FPGA-based Radio Receiver for securing Wifi an other access points against hacking attacks.
RA-Sentinel is an open-source project focused on creating a cost-effective, small, and low-power wide band radio receiver device that employs an FPGA to automatically detect malicious attacks on Wifi access points, such as Man in the Middle and Denial of Service attacks. By monitoring any Wifi cell, the device enhances internet safety for everyday users. The device features low-cost receive-only chips that digitize 40 MHz of the Wifi radio spectrum at 2.4 GHz. An FPGA extracts relevant properties from demodulated and decoded packets in real-time without storage. These properties are then processed by a neural network, also implemented on the FPGA, to determine if the traffic is genuine or an attack.
The hardware is a wide band SDR receiver that receives at least one complete WiFi Channel on the 2.4GHz ISM band with high resolution (12 Bits) to be able to detect smallest anomalies in a transmitted signal. The initial evaluation hardware consists of a Downcoverter/Tranceiver Chip for 2.4GHz which is widelay used in older WIFi Acess Points (MAX2831). This is followed by a 12 Bit ADC (Texas Instruments ADC3222) which converts a 40MHz window of the 2.4GHZ radio spectrum into a 4 x 240 Bit/s LVDS streams (960kBit/s total) into a XILNIX/AMD Artix7 FPGA sitting on a evaluation board made by QMTECH. Later, a single PCB that contains all needed parts shall be designed. As I do not know the final requirements regarding FPGA and RAM required to complete the task at this point, I am unable to say what exactly this final hardware will contain.
/RFFE2400_PCB in this folder of this repository you find the PCB design files in KiCAD format and gerbers for the 2.4GHz 2x PMOD connected RF frontend evaluation/test board.
Link to the FPGA dev. board [https://de.aliexpress.com/item/1005006473783593.html]
The vast majority of the code will be written in Verilog and run on the FPGA. There is als a first supporting, or as I call it "house keeping unit" microcontroller (STM32C031) which programms and controlling the frontend chips. The may be another additional and maybe the interconnctivity with other systems (alarm forwarding). This firmware is written in C.
The first step on this project was to have a reliable hardware basis. Initially I planned to have at least 40 Megasamples and with this 20 MHz bandwidth which is sufficient to capture the headers and the most common bandwitdhs used on 2.4GHz WiFi (802.11a,b,g) communications channel. But because 802.11n also defines the possibility to use 40MHz bandwith, I wanted the possibility to cover the complete possible channel bandwidth. This has been achieved with the first prototype hardware and prooved with the sub-project RASM2400, Radio Access Spectrum Monitor for 2400MHz. You can find all project details below.
RASM2400 stands for Radio Access Spectrum Monitor operationg on 2400MHZ. It offers a visual spectrum analyzer design that runs on the evaluation hardware set of RA-Sentinel the Artix7 XC7A100T Wukong board and the RFFE2400 front end board. It shall proove that a 40MHz wide radio spectrum can be received and transported into the FPGA. Further, this project may already be useable for first RF forensics. Feel free to download all the stuff and build an RASM by yourself.
The following diagram shows the system architecture of the RASM2400.
The output of the HDMI port of the QMTECH Wukong board.
Watch a short demonstration on Youtube by clicking on the thumbnail below.
In this repository you'll find also all software paerts needed to get the project up and running.
/RASM2400_Verilog
This folder contains the Verilog source files as well as a ready to program bit stream file.
/RASM2400_HKU
Here you find the firmware for the RF board housekeeping unit. It does not do much a the moment but initializing the Downconverter MAX2831 and the ADC3222. It is planned to receive commands via I2C to change basic parameters wil center frequency, sensitivity and AGC characteristics. This porject can be compiled with arm-gcc or with the free available and Eclipse based development environment (IDE) from ST called "STM32CubeIDE". You can download this IDE from ST.com [https://www.st.com/en/development-tools/stm32cubeide.html]
Project Maintainer: Tobias Weber
Last updated: 5.6.2024