<i>33c3 prerol music</i>

Herald: As mentioned before, Internet of
Things, it would be great if it would work

and one big part of Internet of Things is
the Internet part. So stuff has to talk

and cables are shit. So we use Wi-Fi and
other wireless protocols. So our next

speaker is going to take a very close look
at the physical layer of LoRa, a low power

wireless area network, and he built some
stuff to actually sniff what's happening

and inject stuff. And apparently he
offered his sacrifices to the gods. So

we'll see something. Please give a warm
round of applause to Matt Knight.

<i>applause</i>

Matt Knight: Thank you for that warm
introduction and thank you all for coming.

I'm really excited to be here. So for the
next hour or so, we're going to be talking

about the LoRa failure. And LoRa is a low
power wide area network, wireless

technology that is designed for the
Internet of Things. So first, a little bit

of background. Myself, a software engineer
and a security researcher with bestial

networks, I have a bachelor's in
engineering, electrical engineering and

better systems from Dartmouth. But really,
my interests are in applied RF security

research. So that means everything from
reverse engineering wireless protocols to

developing functional based bands and
software and HDL and also all the way up

to software networking stocks. So all
these things are interesting, interesting

to me, but I'm really excited about the
material we're going to talk about today.

So before we get started, there aren't
going to be any like zero days or

traditional security related exploits
here. But we are going to take apart a

cutting edge wireless protocol. Let's talk
about why that's important in a minute.

But first, I'd just like to survey the
room and get a sense for who's here so I

can figure out where to spend more of my
time. So if you'd be so kind as to raise

your hand if you've heard of software
defined radio. That's a lot of hands.

That's great. OK, how about raise your
hand if you know what is best for you,

transform is awesome. And how about a
symbol in the context of wireless wireless

systems? OK, cool, this we're going to do
well, this is going be fun, so why why is

this sort of network forensics interesting
or why is it relevant? Why is this

important? The Cisco Internet Business
Solutions Group has a figure that I really

like that states that by 2020 they're
going to be 50 billion devices connected

to the Internet in some way. As we know,
with the growth of mobile and the Internet

of Things, fewer and fewer of those
devices are connected with wires every

year. And as we know, tools like Wireshark
and Monitor Mode weren't always a thing,

even for common interfaces like Wi-Fi and
able to 11. Those those tools that we come

to rely on every day exist because
somebody thought to look below the layer

they had and make it. And I believe that
low level security, low level access to

interfaces is essential for an enabling
comprehensive security on various

interfaces. So we're going to begin by
discussing L.P winds at a high level and

then we're going to do a little bit of a
background on some technical radio

concepts just so we can level out our
domain knowledge and inform the rest of

the conversation. Then I'm going to take
you through my recent reverse engineering

of the law failure that was powered
through separate fun radio. And finally,

I'm going to give you a demo of this tool
called Jaala that I've made. That is an

open source implementation of of this FI
that will enable you to begin doing your

own security research with it. So to
begin, what is LoRa, what is this thing?

It is a wireless Iot protocol and Iot is
in red because some of us are are

marketers. We're all engineers. We know
that this is a dirty term. Right? Iot is

really code for connected embedded devices
and there are tons of common standards for

embedded systems already. Everything like
ITOCHU 54 and all of its friends like

Ziggy and six Lappin, Itochu, eleven wi fi
and then also more common things like

Bluetooth and Bluetooth, low energy. And
the list goes on. Right. We've got all

these standards. What is wrong with them?
Why don't we just use just one of these

existing ones? Well, all the ones we just
mentioned all require some degree of local

provisioning. You need to connect your
device to in side or hook your your Zuby

device up to a coordinator in order to get
a communicating. Some of them require

gateways to talk out to to the Internet.
And in the case of eight to 11, it's very

power intensive. So you can't run a device
for a long time on a battery. So what's

ideal? What about cellular cellular works
everywhere? It's easy to install. You

don't have to worry about any hardware on
premises. As long as you can talk to a

tower, there could be miles away. You're
good to go. Well, it's power intensive and

in the case of certain types of the
standards, they're going away. And I'm

talking about to give us an edge service
in in the United States. AT&amp;T, one of the

largest carriers, is saying they're going
to sunset their 2G network in about three

days in Australia. This has already
happened. Telstra, which is one of the

largest telecom companies in Australia,
sunset their GPS service earlier this

month. And all the other major carriers
are soon to follow. So 2G is is works

everywhere. It's very battery conscious
and it's fairly cheap. So this is exactly

what the Internet of Things needs to to
power its communication standards. Now,

say you're a developer and you want to
move on to a new wireless standard that

won't, you know, deprecate in three days
you can either go to 3G or more modern

cell stack, which which comes with a more
expensive radio and harder power

requirements. Or you can wait for the 3G
up, which is the standards body that makes

and maintains the cellular standards to
come out with their Iot focused, with

their Iot focused standards that are
currently in development. And the

indications that I've gotten state that
those won't be ready until the end of next

year, really at the earliest. So it's
gonna be the end of twenty seventeen at

the beginning of twenty eighteen before we
start to see these things in the wild,

which means that until then there's a
massive hole in the market. So if you want

to, if you want to develop a embedded
system that requires this type of

connectivity, you're going to have to look
elsewhere. And that brings us to the topic

of low power, wide area networks. And you
can think of these networks as being just

like cellular, but optimized for Iot and
M2M communications. The architecture is

almost exactly the same and that you have
a network of base stations or gateways

worldwide and then end nodes uplink
directly to those base stations without

any meshing or routing among themselves.
It's just like a star network. Basically,

you have these nodes, the connect directly
to the base station and they have a range

on the order Miles. It's a very similar
topology to cellular. There are tons of

standards that are there are popping up
more and more every day. But the two that

have the most momentum are LoRa and Sigge
Fox. There's been a ton of investment in

both of these technologies, actually. Just
last month, LoRa Ersek Fox closed a

hundred and fifty million Euro Series F,
some late stage funding round in the Wall

Street Journal, wrote an article recently
that stated they were investigating a U.S.

IPO soon. Additionally, Senate and
activity, two of the biggest backers of

the wharfie have raised a combined fifty
one million dollars in the last year or

two, so one from raising one hundred fifty
million dollars, they're absolutely going

for it. They're investing like crazy in
these technologies. So when we say that

these networks are optimized for the
Internet of Things, we're really talking

about two things. They're battery
conscious sic. Fox advertises that they

can get up to 10 years of battery on the
amount of energy and a single AAA battery

and their long range. And if you turn all
the knobs and LoRa just right and have a

perfect noiseless channel, they advertise
that you can get thirteen point six miles

on one of these very long range devices.
And if you compare that with, you know,

some of the standards we talked about
earlier, that's pretty competitive. So how

how do they do that? How does that work?
Well, they've designed the entire system

around the fact that they're willing to
accept compromises in the protocol and the

functionality of these devices. When I
talk about compromises, I'm talking about

aggressive duty cycling, both transmitting
and listening, very sparse data, grams, so

tiny packet sizes. And they're highly
limited, meaning they can't send that many

packets that often. Now, for example,
signal limits. This is built into the FYE

limits devices to 140 12 byte data grams
per day. That's like that's like nothing.

I think that's less than like a look at to
you. It's tiny now and then weightless in

another LP when standard is uplink only.
So it can only send messages up to Gateway

but can't receive any downlink. So for
example, if you had a device deployed, you

can never deliver firmware to it later
unless you rolled a truck to it or climbed

up the telephone pole to where it's
mounted. And finally, LoRa, classi devices

can only receive downlink for a brief
window after they uplink. So if you're if

you're an application operator and you
want to send a message to a device you

have in the field, you have to wait for
that device to call home before you had

your brief window to tell it what you
want. So these systems are built around

compromises, but that's what enables them
to get some pretty incredible performance.

All right. Let's get into the details with
LoRa. So LoRa is an LP when it's developed

by some tech, which is a French
semiconductor company. Biffy was patented

June in 2014 and LoRa when McCan network
STAC was published in January of 2015. So

this this entire standard is less than two
and a half years old. It's brand new and

it's supported by an industry trade group
called the LoRa Alliance, which has

tripled in size every year since its
founding. So growing quite a bit before we

move on. Just want to clear up some
nomenclature that will help us focus in on

what this talk is going to center on, and
that is disambiguate. LoRa and LoRa, when

LoRa refers strictly to the player, the
physical layer of the standard, LoRa when

defines a Mac and a networking, some upper
layer stacks that right on top of LoRa,

the LoRa Wanne standard, the upper layer
has been published and that's public. But

the FIGLIA itself is totally closed. So
the LoRa, when upper layer stack gives

some information about its topology, it's
kind of interesting, suggests that they

were really thinking about security when
they designed it. There are kind of four

stages in the network all the way out in
the field. On your sensor you have the

node and that connects to Gateway over a
wireless link. That's the LoRa link. And

then once you get into the gateway,
everything from there up is all on. It's

all on IP networks, just standard
commercial IP networks. And then they have

roaming that works on different networks.
So you'll be able to take your device and

move to different areas of coverage and
have it all play nicely. And then you can

hook your application server up to that as
well to receive packets to and from the

network servers. It's all over IP and they
actually went as far as to define two

different mechanisms for encrypting it.
There are two different keys. You have the

network key, which goes from the which
covers from the node up to the network

server, and then you have the application
key, which is actually fully end to end.

It goes from the end device all the way up
to the to the application server. So if

you design that right, the network should
never see your traffic unencrypted. And

they also provide a mechanism for having
unique keys per device. It's built into

the standard, but it's not required. So
it's still up to the implementor to to do

that and get that right. So there are some
good thoughts that went into security with

lawin. However, that's not what we're
talking about today. That's all we're

going to say about lawin. We're just going
to tell you it exists that it rides above

LoRa, but we're not going to go into any
more detail than that. So from here on

out, it's all LoRa all the time. We're
just talking about the file here. So let's

get into what makes that really
interesting. One of the big defining

features of LoRa and Cig Fox, the two
biggest LP wins, is that they're designed

to use what are called isman spectrum.
That's what's called in the United States.

It stands for industrial, scientific and
medical. And what's cool about these these

bands is they're what are called
unlicenced, which means that you don't

need a specific license from the FCC or
you or your telecom regulation. Authority

to operate on it. So if you go and you buy
any Wi-Fi router on Amazon, you take it

home, you plug it in, you don't need to
then go and apply for a specific license

to to be able to communicate on it because
it was built to a certain standard. It is

compliant with those unlicensed band rules
and therefore can just work. So these

these devices use that same spectrum, but
to much greater effect, much longer ranges

in a much different use case. So that's
quite novel. And some other things that

use these technologies are, you know, wi
fi, Bluetooth, cordless phones, baby

monitors, things like that. So you can
think of this as occupying the same space

in the spectrum as these. Now, why is this
noteworthy, well, contrasted with the

cellular model where cellular technologies
use what is used protected spectrum, where

you have to have specific rights to
transmit on it in order to to legally use

it. And regular regulatory authorities
sell the spectrum for fortunes. But

billions of dollars is what the spectrum
sells for in the US. I'm sure it's the

same over here. And I just want to call
your attention to how expensive this is on

the left here we have a picture. It's an
excerpt from a document that I found that

was related to the RFQs TV white space
reverse auction. They're trying to

repurpose a lot of spectrum that used to
be used for digital TV. They're selling it

off. And if you want to come in and buy
some really prime low UHF spectrum to use

for whatever purposes you have, mind you,
this is just one TV station in the New

York area. You can get out your checkbook
and write a nine hundred million dollar

check and take over CBS TV in New York. So
getting into the cellular cellular game is

crazy expensive. It costs a fortune. But
there are a lot of us in here. Maybe we

can pass the hat and and buy some spectrum
at the end of this. So as a result of this

unlicensed nature, there are a number of
different models of commercialization that

are starting to emerge. We have the
traditional telecom model we're seeing

through companies like Senate, which is a
company that deploys home heating, heating

oil tank monitoring solutions in the
United States. They're also opening the

network up for Iot applications to right
on top of that traffic as well. And you'd

operate with them just like you would
operate with like Verizon or AT&amp;T or

Deutsche Telekom or whoever whoever you
work with here. Also interesting is I

believe it's CPN has rolled out Laurer, a
commercial or network lawin network

throughout the entire region of the
Netherlands. So countries entirely covered

with LoRa. So that's the commercial side
in the middle. We also have crowdsourced

networks. The one that I like to talk
about is this group called the Things

Network, where basically they have defined
in the cloud the network server

architecture for operating a worldwide
lawin network. So if you want to provide,

Laurieann, service on the Things Network
in your your area, you can get your hands

on Allura Gateway pointed at their network
servers and basically become become a base

station in their network from your living
room, which is kind of cool. So it can

kind of spread and grow organically based
on the needs of of people like me and you

who want, you know, the sort of service.
Then finally all the way up at the up at

the kind of independent amateur side, we
have people like Travis Goodspeed and some

of his friends that are working on a
technology called LoRa Him. And that's

leveraging the fact that you can actually
get more radios that work in workaround

for thirty three, which is in the I think
it's the 70 centimeter hand band in the

United States. So you can actually put a
reasonable amount of power behind LoRa

into tech based communications in the
clear. So they're developing a Allura base

mesh networking system for doing basic
like ASCII packet radio and communicating.

It's not public yet, but I like Pete. He's
blessed me to come and tell you that he's

that he's working on this and it should be
out soon. So there are all sorts of

different ways to use these technologies.
So this is a very different paradigm,

which we're used to. And it's opening up
lots of different opportunities for how

this technology might be used and grow.
OK, so that wraps up our background on

LoRa. We're about to get into some really
technical stuff, but before we do, I want

to go through a very short crash course on
some basic radio fundamentals to try to

even the playing field so that we can all
understand this. And I call it the

obscenely short radio crash course. But
with apologies to any use a real telecom

whizzes in the room. I think this is
probably more appropriate. We're going to

we're going to blow through this material.
And I'm just going to try to pick out a

few points that are really essential to
understanding the rest of this talk. I'll

tell you what's important and just try to
grab those concepts and we'll reiterate

them later as we go through it. So, again,
we're going to be talking about the

physical layer. And if you think about the
Ossi data model that we've all seen, the

physical layer refers to how your bits,
your data get mapped into physical

phenomena that represent them in reality.
And when you're dealing with wireless

systems, the mapping maps, the bits into
into patterns of energy in an RF medium,

RF sensor radio frequency, and there it's
basically electromagnetic waves or energy

that is just everywhere. And you can
manipulate RF by using a device called a

radio. And radios can either be harder to
find where the RF kind of mechanics and

the protocol are baked into the silicon
and are inflexible. Or you can use a

software defined radio where you have some
very general, flexible silicon up front

that basically just grab some raw
information and feeds it to some sort of a

processor, which can either be a
traditional CPU or an FPGA to implement

some of the more radio specific things and
has come a long way in the most most

recent few years. And it's now incredibly
powerful. So we're going to be talking

about both harder to find radios and
tougher to find radios throughout this

talk. So if you put together a radio
coherently, you can start to develop it

into a fire. And a fire has a has one main
component or several components. But one

of the main components is this notion of
the modulation in the modulation is the

algorithm that defines how your digital
values, your bits are mapped into RF

energy. And there are a few parameters
that we can kind of tweak to do that. And

those are amplitude frequency and phase.
And then we can put them together and use

some combination of them as well. In
modulators can modulate either analog or

digital information. But we're going to be
talking about modulating digital

information today. And an essential
concept with that is this notion of a

symbol. This is something it's very
important to remember. And the symbol

represents a discrete RF energy state that
represents some quantity of information.

So it's discretely sampled. And just think
of it as being like a state in your RF

medium. That means something. And will
illustrate this in just a moment. So here

we have two pictures of two different
modulations. And I just want to put these

up here to help you maybe get a grasp on
what a symbol looks like. So on top, we

have Frequency King, where you can see
your signal is alternating between two

frequencies. When it's on the left, it's
swelling on one frequency. When it's on

the right, it's dwelling on another
frequency. Which symbol is present is

based on where basically what frequency
that signal is on at a discretely sampled

moment in time. So you could think of this
as being like, you know, it's a zero when

the signal is rolling on the first
frequency, the one on the left and it's

one. And the signal is dwelling on the
right frequency frequency, too. And you

can see the see the analog with the bottom
modulation off keying where the signal

being present represents the one in the
signal being off represents a zero. So

hopefully that helps you get a grasp of
what it is that we're talking about. There

are, of course, more complicated Iot
fires. We have spread spectrum where data

can be basically chipped at a higher rate.
It'll occupy more spectrum, but it makes

it more resilient to noise. And then we
have some technologies to do that, like

eight to 15 for us, one that uses a spread
spectrum mechanism. So we talked a bit

about radios just a moment ago. We're
going to use two different kinds of radios

when when going through this talk. First,
we have a harder to find radio, which is a

microchip. LoRa, are in two, nine and
three module. And this is basically a

death word that has a harder to find lower
radio built on to it. So this is going to

be a transmitter they're going to be
targeting. And then finally, a receiver is

the software defined radio right here.
This is an ETA USCAP B to ten. It's just a

commodity software defined radio board.
And basically what this thing does is it

gets raw RF information from the air,
serves it to my computer so they can start

to work with it. With commodity tools like
Python, I can do radio, things like that

to start to process it. One less thing to
cover is the fast forward to transform the

Esperia transform basically takes a signal
in decomposes it into all of the the the

smaller signals, the some carriers, the
composite and any periodic signal can be

models of some of harmonic sine waves. So
basically the FFT takes any signal and

unravels it into the components. And why
we care about this is it takes it's

basically a very easy way for analyzing
and visualizing signals in the frequency

domain. So when we put it take a bunch of
50s and put them together, we get this

picture called a spectrogram where you
have time in the the ones we're going to

be looking at all the time in the Y axis
frequency in the Z axis and then sorry,

frequency in the X axis and power in the Z
axis. So the intensity of the color is how

how powerful that component is at that
instant in time. So here you can start to

visualize all the different signals that
are present. OK, raise your hand if you're

an expert. I see a few heads. Hopefully
this is all that we're going to need. I'm

going to reiterate some of these concepts
as we go through. So I really hope that

doesn't doesn't alarm you, son. You're
running for the door. It's going can be

very visual as we go through it. And
hopefully the graphics will help keep this

all grounded. So let's get into the meat
of how this Laurer fireworks. LoRa uses a

really neat proprietary fire that's built
on a modulation called chirp spread

spectrum success for short. Now, what is a
chirp? Chirp is a signal whose frequency

continuously increases or decreases. You
can think of it as being like a sweet

tone. And if we visualize it, using a
spectrogram is before it looks kind of

like this. In this case, we have a finite
amount of bandwidth and the frequency

either increases or decreases. You can
have up chirps or down chirps until it

reaches the end of its band. And then it
wraps around back to the bottom, back to

the beginning and continues. So here you
can see that the frequency that the first

derivative of frequency is constant. So
the frequency is always increasing or

decreasing at the same rate. And then when
it hits the end of the band, it just wraps

it keeps going. So why use something like
success, it has really great it has

properties that make it really resilient
to noise and very performance, low power.

So all these things with Iot focused
radios and having having very long battery

life, these are properties that lend
directly to that sort of efficiency. It's

also really resilient to multi path and
Doppler, which is great for urban and

mobile uses. So this is an interesting set
of sort of features here. Where else do we

see chirps radar is. I just heard it.
Thank you. Yeah. Radar is a really common

common usage. And you'll see military
marine radars sometimes refer to chirps as

wide band or pulse compression if they're
using chirping in the radar scheme. And

they're also used for scientific over the
horizon radars as well. And there's an

open source project called the New Chirp
Sounder that has some some features like

that for for visualizing these over the
horizon scientific radars. And also in a

past life, I worked on a scientific radar
called Super Dhan, which is a similar over

the horizon radar for visualizing
ionospheric activity. Cool. So that's a

little bit of background on the technology
here. So this is kind of my journey into

into starting to work with LoRa here. In
December. Twenty fifteen, I joined this

company, Bestilo, where I'm currently. And
on the research team we have these weekly

meetings where we get together and we look
at new either new R.F. techniques or

protocols, things that are interesting.
And we basically just have a deep

brainstorm on how they work. And and
what's interesting and the first meeting

that I participated in, it was the first
week that I joined. They were mentioning

they were talking about these L.P
technologies. They sounded pretty cool. So

we broke for Christmas. So I went back to
to New York where I'm from, and, you know,

brought my radio and sort of poking around
and seeing what I could find. And my

colleagues looked in San Francisco,
Atlanta, and I also worked in Boston. I

was there, too. And we didn't see LoRa
anywhere in December. Fortunately, a few

weeks later, I was I was at a meetup and I
encountered this company, Senate. I was

living in Cambridge, Massachusetts, at the
time. And they were talking about their

their home heating oil monitoring network
sounded pretty cool. So I looked him up

later and was watching one of the
marketing videos. And there was like a two

or three second bit where you could see
one of their technicians operating a

computer. Right. And they put up this
picture and this looks just like a

coverage map. Right. So, you know, this
could be fake data or it could be live.

And I took a bit of a closer look and I
realized where that is. That's Portsmouth,

New Hampshire. That's like an hour away
from Boston. So there's really only one

thing to do. So I hop in my car, I drive
up to New Hampshire, to Maine border, and

there's, you know, me behind the wheel, my
Saab with the USPI on the dash. And after

about ten minutes in the Marriott parking
lot across the street from there from

their headquarters, we have our first
sighting of LoRa in the wild. There it is.

It's the first signal I recorded. So let's
take a closer look at what we have here.

So if we look at the top third of the
picture, we have a series of repeated up

trips. You can see the signal is just
continuously increasing until it hits the

band and then it wraps and continues. And
knowing what we know about digital

communication systems, most of them have
some notion of a preamble or training

sequence to tell a receiver that, hey,
heads up, you're about to get a packet. So

probably with that is following that, you
can see the chip direction changes right

in the middle and you have two and a
quarter downtowners. And this looks like a

start, a frame delimiter or a
synchronization element. So this tells the

receiver, hey, heads up, preambles over.
You're about to get you're about to get

the data. You're about to get get the
payload here. And finally, you can see the

chip direction again, changes to the up
chirps. But this time the chirps are kind

of choppy. You see, they jump around
throughout the band, you know, just kind

of arbitrarily. It's not arbitrary,
though. That's actually the data being

encoded into the fire. So here we can see
that the chirp frequency, that is the

first derivative of the frequency, the
rate at which the frequency changes

remains constant. Right. However, the
instantaneous frequency may change within

the band. So you may have these jumps, but
remember that the rate at which it's

changing is always constant. You can just
have those discontinuities in those

instantaneous frequency changes represent
data being modulated onto the chirps. You

can kind of think of this as being like a
frequency modulated chirp with an FM

signal. You have a static carrier, a
carrier at a fixed frequency that you're

modulating to produce that signal. The
modulated signal here we're modulating a

chirp signal to produce the to produce
that. So rather than having a fixed

frequency that you're modulating your
modulating this continuous chirp. Cool. So

let's get our hands dirty. Let's figure
out how this thing works and start to pull

some data out of it before we dove into
the modulating it, let's take a look at

what we know through some open source
intelligence. And using open source

intelligence is a great way to really kind
of shortcut the reverse engineering

process. Because otherwise, you can you
can wind up doing a lot more work than you

have to. So there are a few things that
are really useful. We'll talk about these

as we go through this. This material first
thing we found. First thing I found was

the Simsek European patent application. It
was in the EU market, but basically

defined it modulation. That looked a lot
like what Lura could be. That's the number

if you want to look it up later. But that
had some pretty good information in their

final year. Secondly, we have the law of
the law when spek. And again, that's the

layer to add up spec that's open, not the
PHY, but it still has some references and

define some terms that are likely going to
be analogous to the file. So it's still

pretty useful. And finally, we have two
application notes from some tech that were

pretty juicy. The first one and there are
the the 18 one contained a number of

reference algorithms for implementing a
whitening sequence, which is like a

scrambler. We'll talk through that or
we'll talk about that momentarily. And

then twenty two had just a general
overview of the fine, define some terms.

Also, there was some prior art online.
There was a partial implementation in RTL

Strangelove that didn't really seem to be
maintained. It seemed pretty neglected and

I never really got it to to do anything at
all. But we're still good to look at and

had some really good hints in there. And
then there were also some very high level

observations in the FI in this wiki page
based an else decoding LoRa. It was mostly

just like looking at the spectrum and
seeing that it's a chirp modulation and

example recordings and things like that.
So from this documentation, we can start

to pull out some definitions defined. We
have the bandwidth, which is how much

spectrum the chirp can occupy, the
spreading factor, which is the number of

bits encoded symbol. And remember, the
symbol is it's just an RF state rights,

the number of bits in each RF state within
the modulation. And then finally we have

this thing called the chirp rate, which
we've kind of hinted at. It's the first

derivative of the chirp frequency. So the
rate at which that that chirp signal is is

constantly changing. And we can pull some
numbers out of this documentation to

define those. So we actually have have
some common constants for the first two.

And then we find a formula in one of those
documentations that states the rate is a

function of those first two. And since
there's a finite number of values there,

we can start to iterate and just try all
the different frequencies and start to

find one that that works. So in this case,
what is the symbol we've talked about how

how this modulation is basically frequency
modulated chirps. Right. So what we're

going to try to do with these demodulator
is quantify exactly where the chirp jumps

to whenever we have one of those
discontinuities. So let's start working

through it here. There are really three
steps we're going to we're going to

achieve. We're going to identify the
preamble, which is the beginning of the

frame denoted with the one we're going to
find the start of that of the FI data unit

by look, by looking in, synchronizing
against the sink word, which are those

downshifts that are there. And then
finally, step three is we're going to try

to figure out how to extract the data from
these instantaneous frequency transitions.

And to do that, we need to quantify them.
Now, there's a technique that I found

pretty early on. It was enormously helpful
for doing this, and that is to transform

the signal by describing it. And we'll
show you what the result is in just a

moment. But first, we're going to have to
do some math. And math doesn't read

because it's scary, but it's it's not
really it's actually pretty easy. So

there's a basic basic property of complex
signals that states that if you multiply

two signals together, if you multiply two
signals together, the resulting signal has

the frequency of the frequency of each of
the components added together. And from

that, if we multiply a signal with one
frequency against the signal that has the

negative value of its frequency, the
result is zero. We get a deep we get a

constant signal and we're working at
baseband here, which means the center of

the band is zero hertz so we can see
negative frequencies and things like that.

So if you multiply an up and down chirp
together, what do you get? You get

constant frequency. Now why do I say
constant frequency rather than DC? If the

troops are out of phase with one another,
there might be an offset from from zero

hertz there. So so it might not be
perfectly aligned with zero hertz. We

might do expect to get some offset there.
So what happens if you multiply a chirp

signal like this separately against an up
chirp and it down chirp. So to do

different two different operations
produced two different products. What do

you think is going to happen? Well, if you
do that, you get these pretty pictures

right here, so here you can see those
those there's really kind of tricky

diagonal chirp signals that are cutting
all of your spectrum, are hard to measure,

are translated into these nice, you know,
nice signals that are aligned in time. And

that looks like something we can start to
really work with and do something with. So

we need to quantify those. So, again,
remember symbols, we're going to keep

coming back to this. It's an hour of
state. The results represent some number

of bits and the law, LoRa, has this value
called the spreading factor that we found

some of the documentation that defines the
number of bits encoded for symbol. And

from the picture we saw a little bit
earlier, the common values are seven

through 12 or six or 12. You see you see
them both in different markets. So from

that, how many possible symbols to be
expressed? There can be? Well, each bit

can have, you know, two states is your
one. And there are spreading factor number

of bits. The number of symbols is two to
the spreading factor. So how can we start

to quantify these these symbols and start
to pull them out of the fire? So the steps

that I found that were that were the trick
to this were to channelize and resample

the signal to the bandwidth, decrypt the
signal with the look of the signal with a

locally generated chirp we just talked
about. Then we're going to take a fast

Fauria transform that signal where the
number of bends of the 50 that we compute

is equal to the number of possible
symbols. And we'll illustrate this

momentarily. And then if we do that
correctly, then the most powerful

component in that Pesquería transform,
that is the strongest component frequency

that we get back from that operation is
the symbol that we're looking for,

somebody chirping it. We get it into a
form where we really expect her to only be

one strong component per FFT, whereas if
we didn't ditch it when we took the 50 of

of a chirps worth of symbols, we would see
the energy kind of spread all throughout,

all throughout all the different bits. But
by describing it correctly, all that

energy gets pushed into one bin and we get
a single but clear value out of it. So if

we do that, we get a picture that looks
like this in here at the Z axis again, is

the is the intensity, the power present.
And we expect that to be the symbol that

we're looking for. And here it's aligned
in time with the base chip on the left

there. So here are the steps again. We
mentioned this earlier. Let's look for the

for the preamble. Right. What's a stupid,
simple algorithm for finding this? Let's

do it. Let's do it at 50 and let's look
for basically the most powerful component

being in the same bin for some number of
consecutive Fatty's easy fighting. The SFD

is the same thing. But again, this time
we're going to do it on the opposite

ditcher product. So when we did it, we get
back to different streams. We get one of

the D chirped up, chirps in one of the D
chirp downstairs so we can look at the

opposite stream and do the same algorithm
looking for the the safety here. Important

caveat. Accurately synchronizing on the
Safdie is essential for getting good, good

data out of this, this modulation, because
if you have a bad sync then you can wind

up having your bisley, your symbols, the
samples that comprise your symbol spread

between multiple adjacent fêtes if that
happens and you get incorrect data. Now

let's illustrate what that looks like. If
you look at rows thirty nine fifty, you

can see that visually it's almost
impossible to tell which of those two

readings represents the symbol. You see,
there are two different values that are

really powerful. That's the result of
basically basically half of the samples

from one chirp and basically half of the
sample from Chirp N and then half of the

samples from sample from chirp end plus
one wind up in the same FFT. So when we do

it, we get those two components in there.
And it's really it's really ugly and hard

to work with. So we can solve this by
using a technique called overlapping

Mufti's when looking for our safety
synchronization. And basically what that

means is we're going to process each
sample multiple times with the effect of

getting better resolution in time of our
resulting Mufti's. It's more

computationally intensive, but it gets us
much better, better fidelity here. So if

we do that, this is what the result looks
like. It's a little bit hard to see right

now. I'll get you a better picture in a
moment, but basically it's much less

ambiguous in terms of which symbol is
present. So if we use those overlapping

50s, we can synchronize on that SFD. And
then once we know exactly where the first

symbol of the data unit is and our buffer,
we can go back to using non overlapping

Mufti's, which are more computationally
more computationally efficient. And get us

a nice read on the right here. You can see
that again, if we look at lines thirty

eight and thirty nine, that ambiguity is
gone. Right. You can see exactly where the

most intensive were, the most intense
binnaz and therefore which symbol is

present. And here's the whole frame
synchronized. So we got the collisions on

the left and doesn't look that great on
the right it's much clearer. Cool. So

again we recompute more computationally
intensive and then we get out data. Now,

one last thing we have to do to wrap up
the modulation. So doing this again,

remember, we were talking about the
chermayeff, if our troops aren't perfectly

aligned, then then the resulting
deterrence signal might not necessarily be

off of the same reference. Right. And of
course, we don't know what chirp was used

to generate the signal on the transmitter.
So we have to find some way of normalizing

this data to account for that that that
first discrepancy. And we can do that by

referencing the preamble. And it just so
happens that the preamble, when you do it,

always represents simple value zero. So
you can basically just do a modulo

operation on your receive symbols to
rotate that back. So all the symbols are

referenced off of the preamble and you're
good to go. And that's it, right. Not even

close. We're just getting started, people.
Why is that? Because the data here is

encoded. What is encoding? Basically
encoding is a transformation that is

applied to the data before it's
transmitted. Why would you do something

like that? Because encoding increases over
the year. Resiliency. Why? Why is this

necessary? Right. Remember that we're
dealing with unlicensed spectrum. Right.

This is what the nine hundred megahertz
band, which is what LoRa uses in the

United States, looks looks like look at
all that stuff. It's not LoRa, right? That

stuff is there to ruin your day. It's
there to create all sorts of interference

and make your receiver not work the way
you expect. So RF is a really brutal

environment. There's all sorts of
interference. And basically the encoding

is a way of treating your data so that
even if you have a non ideal reception,

you can still get the data out of the
frame. So what do we have here? Remember

that LoRa's clotheshorse, we have some
material that's available through data

sheets, but we really don't know for sure
definitively what's in this file. So,

again, we're going to go back to open
source intelligence to figure out what we

know and then try to narrow in on how
we're going to iterate through this and

figure out how it works. So from the
patent, we have a number of very good

clues. First of all, it refers to the
stage called gray indexing, which, as is

defined there should add zero tolerance.
In the event that you read, a symbol is

being off by one, off by one bit. But if
you if you read a symbol in the incorrect,

then secondly, you have data whitening,
which induces randomness into the frame.

We'll talk about that momentarily. If
interleaving, which scrambles the bits

within the frame, then you have for error
correction, which adds correcting parody

bits, you can think of it as being a
parody bits on steroids rather than

telling you that just an error occurred.
It can actually help you correct the error

without needing retransmit. So we have
four different things to that to comprise

the encoding there in the patent. Right.
So that's awesome. It's easy, right? Why

is that? Because documentation lies to us
and even. And even even the clear, even

the clearest signals can can can lead us
into dead ends. So let me show you how. So

the grand hexing we read to represent
great cotting, which is just a basic

binary transformation that you can use to
treat data whitening. We actually have

defined in one of the application notes
reference designs for the pseudo random

number generators that you use for use of
the whitening. It's like C-code that you

can copy and paste. So this should be like
this should be rock solid. Step three, we

have an actual algorithm for the EarlyBird
that is defined in the patent. I'll show

you what it is momentarily. And then
finally, step four suggests that having a

human code is used, which is just a
standard for error correction mechanism.

So the first thing to focus on figuring
out here is the data whitening. And that's

a critical step because this is the way
the whitening works, is you X or your

message against a random string. And
unless you know what the random string is,

you're not going to be able to make any
sense of what follows it. So figuring out

that random string is essential to being
able to even make sense of what follows

it. So, again, with whitening, you take
your you take your your buffer that's

going out to the radio and you exhort
against a pre computed sort of random

string that is known to both the
transmitter and the receiver. Then when

the receiver gets in the frame, it
explores that the received buffer against

the same sequence that the transmitter
used. And you get back to the original

data because if you remember, explores its
own inverse. So that nicely undoes itself.

Now, why would we bother with whitening,
and that's because having random data is

really good for receivers similar to
Manchester and coding, where basically by

by encoding the data such that you don't
have some number of consecutive values of

some number of consecutive symbols of the
same value. You get this nice random data

source. What that does is creates lots of
edges for your receiver to do clock

recovery against so you get better
reception of longer messages or if your

clocks are bad. Manchester, of course,
comes with the penalty of a reduced bit

rate. It actually cuts the effective bit
rate that you can use into half of the

battery was whitening, does not. The
caveat is that you have to know what the

string is in order for it to work. So
let's find the waiting sequence. We've got

these algorithms in the in the application
note, we've got some examples and strange

love. None of them worked, so we had to
figure this out empirically. How can we do

that when there's interleaving and for
error correction in in the in the pipeline

here? Right. You know, we can we can send
something that might, you know, put the

whitening in a certain state that we could
we could leverage. Right. But we still

have these unknown transforms and follow
it. How are we going to be able to figure

out what what goes up? How are we going be
able to figure out the whitening when

those operations are in the loop, too?
Well, we need to bound the problem and

make some assumptions that we can start to
iterate through this black box problem. So

we're going to assume that the Forder
correction is what the documentation tells

us. It is the Heming and for and we're
also going to make another assumption and

we're going to set the spreading factor
equal to eight bits per symbol. And

basically, if you do that, then it makes
it such that we'll have exactly one

Heming, eight four code word per eight
bits per symbol, because if we set the

number of total bits in our having error
correcting code to eight, if it's

possible, fits very nicely and should work
out well. Now there's another very useful

property of the Hemingford Error
correcting code scheme that we're also

going to exploit, and that's that Heming
eight for contains four data bits and four

parity bits each. And for 14 of those 16
states, again, remember two possible

states per bit to the power for data bits
per code word in each of those in 14 of

those 16 code word possibilities, other
for ones and for zeroes each. However, for

the four, the word for data Knebel zero.
That's four zeros. The code word of that

is eight zeros. So it's totally non
additive. So if we if we send our error

correcting scheme a string of zeros to
apply itself to, it's totally not

additive. We get back twice as many zeros
so we can leverage that to do something to

try to cancel out that for error
correcting stage. So let's go ahead and

transmit a string of zeros. Right. So,
again, if it's hamming it for his resume,

we expect that stage for the four year
curtain code to cancel out, right. What

about the inner lever? Let's take a look
at the algorithm that suggested in the

pattern. There it is. The key takeaway
from this is if this is implemented in a

way that's similar to this, is this should
be totally non additive. So this should

just move bits around but not add any
bits. Right. So if it is in fact non

additive and all we pass through are a
bunch of zeros, what happens when you

shuffle around a bunch of zeros? You get
the same thing out, so that falls away,

too, right? So we're left with two states,
right? We have our symbol grand stage and

our data waiting stage waiting is what
we're solving for. That's our variable and

gray indexing. The quote unquote indexing
is a bit of an ambiguous term, but it

likely refers to some variant of gray
coating, which we mentioned earlier. But

even if it is gray coating versus gray
coating or nothing at all, it's just

something they didn't implement. That
leaves only three permutations here.

Right. So we've just reduced all the
ambiguity of figuring out what this

decoder is to really figure out what the
lighting sequences, to really just

figuring out which of the three states
this for which of the three operations,

this first gray indexing stages. Right. So
if we do that, we try all three. That's

only three things to attempt in order to
derive the whitening sequence from the

transmitter, because, again, if we send
through a string of zeros, what is the

whitening do? It explores the zeroes
against the pseudo random string and what

does anything extra zero. It's the input.
So we can do this and get the transmitter

to tell us what its whitening sequences so
we can implement the receiver, read that

out, plug it back in and then start to
sell for the rest. Cool. Next stage is the

inner lever. Again, we had that formula
from the patent surprise surprise

implemented. It was no good. So let's
figure out how this works now. We're going

to move very quickly through this because
this was the hardest part of all this. And

I'm going to show you the process without
making us all the time of staring at a

bunch of graph paper and trying things
that that kind of went into this. But

again, just like with the whitening
sequence, we're going to exploit

properties of the Heming fact, reveal
patterns in the interleave. So, again, if

we look at our Heming eight for code words
that we know and love that are very

useful, we're going to use this time the
code word for for once, the code word for

for Hex F, and in that case, the state of
that code word is eight once. So if we

construct a bunch of packets, we're
basically we take we take eight symbols.

We start we take we take four four bytes,
which is eight symbols and SFH and we walk

the position of those ones through our our
frame here. We can start to look for

patterns. Who sees it. I'll save you the
trouble. Who sees it. Now look at the the

bottom row. Second from the right and
you'll see the pattern. Basically it's a

diagonal inner lever. But the first two,
the two most significant bits are flipped.

So if we take this and then read out,
basically we can take this and we can

start to map those diagonal positions into
positions within within a interleave

matrix. So if we do that, we walk through
all the different states and map those

positions out with data that we know we
get this nice table. Now, let's put this

table next to the data that we're looking
for. Right. So here we decomposed the

Heming code words for for the data we in,
which is, of course, our beloved dead beef

on the in the middle column. On the left,
we have the the data values, the four data

bits that we're looking for. And then the
column, the right column on the left there

is are the Perati bits that we're looking
for. Again, I'm going to make this easy

for you. If you stare at this for long
enough, you become compelled to reverse

the order. And then if you continue
staring at it, you start to see some

patterns. That looks like our data, right.
So if we go a step further, we can start

to map in some of these HanTing correcting
fields into this this matrix here. So here

we see the four data are the rightmost
rightmost bits. And then we can see that

Perati bits, one and two correlate very
nicely. And if you go a step further, we

can see that. These are these the Ghiz
five in format very closely as well,

although they're flipped, you'll see that
Perati before is actually more significant

period of three. So we're almost there,
right. Although we have left to do is

applier and we're done. And that's the
modulation. That's the whole thing. So,

again, let's thank you. So, again, let's
let's talk briefly about these red

herrings and try to wrap this up, I want
to do a demo before our Q&amp;A. So we had

these four different encoding stages here,
right? We had great documentation for all

of them. But empirically, after
implementing them, we were able to

establish that, well, three of the three
of the four just weren't the case. Right.

One of them was actually cool, right? One
of them was actually what it said it was.

So. So, yeah. Anyway, how are we able to
work through this? I think it's important

to reflect and try to get some takeaways
from this. Hopefully this is useful as you

approach your reverse engineering
challenges. Basically, what was essential

here was being able to bauen the problem
and hold certain things constants that we

could solve for unknowns. And if you
remember, we kind of did this in two

stages. We were able to cancel out the
interleaving in the forward error

correction and hold that hold that
standard, hold that static in order to

figure out the whitening sequence. And the
gray indexing were kind of all in one go.

And then when we controlled the grand
indexing, the whitening sequence, and

we're pretty confident about what the Ford
error correction was, there was really

only one variable that we really had to
had to solve, really only one thing. We

actually had to go into the bits and
really, really kind of dig out of this

thing. Right. So by making these
assumptions, using open source information

and really bounding the problem and
working, working through it, through it,

coherently able to reverse these four
stages down into really one experimental

variable and just solve for it. So that's
that's really the trick here. OK, I'm

going to blow through this next part to
talk very briefly about the structure, the

Laurer Phi Phi packett. So this is a
picture pulled out of one of the one of

the data sheets. We already talked about
the preamble, this repeated chirps. One

thing that's not pictured here is the
single word in the story frame delimiter,

which is right there. And then we have
this thing called the header. Right. And

it says here that the header is only
present in explicit mode. So there's this

notion of implicit versus explicit header
in LoRa. And the explicit header includes

a finder that that has some information,
such as the length of the payload, the

type of scheme in there that's applied to
the remainder of the payload, not the

header itself, but the rest of it. And
then there's also an optional CRC as well.

It can be included in implicit assumes
that the receiver knows the modulation

parameters and skips that bit. So no
problem, right? We can use implicit mode

to figure out what the whitening sequences
and then switch back to explicit mode, use

the whitening sequence from implicit and
figure out what the header is by just

looking to see what the values are as we
change the modulation. Yeah, right. None

of this is easy, right? Like, really,
really nothing. Nothing helps us here. So

as it turns out, implicit and explicit
explicit header modes use different

whitening sequences. So the header remains
unpersuaded, even if we know what the

implicit whitening sequence is implicit
about whitening sequences. So let's see

what we know. Again, we've got this header
here and in this picture tells us the code

rate is always four eight for the header.
So no matter what the code rate, that is

the the number of bits in the Heming for
Hemingford error correcting codes used is

for the rest of the packet. This code red
is always for it. Well, what about the

spreading factor, as it turns out, the
header is always sent at the spreading

factor, that is to less than the rest of
your modulation, the code rate is still

for the spreading factor for the header is
the pretty factor of minus two. So two

fewer bits per symbol, even if the headers
implicit and I have to credit Thomas tell

Camp for giving me the tip that actually
led led to kind of putting this all

together thanks to him. So again, the
first eight symbols, no matter whether

you're an implicit or explicit mode, are
always Senate it minus two and code word

for it. That's always the case. Also,
there's this mode called low data rate

where if that set on, then all of the
symbols in the remaining in the remainder

of the five, the five packet are also sent
at spreading factor F minus two. So it's

just an extra basically gets you some
extra margin in case you're dealing with

the noisy channel and need to get data for
that's the five who want some tools to go

with it, who's curious about this and
wants to start playing with it. Does LoRa

seem cool? So with that, that brings us to
G.R. LoRa, which is an out of frequency

radio module that I've been working on for
for the last couple of months. And it's an

open source implementation of the fire
that works very nicely with the GANU radio

software, defined radio, digital signal
processing toolkit. It's open source

software, its free software. It's got a
great community built up around it. It's

really cool. If you're curious about ETR,
there are loads of good tutorials. And

even if you're a wizard, well, if you're a
wizard, you already know what this is. But

it's a really, really great, great piece
of software and ecosystem. And why is

having an open source version of this
interesting, well, existing interfaces to

LoRa or layer to and above, both with the
the data sheets that we get that go with

each of the different lower radios and the
standards that are available and open.

It's all layer tuneup. We don't have any
insight into what the fi state machine

actually does. And FIGLIA security really
can't be taken for granted. And to to back

this up, I'm going to point to some eight
to 15 for exploits that that kind of

reinforce this from a couple of years ago.
We have traves good speeds packet packet

that show that he was able to do a full
seven layer compromise by basically

encoding the data that would induce the
preamble and subframe symbols for eight to

15 for within the payload of another
message, he was able to get some really

wonky things to happen to radio state
machines in doing so. And related to that,

we have this wireless intrusion detection
system evasion that was done by Travis

Good and some friends of mine from
Dartmouth. Where they were basically able

to fingerprint how different Itochu for
radio state machines work and construct

packets that would be able to be heard by
some but not others. So from that, you

could basically identify generate versions
of packets that weren't totally compliant

with the standard, but would still be
heard by certain receivers and not others.

So some really tricky stuff here. Phi's
really matter. You can't take them for

granted in the picture of security. So my
hope with this is by getting this tool out

there, we can actually really start to
look at the surface and figure out how it

works and how it can be made better and
really start to start to get involved with

improving the security of this new
protocol through some prior to site. Josh

Blum has a module for both of us, which is
a kind of like a competitor to radio. It's

like another framework. It gets the
modulation right. But the decoding is is

basically off of the documentation so it
can talk to itself, but it can't talk to

actual hardware because it doesn't
implement the real decoding stage that we

had to reverse engineer. And also, there's
another Gahler out there made by this guy,

RPV zero on GitHub. When I first looked at
it, it was like this python thing that I

couldn't quite get to work. I went, What
did you get last night? Actually looks

pretty cool. So you might check that out,
too, if you're interested in this. Looks

like it's it's pretty, pretty solid. So
Migiro LoRa implements modulation encoding

in separate blocks so that you can you can
be modular and experiment. So if you want

to have like a multiple kind of like a
common two layer for error correcting

thing, you better resiliency. You can
write that in without having to touch the

demodulator. Told you a couple for you.
Also, there's a very simple asynchronous

PDU interface for passing data between the
blocks and you basically write to it just

using websocket, which is really easy.
I'll demonstrate in a minute and it's just

like I you know, two fifteen four which is
a great eight to 15 four, which is a

really great module made by Bastiaan, who
I think is here really, really cool tool I

used all the time. So demodulator, the
demodulator in the decoding implements the

process that we just reverse engineered
using the stack, the 50s and all that. The

modulator in the encoder use a more
efficient method that does direct

synthesis of chirps. So rather than like
basically computing the fifty results and

then doing an effect of that, we can
actually index into a pre computed chirp

to make the generation a lot more
computationally efficient. If you want the

source right there just pushed a giant
update to it about two hours ago. So if

you're interested in playing with it,
there it is. Let's run through a quick

demo before we're out of time here. So
here's a scenario. I've written you guys a

poem. I'm going to play you guys a poem.
And I want to be able to sniff it and show

you what it is. Right. So to transmit, we
have our ative fruit. It's an idea for

radio, like an Arduino basically with a
lower radio on it. And to receive it,

we're going to use our USP right down
here. And of course, it's all being

received by G.R. LoRa. So I'm going to
jump over to my VM if I can see if I can

get this up on the other screen. Bear with
me one moment. There we go. Show you the

interview of my password. We're going to
start a receiver here and now I'm. Going

to just open a. Sock it here. And I'm
going to. Sir, my transmitter and let's

see what we have for you. In case you're
unsure of what you're looking at. So

that's all over, LoRa. There are few to
do's, if you want to contribute, be happy

to have you do so, some additional
resources if you want to know more. I've

written this up all in detail in traves
good speeds, PIERCEY or ETFO. The most

recent issue has that in there. Also, if
you want to learn more about Radio's NDR,

my colleague Mark and I are giving a talk
at Shukan and Troupers called. So you want

to talk radio's, which is going to go
through how to reverse engineer really

basic Iot modulations. It'll spend a lot
more time on some of the basics and show

you how to actually apply the stuff
yourself to wrap up. LPI plans are

exploding. They have tons of momentum and
are popping up everywhere. RF stacks are

also becoming more diverse. So when you're
talking about securing your wireless air

space, you're not just worrying worried
about Wi-Fi anymore. If you're a corporate

security administrator, you work in
corporate I.T. You also have to worry

about all these other, like, Iot
appliances that are coming into your

enterprise and are starting to take root.
On a technical note, we've shown how to go

from some obscure modulation into bits.
We've also added a new tool to the

researchers arsenal. I want to thank
Bollon Sieber Bestival. He's an incredible

resource and this would have been possible
without him. Also, the open source

contributors who helped get here helped us
all get here. And finally, the Chaos

Computer Club for organizing 33c3 and
having me. So thank you very much. Thank

you for your attention. And I'd be happy
to take your questions.

<i>Applause</i>

Herald: We are almost out of time, thank
you very much, Matt. We're able to take

very few and brief questions. So
microphone in front, right, please.

Matt: I remember you. We met in your video
conference. Good to see you.

Mic: Yes. There are two ways to quantify
the reliability of a dense LoRa network.

Matt: Could you repeat that, please?
Mic: Is art a ways to quantify the

reliability of a dense LoRa network?
Matt: I'm sure there are. I haven't really

looked at all at benchmarking or figuring
out what kind of the limits are. My

interest has really been in getting the
decoding information extraction done. I

know that there's a group in San Francisco
that's building deep networks that

building a LoRa product or network of some
sort. They've done some benchmarking of

how LoRa works in cities and they have a
blog post. That's pretty good. You might

check that out.
Herald: We have one question from the

Internet via our Signal Angel?
Signal Angel: Our panel on the IAC is

asking, how long did it take to figure out
all of this?

Matt: So, you know, I first saw LoRa in
the wild in January and kind of just let

the capture sit in my sitting by my hard
drive for a while. It probably took about

four or five weeks of working on this,
more or less full time, I was a little bit

I had some other things working on, too,
I'd say probably four weeks from what I

actually said. All right. Let's figure
this thing out to having the initial

results.
Herald: Another question from the rear

right microphone.
Mic: So in decoding those two unknown

layers, you had your proprietary hardware
and you could send it data and it'll it

won't do the AES and encryption stuff and
it just sends that encoding.

Matt: That's a great question. I kind of
skipped over that the microchip LoRa radio

that I had this guy right here. I also
wanted another one that was a LoRa when

radio. This is a LoRa radio, but actually
exposes an API to pause the Maxsted

machine so you can turn off all the layer
two stuff that would add a header in

encryption, stuff like that, and send what
are close to arbitrary frames. And I say

what are close to arbitrary frames because
you can't turn off the implicit header. So

it's always an implicit or sorry, you
can't turn off explicit headers, it's

always in the explosive header mode. So
this more or less exposed raw raw payload

injection.
Mic: OK, thanks.

Herald: Yeah, we're already in overtime.
We're taking one last question from our

Signal Angel on IRC and then we'll have to
wrap up.

Matt: I'll be happy to hang out and answer
questions after the fact too.

Mic: Now many people are wondering what
implications does it have that basically

the patent is not used at all? So could
you could you say that the technology is

patent free In a way?
Matt: I am not a lawyer, but I have known

lawyers and I know that they're clever
enough to not fall for that. So I'm sure

that I'm sure that the patent was defined
as generally as possible. And again, it

describes a modulation similar to LoRa.
I'm again not a lawyer, but I'm almost

certain that that that that it would be
covered. So but that's a clever thought.

Herald: Thank you, Mike. Please give him a
warm round of applause. Thank you again.

<i>applause</i>

<i>33c3 postrol music</i>

Subtitles created by c3subtitles.de
in the year 2021. Join, and help us!