00:02:20,230
systems? OK, cool, this we're going to do
well, this is going be fun, so why why is
30
00:02:20,230 --> 00:02:25,220
this sort of network forensics interesting
or why is it relevant? Why is this
31
00:02:25,220 --> 00:02:28,180
important? The Cisco Internet Business
Solutions Group has a figure that I really
32
00:02:28,180 --> 00:02:32,810
like that states that by 2020 they're
going to be 50 billion devices connected
33
00:02:32,810 --> 00:02:37,580
to the Internet in some way. As we know,
with the growth of mobile and the Internet
34
00:02:37,580 --> 00:02:40,240
of Things, fewer and fewer of those
devices are connected with wires every
35
00:02:40,240 --> 00:02:45,350
year. And as we know, tools like Wireshark
and Monitor Mode weren't always a thing,
36
00:02:45,350 --> 00:02:50,350
even for common interfaces like Wi-Fi and
able to 11. Those those tools that we come
37
00:02:50,350 --> 00:02:53,520
to rely on every day exist because
somebody thought to look below the layer
38
00:02:53,520 --> 00:02:58,580
they had and make it. And I believe that
low level security, low level access to
39
00:02:58,580 --> 00:03:03,310
interfaces is essential for an enabling
comprehensive security on various
40
00:03:03,310 --> 00:03:09,020
interfaces. So we're going to begin by
discussing L.P winds at a high level and
41
00:03:09,020 --> 00:03:11,450
then we're going to do a little bit of a
background on some technical radio
42
00:03:11,450 --> 00:03:15,460
concepts just so we can level out our
domain knowledge and inform the rest of
43
00:03:15,460 --> 00:03:18,930
the conversation. Then I'm going to take
you through my recent reverse engineering
44
00:03:18,930 --> 00:03:23,440
of the law failure that was powered
through separate fun radio. And finally,
45
00:03:23,440 --> 00:03:27,680
I'm going to give you a demo of this tool
called Jaala that I've made. That is an
46
00:03:27,680 --> 00:03:32,000
open source implementation of of this FI
that will enable you to begin doing your
47
00:03:32,000 --> 00:03:38,610
own security research with it. So to
begin, what is LoRa, what is this thing?
48
00:03:38,610 --> 00:03:44,480
It is a wireless Iot protocol and Iot is
in red because some of us are are
49
00:03:44,480 --> 00:03:49,480
marketers. We're all engineers. We know
that this is a dirty term. Right? Iot is
50
00:03:49,480 --> 00:03:53,260
really code for connected embedded devices
and there are tons of common standards for
51
00:03:53,260 --> 00:03:58,290
embedded systems already. Everything like
ITOCHU 54 and all of its friends like
52
00:03:58,290 --> 00:04:03,540
Ziggy and six Lappin, Itochu, eleven wi fi
and then also more common things like
53
00:04:03,540 --> 00:04:08,650
Bluetooth and Bluetooth, low energy. And
the list goes on. Right. We've got all
54
00:04:08,650 --> 00:04:11,650
these standards. What is wrong with them?
Why don't we just use just one of these
55
00:04:11,650 --> 00:04:15,890
existing ones? Well, all the ones we just
mentioned all require some degree of local
56
00:04:15,890 --> 00:04:20,739
provisioning. You need to connect your
device to in side or hook your your Zuby
57
00:04:20,739 --> 00:04:24,421
device up to a coordinator in order to get
a communicating. Some of them require
58
00:04:24,421 --> 00:04:29,820
gateways to talk out to to the Internet.
And in the case of eight to 11, it's very
59
00:04:29,820 --> 00:04:35,270
power intensive. So you can't run a device
for a long time on a battery. So what's
60
00:04:35,270 --> 00:04:40,090
ideal? What about cellular cellular works
everywhere? It's easy to install. You
61
00:04:40,090 --> 00:04:43,320
don't have to worry about any hardware on
premises. As long as you can talk to a
62
00:04:43,320 --> 00:04:48,300
tower, there could be miles away. You're
good to go. Well, it's power intensive and
63
00:04:48,300 --> 00:04:51,880
in the case of certain types of the
standards, they're going away. And I'm
64
00:04:51,880 --> 00:04:57,960
talking about to give us an edge service
in in the United States. AT&T, one of the
65
00:04:57,960 --> 00:05:02,310
largest carriers, is saying they're going
to sunset their 2G network in about three
66
00:05:02,310 --> 00:05:08,080
days in Australia. This has already
happened. Telstra, which is one of the
67
00:05:08,080 --> 00:05:12,100
largest telecom companies in Australia,
sunset their GPS service earlier this
68
00:05:12,100 --> 00:05:19,650
month. And all the other major carriers
are soon to follow. So 2G is is works
69
00:05:19,650 --> 00:05:23,840
everywhere. It's very battery conscious
and it's fairly cheap. So this is exactly
70
00:05:23,840 --> 00:05:30,170
what the Internet of Things needs to to
power its communication standards. Now,
71
00:05:30,170 --> 00:05:34,110
say you're a developer and you want to
move on to a new wireless standard that
72
00:05:34,110 --> 00:05:39,060
won't, you know, deprecate in three days
you can either go to 3G or more modern
73
00:05:39,060 --> 00:05:43,310
cell stack, which which comes with a more
expensive radio and harder power
74
00:05:43,310 --> 00:05:48,100
requirements. Or you can wait for the 3G
up, which is the standards body that makes
75
00:05:48,100 --> 00:05:53,660
and maintains the cellular standards to
come out with their Iot focused, with
76
00:05:53,660 --> 00:05:57,660
their Iot focused standards that are
currently in development. And the
77
00:05:57,660 --> 00:06:01,210
indications that I've gotten state that
those won't be ready until the end of next
78
00:06:01,210 --> 00:06:04,351
year, really at the earliest. So it's
gonna be the end of twenty seventeen at
79
00:06:04,351 --> 00:06:07,800
the beginning of twenty eighteen before we
start to see these things in the wild,
80
00:06:07,800 --> 00:06:12,570
which means that until then there's a
massive hole in the market. So if you want
81
00:06:12,570 --> 00:06:16,190
to, if you want to develop a embedded
system that requires this type of
82
00:06:16,190 --> 00:06:20,070
connectivity, you're going to have to look
elsewhere. And that brings us to the topic
83
00:06:20,070 --> 00:06:23,920
of low power, wide area networks. And you
can think of these networks as being just
84
00:06:23,920 --> 00:06:28,860
like cellular, but optimized for Iot and
M2M communications. The architecture is
85
00:06:28,860 --> 00:06:31,750
almost exactly the same and that you have
a network of base stations or gateways
86
00:06:31,750 --> 00:06:37,020
worldwide and then end nodes uplink
directly to those base stations without
87
00:06:37,020 --> 00:06:41,350
any meshing or routing among themselves.
It's just like a star network. Basically,
88
00:06:41,350 --> 00:06:44,660
you have these nodes, the connect directly
to the base station and they have a range
89
00:06:44,660 --> 00:06:49,850
on the order Miles. It's a very similar
topology to cellular. There are tons of
90
00:06:49,850 --> 00:06:54,949
standards that are there are popping up
more and more every day. But the two that
91
00:06:54,949 --> 00:06:58,949
have the most momentum are LoRa and Sigge
Fox. There's been a ton of investment in
92
00:06:58,949 --> 00:07:03,500
both of these technologies, actually. Just
last month, LoRa Ersek Fox closed a
93
00:07:03,500 --> 00:07:09,669
hundred and fifty million Euro Series F,
some late stage funding round in the Wall
94
00:07:09,669 --> 00:07:13,720
Street Journal, wrote an article recently
that stated they were investigating a U.S.
95
00:07:13,720 --> 00:07:17,260
IPO soon. Additionally, Senate and
activity, two of the biggest backers of
96
00:07:17,260 --> 00:07:22,080
the wharfie have raised a combined fifty
one million dollars in the last year or
97
00:07:22,080 --> 00:07:26,050
two, so one from raising one hundred fifty
million dollars, they're absolutely going
98
00:07:26,050 --> 00:07:30,760
for it. They're investing like crazy in
these technologies. So when we say that
99
00:07:30,760 --> 00:07:33,430
these networks are optimized for the
Internet of Things, we're really talking
100
00:07:33,430 --> 00:07:37,970
about two things. They're battery
conscious sic. Fox advertises that they
101
00:07:37,970 --> 00:07:41,449
can get up to 10 years of battery on the
amount of energy and a single AAA battery
102
00:07:41,449 --> 00:07:45,730
and their long range. And if you turn all
the knobs and LoRa just right and have a
103
00:07:45,730 --> 00:07:50,180
perfect noiseless channel, they advertise
that you can get thirteen point six miles
104
00:07:50,180 --> 00:07:55,270
on one of these very long range devices.
And if you compare that with, you know,
105
00:07:55,270 --> 00:07:59,620
some of the standards we talked about
earlier, that's pretty competitive. So how
106
00:07:59,620 --> 00:08:02,889
how do they do that? How does that work?
Well, they've designed the entire system
107
00:08:02,889 --> 00:08:07,150
around the fact that they're willing to
accept compromises in the protocol and the
108
00:08:07,150 --> 00:08:11,449
functionality of these devices. When I
talk about compromises, I'm talking about
109
00:08:11,449 --> 00:08:16,800
aggressive duty cycling, both transmitting
and listening, very sparse data, grams, so
110
00:08:16,800 --> 00:08:21,500
tiny packet sizes. And they're highly
limited, meaning they can't send that many
111
00:08:21,500 --> 00:08:27,060
packets that often. Now, for example,
signal limits. This is built into the FYE
112
00:08:27,060 --> 00:08:32,789
limits devices to 140 12 byte data grams
per day. That's like that's like nothing.
113
00:08:32,789 --> 00:08:39,469
I think that's less than like a look at to
you. It's tiny now and then weightless in
114
00:08:39,469 --> 00:08:44,879
another LP when standard is uplink only.
So it can only send messages up to Gateway
115
00:08:44,879 --> 00:08:49,120
but can't receive any downlink. So for
example, if you had a device deployed, you
116
00:08:49,120 --> 00:08:53,389
can never deliver firmware to it later
unless you rolled a truck to it or climbed
117
00:08:53,389 --> 00:08:57,439
up the telephone pole to where it's
mounted. And finally, LoRa, classi devices
118
00:08:57,439 --> 00:09:03,050
can only receive downlink for a brief
window after they uplink. So if you're if
119
00:09:03,050 --> 00:09:05,790
you're an application operator and you
want to send a message to a device you
120
00:09:05,790 --> 00:09:09,290
have in the field, you have to wait for
that device to call home before you had
121
00:09:09,290 --> 00:09:13,500
your brief window to tell it what you
want. So these systems are built around
122
00:09:13,500 --> 00:09:16,899
compromises, but that's what enables them
to get some pretty incredible performance.
123
00:09:16,899 --> 00:09:22,950
All right. Let's get into the details with
LoRa. So LoRa is an LP when it's developed
124
00:09:22,950 --> 00:09:28,189
by some tech, which is a French
semiconductor company. Biffy was patented
125
00:09:28,189 --> 00:09:35,910
June in 2014 and LoRa when McCan network
STAC was published in January of 2015. So
126
00:09:35,910 --> 00:09:39,519
this this entire standard is less than two
and a half years old. It's brand new and
127
00:09:39,519 --> 00:09:42,300
it's supported by an industry trade group
called the LoRa Alliance, which has
128
00:09:42,300 --> 00:09:46,731
tripled in size every year since its
founding. So growing quite a bit before we
129
00:09:46,731 --> 00:09:51,160
move on. Just want to clear up some
nomenclature that will help us focus in on
130
00:09:51,160 --> 00:09:57,790
what this talk is going to center on, and
that is disambiguate. LoRa and LoRa, when
131
00:09:57,790 --> 00:10:02,519
LoRa refers strictly to the player, the
physical layer of the standard, LoRa when
132
00:10:02,519 --> 00:10:07,369
defines a Mac and a networking, some upper
layer stacks that right on top of LoRa,
133
00:10:07,369 --> 00:10:12,310
the LoRa Wanne standard, the upper layer
has been published and that's public. But
134
00:10:12,310 --> 00:10:18,069
the FIGLIA itself is totally closed. So
the LoRa, when upper layer stack gives
135
00:10:18,069 --> 00:10:21,851
some information about its topology, it's
kind of interesting, suggests that they
136
00:10:21,851 --> 00:10:27,009
were really thinking about security when
they designed it. There are kind of four
137
00:10:27,009 --> 00:10:31,139
stages in the network all the way out in
the field. On your sensor you have the
138
00:10:31,139 --> 00:10:36,100
node and that connects to Gateway over a
wireless link. That's the LoRa link. And
139
00:10:36,100 --> 00:10:39,689
then once you get into the gateway,
everything from there up is all on. It's
140
00:10:39,689 --> 00:10:44,970
all on IP networks, just standard
commercial IP networks. And then they have
141
00:10:44,970 --> 00:10:48,559
roaming that works on different networks.
So you'll be able to take your device and
142
00:10:48,559 --> 00:10:53,100
move to different areas of coverage and
have it all play nicely. And then you can
143
00:10:53,100 --> 00:10:56,060
hook your application server up to that as
well to receive packets to and from the
144
00:10:56,060 --> 00:10:59,809
network servers. It's all over IP and they
actually went as far as to define two
145
00:10:59,809 --> 00:11:04,720
different mechanisms for encrypting it.
There are two different keys. You have the
146
00:11:04,720 --> 00:11:07,699
network key, which goes from the which
covers from the node up to the network
147
00:11:07,699 --> 00:11:11,209
server, and then you have the application
key, which is actually fully end to end.
148
00:11:11,209 --> 00:11:16,050
It goes from the end device all the way up
to the to the application server. So if
149
00:11:16,050 --> 00:11:19,429
you design that right, the network should
never see your traffic unencrypted. And
150
00:11:19,429 --> 00:11:25,689
they also provide a mechanism for having
unique keys per device. It's built into
151
00:11:25,689 --> 00:11:29,119
the standard, but it's not required. So
it's still up to the implementor to to do
152
00:11:29,119 --> 00:11:33,880
that and get that right. So there are some
good thoughts that went into security with
153
00:11:33,880 --> 00:11:38,319
lawin. However, that's not what we're
talking about today. That's all we're
154
00:11:38,319 --> 00:11:41,179
going to say about lawin. We're just going
to tell you it exists that it rides above
155
00:11:41,179 --> 00:11:45,209
LoRa, but we're not going to go into any
more detail than that. So from here on
156
00:11:45,209 --> 00:11:49,369
out, it's all LoRa all the time. We're
just talking about the file here. So let's
157
00:11:49,369 --> 00:11:52,209
get into what makes that really
interesting. One of the big defining
158
00:11:52,209 --> 00:11:56,589
features of LoRa and Cig Fox, the two
biggest LP wins, is that they're designed
159
00:11:56,589 --> 00:12:00,809
to use what are called isman spectrum.
That's what's called in the United States.
160
00:12:00,809 --> 00:12:05,949
It stands for industrial, scientific and
medical. And what's cool about these these
161
00:12:05,949 --> 00:12:08,839
bands is they're what are called
unlicenced, which means that you don't
162
00:12:08,839 --> 00:12:15,730
need a specific license from the FCC or
you or your telecom regulation. Authority
163
00:12:15,730 --> 00:12:19,689
to operate on it. So if you go and you buy
any Wi-Fi router on Amazon, you take it
164
00:12:19,689 --> 00:12:22,819
home, you plug it in, you don't need to
then go and apply for a specific license
165
00:12:22,819 --> 00:12:28,209
to to be able to communicate on it because
it was built to a certain standard. It is
166
00:12:28,209 --> 00:12:32,110
compliant with those unlicensed band rules
and therefore can just work. So these
167
00:12:32,110 --> 00:12:36,279
these devices use that same spectrum, but
to much greater effect, much longer ranges
168
00:12:36,279 --> 00:12:42,339
in a much different use case. So that's
quite novel. And some other things that
169
00:12:42,339 --> 00:12:46,610
use these technologies are, you know, wi
fi, Bluetooth, cordless phones, baby
170
00:12:46,610 --> 00:12:51,139
monitors, things like that. So you can
think of this as occupying the same space
171
00:12:51,139 --> 00:12:56,610
in the spectrum as these. Now, why is this
noteworthy, well, contrasted with the
172
00:12:56,610 --> 00:13:02,089
cellular model where cellular technologies
use what is used protected spectrum, where
173
00:13:02,089 --> 00:13:06,379
you have to have specific rights to
transmit on it in order to to legally use
174
00:13:06,379 --> 00:13:12,700
it. And regular regulatory authorities
sell the spectrum for fortunes. But
175
00:13:12,700 --> 00:13:14,930
billions of dollars is what the spectrum
sells for in the US. I'm sure it's the
176
00:13:14,930 --> 00:13:19,459
same over here. And I just want to call
your attention to how expensive this is on
177
00:13:19,459 --> 00:13:24,459
the left here we have a picture. It's an
excerpt from a document that I found that
178
00:13:24,459 --> 00:13:28,809
was related to the RFQs TV white space
reverse auction. They're trying to
179
00:13:28,809 --> 00:13:32,879
repurpose a lot of spectrum that used to
be used for digital TV. They're selling it
180
00:13:32,879 --> 00:13:37,619
off. And if you want to come in and buy
some really prime low UHF spectrum to use
181
00:13:37,619 --> 00:13:42,059
for whatever purposes you have, mind you,
this is just one TV station in the New
182
00:13:42,059 --> 00:13:45,399
York area. You can get out your checkbook
and write a nine hundred million dollar
183
00:13:45,399 --> 00:13:51,290
check and take over CBS TV in New York. So
getting into the cellular cellular game is
184
00:13:51,290 --> 00:13:55,989
crazy expensive. It costs a fortune. But
there are a lot of us in here. Maybe we
185
00:13:55,989 --> 00:14:00,989
can pass the hat and and buy some spectrum
at the end of this. So as a result of this
186
00:14:00,989 --> 00:14:04,920
unlicensed nature, there are a number of
different models of commercialization that
187
00:14:04,920 --> 00:14:09,759
are starting to emerge. We have the
traditional telecom model we're seeing
188
00:14:09,759 --> 00:14:14,600
through companies like Senate, which is a
company that deploys home heating, heating
189
00:14:14,600 --> 00:14:18,929
oil tank monitoring solutions in the
United States. They're also opening the
190
00:14:18,929 --> 00:14:23,209
network up for Iot applications to right
on top of that traffic as well. And you'd
191
00:14:23,209 --> 00:14:27,060
operate with them just like you would
operate with like Verizon or AT&T or
192
00:14:27,060 --> 00:14:33,309
Deutsche Telekom or whoever whoever you
work with here. Also interesting is I
193
00:14:33,309 --> 00:14:37,709
believe it's CPN has rolled out Laurer, a
commercial or network lawin network
194
00:14:37,709 --> 00:14:42,449
throughout the entire region of the
Netherlands. So countries entirely covered
195
00:14:42,449 --> 00:14:47,470
with LoRa. So that's the commercial side
in the middle. We also have crowdsourced
196
00:14:47,470 --> 00:14:50,759
networks. The one that I like to talk
about is this group called the Things
197
00:14:50,759 --> 00:14:55,670
Network, where basically they have defined
in the cloud the network server
198
00:14:55,670 --> 00:15:00,680
architecture for operating a worldwide
lawin network. So if you want to provide,
199
00:15:00,680 --> 00:15:04,309
Laurieann, service on the Things Network
in your your area, you can get your hands
200
00:15:04,309 --> 00:15:10,300
on Allura Gateway pointed at their network
servers and basically become become a base
201
00:15:10,300 --> 00:15:14,529
station in their network from your living
room, which is kind of cool. So it can
202
00:15:14,529 --> 00:15:18,030
kind of spread and grow organically based
on the needs of of people like me and you
203
00:15:18,030 --> 00:15:22,959
who want, you know, the sort of service.
Then finally all the way up at the up at
204
00:15:22,959 --> 00:15:27,800
the kind of independent amateur side, we
have people like Travis Goodspeed and some
205
00:15:27,800 --> 00:15:31,600
of his friends that are working on a
technology called LoRa Him. And that's
206
00:15:31,600 --> 00:15:35,049
leveraging the fact that you can actually
get more radios that work in workaround
207
00:15:35,049 --> 00:15:39,420
for thirty three, which is in the I think
it's the 70 centimeter hand band in the
208
00:15:39,420 --> 00:15:43,019
United States. So you can actually put a
reasonable amount of power behind LoRa
209
00:15:43,019 --> 00:15:47,779
into tech based communications in the
clear. So they're developing a Allura base
210
00:15:47,779 --> 00:15:52,569
mesh networking system for doing basic
like ASCII packet radio and communicating.
211
00:15:52,569 --> 00:15:57,970
It's not public yet, but I like Pete. He's
blessed me to come and tell you that he's
212
00:15:57,970 --> 00:16:01,559
that he's working on this and it should be
out soon. So there are all sorts of
213
00:16:01,559 --> 00:16:05,609
different ways to use these technologies.
So this is a very different paradigm,
214
00:16:05,609 --> 00:16:09,859
which we're used to. And it's opening up
lots of different opportunities for how
215
00:16:09,859 --> 00:16:14,420
this technology might be used and grow.
OK, so that wraps up our background on
216
00:16:14,420 --> 00:16:18,680
LoRa. We're about to get into some really
technical stuff, but before we do, I want
217
00:16:18,680 --> 00:16:23,449
to go through a very short crash course on
some basic radio fundamentals to try to
218
00:16:23,449 --> 00:16:27,160
even the playing field so that we can all
understand this. And I call it the
219
00:16:27,160 --> 00:16:31,199
obscenely short radio crash course. But
with apologies to any use a real telecom
220
00:16:31,199 --> 00:16:36,869
whizzes in the room. I think this is
probably more appropriate. We're going to
221
00:16:36,869 --> 00:16:40,009
we're going to blow through this material.
And I'm just going to try to pick out a
222
00:16:40,009 --> 00:16:44,519
few points that are really essential to
understanding the rest of this talk. I'll
223
00:16:44,519 --> 00:16:47,160
tell you what's important and just try to
grab those concepts and we'll reiterate
224
00:16:47,160 --> 00:16:51,089
them later as we go through it. So, again,
we're going to be talking about the
225
00:16:51,089 --> 00:16:56,809
physical layer. And if you think about the
Ossi data model that we've all seen, the
226
00:16:56,809 --> 00:17:00,639
physical layer refers to how your bits,
your data get mapped into physical
227
00:17:00,639 --> 00:17:05,140
phenomena that represent them in reality.
And when you're dealing with wireless
228
00:17:05,140 --> 00:17:11,720
systems, the mapping maps, the bits into
into patterns of energy in an RF medium,
229
00:17:11,720 --> 00:17:16,809
RF sensor radio frequency, and there it's
basically electromagnetic waves or energy
230
00:17:16,809 --> 00:17:23,459
that is just everywhere. And you can
manipulate RF by using a device called a
231
00:17:23,459 --> 00:17:28,309
radio. And radios can either be harder to
find where the RF kind of mechanics and
232
00:17:28,309 --> 00:17:33,159
the protocol are baked into the silicon
and are inflexible. Or you can use a
233
00:17:33,159 --> 00:17:37,279
software defined radio where you have some
very general, flexible silicon up front
234
00:17:37,279 --> 00:17:41,580
that basically just grab some raw
information and feeds it to some sort of a
235
00:17:41,580 --> 00:17:44,490
processor, which can either be a
traditional CPU or an FPGA to implement
236
00:17:44,490 --> 00:17:50,230
some of the more radio specific things and
has come a long way in the most most
237
00:17:50,230 --> 00:17:53,830
recent few years. And it's now incredibly
powerful. So we're going to be talking
238
00:17:53,830 --> 00:17:56,610
about both harder to find radios and
tougher to find radios throughout this
239
00:17:56,610 --> 00:18:02,279
talk. So if you put together a radio
coherently, you can start to develop it
240
00:18:02,279 --> 00:18:08,880
into a fire. And a fire has a has one main
component or several components. But one
241
00:18:08,880 --> 00:18:12,330
of the main components is this notion of
the modulation in the modulation is the
242
00:18:12,330 --> 00:18:16,850
algorithm that defines how your digital
values, your bits are mapped into RF
243
00:18:16,850 --> 00:18:21,710
energy. And there are a few parameters
that we can kind of tweak to do that. And
244
00:18:21,710 --> 00:18:25,260
those are amplitude frequency and phase.
And then we can put them together and use
245
00:18:25,260 --> 00:18:29,850
some combination of them as well. In
modulators can modulate either analog or
246
00:18:29,850 --> 00:18:34,060
digital information. But we're going to be
talking about modulating digital
247
00:18:34,060 --> 00:18:38,620
information today. And an essential
concept with that is this notion of a
248
00:18:38,620 --> 00:18:41,929
symbol. This is something it's very
important to remember. And the symbol
249
00:18:41,929 --> 00:18:46,860
represents a discrete RF energy state that
represents some quantity of information.
250
00:18:46,860 --> 00:18:50,820
So it's discretely sampled. And just think
of it as being like a state in your RF
251
00:18:50,820 --> 00:18:56,720
medium. That means something. And will
illustrate this in just a moment. So here
252
00:18:56,720 --> 00:18:59,600
we have two pictures of two different
modulations. And I just want to put these
253
00:18:59,600 --> 00:19:05,110
up here to help you maybe get a grasp on
what a symbol looks like. So on top, we
254
00:19:05,110 --> 00:19:09,260
have Frequency King, where you can see
your signal is alternating between two
255
00:19:09,260 --> 00:19:12,920
frequencies. When it's on the left, it's
swelling on one frequency. When it's on
256
00:19:12,920 --> 00:19:16,159
the right, it's dwelling on another
frequency. Which symbol is present is
257
00:19:16,159 --> 00:19:20,750
based on where basically what frequency
that signal is on at a discretely sampled
258
00:19:20,750 --> 00:19:25,809
moment in time. So you could think of this
as being like, you know, it's a zero when
259
00:19:25,809 --> 00:19:29,210
the signal is rolling on the first
frequency, the one on the left and it's
260
00:19:29,210 --> 00:19:35,000
one. And the signal is dwelling on the
right frequency frequency, too. And you
261
00:19:35,000 --> 00:19:38,179
can see the see the analog with the bottom
modulation off keying where the signal
262
00:19:38,179 --> 00:19:43,980
being present represents the one in the
signal being off represents a zero. So
263
00:19:43,980 --> 00:19:47,620
hopefully that helps you get a grasp of
what it is that we're talking about. There
264
00:19:47,620 --> 00:19:51,090
are, of course, more complicated Iot
fires. We have spread spectrum where data
265
00:19:51,090 --> 00:19:54,179
can be basically chipped at a higher rate.
It'll occupy more spectrum, but it makes
266
00:19:54,179 --> 00:19:59,990
it more resilient to noise. And then we
have some technologies to do that, like
267
00:19:59,990 --> 00:20:05,490
eight to 15 for us, one that uses a spread
spectrum mechanism. So we talked a bit
268
00:20:05,490 --> 00:20:09,940
about radios just a moment ago. We're
going to use two different kinds of radios
269
00:20:09,940 --> 00:20:14,830
when when going through this talk. First,
we have a harder to find radio, which is a
270
00:20:14,830 --> 00:20:18,300
microchip. LoRa, are in two, nine and
three module. And this is basically a
271
00:20:18,300 --> 00:20:25,019
death word that has a harder to find lower
radio built on to it. So this is going to
272
00:20:25,019 --> 00:20:28,450
be a transmitter they're going to be
targeting. And then finally, a receiver is
273
00:20:28,450 --> 00:20:33,470
the software defined radio right here.
This is an ETA USCAP B to ten. It's just a
274
00:20:33,470 --> 00:20:37,100
commodity software defined radio board.
And basically what this thing does is it
275
00:20:37,100 --> 00:20:41,450
gets raw RF information from the air,
serves it to my computer so they can start
276
00:20:41,450 --> 00:20:46,191
to work with it. With commodity tools like
Python, I can do radio, things like that
277
00:20:46,191 --> 00:20:51,390
to start to process it. One less thing to
cover is the fast forward to transform the
278
00:20:51,390 --> 00:20:57,889
Esperia transform basically takes a signal
in decomposes it into all of the the the
279
00:20:57,889 --> 00:21:02,929
smaller signals, the some carriers, the
composite and any periodic signal can be
280
00:21:02,929 --> 00:21:06,990
models of some of harmonic sine waves. So
basically the FFT takes any signal and
281
00:21:06,990 --> 00:21:13,090
unravels it into the components. And why
we care about this is it takes it's
282
00:21:13,090 --> 00:21:18,340
basically a very easy way for analyzing
and visualizing signals in the frequency
283
00:21:18,340 --> 00:21:21,850
domain. So when we put it take a bunch of
50s and put them together, we get this
284
00:21:21,850 --> 00:21:26,330
picture called a spectrogram where you
have time in the the ones we're going to
285
00:21:26,330 --> 00:21:29,909
be looking at all the time in the Y axis
frequency in the Z axis and then sorry,
286
00:21:29,909 --> 00:21:34,669
frequency in the X axis and power in the Z
axis. So the intensity of the color is how
287
00:21:34,669 --> 00:21:38,950
how powerful that component is at that
instant in time. So here you can start to
288
00:21:38,950 --> 00:21:43,371
visualize all the different signals that
are present. OK, raise your hand if you're
289
00:21:43,371 --> 00:21:51,330
an expert. I see a few heads. Hopefully
this is all that we're going to need. I'm
290
00:21:51,330 --> 00:21:53,789
going to reiterate some of these concepts
as we go through. So I really hope that
291
00:21:53,789 --> 00:21:57,919
doesn't doesn't alarm you, son. You're
running for the door. It's going can be
292
00:21:57,919 --> 00:22:01,610
very visual as we go through it. And
hopefully the graphics will help keep this
293
00:22:01,610 --> 00:22:07,090
all grounded. So let's get into the meat
of how this Laurer fireworks. LoRa uses a
294
00:22:07,090 --> 00:22:10,340
really neat proprietary fire that's built
on a modulation called chirp spread
295
00:22:10,340 --> 00:22:17,169
spectrum success for short. Now, what is a
chirp? Chirp is a signal whose frequency
296
00:22:17,169 --> 00:22:21,320
continuously increases or decreases. You
can think of it as being like a sweet
297
00:22:21,320 --> 00:22:27,480
tone. And if we visualize it, using a
spectrogram is before it looks kind of
298
00:22:27,480 --> 00:22:30,860
like this. In this case, we have a finite
amount of bandwidth and the frequency
299
00:22:30,860 --> 00:22:35,380
either increases or decreases. You can
have up chirps or down chirps until it
300
00:22:35,380 --> 00:22:38,630
reaches the end of its band. And then it
wraps around back to the bottom, back to
301
00:22:38,630 --> 00:22:44,149
the beginning and continues. So here you
can see that the frequency that the first
302
00:22:44,149 --> 00:22:47,540
derivative of frequency is constant. So
the frequency is always increasing or
303
00:22:47,540 --> 00:22:51,070
decreasing at the same rate. And then when
it hits the end of the band, it just wraps
304
00:22:51,070 --> 00:22:56,889
it keeps going. So why use something like
success, it has really great it has
305
00:22:56,889 --> 00:23:01,000
properties that make it really resilient
to noise and very performance, low power.
306
00:23:01,000 --> 00:23:05,090
So all these things with Iot focused
radios and having having very long battery
307
00:23:05,090 --> 00:23:10,259
life, these are properties that lend
directly to that sort of efficiency. It's
308
00:23:10,259 --> 00:23:12,679
also really resilient to multi path and
Doppler, which is great for urban and
309
00:23:12,679 --> 00:23:20,409
mobile uses. So this is an interesting set
of sort of features here. Where else do we
310
00:23:20,409 --> 00:23:26,299
see chirps radar is. I just heard it.
Thank you. Yeah. Radar is a really common
311
00:23:26,299 --> 00:23:31,220
common usage. And you'll see military
marine radars sometimes refer to chirps as
312
00:23:31,220 --> 00:23:36,710
wide band or pulse compression if they're
using chirping in the radar scheme. And
313
00:23:36,710 --> 00:23:40,100
they're also used for scientific over the
horizon radars as well. And there's an
314
00:23:40,100 --> 00:23:44,450
open source project called the New Chirp
Sounder that has some some features like
315
00:23:44,450 --> 00:23:49,419
that for for visualizing these over the
horizon scientific radars. And also in a
316
00:23:49,419 --> 00:23:53,120
past life, I worked on a scientific radar
called Super Dhan, which is a similar over
317
00:23:53,120 --> 00:23:59,080
the horizon radar for visualizing
ionospheric activity. Cool. So that's a
318
00:23:59,080 --> 00:24:02,519
little bit of background on the technology
here. So this is kind of my journey into
319
00:24:02,519 --> 00:24:07,100
into starting to work with LoRa here. In
December. Twenty fifteen, I joined this
320
00:24:07,100 --> 00:24:10,980
company, Bestilo, where I'm currently. And
on the research team we have these weekly
321
00:24:10,980 --> 00:24:14,990
meetings where we get together and we look
at new either new R.F. techniques or
322
00:24:14,990 --> 00:24:17,009
protocols, things that are interesting.
And we basically just have a deep
323
00:24:17,009 --> 00:24:21,549
brainstorm on how they work. And and
what's interesting and the first meeting
324
00:24:21,549 --> 00:24:24,690
that I participated in, it was the first
week that I joined. They were mentioning
325
00:24:24,690 --> 00:24:29,070
they were talking about these L.P
technologies. They sounded pretty cool. So
326
00:24:29,070 --> 00:24:34,529
we broke for Christmas. So I went back to
to New York where I'm from, and, you know,
327
00:24:34,529 --> 00:24:39,659
brought my radio and sort of poking around
and seeing what I could find. And my
328
00:24:39,659 --> 00:24:43,870
colleagues looked in San Francisco,
Atlanta, and I also worked in Boston. I
329
00:24:43,870 --> 00:24:47,809
was there, too. And we didn't see LoRa
anywhere in December. Fortunately, a few
330
00:24:47,809 --> 00:24:53,960
weeks later, I was I was at a meetup and I
encountered this company, Senate. I was
331
00:24:53,960 --> 00:24:57,049
living in Cambridge, Massachusetts, at the
time. And they were talking about their
332
00:24:57,049 --> 00:25:01,220
their home heating oil monitoring network
sounded pretty cool. So I looked him up
333
00:25:01,220 --> 00:25:04,990
later and was watching one of the
marketing videos. And there was like a two
334
00:25:04,990 --> 00:25:08,570
or three second bit where you could see
one of their technicians operating a
335
00:25:08,570 --> 00:25:11,899
computer. Right. And they put up this
picture and this looks just like a
336
00:25:11,899 --> 00:25:16,820
coverage map. Right. So, you know, this
could be fake data or it could be live.
337
00:25:16,820 --> 00:25:22,809
And I took a bit of a closer look and I
realized where that is. That's Portsmouth,
338
00:25:22,809 --> 00:25:26,100
New Hampshire. That's like an hour away
from Boston. So there's really only one
339
00:25:26,100 --> 00:25:32,850
thing to do. So I hop in my car, I drive
up to New Hampshire, to Maine border, and
340
00:25:32,850 --> 00:25:39,500
there's, you know, me behind the wheel, my
Saab with the USPI on the dash. And after
341
00:25:39,500 --> 00:25:42,880
about ten minutes in the Marriott parking
lot across the street from there from
342
00:25:42,880 --> 00:25:47,080
their headquarters, we have our first
sighting of LoRa in the wild. There it is.
343
00:25:47,080 --> 00:25:53,210
It's the first signal I recorded. So let's
take a closer look at what we have here.
344
00:25:53,210 --> 00:25:56,289
So if we look at the top third of the
picture, we have a series of repeated up
345
00:25:56,289 --> 00:25:59,269
trips. You can see the signal is just
continuously increasing until it hits the
346
00:25:59,269 --> 00:26:03,539
band and then it wraps and continues. And
knowing what we know about digital
347
00:26:03,539 --> 00:26:07,509
communication systems, most of them have
some notion of a preamble or training
348
00:26:07,509 --> 00:26:12,269
sequence to tell a receiver that, hey,
heads up, you're about to get a packet. So
349
00:26:12,269 --> 00:26:15,820
probably with that is following that, you
can see the chip direction changes right
350
00:26:15,820 --> 00:26:20,080
in the middle and you have two and a
quarter downtowners. And this looks like a
351
00:26:20,080 --> 00:26:23,950
start, a frame delimiter or a
synchronization element. So this tells the
352
00:26:23,950 --> 00:26:27,880
receiver, hey, heads up, preambles over.
You're about to get you're about to get
353
00:26:27,880 --> 00:26:32,269
the data. You're about to get get the
payload here. And finally, you can see the
354
00:26:32,269 --> 00:26:36,950
chip direction again, changes to the up
chirps. But this time the chirps are kind
355
00:26:36,950 --> 00:26:41,039
of choppy. You see, they jump around
throughout the band, you know, just kind
356
00:26:41,039 --> 00:26:45,230
of arbitrarily. It's not arbitrary,
though. That's actually the data being
357
00:26:45,230 --> 00:26:50,700
encoded into the fire. So here we can see
that the chirp frequency, that is the
358
00:26:50,700 --> 00:26:54,149
first derivative of the frequency, the
rate at which the frequency changes
359
00:26:54,149 --> 00:26:58,890
remains constant. Right. However, the
instantaneous frequency may change within
360
00:26:58,890 --> 00:27:02,370
the band. So you may have these jumps, but
remember that the rate at which it's
361
00:27:02,370 --> 00:27:07,960
changing is always constant. You can just
have those discontinuities in those
362
00:27:07,960 --> 00:27:13,790
instantaneous frequency changes represent
data being modulated onto the chirps. You
363
00:27:13,790 --> 00:27:17,029
can kind of think of this as being like a
frequency modulated chirp with an FM
364
00:27:17,029 --> 00:27:22,149
signal. You have a static carrier, a
carrier at a fixed frequency that you're
365
00:27:22,149 --> 00:27:27,049
modulating to produce that signal. The
modulated signal here we're modulating a
366
00:27:27,049 --> 00:27:31,049
chirp signal to produce the to produce
that. So rather than having a fixed
367
00:27:31,049 --> 00:27:36,879
frequency that you're modulating your
modulating this continuous chirp. Cool. So
368
00:27:36,879 --> 00:27:39,039
let's get our hands dirty. Let's figure
out how this thing works and start to pull
369
00:27:39,039 --> 00:27:43,780
some data out of it before we dove into
the modulating it, let's take a look at
370
00:27:43,780 --> 00:27:48,269
what we know through some open source
intelligence. And using open source
371
00:27:48,269 --> 00:27:51,930
intelligence is a great way to really kind
of shortcut the reverse engineering
372
00:27:51,930 --> 00:27:55,590
process. Because otherwise, you can you
can wind up doing a lot more work than you
373
00:27:55,590 --> 00:28:00,150
have to. So there are a few things that
are really useful. We'll talk about these
374
00:28:00,150 --> 00:28:04,999
as we go through this. This material first
thing we found. First thing I found was
375
00:28:04,999 --> 00:28:09,639
the Simsek European patent application. It
was in the EU market, but basically
376
00:28:09,639 --> 00:28:16,399
defined it modulation. That looked a lot
like what Lura could be. That's the number
377
00:28:16,399 --> 00:28:18,450
if you want to look it up later. But that
had some pretty good information in their
378
00:28:18,450 --> 00:28:25,070
final year. Secondly, we have the law of
the law when spek. And again, that's the
379
00:28:25,070 --> 00:28:29,809
layer to add up spec that's open, not the
PHY, but it still has some references and
380
00:28:29,809 --> 00:28:34,029
define some terms that are likely going to
be analogous to the file. So it's still
381
00:28:34,029 --> 00:28:36,990
pretty useful. And finally, we have two
application notes from some tech that were
382
00:28:36,990 --> 00:28:42,860
pretty juicy. The first one and there are
the the 18 one contained a number of
383
00:28:42,860 --> 00:28:46,190
reference algorithms for implementing a
whitening sequence, which is like a
384
00:28:46,190 --> 00:28:52,380
scrambler. We'll talk through that or
we'll talk about that momentarily. And
385
00:28:52,380 --> 00:28:56,919
then twenty two had just a general
overview of the fine, define some terms.
386
00:28:56,919 --> 00:29:02,800
Also, there was some prior art online.
There was a partial implementation in RTL
387
00:29:02,800 --> 00:29:07,750
Strangelove that didn't really seem to be
maintained. It seemed pretty neglected and
388
00:29:07,750 --> 00:29:12,601
I never really got it to to do anything at
all. But we're still good to look at and
389
00:29:12,601 --> 00:29:16,110
had some really good hints in there. And
then there were also some very high level
390
00:29:16,110 --> 00:29:21,649
observations in the FI in this wiki page
based an else decoding LoRa. It was mostly
391
00:29:21,649 --> 00:29:26,399
just like looking at the spectrum and
seeing that it's a chirp modulation and
392
00:29:26,399 --> 00:29:30,330
example recordings and things like that.
So from this documentation, we can start
393
00:29:30,330 --> 00:29:35,429
to pull out some definitions defined. We
have the bandwidth, which is how much
394
00:29:35,429 --> 00:29:39,130
spectrum the chirp can occupy, the
spreading factor, which is the number of
395
00:29:39,130 --> 00:29:43,950
bits encoded symbol. And remember, the
symbol is it's just an RF state rights,
396
00:29:43,950 --> 00:29:49,169
the number of bits in each RF state within
the modulation. And then finally we have
397
00:29:49,169 --> 00:29:52,370
this thing called the chirp rate, which
we've kind of hinted at. It's the first
398
00:29:52,370 --> 00:29:57,360
derivative of the chirp frequency. So the
rate at which that that chirp signal is is
399
00:29:57,360 --> 00:30:01,220
constantly changing. And we can pull some
numbers out of this documentation to
400
00:30:01,220 --> 00:30:05,289
define those. So we actually have have
some common constants for the first two.
401
00:30:05,289 --> 00:30:10,380
And then we find a formula in one of those
documentations that states the rate is a
402
00:30:10,380 --> 00:30:15,590
function of those first two. And since
there's a finite number of values there,
403
00:30:15,590 --> 00:30:19,919
we can start to iterate and just try all
the different frequencies and start to
404
00:30:19,919 --> 00:30:25,899
find one that that works. So in this case,
what is the symbol we've talked about how
405
00:30:25,899 --> 00:30:31,169
how this modulation is basically frequency
modulated chirps. Right. So what we're
406
00:30:31,169 --> 00:30:35,029
going to try to do with these demodulator
is quantify exactly where the chirp jumps
407
00:30:35,029 --> 00:30:39,600
to whenever we have one of those
discontinuities. So let's start working
408
00:30:39,600 --> 00:30:42,860
through it here. There are really three
steps we're going to we're going to
409
00:30:42,860 --> 00:30:45,331
achieve. We're going to identify the
preamble, which is the beginning of the
410
00:30:45,331 --> 00:30:50,059
frame denoted with the one we're going to
find the start of that of the FI data unit
411
00:30:50,059 --> 00:30:53,320
by look, by looking in, synchronizing
against the sink word, which are those
412
00:30:53,320 --> 00:30:57,090
downshifts that are there. And then
finally, step three is we're going to try
413
00:30:57,090 --> 00:31:00,110
to figure out how to extract the data from
these instantaneous frequency transitions.
414
00:31:00,110 --> 00:31:05,059
And to do that, we need to quantify them.
Now, there's a technique that I found
415
00:31:05,059 --> 00:31:08,799
pretty early on. It was enormously helpful
for doing this, and that is to transform
416
00:31:08,799 --> 00:31:12,990
the signal by describing it. And we'll
show you what the result is in just a
417
00:31:12,990 --> 00:31:17,480
moment. But first, we're going to have to
do some math. And math doesn't read
418
00:31:17,480 --> 00:31:22,559
because it's scary, but it's it's not
really it's actually pretty easy. So
419
00:31:22,559 --> 00:31:25,460
there's a basic basic property of complex
signals that states that if you multiply
420
00:31:25,460 --> 00:31:30,600
two signals together, if you multiply two
signals together, the resulting signal has
421
00:31:30,600 --> 00:31:36,259
the frequency of the frequency of each of
the components added together. And from
422
00:31:36,259 --> 00:31:40,980
that, if we multiply a signal with one
frequency against the signal that has the
423
00:31:40,980 --> 00:31:44,700
negative value of its frequency, the
result is zero. We get a deep we get a
424
00:31:44,700 --> 00:31:49,010
constant signal and we're working at
baseband here, which means the center of
425
00:31:49,010 --> 00:31:53,980
the band is zero hertz so we can see
negative frequencies and things like that.
426
00:31:53,980 --> 00:31:58,650
So if you multiply an up and down chirp
together, what do you get? You get
427
00:31:58,650 --> 00:32:03,980
constant frequency. Now why do I say
constant frequency rather than DC? If the
428
00:32:03,980 --> 00:32:06,730
troops are out of phase with one another,
there might be an offset from from zero
429
00:32:06,730 --> 00:32:12,159
hertz there. So so it might not be
perfectly aligned with zero hertz. We
430
00:32:12,159 --> 00:32:16,980
might do expect to get some offset there.
So what happens if you multiply a chirp
431
00:32:16,980 --> 00:32:21,260
signal like this separately against an up
chirp and it down chirp. So to do
432
00:32:21,260 --> 00:32:24,790
different two different operations
produced two different products. What do
433
00:32:24,790 --> 00:32:29,080
you think is going to happen? Well, if you
do that, you get these pretty pictures
434
00:32:29,080 --> 00:32:33,220
right here, so here you can see those
those there's really kind of tricky
435
00:32:33,220 --> 00:32:36,983
diagonal chirp signals that are cutting
all of your spectrum, are hard to measure,
436
00:32:36,983 --> 00:32:42,659
are translated into these nice, you know,
nice signals that are aligned in time. And
437
00:32:42,659 --> 00:32:47,190
that looks like something we can start to
really work with and do something with. So
438
00:32:47,190 --> 00:32:49,860
we need to quantify those. So, again,
remember symbols, we're going to keep
439
00:32:49,860 --> 00:32:53,249
coming back to this. It's an hour of
state. The results represent some number
440
00:32:53,249 --> 00:32:59,639
of bits and the law, LoRa, has this value
called the spreading factor that we found
441
00:32:59,639 --> 00:33:04,450
some of the documentation that defines the
number of bits encoded for symbol. And
442
00:33:04,450 --> 00:33:06,720
from the picture we saw a little bit
earlier, the common values are seven
443
00:33:06,720 --> 00:33:13,780
through 12 or six or 12. You see you see
them both in different markets. So from
444
00:33:13,780 --> 00:33:17,720
that, how many possible symbols to be
expressed? There can be? Well, each bit
445
00:33:17,720 --> 00:33:22,610
can have, you know, two states is your
one. And there are spreading factor number
446
00:33:22,610 --> 00:33:27,749
of bits. The number of symbols is two to
the spreading factor. So how can we start
447
00:33:27,749 --> 00:33:33,019
to quantify these these symbols and start
to pull them out of the fire? So the steps
448
00:33:33,019 --> 00:33:36,200
that I found that were that were the trick
to this were to channelize and resample
449
00:33:36,200 --> 00:33:41,899
the signal to the bandwidth, decrypt the
signal with the look of the signal with a
450
00:33:41,899 --> 00:33:45,889
locally generated chirp we just talked
about. Then we're going to take a fast
451
00:33:45,889 --> 00:33:50,759
Fauria transform that signal where the
number of bends of the 50 that we compute
452
00:33:50,759 --> 00:33:55,149
is equal to the number of possible
symbols. And we'll illustrate this
453
00:33:55,149 --> 00:33:58,909
momentarily. And then if we do that
correctly, then the most powerful
454
00:33:58,909 --> 00:34:02,679
component in that Pesquería transform,
that is the strongest component frequency
455
00:34:02,679 --> 00:34:06,549
that we get back from that operation is
the symbol that we're looking for,
456
00:34:06,549 --> 00:34:10,100
somebody chirping it. We get it into a
form where we really expect her to only be
457
00:34:10,100 --> 00:34:16,360
one strong component per FFT, whereas if
we didn't ditch it when we took the 50 of
458
00:34:16,360 --> 00:34:20,330
of a chirps worth of symbols, we would see
the energy kind of spread all throughout,
459
00:34:20,330 --> 00:34:23,460
all throughout all the different bits. But
by describing it correctly, all that
460
00:34:23,460 --> 00:34:29,700
energy gets pushed into one bin and we get
a single but clear value out of it. So if
461
00:34:29,700 --> 00:34:33,150
we do that, we get a picture that looks
like this in here at the Z axis again, is
462
00:34:33,150 --> 00:34:38,191
the is the intensity, the power present.
And we expect that to be the symbol that
463
00:34:38,191 --> 00:34:41,630
we're looking for. And here it's aligned
in time with the base chip on the left
464
00:34:41,630 --> 00:34:47,900
there. So here are the steps again. We
mentioned this earlier. Let's look for the
465
00:34:47,900 --> 00:34:53,740
for the preamble. Right. What's a stupid,
simple algorithm for finding this? Let's
466
00:34:53,740 --> 00:34:58,000
do it. Let's do it at 50 and let's look
for basically the most powerful component
467
00:34:58,000 --> 00:35:03,200
being in the same bin for some number of
consecutive Fatty's easy fighting. The SFD
468
00:35:03,200 --> 00:35:06,910
is the same thing. But again, this time
we're going to do it on the opposite
469
00:35:06,910 --> 00:35:11,990
ditcher product. So when we did it, we get
back to different streams. We get one of
470
00:35:11,990 --> 00:35:16,600
the D chirped up, chirps in one of the D
chirp downstairs so we can look at the
471
00:35:16,600 --> 00:35:24,660
opposite stream and do the same algorithm
looking for the the safety here. Important
472
00:35:24,660 --> 00:35:28,410
caveat. Accurately synchronizing on the
Safdie is essential for getting good, good
473
00:35:28,410 --> 00:35:32,720
data out of this, this modulation, because
if you have a bad sync then you can wind
474
00:35:32,720 --> 00:35:36,960
up having your bisley, your symbols, the
samples that comprise your symbol spread
475
00:35:36,960 --> 00:35:42,350
between multiple adjacent fêtes if that
happens and you get incorrect data. Now
476
00:35:42,350 --> 00:35:46,030
let's illustrate what that looks like. If
you look at rows thirty nine fifty, you
477
00:35:46,030 --> 00:35:49,490
can see that visually it's almost
impossible to tell which of those two
478
00:35:49,490 --> 00:35:52,160
readings represents the symbol. You see,
there are two different values that are
479
00:35:52,160 --> 00:35:57,040
really powerful. That's the result of
basically basically half of the samples
480
00:35:57,040 --> 00:36:01,490
from one chirp and basically half of the
sample from Chirp N and then half of the
481
00:36:01,490 --> 00:36:05,580
samples from sample from chirp end plus
one wind up in the same FFT. So when we do
482
00:36:05,580 --> 00:36:08,470
it, we get those two components in there.
And it's really it's really ugly and hard
483
00:36:08,470 --> 00:36:13,560
to work with. So we can solve this by
using a technique called overlapping
484
00:36:13,560 --> 00:36:18,040
Mufti's when looking for our safety
synchronization. And basically what that
485
00:36:18,040 --> 00:36:21,580
means is we're going to process each
sample multiple times with the effect of
486
00:36:21,580 --> 00:36:27,110
getting better resolution in time of our
resulting Mufti's. It's more
487
00:36:27,110 --> 00:36:31,860
computationally intensive, but it gets us
much better, better fidelity here. So if
488
00:36:31,860 --> 00:36:34,970
we do that, this is what the result looks
like. It's a little bit hard to see right
489
00:36:34,970 --> 00:36:39,000
now. I'll get you a better picture in a
moment, but basically it's much less
490
00:36:39,000 --> 00:36:43,740
ambiguous in terms of which symbol is
present. So if we use those overlapping
491
00:36:43,740 --> 00:36:49,400
50s, we can synchronize on that SFD. And
then once we know exactly where the first
492
00:36:49,400 --> 00:36:53,160
symbol of the data unit is and our buffer,
we can go back to using non overlapping
493
00:36:53,160 --> 00:36:58,110
Mufti's, which are more computationally
more computationally efficient. And get us
494
00:36:58,110 --> 00:37:01,550
a nice read on the right here. You can see
that again, if we look at lines thirty
495
00:37:01,550 --> 00:37:05,880
eight and thirty nine, that ambiguity is
gone. Right. You can see exactly where the
496
00:37:05,880 --> 00:37:08,940
most intensive were, the most intense
binnaz and therefore which symbol is
497
00:37:08,940 --> 00:37:12,740
present. And here's the whole frame
synchronized. So we got the collisions on
498
00:37:12,740 --> 00:37:18,730
the left and doesn't look that great on
the right it's much clearer. Cool. So
499
00:37:18,730 --> 00:37:22,890
again we recompute more computationally
intensive and then we get out data. Now,
500
00:37:22,890 --> 00:37:27,590
one last thing we have to do to wrap up
the modulation. So doing this again,
501
00:37:27,590 --> 00:37:31,980
remember, we were talking about the
chermayeff, if our troops aren't perfectly
502
00:37:31,980 --> 00:37:37,290
aligned, then then the resulting
deterrence signal might not necessarily be
503
00:37:37,290 --> 00:37:40,480
off of the same reference. Right. And of
course, we don't know what chirp was used
504
00:37:40,480 --> 00:37:45,170
to generate the signal on the transmitter.
So we have to find some way of normalizing
505
00:37:45,170 --> 00:37:49,620
this data to account for that that that
first discrepancy. And we can do that by
506
00:37:49,620 --> 00:37:53,260
referencing the preamble. And it just so
happens that the preamble, when you do it,
507
00:37:53,260 --> 00:37:56,670
always represents simple value zero. So
you can basically just do a modulo
508
00:37:56,670 --> 00:38:00,250
operation on your receive symbols to
rotate that back. So all the symbols are
509
00:38:00,250 --> 00:38:05,430
referenced off of the preamble and you're
good to go. And that's it, right. Not even
510
00:38:05,430 --> 00:38:11,100
close. We're just getting started, people.
Why is that? Because the data here is
511
00:38:11,100 --> 00:38:15,360
encoded. What is encoding? Basically
encoding is a transformation that is
512
00:38:15,360 --> 00:38:18,600
applied to the data before it's
transmitted. Why would you do something
513
00:38:18,600 --> 00:38:25,290
like that? Because encoding increases over
the year. Resiliency. Why? Why is this
514
00:38:25,290 --> 00:38:29,780
necessary? Right. Remember that we're
dealing with unlicensed spectrum. Right.
515
00:38:29,780 --> 00:38:32,490
This is what the nine hundred megahertz
band, which is what LoRa uses in the
516
00:38:32,490 --> 00:38:36,970
United States, looks looks like look at
all that stuff. It's not LoRa, right? That
517
00:38:36,970 --> 00:38:39,640
stuff is there to ruin your day. It's
there to create all sorts of interference
518
00:38:39,640 --> 00:38:43,870
and make your receiver not work the way
you expect. So RF is a really brutal
519
00:38:43,870 --> 00:38:47,420
environment. There's all sorts of
interference. And basically the encoding
520
00:38:47,420 --> 00:38:51,310
is a way of treating your data so that
even if you have a non ideal reception,
521
00:38:51,310 --> 00:38:56,110
you can still get the data out of the
frame. So what do we have here? Remember
522
00:38:56,110 --> 00:38:58,700
that LoRa's clotheshorse, we have some
material that's available through data
523
00:38:58,700 --> 00:39:03,300
sheets, but we really don't know for sure
definitively what's in this file. So,
524
00:39:03,300 --> 00:39:06,520
again, we're going to go back to open
source intelligence to figure out what we
525
00:39:06,520 --> 00:39:10,050
know and then try to narrow in on how
we're going to iterate through this and
526
00:39:10,050 --> 00:39:15,120
figure out how it works. So from the
patent, we have a number of very good
527
00:39:15,120 --> 00:39:20,550
clues. First of all, it refers to the
stage called gray indexing, which, as is
528
00:39:20,550 --> 00:39:23,740
defined there should add zero tolerance.
In the event that you read, a symbol is
529
00:39:23,740 --> 00:39:28,990
being off by one, off by one bit. But if
you if you read a symbol in the incorrect,
530
00:39:28,990 --> 00:39:33,210
then secondly, you have data whitening,
which induces randomness into the frame.
531
00:39:33,210 --> 00:39:37,490
We'll talk about that momentarily. If
interleaving, which scrambles the bits
532
00:39:37,490 --> 00:39:42,200
within the frame, then you have for error
correction, which adds correcting parody
533
00:39:42,200 --> 00:39:45,240
bits, you can think of it as being a
parody bits on steroids rather than
534
00:39:45,240 --> 00:39:47,860
telling you that just an error occurred.
It can actually help you correct the error
535
00:39:47,860 --> 00:39:53,100
without needing retransmit. So we have
four different things to that to comprise
536
00:39:53,100 --> 00:40:00,700
the encoding there in the patent. Right.
So that's awesome. It's easy, right? Why
537
00:40:00,700 --> 00:40:12,200
is that? Because documentation lies to us
and even. And even even the clear, even
538
00:40:12,200 --> 00:40:19,040
the clearest signals can can can lead us
into dead ends. So let me show you how. So
539
00:40:19,040 --> 00:40:22,650
the grand hexing we read to represent
great cotting, which is just a basic
540
00:40:22,650 --> 00:40:27,990
binary transformation that you can use to
treat data whitening. We actually have
541
00:40:27,990 --> 00:40:31,450
defined in one of the application notes
reference designs for the pseudo random
542
00:40:31,450 --> 00:40:35,120
number generators that you use for use of
the whitening. It's like C-code that you
543
00:40:35,120 --> 00:40:41,320
can copy and paste. So this should be like
this should be rock solid. Step three, we
544
00:40:41,320 --> 00:40:45,520
have an actual algorithm for the EarlyBird
that is defined in the patent. I'll show
545
00:40:45,520 --> 00:40:51,570
you what it is momentarily. And then
finally, step four suggests that having a
546
00:40:51,570 --> 00:40:55,860
human code is used, which is just a
standard for error correction mechanism.
547
00:40:55,860 --> 00:41:01,100
So the first thing to focus on figuring
out here is the data whitening. And that's
548
00:41:01,100 --> 00:41:04,350
a critical step because this is the way
the whitening works, is you X or your
549
00:41:04,350 --> 00:41:08,480
message against a random string. And
unless you know what the random string is,
550
00:41:08,480 --> 00:41:12,520
you're not going to be able to make any
sense of what follows it. So figuring out
551
00:41:12,520 --> 00:41:15,820
that random string is essential to being
able to even make sense of what follows
552
00:41:15,820 --> 00:41:20,770
it. So, again, with whitening, you take
your you take your your buffer that's
553
00:41:20,770 --> 00:41:23,910
going out to the radio and you exhort
against a pre computed sort of random
554
00:41:23,910 --> 00:41:28,580
string that is known to both the
transmitter and the receiver. Then when
555
00:41:28,580 --> 00:41:32,680
the receiver gets in the frame, it
explores that the received buffer against
556
00:41:32,680 --> 00:41:35,660
the same sequence that the transmitter
used. And you get back to the original
557
00:41:35,660 --> 00:41:39,500
data because if you remember, explores its
own inverse. So that nicely undoes itself.
558
00:41:39,500 --> 00:41:44,550
Now, why would we bother with whitening,
and that's because having random data is
559
00:41:44,550 --> 00:41:49,770
really good for receivers similar to
Manchester and coding, where basically by
560
00:41:49,770 --> 00:41:53,820
by encoding the data such that you don't
have some number of consecutive values of
561
00:41:53,820 --> 00:41:58,160
some number of consecutive symbols of the
same value. You get this nice random data
562
00:41:58,160 --> 00:42:01,580
source. What that does is creates lots of
edges for your receiver to do clock
563
00:42:01,580 --> 00:42:06,050
recovery against so you get better
reception of longer messages or if your
564
00:42:06,050 --> 00:42:10,220
clocks are bad. Manchester, of course,
comes with the penalty of a reduced bit
565
00:42:10,220 --> 00:42:14,840
rate. It actually cuts the effective bit
rate that you can use into half of the
566
00:42:14,840 --> 00:42:18,420
battery was whitening, does not. The
caveat is that you have to know what the
567
00:42:18,420 --> 00:42:24,240
string is in order for it to work. So
let's find the waiting sequence. We've got
568
00:42:24,240 --> 00:42:28,340
these algorithms in the in the application
note, we've got some examples and strange
569
00:42:28,340 --> 00:42:35,040
love. None of them worked, so we had to
figure this out empirically. How can we do
570
00:42:35,040 --> 00:42:39,210
that when there's interleaving and for
error correction in in the in the pipeline
571
00:42:39,210 --> 00:42:42,980
here? Right. You know, we can we can send
something that might, you know, put the
572
00:42:42,980 --> 00:42:47,550
whitening in a certain state that we could
we could leverage. Right. But we still
573
00:42:47,550 --> 00:42:49,550
have these unknown transforms and follow
it. How are we going to be able to figure
574
00:42:49,550 --> 00:42:52,880
out what what goes up? How are we going be
able to figure out the whitening when
575
00:42:52,880 --> 00:42:56,910
those operations are in the loop, too?
Well, we need to bound the problem and
576
00:42:56,910 --> 00:43:02,420
make some assumptions that we can start to
iterate through this black box problem. So
577
00:43:02,420 --> 00:43:04,980
we're going to assume that the Forder
correction is what the documentation tells
578
00:43:04,980 --> 00:43:09,680
us. It is the Heming and for and we're
also going to make another assumption and
579
00:43:09,680 --> 00:43:14,650
we're going to set the spreading factor
equal to eight bits per symbol. And
580
00:43:14,650 --> 00:43:17,900
basically, if you do that, then it makes
it such that we'll have exactly one
581
00:43:17,900 --> 00:43:25,480
Heming, eight four code word per eight
bits per symbol, because if we set the
582
00:43:25,480 --> 00:43:29,421
number of total bits in our having error
correcting code to eight, if it's
583
00:43:29,421 --> 00:43:32,540
possible, fits very nicely and should work
out well. Now there's another very useful
584
00:43:32,540 --> 00:43:35,360
property of the Hemingford Error
correcting code scheme that we're also
585
00:43:35,360 --> 00:43:40,560
going to exploit, and that's that Heming
eight for contains four data bits and four
586
00:43:40,560 --> 00:43:48,130
parity bits each. And for 14 of those 16
states, again, remember two possible
587
00:43:48,130 --> 00:43:55,250
states per bit to the power for data bits
per code word in each of those in 14 of
588
00:43:55,250 --> 00:44:00,880
those 16 code word possibilities, other
for ones and for zeroes each. However, for
589
00:44:00,880 --> 00:44:05,640
the four, the word for data Knebel zero.
That's four zeros. The code word of that
590
00:44:05,640 --> 00:44:12,390
is eight zeros. So it's totally non
additive. So if we if we send our error
591
00:44:12,390 --> 00:44:17,450
correcting scheme a string of zeros to
apply itself to, it's totally not
592
00:44:17,450 --> 00:44:22,310
additive. We get back twice as many zeros
so we can leverage that to do something to
593
00:44:22,310 --> 00:44:25,300
try to cancel out that for error
correcting stage. So let's go ahead and
594
00:44:25,300 --> 00:44:30,440
transmit a string of zeros. Right. So,
again, if it's hamming it for his resume,
595
00:44:30,440 --> 00:44:35,610
we expect that stage for the four year
curtain code to cancel out, right. What
596
00:44:35,610 --> 00:44:38,700
about the inner lever? Let's take a look
at the algorithm that suggested in the
597
00:44:38,700 --> 00:44:44,420
pattern. There it is. The key takeaway
from this is if this is implemented in a
598
00:44:44,420 --> 00:44:49,080
way that's similar to this, is this should
be totally non additive. So this should
599
00:44:49,080 --> 00:44:53,910
just move bits around but not add any
bits. Right. So if it is in fact non
600
00:44:53,910 --> 00:44:58,510
additive and all we pass through are a
bunch of zeros, what happens when you
601
00:44:58,510 --> 00:45:02,430
shuffle around a bunch of zeros? You get
the same thing out, so that falls away,
602
00:45:02,430 --> 00:45:06,640
too, right? So we're left with two states,
right? We have our symbol grand stage and
603
00:45:06,640 --> 00:45:11,530
our data waiting stage waiting is what
we're solving for. That's our variable and
604
00:45:11,530 --> 00:45:16,250
gray indexing. The quote unquote indexing
is a bit of an ambiguous term, but it
605
00:45:16,250 --> 00:45:22,270
likely refers to some variant of gray
coating, which we mentioned earlier. But
606
00:45:22,270 --> 00:45:26,320
even if it is gray coating versus gray
coating or nothing at all, it's just
607
00:45:26,320 --> 00:45:29,550
something they didn't implement. That
leaves only three permutations here.
608
00:45:29,550 --> 00:45:32,470
Right. So we've just reduced all the
ambiguity of figuring out what this
609
00:45:32,470 --> 00:45:36,280
decoder is to really figure out what the
lighting sequences, to really just
610
00:45:36,280 --> 00:45:40,830
figuring out which of the three states
this for which of the three operations,
611
00:45:40,830 --> 00:45:47,280
this first gray indexing stages. Right. So
if we do that, we try all three. That's
612
00:45:47,280 --> 00:45:50,110
only three things to attempt in order to
derive the whitening sequence from the
613
00:45:50,110 --> 00:45:53,290
transmitter, because, again, if we send
through a string of zeros, what is the
614
00:45:53,290 --> 00:45:58,890
whitening do? It explores the zeroes
against the pseudo random string and what
615
00:45:58,890 --> 00:46:03,540
does anything extra zero. It's the input.
So we can do this and get the transmitter
616
00:46:03,540 --> 00:46:07,750
to tell us what its whitening sequences so
we can implement the receiver, read that
617
00:46:07,750 --> 00:46:13,220
out, plug it back in and then start to
sell for the rest. Cool. Next stage is the
618
00:46:13,220 --> 00:46:16,840
inner lever. Again, we had that formula
from the patent surprise surprise
619
00:46:16,840 --> 00:46:22,380
implemented. It was no good. So let's
figure out how this works now. We're going
620
00:46:22,380 --> 00:46:28,550
to move very quickly through this because
this was the hardest part of all this. And
621
00:46:28,550 --> 00:46:31,820
I'm going to show you the process without
making us all the time of staring at a
622
00:46:31,820 --> 00:46:38,340
bunch of graph paper and trying things
that that kind of went into this. But
623
00:46:38,340 --> 00:46:40,250
again, just like with the whitening
sequence, we're going to exploit
624
00:46:40,250 --> 00:46:44,590
properties of the Heming fact, reveal
patterns in the interleave. So, again, if
625
00:46:44,590 --> 00:46:47,240
we look at our Heming eight for code words
that we know and love that are very
626
00:46:47,240 --> 00:46:52,800
useful, we're going to use this time the
code word for for once, the code word for
627
00:46:52,800 --> 00:46:59,420
for Hex F, and in that case, the state of
that code word is eight once. So if we
628
00:46:59,420 --> 00:47:02,840
construct a bunch of packets, we're
basically we take we take eight symbols.
629
00:47:02,840 --> 00:47:09,790
We start we take we take four four bytes,
which is eight symbols and SFH and we walk
630
00:47:09,790 --> 00:47:14,600
the position of those ones through our our
frame here. We can start to look for
631
00:47:14,600 --> 00:47:23,500
patterns. Who sees it. I'll save you the
trouble. Who sees it. Now look at the the
632
00:47:23,500 --> 00:47:26,960
bottom row. Second from the right and
you'll see the pattern. Basically it's a
633
00:47:26,960 --> 00:47:32,820
diagonal inner lever. But the first two,
the two most significant bits are flipped.
634
00:47:32,820 --> 00:47:36,060
So if we take this and then read out,
basically we can take this and we can
635
00:47:36,060 --> 00:47:42,130
start to map those diagonal positions into
positions within within a interleave
636
00:47:42,130 --> 00:47:47,190
matrix. So if we do that, we walk through
all the different states and map those
637
00:47:47,190 --> 00:47:53,030
positions out with data that we know we
get this nice table. Now, let's put this
638
00:47:53,030 --> 00:47:57,420
table next to the data that we're looking
for. Right. So here we decomposed the
639
00:47:57,420 --> 00:48:01,490
Heming code words for for the data we in,
which is, of course, our beloved dead beef
640
00:48:01,490 --> 00:48:07,560
on the in the middle column. On the left,
we have the the data values, the four data
641
00:48:07,560 --> 00:48:13,990
bits that we're looking for. And then the
column, the right column on the left there
642
00:48:13,990 --> 00:48:18,000
is are the Perati bits that we're looking
for. Again, I'm going to make this easy
643
00:48:18,000 --> 00:48:21,450
for you. If you stare at this for long
enough, you become compelled to reverse
644
00:48:21,450 --> 00:48:26,000
the order. And then if you continue
staring at it, you start to see some
645
00:48:26,000 --> 00:48:30,340
patterns. That looks like our data, right.
So if we go a step further, we can start
646
00:48:30,340 --> 00:48:36,420
to map in some of these HanTing correcting
fields into this this matrix here. So here
647
00:48:36,420 --> 00:48:41,040
we see the four data are the rightmost
rightmost bits. And then we can see that
648
00:48:41,040 --> 00:48:45,290
Perati bits, one and two correlate very
nicely. And if you go a step further, we
649
00:48:45,290 --> 00:48:52,130
can see that. These are these the Ghiz
five in format very closely as well,
650
00:48:52,130 --> 00:48:55,780
although they're flipped, you'll see that
Perati before is actually more significant
651
00:48:55,780 --> 00:49:00,260
period of three. So we're almost there,
right. Although we have left to do is
652
00:49:00,260 --> 00:49:06,420
applier and we're done. And that's the
modulation. That's the whole thing. So,
653
00:49:06,420 --> 00:49:18,220
again, let's thank you. So, again, let's
let's talk briefly about these red
654
00:49:18,220 --> 00:49:23,380
herrings and try to wrap this up, I want
to do a demo before our Q&A. So we had
655
00:49:23,380 --> 00:49:25,990
these four different encoding stages here,
right? We had great documentation for all
656
00:49:25,990 --> 00:49:29,010
of them. But empirically, after
implementing them, we were able to
657
00:49:29,010 --> 00:49:36,400
establish that, well, three of the three
of the four just weren't the case. Right.
658
00:49:36,400 --> 00:49:40,140
One of them was actually cool, right? One
of them was actually what it said it was.
659
00:49:40,140 --> 00:49:44,500
So. So, yeah. Anyway, how are we able to
work through this? I think it's important
660
00:49:44,500 --> 00:49:48,010
to reflect and try to get some takeaways
from this. Hopefully this is useful as you
661
00:49:48,010 --> 00:49:51,560
approach your reverse engineering
challenges. Basically, what was essential
662
00:49:51,560 --> 00:49:55,230
here was being able to bauen the problem
and hold certain things constants that we
663
00:49:55,230 --> 00:49:58,910
could solve for unknowns. And if you
remember, we kind of did this in two
664
00:49:58,910 --> 00:50:02,920
stages. We were able to cancel out the
interleaving in the forward error
665
00:50:02,920 --> 00:50:08,240
correction and hold that hold that
standard, hold that static in order to
666
00:50:08,240 --> 00:50:11,940
figure out the whitening sequence. And the
gray indexing were kind of all in one go.
667
00:50:11,940 --> 00:50:15,240
And then when we controlled the grand
indexing, the whitening sequence, and
668
00:50:15,240 --> 00:50:19,320
we're pretty confident about what the Ford
error correction was, there was really
669
00:50:19,320 --> 00:50:24,010
only one variable that we really had to
had to solve, really only one thing. We
670
00:50:24,010 --> 00:50:26,100
actually had to go into the bits and
really, really kind of dig out of this
671
00:50:26,100 --> 00:50:30,990
thing. Right. So by making these
assumptions, using open source information
672
00:50:30,990 --> 00:50:35,120
and really bounding the problem and
working, working through it, through it,
673
00:50:35,120 --> 00:50:39,310
coherently able to reverse these four
stages down into really one experimental
674
00:50:39,310 --> 00:50:45,170
variable and just solve for it. So that's
that's really the trick here. OK, I'm
675
00:50:45,170 --> 00:50:48,850
going to blow through this next part to
talk very briefly about the structure, the
676
00:50:48,850 --> 00:50:54,240
Laurer Phi Phi packett. So this is a
picture pulled out of one of the one of
677
00:50:54,240 --> 00:50:59,720
the data sheets. We already talked about
the preamble, this repeated chirps. One
678
00:50:59,720 --> 00:51:03,400
thing that's not pictured here is the
single word in the story frame delimiter,
679
00:51:03,400 --> 00:51:09,050
which is right there. And then we have
this thing called the header. Right. And
680
00:51:09,050 --> 00:51:12,200
it says here that the header is only
present in explicit mode. So there's this
681
00:51:12,200 --> 00:51:16,920
notion of implicit versus explicit header
in LoRa. And the explicit header includes
682
00:51:16,920 --> 00:51:21,330
a finder that that has some information,
such as the length of the payload, the
683
00:51:21,330 --> 00:51:25,760
type of scheme in there that's applied to
the remainder of the payload, not the
684
00:51:25,760 --> 00:51:30,200
header itself, but the rest of it. And
then there's also an optional CRC as well.
685
00:51:30,200 --> 00:51:33,770
It can be included in implicit assumes
that the receiver knows the modulation
686
00:51:33,770 --> 00:51:41,380
parameters and skips that bit. So no
problem, right? We can use implicit mode
687
00:51:41,380 --> 00:51:45,530
to figure out what the whitening sequences
and then switch back to explicit mode, use
688
00:51:45,530 --> 00:51:49,300
the whitening sequence from implicit and
figure out what the header is by just
689
00:51:49,300 --> 00:51:54,160
looking to see what the values are as we
change the modulation. Yeah, right. None
690
00:51:54,160 --> 00:52:00,360
of this is easy, right? Like, really,
really nothing. Nothing helps us here. So
691
00:52:00,360 --> 00:52:03,940
as it turns out, implicit and explicit
explicit header modes use different
692
00:52:03,940 --> 00:52:07,730
whitening sequences. So the header remains
unpersuaded, even if we know what the
693
00:52:07,730 --> 00:52:12,370
implicit whitening sequence is implicit
about whitening sequences. So let's see
694
00:52:12,370 --> 00:52:17,390
what we know. Again, we've got this header
here and in this picture tells us the code
695
00:52:17,390 --> 00:52:21,210
rate is always four eight for the header.
So no matter what the code rate, that is
696
00:52:21,210 --> 00:52:24,650
the the number of bits in the Heming for
Hemingford error correcting codes used is
697
00:52:24,650 --> 00:52:29,620
for the rest of the packet. This code red
is always for it. Well, what about the
698
00:52:29,620 --> 00:52:36,420
spreading factor, as it turns out, the
header is always sent at the spreading
699
00:52:36,420 --> 00:52:40,190
factor, that is to less than the rest of
your modulation, the code rate is still
700
00:52:40,190 --> 00:52:44,500
for the spreading factor for the header is
the pretty factor of minus two. So two
701
00:52:44,500 --> 00:52:48,170
fewer bits per symbol, even if the headers
implicit and I have to credit Thomas tell
702
00:52:48,170 --> 00:52:51,520
Camp for giving me the tip that actually
led led to kind of putting this all
703
00:52:51,520 --> 00:52:57,250
together thanks to him. So again, the
first eight symbols, no matter whether
704
00:52:57,250 --> 00:53:01,301
you're an implicit or explicit mode, are
always Senate it minus two and code word
705
00:53:01,301 --> 00:53:05,880
for it. That's always the case. Also,
there's this mode called low data rate
706
00:53:05,880 --> 00:53:10,260
where if that set on, then all of the
symbols in the remaining in the remainder
707
00:53:10,260 --> 00:53:17,310
of the five, the five packet are also sent
at spreading factor F minus two. So it's
708
00:53:17,310 --> 00:53:19,400
just an extra basically gets you some
extra margin in case you're dealing with
709
00:53:19,400 --> 00:53:24,410
the noisy channel and need to get data for
that's the five who want some tools to go
710
00:53:24,410 --> 00:53:28,760
with it, who's curious about this and
wants to start playing with it. Does LoRa
711
00:53:28,760 --> 00:53:34,290
seem cool? So with that, that brings us to
G.R. LoRa, which is an out of frequency
712
00:53:34,290 --> 00:53:39,090
radio module that I've been working on for
for the last couple of months. And it's an
713
00:53:39,090 --> 00:53:42,230
open source implementation of the fire
that works very nicely with the GANU radio
714
00:53:42,230 --> 00:53:46,830
software, defined radio, digital signal
processing toolkit. It's open source
715
00:53:46,830 --> 00:53:51,951
software, its free software. It's got a
great community built up around it. It's
716
00:53:51,951 --> 00:53:54,951
really cool. If you're curious about ETR,
there are loads of good tutorials. And
717
00:53:54,951 --> 00:53:58,250
even if you're a wizard, well, if you're a
wizard, you already know what this is. But
718
00:53:58,250 --> 00:54:03,730
it's a really, really great, great piece
of software and ecosystem. And why is
719
00:54:03,730 --> 00:54:07,720
having an open source version of this
interesting, well, existing interfaces to
720
00:54:07,720 --> 00:54:12,660
LoRa or layer to and above, both with the
the data sheets that we get that go with
721
00:54:12,660 --> 00:54:17,900
each of the different lower radios and the
standards that are available and open.
722
00:54:17,900 --> 00:54:21,810
It's all layer tuneup. We don't have any
insight into what the fi state machine
723
00:54:21,810 --> 00:54:28,040
actually does. And FIGLIA security really
can't be taken for granted. And to to back
724
00:54:28,040 --> 00:54:32,130
this up, I'm going to point to some eight
to 15 for exploits that that kind of
725
00:54:32,130 --> 00:54:36,510
reinforce this from a couple of years ago.
We have traves good speeds packet packet
726
00:54:36,510 --> 00:54:39,920
that show that he was able to do a full
seven layer compromise by basically
727
00:54:39,920 --> 00:54:45,700
encoding the data that would induce the
preamble and subframe symbols for eight to
728
00:54:45,700 --> 00:54:48,900
15 for within the payload of another
message, he was able to get some really
729
00:54:48,900 --> 00:54:53,840
wonky things to happen to radio state
machines in doing so. And related to that,
730
00:54:53,840 --> 00:54:59,050
we have this wireless intrusion detection
system evasion that was done by Travis
731
00:54:59,050 --> 00:55:02,550
Good and some friends of mine from
Dartmouth. Where they were basically able
732
00:55:02,550 --> 00:55:07,140
to fingerprint how different Itochu for
radio state machines work and construct
733
00:55:07,140 --> 00:55:11,910
packets that would be able to be heard by
some but not others. So from that, you
734
00:55:11,910 --> 00:55:16,140
could basically identify generate versions
of packets that weren't totally compliant
735
00:55:16,140 --> 00:55:20,120
with the standard, but would still be
heard by certain receivers and not others.
736
00:55:20,120 --> 00:55:23,780
So some really tricky stuff here. Phi's
really matter. You can't take them for
737
00:55:23,780 --> 00:55:27,560
granted in the picture of security. So my
hope with this is by getting this tool out
738
00:55:27,560 --> 00:55:31,540
there, we can actually really start to
look at the surface and figure out how it
739
00:55:31,540 --> 00:55:34,930
works and how it can be made better and
really start to start to get involved with
740
00:55:34,930 --> 00:55:40,200
improving the security of this new
protocol through some prior to site. Josh
741
00:55:40,200 --> 00:55:44,990
Blum has a module for both of us, which is
a kind of like a competitor to radio. It's
742
00:55:44,990 --> 00:55:48,800
like another framework. It gets the
modulation right. But the decoding is is
743
00:55:48,800 --> 00:55:52,320
basically off of the documentation so it
can talk to itself, but it can't talk to
744
00:55:52,320 --> 00:55:55,530
actual hardware because it doesn't
implement the real decoding stage that we
745
00:55:55,530 --> 00:56:00,440
had to reverse engineer. And also, there's
another Gahler out there made by this guy,
746
00:56:00,440 --> 00:56:05,001
RPV zero on GitHub. When I first looked at
it, it was like this python thing that I
747
00:56:05,001 --> 00:56:08,540
couldn't quite get to work. I went, What
did you get last night? Actually looks
748
00:56:08,540 --> 00:56:11,540
pretty cool. So you might check that out,
too, if you're interested in this. Looks
749
00:56:11,540 --> 00:56:15,760
like it's it's pretty, pretty solid. So
Migiro LoRa implements modulation encoding
750
00:56:15,760 --> 00:56:20,190
in separate blocks so that you can you can
be modular and experiment. So if you want
751
00:56:20,190 --> 00:56:22,820
to have like a multiple kind of like a
common two layer for error correcting
752
00:56:22,820 --> 00:56:26,260
thing, you better resiliency. You can
write that in without having to touch the
753
00:56:26,260 --> 00:56:30,260
demodulator. Told you a couple for you.
Also, there's a very simple asynchronous
754
00:56:30,260 --> 00:56:35,570
PDU interface for passing data between the
blocks and you basically write to it just
755
00:56:35,570 --> 00:56:39,210
using websocket, which is really easy.
I'll demonstrate in a minute and it's just
756
00:56:39,210 --> 00:56:43,670
like I you know, two fifteen four which is
a great eight to 15 four, which is a
757
00:56:43,670 --> 00:56:49,090
really great module made by Bastiaan, who
I think is here really, really cool tool I
758
00:56:49,090 --> 00:56:53,770
used all the time. So demodulator, the
demodulator in the decoding implements the
759
00:56:53,770 --> 00:56:58,520
process that we just reverse engineered
using the stack, the 50s and all that. The
760
00:56:58,520 --> 00:57:00,720
modulator in the encoder use a more
efficient method that does direct
761
00:57:00,720 --> 00:57:05,280
synthesis of chirps. So rather than like
basically computing the fifty results and
762
00:57:05,280 --> 00:57:08,790
then doing an effect of that, we can
actually index into a pre computed chirp
763
00:57:08,790 --> 00:57:13,320
to make the generation a lot more
computationally efficient. If you want the
764
00:57:13,320 --> 00:57:20,210
source right there just pushed a giant
update to it about two hours ago. So if
765
00:57:20,210 --> 00:57:23,600
you're interested in playing with it,
there it is. Let's run through a quick
766
00:57:23,600 --> 00:57:28,370
demo before we're out of time here. So
here's a scenario. I've written you guys a
767
00:57:28,370 --> 00:57:32,170
poem. I'm going to play you guys a poem.
And I want to be able to sniff it and show
768
00:57:32,170 --> 00:57:38,090
you what it is. Right. So to transmit, we
have our ative fruit. It's an idea for
769
00:57:38,090 --> 00:57:42,650
radio, like an Arduino basically with a
lower radio on it. And to receive it,
770
00:57:42,650 --> 00:57:46,260
we're going to use our USP right down
here. And of course, it's all being
771
00:57:46,260 --> 00:57:53,910
received by G.R. LoRa. So I'm going to
jump over to my VM if I can see if I can
772
00:57:53,910 --> 00:58:12,620
get this up on the other screen. Bear with
me one moment. There we go. Show you the
773
00:58:12,620 --> 00:58:21,980
interview of my password. We're going to
start a receiver here and now I'm. Going
774
00:58:21,980 --> 00:58:33,700
to just open a. Sock it here. And I'm
going to. Sir, my transmitter and let's
775
00:58:33,700 --> 00:59:00,480
see what we have for you. In case you're
unsure of what you're looking at. So
776
00:59:00,480 --> 00:59:04,390
that's all over, LoRa. There are few to
do's, if you want to contribute, be happy
777
00:59:04,390 --> 00:59:09,270
to have you do so, some additional
resources if you want to know more. I've
778
00:59:09,270 --> 00:59:13,010
written this up all in detail in traves
good speeds, PIERCEY or ETFO. The most
779
00:59:13,010 --> 00:59:17,150
recent issue has that in there. Also, if
you want to learn more about Radio's NDR,
780
00:59:17,150 --> 00:59:20,850
my colleague Mark and I are giving a talk
at Shukan and Troupers called. So you want
781
00:59:20,850 --> 00:59:24,040
to talk radio's, which is going to go
through how to reverse engineer really
782
00:59:24,040 --> 00:59:27,860
basic Iot modulations. It'll spend a lot
more time on some of the basics and show
783
00:59:27,860 --> 00:59:32,120
you how to actually apply the stuff
yourself to wrap up. LPI plans are
784
00:59:32,120 --> 00:59:36,480
exploding. They have tons of momentum and
are popping up everywhere. RF stacks are
785
00:59:36,480 --> 00:59:40,130
also becoming more diverse. So when you're
talking about securing your wireless air
786
00:59:40,130 --> 00:59:43,760
space, you're not just worrying worried
about Wi-Fi anymore. If you're a corporate
787
00:59:43,760 --> 00:59:46,770
security administrator, you work in
corporate I.T. You also have to worry
788
00:59:46,770 --> 00:59:49,960
about all these other, like, Iot
appliances that are coming into your
789
00:59:49,960 --> 00:59:54,800
enterprise and are starting to take root.
On a technical note, we've shown how to go
790
00:59:54,800 --> 00:59:58,970
from some obscure modulation into bits.
We've also added a new tool to the
791
00:59:58,970 --> 01:00:03,840
researchers arsenal. I want to thank
Bollon Sieber Bestival. He's an incredible
792
01:00:03,840 --> 01:00:07,300
resource and this would have been possible
without him. Also, the open source
793
01:00:07,300 --> 01:00:12,310
contributors who helped get here helped us
all get here. And finally, the Chaos
794
01:00:12,310 --> 01:00:19,380
Computer Club for organizing 33c3 and
having me. So thank you very much. Thank
795
01:00:19,380 --> 01:00:25,090
you for your attention. And I'd be happy
to take your questions.
796
01:00:25,090 --> 01:00:35,530
Applause
797
01:00:35,530 --> 01:00:45,700
Herald: We are almost out of time, thank
you very much, Matt. We're able to take
798
01:00:45,700 --> 01:00:50,180
very few and brief questions. So
microphone in front, right, please.
799
01:00:50,180 --> 01:00:54,060
Matt: I remember you. We met in your video
conference. Good to see you.
800
01:00:54,060 --> 01:00:58,480
Mic: Yes. There are two ways to quantify
the reliability of a dense LoRa network.
801
01:00:58,480 --> 01:01:00,920
Matt: Could you repeat that, please?
Mic: Is art a ways to quantify the
802
01:01:00,920 --> 01:01:05,300
reliability of a dense LoRa network?
Matt: I'm sure there are. I haven't really
803
01:01:05,300 --> 01:01:10,540
looked at all at benchmarking or figuring
out what kind of the limits are. My
804
01:01:10,540 --> 01:01:15,110
interest has really been in getting the
decoding information extraction done. I
805
01:01:15,110 --> 01:01:19,340
know that there's a group in San Francisco
that's building deep networks that
806
01:01:19,340 --> 01:01:23,450
building a LoRa product or network of some
sort. They've done some benchmarking of
807
01:01:23,450 --> 01:01:27,590
how LoRa works in cities and they have a
blog post. That's pretty good. You might
808
01:01:27,590 --> 01:01:30,290
check that out.
Herald: We have one question from the
809
01:01:30,290 --> 01:01:33,680
Internet via our Signal Angel?
Signal Angel: Our panel on the IAC is
810
01:01:33,680 --> 01:01:36,240
asking, how long did it take to figure out
all of this?
811
01:01:36,240 --> 01:01:40,970
Matt: So, you know, I first saw LoRa in
the wild in January and kind of just let
812
01:01:40,970 --> 01:01:49,710
the capture sit in my sitting by my hard
drive for a while. It probably took about
813
01:01:49,710 --> 01:01:53,700
four or five weeks of working on this,
more or less full time, I was a little bit
814
01:01:53,700 --> 01:01:56,780
I had some other things working on, too,
I'd say probably four weeks from what I
815
01:01:56,780 --> 01:01:59,780
actually said. All right. Let's figure
this thing out to having the initial
816
01:01:59,780 --> 01:02:04,600
results.
Herald: Another question from the rear
817
01:02:04,600 --> 01:02:09,000
right microphone.
Mic: So in decoding those two unknown
818
01:02:09,000 --> 01:02:15,600
layers, you had your proprietary hardware
and you could send it data and it'll it
819
01:02:15,600 --> 01:02:20,380
won't do the AES and encryption stuff and
it just sends that encoding.
820
01:02:20,380 --> 01:02:24,660
Matt: That's a great question. I kind of
skipped over that the microchip LoRa radio
821
01:02:24,660 --> 01:02:29,230
that I had this guy right here. I also
wanted another one that was a LoRa when
822
01:02:29,230 --> 01:02:34,160
radio. This is a LoRa radio, but actually
exposes an API to pause the Maxsted
823
01:02:34,160 --> 01:02:37,850
machine so you can turn off all the layer
two stuff that would add a header in
824
01:02:37,850 --> 01:02:43,500
encryption, stuff like that, and send what
are close to arbitrary frames. And I say
825
01:02:43,500 --> 01:02:47,880
what are close to arbitrary frames because
you can't turn off the implicit header. So
826
01:02:47,880 --> 01:02:49,910
it's always an implicit or sorry, you
can't turn off explicit headers, it's
827
01:02:49,910 --> 01:02:53,880
always in the explosive header mode. So
this more or less exposed raw raw payload
828
01:02:53,880 --> 01:02:55,880
injection.
Mic: OK, thanks.
829
01:02:55,880 --> 01:03:00,050
Herald: Yeah, we're already in overtime.
We're taking one last question from our
830
01:03:00,050 --> 01:03:02,760
Signal Angel on IRC and then we'll have to
wrap up.
831
01:03:02,760 --> 01:03:06,960
Matt: I'll be happy to hang out and answer
questions after the fact too.
832
01:03:06,960 --> 01:03:11,350
Mic: Now many people are wondering what
implications does it have that basically
833
01:03:11,350 --> 01:03:17,450
the patent is not used at all? So could
you could you say that the technology is
834
01:03:17,450 --> 01:03:22,960
patent free In a way?
Matt: I am not a lawyer, but I have known
835
01:03:22,960 --> 01:03:27,000
lawyers and I know that they're clever
enough to not fall for that. So I'm sure
836
01:03:27,000 --> 01:03:30,850
that I'm sure that the patent was defined
as generally as possible. And again, it
837
01:03:30,850 --> 01:03:35,790
describes a modulation similar to LoRa.
I'm again not a lawyer, but I'm almost
838
01:03:35,790 --> 01:03:43,070
certain that that that that it would be
covered. So but that's a clever thought.
839
01:03:43,070 --> 01:03:50,000
Herald: Thank you, Mike. Please give him a
warm round of applause. Thank you again.
840
01:03:50,000 --> 01:03:52,120
applause
841
01:03:52,120 --> 01:03:56,160
33c3 postrol music
842
01:03:56,160 --> 01:04:16,000
Subtitles created by c3subtitles.de
in the year 2021. Join, and help us!