Playing with RF (and breaking things!)

Today I got to play with one of my old toys.
My colleague is studying for the CWNA course and I wanted to explain CSMA/CD and the impact of RF interference.
This gave me the opportunity to bring out this gadget I put together a couple of years ago.


It’s my homemade RF-jammer built with four 2,4 Ghz video transmitters, a chargeable battery and 4 switches.
The transmitters can use four different frequencies and are programmed via a jumper.
This is how it looks with a spectrum analyzer:


Operating with 100% utilization in a pretty narrowband signal.
In frequency the four transmitters operate at WiFi channel between 1&2, at channel 5, around channel 9 and between channel 12 & 13.
Since WiFi channels operate with 20 or 22 Mhz width depending on modulation this will be enough to “take out” any channel.


Creating an hostile environment

So what happens to our client connected to channel 11 when we turn on the jammer?



It lost the connection totally.
This is because the client in the CSMA/CD process listen if there is anyone else that uses the channel.
If it hears a 802.11 frame at -82dbm or louder it’s not allowed to send data.
It also perform a RF energy detect at -62dbm to discover non 802.11 devices using the channel.
Since the jammer doesn’t have any CSMA/CD built in, it will continue to transmit regardless of what else wants to use the channel. The WiFi client (or/and the AP) that sees RF energy at above -62dbm does not have a chance to send any frames and the communication is interrupted.
If the signal had been below -62dbm the client could have transmitted data but the frame would most likely have been corrupted.

This toy is always a good reminder to how vulnerable WiFi is.

Lämna en kommentar

E-postadressen publiceras inte. Obligatoriska fält är märkta *