gnu radio meets scapy - fosdem · python. a simple wlan frame gnu radio meets scapy // bastian...
TRANSCRIPT
GNU Radio Meets Scapy
www.bastibl.net
February 2019 ▪ FOSDEM SDR Dev Room ▪ Brussels, Belgium
www.wime-project.net
▪ WLAN and ZigBee Transceiver
2GNU Radio meets Scapy // Bastian Bloessl
Instant GNU Radio
3GNU Radio meets Scapy // Bastian Bloessl
GNU Radio
GQRX
https://github.com/bastibl/instant-gnuradio
Fosphor
Inspectrum
GR Wiki
Instant GNU Radio
▪ https://github.com/bastibl/instant-gnuradio
4GNU Radio meets Scapy // Bastian Bloesslhttps://github.com/bastibl/instant-gnuradio
Instant GNU Radio
▪ Built with Packer
▪ VM Image
▪ Many applications pre-installed
▪ Easy to extend and customize
5GNU Radio meets Scapy // Bastian Bloessl
SDR Apps Your stuff?Ubuntu
Learn SDR
6GNU Radio meets Scapy // Bastian Bloessl
www.learn-sdr.org
https://www.learn-sdr.org/
GNU Radio WLAN/ZigBee
▪ PHY only (MAC adds only static wrapper)
▪ No CSMA, no ACKs, no network stack
▪ How can I send data?
▪ How can I interact with devices?
7GNU Radio meets Scapy // Bastian Bloessl
PHY
MAC
??
A GNU Radio Transceiver
8GNU Radio meets Scapy // Bastian Bloessl
PHYMAC“hello world!”
A Simple WLAN Frame
9GNU Radio meets Scapy // Bastian Bloessl
PHYMAC“hello world!”
A Simple WLAN Frame
10GNU Radio meets Scapy // Bastian Bloessl
PHYMAC<data from UDP>
Connecting to UDP Socket
11GNU Radio meets Scapy // Bastian Bloessl
▪ Netcat
▪ Python
A Simple WLAN Frame
12GNU Radio meets Scapy // Bastian Bloessl
PHYMAC<data from UDP>
Connecting to the Network Stack
13GNU Radio meets Scapy // Bastian Bloessl
PHYMACIP…
Connecting to the Network Stack
14GNU Radio meets Scapy // Bastian Bloessl
PHYMACIP…
Virtual WLAN Device
15GNU Radio meets Scapy // Bastian Bloessl
Driver
WLAN Card
mac80211
cfg80211
Virtual WLAN
Network stack
Kernel
User
Packet Crafting
16GNU Radio meets Scapy // Bastian Bloessl
▪ Ethernet frame (the hard way)
Scapy
17GNU Radio meets Scapy // Bastian Bloessl
▪ Python turned into adomain-specific language
▪ Open Source
▪ https://scapy.net/
Packet Crafting
18GNU Radio meets Scapy // Bastian Bloessl
Advantages
▪ More flexibility▪ Drivers
▪ No device configuration
▪ No Prototypes (802.11p)
▪ More accessible (ZigBee)
19GNU Radio meets Scapy // Bastian Bloessl
Flow Graph with Scapy
20GNU Radio meets Scapy // Bastian Bloessl
WLAN Frames
21GNU Radio meets Scapy // Bastian Bloessl
▪ Beacon frame
▪ Fuzzing
▪ Deauth
Smart Meter
22GNU Radio meets Scapy // Bastian Bloessl
ZigBee Frame Injection
▪ Data
▪ Fuzzing
23GNU Radio meets Scapy // Bastian Bloessl
Demo
GNU Radio Meets Scapy
www.bastibl.net
February 2019 ▪ FOSDEM SDR Dev Room ▪ Brussels, Belgium