Abusing Hardware Defined Radios

The Start of Frame Delimiter, better known as an SFD or Sync, marks the beginning of a radio packet. When this is unknown, a protocol can be quite challenging to sniff, as radio receiver chips often require that field to match on to. In contrast to solutions which require custom equipment, the techniques demonstrated in this lecture allow for promiscuous sniffing of packets with an unknown Sync by abuse of background noise, started delays, and Layer 1 features common to modern digital radios. No software defined radios were used in the course of this research, and no microcontroller was clocked faster than 16MHz.