I wish I could write more about the challenges we face at work.
I manage 3 core domains: IT (administration and help desk), security, and cloud infrastructure.
We face many challenges with running a reliable, secure, and available infrastructure for a safety critical system. It's not just the infrastructure, but also designing a secure system (and subsystems), making sure they are properly tested, doing the traditional things (e.g. vulnerability management), compliance, etc for a system that has hardware, cloud, firmware, mobile app, ECU, wireless communications, payments etc.

🧵 RF basics: How to read a SDR’s datasheet.
You’ve probably seen terms in a SDR or spectrum analyzer’s datasheet, like IIP3, phase noise, noise figure, dynamic range, etc.
In this thread I’ll give a short intro on what they mean.
I’ll use these 3 products' datasheet.

1/10 Before we start, I have to clarify that this is for beginners and I have to oversimplify a few things.

Also: if you’re not familiar that much with SDRs, or you need a refresher, check out my thread on SDRs here:

2/10

https://twitter.com/mehdihacks/status/1920582579758989507

🧵How to get into the RF world: a short thread for beginners.
As promised, here’s my tips to get into RF as a hobbyist/beginner.
Disclaimer: RF/Radio are my hobbies, but I'm not a professional RF engineer (My profession is “security”, and I studied computer science; I use RF/SDR for my job as well) so these tips may not be for you if you want to pursue it academically/professionally, or if you are already into RF.

1/8 Like any other hobby or field, you have to ask yourself what you want to achieve by getting into it.
If your goal is to get a PhD in communications, then this thread is not that useful. But if you want to learn to play with SDRs, get your ham radio license, build a hobbyist RF lab at home, learn wireless hacking, etc, then read on.
People who have “ham radio” or “RF” as a hobby, have very wide interests. Not everyone does the same. For example there are people who love receiving and listening to shortwave stations (even very distant ones) and they invest lots of time and money in their equipment. Some others like designing and building RF circuits like antennas and amplifiers. Some people are not RF experts, but use RF equipment (like SDRs or spectrum analyzers) in their job (example: using SDRs for wireless security and signal analysis, as part of security pen test).
I can go on and on with these examples, but my point is that you have to take parts of my advice that suit your goals/needs. And of course, this is my advice. Another person might have a totally different (and valid) approach.

2/8

RF basics: Noise Figure.
A thread on the concept and measurement.

NF is a parameter to characterize how much a system (amplifier, receiver, mixer) adds noise to the signal, expressed as the degradation in signal/noise ratio as the signal passes through the device.
1/6 An ideal system (e.g. an ideal amplifier) will simply do what it’s supposed to do with the signal (e.g. amplify) without adding any noise, but in the real world, there are multiple sources of internal and external noise that will impact a signal.
In this thread I will not talk about other sources of noise (e.g. phase noise). I still have on my TODO list to write a detailed thread on phase noise. 
The noise figure tells you the relative amount of noise being added to a signal as it travels through the system or device. We would like to ideally have this number as low as possible. Noise figure’s measurement unit is dB. When you buy an amplifier for example, you will see that noise figure is listed in the datasheet as one of the key parameters. If the amplifier is wideband, then usually a graph of noise figure across the whole bandwidth is provided.

2/6

An introduction to Software Defined Radios.
A thread for beginners on:
1. What a SDR is
2. What you can do with SDRs
3. How it plays a role in the security/hacking world
4. How it’s used in ham radio.
5. How to choose/buy one
6. Link to more reading material

0/21 Disclaimer: I need to oversimplify many concepts, and also omit/skip some advanced ones. This is a huge topic that can’t be covered in a few posts, and my target audience is beginners.

What is SDR? If you’ve heard of RTL-SDR or HackRF but aren’t sure why they’re so popular among hackers, ham radio enthusiasts, and the SIGINT community, this thread is for you.
Traditionally, radios were fixed-function, and all implemented in hardware. An FM radio did just that: receive FM in the 88-108 MHz range. If you wanted to listen to let’s say shortwave (3-30MHZ), then you needed a new radio that had that functionality. You were limited to the hardware.
SDRs change this. With SDR, the hardware is controlled by software, giving you flexibility. Basically, many functions that traditionally were done in electronics circuits (e.g. filtering, demodulation, etc) are done digitally in SDRs.
Want to listen to FM? Easy. Want to explore Bluetooth or decode satellite downlink? Same device, just different software, or different settings in your SDR app. You define the functionality in software (e.g. which frequency to dial to, which modulation to use to demodulate the signals, what bandwidth to use to receive the signal, etc). Think of it like this: all the physical knobs that you had in the older radios, are now replaced with UI elements  in software.

1/21

🧵 RF basics: Power meter.
A short thread for beginners.
If you need to measure a radio signal’s power precisely, you need an RF power meter.
It basically shows the signal’s power in dBm (or milliwatts)
In this thread I will introduce the different types, with examples.
1/7 First of all, why do we need to measure a signal’s power with a power meter, if we can “see” the signal on the spectrum analyzer, which also shows the amplitude?
Well, there are many reasons. One of them is that spectrum analyzers are not as accurate as power meters when it comes to power measurements (we’re talking ~±1dB vs ~±0.2dB. This is important in some use cases like testing transmitters, regulatory compliance, etc). Power meters are also much more accurate for complex wideband signals (e.g. LTE). And, power meters/sensors can be calibrated against some standards. Not to mention the cost! For example a 26GHz spectrum analyzer is much more expensive than a 26GHz power sensor.
But why do we need to measure power at all? Apart from the above reasons, we need to make sure every component or circuit either receives the required power at its input, or generates output in the desired range, or both.
Although the unit for power is Watt (W), in the RF world it’s measured and described in dBm (dB relative to 1 milliwatt)

2/7

🧵 RF basics: mixers.
A thread for beginners on:
1. What an RF mixer does
2. Understand its datasheet
3. Test its specs

I've picked Mini Circuits ZMDB-24H-K+ for this thread to work on.

1/7 As the name suggests, mixers are used to “mix” signals. But what does “mix” mean in this context?
Mixers have 2 input ports , and an output port.
When you “mix” 2 signals, you end up with multiple signals at the output!
f_out = |f_RF ± f_LO|
So, you have the sum and also difference of the signals!
The output is usually called IF (intermediate frequency)
The main input is called RF (radio frequency)
And the other input that basically controls what happens to RF is called LO (local oscillator)
You can use LO to down-convert RF.
A very practical example is down-converting a multi-GHZ signal down to less than 6GHZ so you can “see” it with your typical 6GHZ spectrum analyzer or SDR.
So, when you hear the terms “down-converter” or “up-converter”, you know they’re simply mixers inside.
[note: in this thread I am treating the mixer as down-converter. Mixers can also work in the other direction (IF to RF) as shown in this screenshot, and work as upconverter. Mixers are bi-directional devices]

2/7

🧵 RF basics: Attenuators.
A thread for beginners on:
1. What an attenuator does
2. Different types of attenuators
3. Understand the datasheet terms
4. Test its specs

1/4 An attenuator is a passive component that “attenuates” a signal’s amplitude, ideally not impacting its other parameters like frequency. Let’s say you have a 0dBm signal and connect it to an attenuator , and let’s say your attenuator is 20dB. In this case, you’re going to get a -20dBm signal after attenuation. It may not be exactly 20dB of attenuation, because attenuators like any other component or circuit, have some tolerance (let’s say +-0.5dB)
Most attenuators are bi-drectional, so it doesn’t matter which side of it you use as input or output.
Generally we can say we have 2 categories of attenuators: fixed and variable. Fixed is fixed: 1dB, 5dB, 20dB, etc. On a variable attenuator, you can change the amount of attenuation either manually (like physically with a knob/selector, as you can see with HP in the picture on the previous post) or programmatically/digitally (as seen in this diagram from Mini Circuits)

2/4

🧵 RF basics: amplifiers.
A short thread for beginners, on understanding an RF amplifier's datasheet specifications.

I've picked Mini Circuits ZX60-123LPN+, an ultra wide-band, low phase noise amplifier operating from 50MHZ to 10GHZ

1/5 What an amplifier does is in the name: it amplifies the signal (increasing the amplitude). Let’s say you have a -20dBm signal, and you need to make it 0dBm. So you use an amplifier that can add 20dB of gain at that frequency.
Amplifiers are active devices. They need external power to work, unlike passive components like filters, mixers and splitters.
For the sake of simplicity, we can say that amplifiers are opposite of attenuators (one amplifies, the other attenuates)

(Pictured is the inside of the amplifier chosen for this thread)

2/5

🧵#temporary
I'm cleaning up my workshop.
Let me know if you want any of these (free. You only pay for shipping. Only EU. Or pick-up in Berlin)

1. Smart Car shield robot PCBs
2. PicoEMP PCB
3. Hackaday 2023 Berlin badge (a retro computer)
4. Lostik Lora device

1/4


2nd batch:

1. Adafruit Bluetooth LE sniffer (nRF51822)
2. Texas Instruments EZ430-CHRONOS hackable watch, with programmer and RF access board
3. AD9850 DDS signal generator module
4. Digilent Basys 2 FPGA board
5. TeensyConvolution SDR PCBs

2/4

🧵
Mega thread on RF, SDR, ham radio, and signal hacking:
I've been writing educational posts and threads on these topics.
To help finding them easier, I will put all the links here.
And I will link the new threads to the bottom of this meta thread every time I write one.

0/n 1. How to build an RF lab on a budget

1/n

https://twitter.com/MehdiHacks/status/1865460523875418250

🧵 SDR for beginners:
Receiving FM radio is the "hello world" of SDRs. It shows that the hardware/software setup is working.
Here I show 5 ways to do it, using an RTL-SDR dongle, increasing the complexity with each method:
GUI apps, cmd line, streaming, GNU Radio, and code.

1/6 1. Obviously the easiest way is to use a graphical SDR app. There are many:
Windows: HDSDR, SDR# and SDR-Console
Linux/macOS: gqrx, CubicSDR, and SigDigger
There are also vendor-specific apps (e.g. SDRConnect for SDRPlay)
Some apps can also be compiled from source.
This can't get easier: connect the SDR via USB port, connect a simple telescopic antenna to it, and tune to a known FM station frequency on your app and listen! (make sure you select the WFM demodulation)
Here's a screenshot from gqrx on macOS:

2/6

🧵 A short list of best material (IMO) to learn Software Defined Radios in a pragmatic manner (no theory textbooks)
I've been asked many times how to learn RF and SDRs, so I compiled a short list of the best material I've watched/read so far.

1/5 1. PySDR: an online textbook with 22 chapters (so far), teaching the SDR and DSP concepts using Python. Very educational, with lots of code samples and diagrams and also using real world SDRs like PlutoSDR.


2/5pysdr.org/index.html

🧵 How to maintain and protect your expensive RF equipment ?
If you have ever bought RF equipment, even the relatively low-tier ones, you know how expensive they could be, so it's essential to use and maintain them properly to ensure they last long.
Here's 5 tips: 1. Use a torque wrench for your SMA connectors. It protects the connector from over-tightening and ensures consistent force, reducing wear.
Here's mine (from Mini Circuits)
There are also wrenches for other connector types like N.

🧵 How to hack wireless signals?
A short intro to replay attacks for beginners.

In this thread I will show you 2 ways to replay a simple wireless signal (a 433MHZ garage opener key)

Please note that I have intentionally chosen a basic device for educational purposes. Hacking real world devices with more complex protocols and security features like encryption and rotating keys is not as easy. Here my focus is showing the underlying concept with the easiest attack (replay attack), for absolute beginners.

Disclaimer: this is purely educational content, done on a simple device, in a lab. Always consult your local laws before doing such wireless experiments especially on targets that don't belong to you.

1/6 Let's first talk about some basic concepts and keywords
Modulation: the process of changing a signal's properties (like amplitude or frequency) to carry information. Probably you have heard the name of some basic modulations like AM and FM.
ISM band: a set of frequencies reserved for industrial, scientific and medical purposes where many public non-licensed devices like parking remotes or even your WiFi modem, operate in. Example: 2.4GHZ, 433MHZ (Europe, Africa and Middle East), 915MHZ (Americas)

2/6

🧵 What is amateur radio (also called ham radio) and why it might be worthwhile for a hacker to get into it?

I am a licensed ham radio operator. I have 2 call signs: an American one (NM9A) and a German (DF2HF)
Many people don't know what ham radio is, and what we (ham radio operators or licensees) do.
In short, ham radio is DIY wireless experimentation: it lets you perform a series of operations and experiments on specified radio frequencies.
Let me be more specific, with more examples. Here's what you can do with a ham radio license:
- Send messages over air (via antennas) to other licensed operators. Message can be morse code, digital data, or you could talk to each other over radio spectrum!
- Perform experimentation: build antennas, receivers, transmitters, etc, and test them.
- Participate in contests against other licensed operators

1/7 There are 2 things to consider:
1. ham radio does not use Internet and usually it doesn't use satellites (although it could use some amateur satellites as well). You send signals over air. It's like, if there were no electricity or telecom/Internet infrastructure, all you need to communicate to other operators is a battery, a transceiver, and an antenna!
2. It's a hobby. It's non-commercial. For example you can't run a music broadcast service on radio, with an amateur license.

Sometimes people ask me why you don't use Skype/WhatsApp/etc to contact others?
I have 2 answers:
1. Contacting others over air is just a small example of many things you could do in ham radio.
2. Contacting a person thousands of kilometers aways using a piece of wire (e.g. a simple antenna) using 100W of power, without Internet, is like a magic! You have to try it for yourself.

Every country has a government organization to regulate the use of radio spectrum (e.g. FCC in the US, and BNetzA in Germany), both for amateurs and also commercial usage.
There are also big national organizations for ham radio that offer membership (ARRL in the US, DARC in Germany)

2/7

🧵 How to build an RF lab on a budget?
A hacker's guide to the most important tools for signal hacking/analysis.

Let's first introduce a few concepts and tools before actually jumping into the specific brands and models.
Depending on what you want to do, there are a few tools you need in your lab for frequency analysis, antenna testing, and RF measurements:
1. spectrum analyzer: one of the most important tools in an RF lab. A device that lets you "see" signals. Mostly come in 2 shapes: either standalone (benchtop or portable, but with its display, and works independent of a computer), or USB-based that needs a computer.
It's like a receiver, receiving signals from its input port (e.g. from an antenna) and showing them to you.
2. signal generator: as the name says, a device to generate signals. Like a transmitter. Important for many use cases (testing antennas, receivers, and many other RF accessories)

1/7 3. Network/antenna analyzer: used for testing some RF components and accessories like attenuators, filters, antennas etc.
4. RF power meter: to measure the output power of a transmitter or signal generator. Would be very useful for troubleshooting.
5. SDR (Software defined radio): it's like a receiver (or also transmitter, for some models) which does the analog RF part in the hardware, and then signal processing (e.g modulation/demodulation) is done on software. You have probably heard of RTL-SDR or HackRF before.
6. Accessories: depending on your project/goal, you need: cables, antennas, connectors, adapters, amplifiers, DC blocks, filters, attenuators, antenna switches, power splitter/combiner, etc.
7. Optionally some books to get started with.

2/7

🧵 9 Lesser-known features of Flipper Zero:

Flipper Zero is normally known for RFID/NFC hacking, sub-GHZ signal hacking, and things like infrared. But it can do much more thanks to its open source nature, third party firmwares, and extensibility (using add-on modules)
Here's 9 things you can do with it:

1/11 2FA: Short for 2-factor authentication. It can act as a hardware 2FA. Similar to YubiKey.

Disclaimer: I'm not saying you should use it as 2FA (I use YubiKey personally and also at work) however it can act as hardware 2FA (U2F over USB)

2/11

🧵 How does an off-the-shelf car GPS jammer work?
A short thread.

There are many ways to perform radio signal jamming (and also detect or protect against it), however the most basic concept is this: a jammer saturates the input of the target's receiver system by noise, in a way that it can't receive/detect/decode the desired radio signal anymore. It reduces the signal to noise ratio.
It's like if you want to listen to someone, but I shout at you in close proximity, so you can't hear that person. (I hope experts don't shout at me for this simplistic example)
There are many legal and illegal use cases for a jammer: military, law enforcement, car theft, protection against tracking etc.

1/4 The GPS jammer in this thread, is sold on Amazon and AliExpress under different titles, but it's mainly to be used in cars (there are also more powerful handheld models covering multiple frequencies with higher power, to jam mobile signals)
Please note that running a jammer is illegal in many countries. This thread serves only an educational purpose.
For this thread, I was lucky to get some pictures and measurements done by @RFAmirhosein in his lab.
Here's how it looks inside.
It has 4 main components we're interested in. I have marked them:
1. 7805: a voltage regulator IC to convert car's lighter voltage (12V) to 5V.
2. 555: timer IC generating the modulation signal (this is probably the most famous IC of all time)
3. Murata MQK301-1528: a VCO (oscillator) for the frequencies 1466-1590MHZ (GPS L1 frequency is 1575MHZ)
4. The RF amplifier IC, amplifying the generated signal, before sending it to the antenna.

2/4

🧵 What are the most compact tools I carry when traveling or when going absolutely light to do electronics test or hardware/physical pen test?

Disclaimer: it's only 9 tools out of many. It's not a full list. I just love these small gadgets for their sheer size/weight.

1/10 1. Pokit Pro: portable oscilloscope/multimeter/logger. Needs a phone to work (doesn't have display). Uses Bluetooth to connect.
Very light, software is updated frequently, accurate enough for most use cases.
Here I show it measuring a 5V calibrated DC voltage.

2/10

🧵 How to organize your electronics desk and save space? 9 tips.

Disclaimer: my profession is first and foremost software. Hardware is my hobby, so take these with a grain of salt.

This is my workshop. It's a separate desk from where I do my 9-5 job (with a laptop and 2 monitors)
These are the lessons I have learnt in the past few years while upgrading and optimizing my desk space:

1. It's a never ending process. You will always come up with ideas to improve the desk space usage, tool placement, etc. So don't try to make it perfect. Good enough for now is better than perfect in an imaginary future.

1/9 2. There is no correct way to do things. Sort your tools and place them on the desk (or not) based on your work's requirements. Someone working on FPGA or embedded systems has much different requirements than someone repairing RF equipment, than someone building robots.
2/9