Reverse Engineering Radio Frequency Signals Solutions Walkthrough: Hack-A-Sat Capture the Flag 2023 (Part 1 of 3)

I had the pleasure of participating in the qualifying round of HACK-A-SAT 4 last year. Unfortunately, it does not seem that the competition will continue, leaving a gap in the cyber-physical capture the flag (CTF) space. I hope that one day, someone will host a new CTF at the intersection of the cyber and physical spaces.

A more complete github of challenge solutions is provided here, but I have made a detailed guide for the challenges I personally completed. To begin, I’ve used some slides from Bastille’s educational pages, so many thanks to them.

CTFs are technical competitions, sometimes comprised of a series “Jeopardy-style” challenges. In such a format, the first team to solve a challenge can choose the next one, and points are awarded to teams upon retrieval of the correct “flag” (usually just a really long and personalized random sequence of characters) based on difficulty of the challenge and how quickly it’s solved. Teams that score highly can win prizes and fame!

HACK-A-SAT was a unique CTF in that it included physical challenges on the topics of orbital mechanics and radio frequency (RF) waveform reverse engineering (RE).

Tools that can help in RF RE CTF challenges can be broken down into the following categories:

• Array processing: MATLAB and Python can process and visualize data as arrays/matrices/tensors, static data structures
• Stream processing: Simulink and GNU Radio Companion (GRC) can process and visualize data as streams, where data flows to and from blocks which have input and output samples
• Network analysis: Wireshark can process data in a packet structure with high abstraction away from physical layer attributes like power and frequency
• Waterfall visualization: Baudline, Fosphor, and Inspectrum can be good for quickly visualizing signals in a time-frequency-power format, but processing is limited
• Audio processing: Audacity is actually a great tool to process some RF signals, with quick access to good filtering tools

In a RF RE CTF challenge, the teams are given mysterious waveforms that they must make sense of. RF waveforms are modulated:

In this post, I covered RF RE tools, trends in RF RE CTF challenge formats, a process for solving those challenges, and my solution for the starting HACK-A-SAT 4 RF RE challenge, “QAM”.

The next post in this series will cover my solution for the “Dashing” challenge, which will showcase examples of currently undiscussed topics from the solution framework: channel characterization, embedded python GRC blocks, and filtering.