WIR-101 Wireless Security — Setup Guide

Prerequisites

Complete FND-102 (Python automation), NET-101 (Networks), and SEC-101 (Security Fundamentals) before enrolling. You need Python 3.11+, basic Linux CLI fluency, and comfort with packet analysis (Wireshark from NET-101).

Hardware Kit

Per-Student (required)

Minimum per-student outlay: ~$85. The public page lists ~$140 for students who do not already own any of these; the Alfa NIC is the largest line item.

Program-Supplied (shared; one per lab cohort)

Remote students use the virtual/recorded-capture path for all transmit-side work. See the Virtual Path section below.

Software Environment

Option A — Kali Linux (recommended for in-lab students)

Kali Linux 2025.x contains most tools pre-packaged. Run a full apt upgrade after first boot.

sudo apt update && sudo apt full-upgrade -y
sudo apt install -y \
  aircrack-ng \
  hcxdumptool hcxtools \
  hashcat \
  kismet \
  wireshark tshark \
  gqrx-sdr \
  inspectrum \
  urh \
  gnuradio gnuradio-dev gr-osmosdr \
  rtl-sdr librtlsdr-dev \
  libiio-utils libiio-dev \
  python3-numpy python3-scipy python3-matplotlib \
  bluetooth bluez btscanner \
  nmap masscan

Option B — Ubuntu 24.04 LTS base install

Same apt commands above. Install pysdr additionally via pip:

pip install pysdr scipy numpy matplotlib

Option C — Windows 11 + WSL2

WSL2 Ubuntu 24.04 works for Python/hashcat analysis. USB passthrough (usbipd) required for SDR dongles and Alfa NIC. Less reliable for monitor-mode work; fallback to provided PCAP captures for Wi-Fi labs if USB passthrough fails.

SDR Driver Setup

RTL-SDR v4

The RTL-SDR v4 uses the rtl-sdr-blog driver branch, not the legacy rtl-sdr package:

# Remove old rtl-sdr if present
sudo apt remove rtl-sdr librtlsdr-dev

# Install rtl-sdr-blog driver
sudo apt install -y libusb-1.0-0-dev cmake git
git clone https://github.com/rtlsdrblog/rtl-sdr-blog
cd rtl-sdr-blog && mkdir build && cd build
cmake .. -DDETACH_KERNEL_DRIVER=ON
make && sudo make install && sudo ldconfig

# Blacklist DVB kernel module
echo 'blacklist dvb_usb_rtl28xxu' | sudo tee /etc/modprobe.d/blacklist-rtlsdr.conf
sudo modprobe -r dvb_usb_rtl28xxu 2>/dev/null; true

# Verify
rtl_test -t

ANTSDR E200 (libiio + UHD)

# libiio context discovery
iio_info -s

# UHD path (E200 supports both)
sudo apt install uhd-host libuhd-dev
uhd_find_devices

Consult the ANTSDR E200 quickstart guide shipped with the unit for first-time firmware flash.

802.11 Monitor Mode — Alfa AWUS036ACM

# Identify interface name
ip link show | grep wlan

# Kill processes that fight monitor mode
sudo airmon-ng check kill

# Enable monitor mode
sudo airmon-ng start wlan0

# Verify (interface name becomes wlan0mon or similar)
iwconfig wlan0mon

Important: Return the interface to managed mode when done with Wi-Fi labs to restore normal internet connectivity.

sudo airmon-ng stop wlan0mon
sudo systemctl restart NetworkManager

Legal Authorization Checklist

Read and sign the Lab Authorization Form before any active RF transmission or packet capture.

• I will only capture traffic on networks I own or have written authorization to test.
• I will only transmit RF energy within the Faraday cage provided by the instructor OR using the instructor-provided lab network (isolated, air-gapped from production).
• I understand that unauthorized interception of electronic communications violates the Electronic Communications Privacy Act (18 U.S.C. §§ 2510-2522).
• I understand that unauthorized computer access violates the Computer Fraud and Abuse Act (18 U.S.C. § 1030).
• I understand that unlicensed intentional transmissions outside FCC Part 15 limits require an FCC license (Part 97 amateur, Part 90 land mobile, etc.).
• I will not use techniques learned in this course against production systems, third-party infrastructure, or real consumer devices (garage doors, vehicle key fobs, etc.) without explicit written authorization.
• I acknowledge that the rolling-code lab uses only an instructor-built educational demo device.

Virtual / Recorded-Capture Path

Remote students and students without shared hardware can complete all labs through the virtual path.

IQ File Format

Software-defined radios record raw in-phase/quadrature (IQ) samples as interleaved 32-bit floats (or 16-bit integers for RTL-SDR). The SigMF standard (*.sigmf-data + *.sigmf-meta) encodes sample rate, center frequency, and capture metadata alongside the raw samples.

Loading Captures in Python

import numpy as np

# Raw float32 IQ (HackRF / GNU Radio default)
samples = np.fromfile("capture.iq", dtype=np.complex64)

# RTL-SDR uint8 interleaved (I0,Q0,I1,Q1,...)
raw = np.fromfile("capture.bin", dtype=np.uint8)
samples = (raw.astype(np.float32) - 127.5) / 127.5
iq = samples[0::2] + 1j * samples[1::2]

Loading in GNU Radio

Use the File Source block:

• File: path to .iq file
• Output Type: complex
• Repeat: unchecked (single playback) or checked (loop for testing)
• Sample rate: match the metadata of your capture file

Lab Capture Files

Each lab that uses physical RF provides:

1. A pre-captured .sigmf bundle for virtual-path students
2. Python analysis starters that work identically on live and recorded captures
3. Expected output checksums so you can verify your analysis completed correctly

Capture files are distributed via the course portal downloads section.

GNU Radio Companion Quick Reference

Launch: gnuradio-companion from terminal.

Key blocks for this course:

First-Day Smoke Test

Run this checklist before Week 1 labs:

# 1. RTL-SDR receives FM broadcast
rtl_fm -f 88.5M -M wbfm -s 200000 -r 44100 - | aplay -r 44100 -f S16_LE

# 2. Alfa NIC enters monitor mode without errors
sudo airmon-ng start wlan0 && iwconfig wlan0mon

# 3. GNU Radio GFSK flowgraph loads without import errors
gnuradio-companion --version

# 4. Python IQ pipeline works
python3 -c "import numpy as np; s=np.fromfile('/dev/zero',dtype=np.complex64,count=1024); print('numpy IQ OK, shape:', s.shape)"

# 5. hashcat recognizes GPU
hashcat -I

Flag any failures to the instructor before proceeding to Week 1.