Radio communications 101

SUMMARY

RF hacking refers to the enumeration and exploitation of wireless systems such as radio-communication transceivers, WiFi, Bluetooth, RFID or GPS. All those systems that rely on radio waves share a common characteristic: they use a channel open to everyone, the air; therefore, some challenges have to be addressed by design (e.g. lack of privacy). Examples of RF attacks and techniques are eavesdropping, signal spoofing, jamming or node impersonation, and tools used are SDR hardware/software, antennas, etc.

This is a brief introduction to radio communications. It is aimed to people wanting to get started in RF hacking who would like to have a basic idea on the physics behind antennas and RF transmissions. The purpose is not to provide an extensive lecture on electromagnetism because having this knowledge is not necessary for RF hacking; however, several useful links are provided for people wanting to deepen in this field. A brief introduction to two of the most common antenna types is made: dipoles and monopoles, providing info about how to calculate the correct antenna length in each case. Finally, we make an introduction to the radio spectrum and the available bands for radio communication.

KEYWORDS

RF, electromagnetism, electromagnetic waves, antennas, dipole, monopole, electromagnetic spectrum.

REFERENCES

Kraus, John Daniel. Antennas. 2nd Edition. New York: McGraw-Hill, 1997. ISBN 0-07-035422-7

Kraus, John Daniel. Electromagnetics. 3rd Edition. New York: McGraw-Hill, 1984. ISBN 0-07-035423-5

https://www.maxwells-equations.com/ampere/amperes-law.php

http://hyperphysics.phy-astr.gsu.edu/hbase/emcon.html#emcon

https://www.youtube.com/watch?v=3KePcASD0NQ

http://amasci.com/elect/poynt/poynt.html

https://www.antenna-theory.com

https://www.youtube.com/watch?v=wUE8DI61s60

https://www.cdt21.com/design_guide/how-antennas-radiate/

https://ieeexplore.ieee.org/document/8999849

https://www.itu.int/dms_pubrec/itu-r/rec/v/R-REC-V.431-8-201508-I!!PDF-E.pdf

ELECTROMAGNETISM

Electric field

Matter is made of atoms, and atoms contain electrons, particles with a negative electrical charge. The electrical charge is an intrinsic property of the matter that conditions particles behavior in the presence of other charges. They can be electrically repulsed if they have the same charge, or attracted if they have opposite charge.

The region of the space around charges where attractive or repulsive force appears is called electric field.

Magnetic field

Magnetism is similar. There is a region in the space around magnets where a force appears when another magnet approaches, in this case this region is called magnetic field. Magnetic fields are created by magnets, similar to electric fields created by electric charges, but also magnetic fields are created by moving electric charges such as electrons.

When an electron is static an electric field appears around it; however, when it moves, as in the case of an electric current passing through a wire, a magnetic field also appears around the wire. In fact, in these cases we talk about a single electromagnetic (EM) field instead of two fields, since both fields are so intrinsically linked.

DC circuits

When an electron moves it changes its position, and when an object changes its position its potential energy changes. The potential energy is the energy held by an object because of its position. In the context of electric fields, we call it electric potential energy.

Electrons tend to move to places where its electric potential energy is lower if they find a path towards that destination. It is a fundamental principle in physics: objects tend to move toward states or locations where their potential energy is lower because a lower energy state means more stability.

This is what happens in electrical circuits. A battery provides a potential difference between its extremes (poles), if we connect both poles with wires we provide the electrons in the cable (e.g. copper) a path to a lower potential, and they will start moving from the negative pole to the positive, liberating the excess energy.

This is called electrical current. Since the potential provided by the battery is constant (direct current or DC), the electrons will always move in the same direction, at the same velocity, creating an EM field and releasing energy capable of lighting a bulb for example.

AC circuits

Imagine we change the source from DC (e.g. a battery) to AC (alternate current). This type of power source changes its polarity several times per seconds (i.e. it oscillates at determined frequency). It will make the electrons constantly change direction of movement, from one direction to another, depending on the polarity. In other words, they will constantly accelerate and decelerate, they will vibrate at the AC power source frequency.

In this case, the energy liberated in the EM field will be also radiated in the form of a wave, an EM wave at the same frequency as the AC power source.

In summary:

1. A charged particle generates an electric field. If the particle moves, it will also generate a magnetic field.

2. As a consequence, both fields are intrinsically related, and normally we refer to them as a unique electromagnetic EM field.

3. We can manipulate charges in electric circuits. In a DC circuit, electrons move at a microscopic level in one direction at a constant velocity. Therefore a constant EM field carrying energy is generated.

4. In an AC circuit the polarity is changing at high speed, therefore electron movement is not uniform. They are constantly accelerating, decelerating and changing its direction according to the AC power source polarity oscillation. Particles are vibrating and emitting energy in the form of an EM wave, that indefinitely propagates energy at the speed of light.

5. Therefore, the condition for the propagation of EM waves is that the charges must be vibrating. In DC circuits charges moves at a uniform pace, therefore EM fields appears but EM waves are not radiated. On the other hand, in AC circuits electrons are accelerated and decelerated at the same frequency as the power source, they not move uniformly but vibrate, and the EM waves are radiated.

ANTENNAS

As discussed before, to emit an EM wave we just need an electric signal oscillating at determined frequency and a conductor. And that's what an antenna is in essence: a piece of conductor. A simple metal rod is just an antenna, or a copper cable. A person is also an antenna, since the human body is a conductor of electricity.

The part of the antenna that radiates the energy is sometimes referred to as driven element, whereas the electronic components that supply the signal to the driven element are called feedline or antenna feed.

The frequency of the wave radiated is the same as the frequency of the electric signal that is supplied to the driven element, and travels through the space at the speed of light.

In reception, since the EM wave is made of a variable magnetic field and the driven element is a conductor, a signal of the same frequency of the wave is induced in the antenna. This signal is filtered, amplified, mixed and demodulated to extract the information.

Although a simple conductor will radiate EM waves, for transmission purposes it is needed the antenna radiates enough power and in an efficient manner, so the signal reaches the desired distance. The principal factors that determine the power of the radiated wave are the antenna shape and length. In fact, these parameters will determine also other important features such as the radiation pattern and the directivity (if the antenna will radiate more energy in a particular direction rather than another). This does not mean an antenna of different length is not going to capture the signal, but it will do it less efficiently. So, if we are far from the target and want to capture a weak signal, we need to choose the right antenna.

Dipole antennas

The most popular type of antenna is called dipole. It consists of 2 identical conductors and an antenna feed supplying the driving current between them.

The power transfer/reception will be maximum when the length of the antenna is a half of the wavelength of the signal (each conductor of the dipole is one quarter of the wavelength). In this case we say the antenna is tuned or "resonates" at that frequency. It is important to choose the right length because it will maximize the performance on transmission and on reception.

For example, if we want to intercept a 433 MHz transmission with a dipole antenna:

$l = \frac{\lambda}{2} = \frac{c}{2 \times f} = \frac{3 \times 10^8 \,\text{m/s}}{2 \times 433 \times 10^6 \,\text{Hz}} \approx 32 \,\text{cm}$

Where c is the speed of light and f is the signal frequency. We need each dipole conductor of around 16 cm and a total antenna size of 32 cm (since the antenna is made of two conductors) approximately to have a maximum power received/transmitted. One interesting conclusion is that the required length of the antenna decreases as the frequency increases.

Monopole antennas

Other common antenna type is the monopole. It is a vertical conductor mounted on a ground plane, which is nothing but a large conductive surface connected to the electrical ground of the transmitter. The feedline is placed between the lower end on the monopole and the ground plane, which serves as a reflective surface for the waves.

Therefore, monopoles are more directive than dipoles. Normally, a quarter-wavelength monopole is equivalent to one of the conductors of a half-wavelength dipole. Therefore, monopoles are smaller in size than dipoles, making them more suitable to smartphones and other small devices. In these cases the ground plane is the circuit PCB itself, which is connected to the circuit electrical ground. In surface-mounted monopole antennas the ground plane is the Earth itself.

In the previous example, the length of the equivalent monopole antenna for 433 MHz is a quarter of the wavelength, just half a dipole antenna.

$l = \frac{\lambda}{4}= \frac{c}{4 \times f} = \frac{3 \times 10^8 \,\text{m/s}}{4 \times 433 \times 10^6 \,\text{Hz}} \approx 16 \,\text{cm}$

Dipole	Monopole
2 conductive elements symmetrically arranged	1 vertically arranged conductive element mounted on a ground plane
antenna feed is connected between the 2 conductive elements	antenna feed is connected between lower antenna end and the ground plane
resonant at approximately one-half of the wavelength (λ/2) of the frequency	resonant at approximately one-quarter of the wavelength (λ/4) of the frequency
less directional	more directional
Radio and TV broadcasting, WiFi	Point-to-point communications, maritime, mobile-phones, hand-held radios

In summary:

1. Antennas are basically pieces of metal or other conductor connected to a signal generator/receiver.

2. In transmission, they radiate a signal of the same frequency as the generator feeds. In reception, a signal is induced in the conductor as the wave reaches the antenna and, after processing, it is possible to recover the original signal.

3. The length of the antenna and its shape determines at which frequencies it will work more efficiently. In reception, we will be able to capture the weakest signals if the antenna length is matched (or "tuned") for that frequency.

4. For dipole antennas the length should be a half of the wavelength, whereas for monopole antennas it should be a quarter of the wavelength.

5. Higher frequencies require short antennas, whereas low frequencies require long antennas.

RADIO FREQUENCY

The energy radiated by an electromagnetic wave is directly proportional to its frequency; therefore, the radiated energy increases as the frequency does. The frequency is a key characteristic for any radiated wave. Signals are usually grouped according to their frequency in "bands", which are ranges of frequencies used to classify the signals in terms of radiated energy. For example, the L-band refers to radar signals between 1 - 2 GHz used in aeronautical communications.

The bands used in radar communications are published in: 521-2019 - IEEE Standard Letter Designations for Radar-Frequency Bands.

The ITU (International Telecommunication Union) also provides a nomenclature recommendation for the telecommunication bands: V.431 : Nomenclature of the frequency and wavelength bands used in telecommunications.

In the tables you see the signals are also classified in terms of length ("centimetric", "milimetric"). Also, sometimes they call them "short waves", "long waves", etc. This is because of the signal wavelength, which is measured in length units. To get the signal wavelength you just need to calculate the inverse of the frequency and the speed of light. For example, for the 1 GHz L-band signal.

$\lambda = \frac{c}{f} = \frac{3 \times 10^8 \,\text{m/s}}{10^9 \,\text{Hz}} = 30 \,\text{cm}$

This is why, for example, the GHz band is also referred to as "decimetric" band.

The complete range of available frequencies in all the bands, from several hertz to gamma rays, is called electromagnetic spectrum. As discussed, it is divided in bands (or frequencies), and each segment is reserved and assigned by authorities for specific uses, from AM/FM radio and TV to RF remote door controls or satellite communications.

For example, certain frequencies are reserved for aeronautical communications, meaning nobody can use this band for other use because electromagnetic waves would interfere with each other. This is important because interfering certain sensitive frequencies could result in problems or legal ramifications. In other words, the electromagnetic spectrum is a limited resource.

On the other hand, other frequencies such as 433 MHz in the ISM band (Industrial, Scientific and Medical) are usually free to use in several countries for personal purposes. In any case, before transmitting in any frequency you should check if it is allowed in your country because you could be interfering reserved bands.