Recently, I learned about vehicular networking research at another CONNECT group at University College Cork (UCC). So today, I was visiting to exchange ideas and talk about SDR-based prototyping and real-world experiments with vehicular networks.

It was a really interesting day. Besides the meeting, I also had some time to enjoy the beautiful campus.

It took Paderborn University over ten weeks until they found someone who was able to press the “Print”-button, but they made it and I am finally allowed to call myself a doctor. Yay!

I am currently thinking a lot about what I should do after my current fellowship. Academia? Industry? Self-employed? I do not know… Working with Software Radio Systems (SRS) already allowed a glimpse into industry.

Another thing I thought about was offering training for SDR/GNU Radio. Recently, had the chance to give this a try. During my summer holidays, I worked on the online course SDR for Pentesters for Attify Inc, which is now available.

I finally made it. I defended my PhD thesis and graduated summa cum laude from University of Paderborn.

  • Bastian Bloessl, “A Physical Layer Experimentation Framework for Automotive WLAN,” PhD Thesis (Dissertation), Department of Computer Science, Paderborn University, June 2018. (Advisor: Falko Dressler; Referees: Matthias Hollick and Renato Lo Cigno) [BibTeX, PDF and Details…]

Motivated by a recent issue on GitHub, I looked into using Scapy with my GNU Radio WLAN Transceiver.

Scapy is a Python packet manipulation tool that can be interesting for penetration testing. It can, for example, be used to create deauth frames or frames with random payload to fuzz a WLAN stack. Using Scapy in combination with the GNU Radio WLAN transceiver can be interesting since you can be sure that the frame is sent as is, i.e., that no chip/firmware/driver is mangling the payload.

To use Scapy, I extended the transmit flow graph with a Socket PDU block that is attached directly to the PHY.

In Python world, I use Scapy to create a WLAN beacon. Some fields are defined, some are set randomly by the Scapy’s fuzz function. (The CRC function is a very ugly hack…)

I just talked about hacking vehicular networks at Hackaday Uncon in Dublin, a meeting of the hacker/maker community. I enjoyed many presentations today – it’s really amazing what people are working on. My favorite talks were about a self-made electric motor bike and the security of smart meters.

I presented OpenC2X, a full Open Source communication stack for IEEE 802.11p, i.e., WLAN for cars. It was recently ported to OpenWrt, allowing it to run on a 30EUR AP. This makes it accessible for everyone. Think of it as a WiFi Pineapple for vehicular networks.

Here, you can see a TP-Link WDR3600 AP transmitting at 5.9GHz with 10MHz bandwidth. You can checkout the code on GitHub.

I just came back from a nice week in Paris and Lyon, where I was talking about GNU Radio and research on wireless. The meeting in Paris focused on SDR-driven research projects from both industry and academia. It explicitly invited researchers who typically work on higher layers, showing them what SDRs are and how they could fit in their projects. I was allowed to give an introductory talk.

For me, it was the first time that I could talk about a more general topic, i.e., not about a paper or project. This new experience turned out to be really fun, as I could add some anecdotes, making the whole thing a bit more personal.

I didn’t know a lot of French researchers, so it was also a great opportunity to get to know people that work on interesting projects.


The next day, I gave a seminar talk at the CITI Lab, which is part of INSA Lyon. Leonardo Cardoso was so kind to show me around in their lab. For students interested in SDR and wireless, this must be paradise. They have many well-equipped labs and the everybody is very supportive when it comes to GNU Radio and fun wireless projects.

Fortunately, I could stay a day longer and attend Jean-Michel Friedt’s talk on his passive radar experiments with GNU Radio and RTL-SDRs. It’s amazing what’s possible with 10EUR SDRs.


The guys in Lyon have fantastic labs, but their real baby is the CorteXlab. It is a completely RF-shielded room with 38 SDRs and PCs mounted at the ceiling. The effort that they put into this room is enormous.

Looking at the door, it is immediately clear that they are serious with shielding this room :-) With this, they created a truly controlled environment that allows reproducible experiments. And the best: CorteXlab is open for researchers. So if you ever wanted to do larger experiments, this is your testbed.


It was my first time in Lyon, so I was happy that I had some spare time to walk around in the city.