Testing LoRa with SDR and some handy tools

When assessing LoRa devices' security, like any other RF technology, we have to deal with unknown radio parameters, but also data/payloads we need to understand to complete our mission. The understanding of these parameters and data may help to find interesting issues to exploit (clear-text communication, weak keys, stack protocol vulnerabilities). In this post, we will briefly present LoRa and its different security modes, and then we will focus on RF techniques to detect, demodulate and decode LoRa signal. Additionally, we will introduce some scripts we have made to decode, generate LoRa PHY and MAC payloads, Bruteforce keys and finally fuzz some protocol stacks.

Continue reading