Playing with RF (and breaking things!)

Today I got to play with one of my old toys.
My colleague is studying for the CWNA course and I wanted to explain CSMA/CD and the impact of RF interference.
This gave me the opportunity to bring out this gadget I put together a couple of years ago.

RF-generator

It’s my homemade RF-jammer built with four 2,4 Ghz video transmitters, a chargeable battery and 4 switches.
The transmitters can use four different frequencies and are programmed via a jumper.
This is how it looks with a spectrum analyzer:

RD-pattern

Operating with 100% utilization in a pretty narrowband signal.
In frequency the four transmitters operate at WiFi channel between 1&2, at channel 5, around channel 9 and between channel 12 & 13.
Since WiFi channels operate with 20 or 22 Mhz width depending on modulation this will be enough to “take out” any channel.

RF-all-channels

Creating an hostile environment

So what happens to our client connected to channel 11 when we turn on the jammer?

Connected-clientSpectrum-client-connected

Spectrum-client-and-genaratorClient-disconneced

It lost the connection totally.
This is because the client in the CSMA/CD process listen if there is anyone else that uses the channel.
If it hears a 802.11 frame at -82dbm or louder it’s not allowed to send data.
It also perform a RF energy detect at -62dbm to discover non 802.11 devices using the channel.
Since the jammer doesn’t have any CSMA/CD built in, it will continue to transmit regardless of what else wants to use the channel. The WiFi client (or/and the AP) that sees RF energy at above -62dbm does not have a chance to send any frames and the communication is interrupted.
If the signal had been below -62dbm the client could have transmitted data but the frame would most likely have been corrupted.

This toy is always a good reminder to how vulnerable WiFi is.

Lämna en kommentar

E-postadressen publiceras inte. Obligatoriska fält är märkta *