This is a collection of links to research on digital radio physical layer protocols, motivated to explaining the internal logical workings of the upper layers of PHY.
See also: BabylonPHY.
Active Link-layer fingerprinting of 802.11/Wi-Fi: paper, tools & presentations
Packet-in-packet: blog, paper, video USENIX WOOT (15 min), video 28c3 (60 min).
"Phantom Boundaries and Cross-layer Illusions in 802.15.4 Digital Radio" IEEE LangSec SPW'14 paper
demystiPHY 802.15.4: an introduction to PHY tricks InfoSec SouthWest talk
Speaking the Local Dialect: Exploiting differences between IEEE 802.15.4 Receivers with Commodity Radios for fingerprinting, targeted attacks, and WIDS evasion WiSec 2014 paper
Protocols for Leibowitz: Polyglots in PHY Recon 2015 talk
ApiMote: a tool for speaking 802.15.4 dialects and frame injection Defcon Wireless Village 2014 talk, ApiMote hardware designs (ApiMote is all open-source hardware).
KillerBee code: https://github.com/riverloopsec/killerbee
(more to come)