On This Page

Intermediate Software Defined Radio - Digital Communication

Paul Clark | August 6-7


My brother and I co-authored the Field Expedient SDR book series and have taught SDR to students who possessed widely varying degrees of proficiency. Based on these experiences, we believe that it takes four days of training for a newcomer to become proficient building analog and digital radios with gnuradio and SDR.

This course comprises the second half of that four days, and is for those who have taken my first course or have self-taught the basics of analog SDR. Laying a solid foundation better enables InfoSec professionals to put SDRs to work detecting, intercepting and analyzing wireless vulnerabilities. This foundation is also useful for building digital transmitters to exploit RF vulnerabilities or to exfiltrate data.

As with my book series, this class avoids highly mathematical engineering lectures and focuses on teaching through 25 practical, hands-on exercises. Though we avoid the heavy math, we will carefully and methodically study digital radio design so that you can build your own gnuradio flowgraphs with confidence when needed.

We begin by building an On-Off-Keyed (OOK) receiver, and then breaking down each part of it to see how it works and why it works. Then we take a short detour into the world of complex numbers. The goal of this detour is not to work through formal mathematical definitions, but to understand from a functional level how they impact radio design. Next we build the flip-side of our first project - an OOK transmitter.

Next, we dive into the various pieces of a digital signal: the preamble, the header, the payload and the error checking. We'll then spend some time extracting payloads from digital signals using clock recovery blocks and some simple Python scripts.

We then shift our attention to Frequency Shift Keyed (FSK) systems, building a receiver and a transmitter. We then spend some time optimizing our FSK system, seeing how we can design it to minimize the bandwidth it consumes without impacting performance. This process of optimization will shed light on a number of important characteristics of FSK design.

Then we turn our attention to Phase Shift Keying (PSK). We won't dive as deeply into PSK as we did with OOK and FSK because there's so much more to cover with this complicated modulation scheme. We will, however, build a Differential PSK transmitter and receiver and explain the key things to know about its design and function.

Finally, we will put our newfound knowledge to work by doing some reverse engineering. We'll only have time to work through a handful of simple projects, but it will be enough to get you started on the path to breaking down signals yourself.

Thanks to gnuradio's excellent simulation capabilities, we'll work through a number of our projects without plugging in any SDR hardware. This will result in cleaner and more deterministic exercises, but we won't stop there. We'll also build and operate the key designs in hardware to build experience working through the kinks that invariably occur in real-world projects. To keep things entertaining, a few of our projects will be competitive, Capture the Flag-style exercises.

When you've finished the class, you'll know how to build scanners to detect RF transmissions, receivers to capture and decode signals, and transmitters to produce your own signals. You'll also be able to build custom transmit-receive pairs for exfiltrating data. Finally, your new digital radio foundation will prepare you for understanding and implementing the myriad of SDR resources you find online.

Who Should Take this Course

SDRs are powerful and flexible tools for detecting, analyzing and exploiting vulnerabilities in wireless systems, such as
  • UAVs/Drones
  • IoT
  • Smart Meters
  • Vehicle Keyfobs
  • Pagers
  • And much more
If you have an interest in any of these areas, or in building your own customized digital radios, then this course is for you.

Student Requirements

You should be familiar with using gnuradio for building analog transmitters and receivers, both AM and FM. You should also have a functional understanding of FFTs and the difference between the time domain and the frequency domain.

You can acquire these SDR skills by taking my first class or by learning them on your own.

Additionally, we will be using Python to do some basic data processing. Familiarity with Python will be helpful for this portion of the course (less than 1 hour), but it is not required.

What Students Should Bring

You will not need to bring anything to the class. You will use our laptops and SDR hardware.

What Students Will Be Provided With

You'll take home a set of three books from the Field Expedient SDR series to further your understanding at home. You'll also get a USB thumb drive containing the projects and example files we work on in class.


Paul Clark is owner and chief engineer at Factoria Labs, an organization dedicated to the propagation of Software Defined Radio (SDR). He has experience ranging from chip design to firmware development to RF reverse engineering. He's co-author of the Field Expedient SDR series, has spoken at ShmooCon and taught SDR classes at the Wild West HackinFest.