BabylonPHY

our last, best hope for understanding PHY

This is a small collection of papers and talks exposing features of digital radio PHYs that non-RF engineer folks like us find surprising. Your mileage may vary :)

a PHYriodic map of modulation schemes
PHYriodic: a map of PHY modulation schemes (see Fillory of PHY below)

Active Link-layer fingerprinting of 802.11/Wi-Fi: paper, tools & presentations

"Packet-in-packet", or how to inject 802.15.4/ZigBee digital radio frames without owning a radio: [pdf] [blog] (USENIX WOOT 2012)

"1/8th of a nybble", in which we evade anti-PIP measures that filter some strings before transmission, by shifting the signal so that transmitted and received frames have no bytes in common: [pdf] (1st LangSec IEEE S&P workshop 2014)

"Digital radio dialects & shaped charges", in which we use dialects of 802.15.4 PHY frames to inject frames invisible to some RF chips no matter what the signal-to-noise ratio is: [pdf] (ACM WiSec 2014)

DemystiPHY: how RF dialects arise. [slides] (InfoSec South West 2014)

"A Protocol for Leibowitz", in which we discuss how to hide information in modulation and encoding of RTTY and PSK31 ham radio protocols [slides] (REcon 2015)

"Fillory of PHY", in which we inject frames into incompatible PHYs and create PHY polyglots for the ham radio protocols RTTY & PSK31: [pdf] [slides] (USENIX WOOT 2016)