Large Scale Central

DEFCON Railroad Talk

I’m making my annual trip to Las Vegas next week for DEFCON, and will be giving a 1-hour talk on railroad wireless protocols, focusing on my reverse engineering of the EOT and AEI systems. It will be on YouTube eventually. I’ve had a goal of speaking at DEFCON, and am very excited that they accepted my proposal!

Here’s the abstract:

North American railroads use several wireless systems for remote control, monitoring, and tracking of locomotives, railcars, signals, and other equipment. This talk will provide an overview of the systems in use, an in-depth look of two of them:

The end-of-train (EOT) device contributed to the demise of the caboose 35 years ago, taking over one of its primary functions: monitoring brake pipe pressure. The EOT transmits pressure, its unique ID, and other data, encoded into AFSK packets, to a corresponding head-of-train (HOT) device in the locomotive. A secondary function is venting the line in an emergency braking event, under command of the HOT. BCH error correction is employed for reliability, but there are inherent security flaws. A SDR/GNU Radio/Python workflow for decoding and verifying packets will be demonstrated.

Attempts at automatically identifying passing railcars were largely unsuccessful until the introduction of the Automatic Equipment Identification (AEI) system in the early 90s. This 900 MHz RFID system consists of passive tags on each locomotive and car and wayside readers at rail yard entrances and other locations of interest. The author’s day job in environmental noise consulting led to a study of the feasibility of using AEI for rail noise studies. It had to be reverse-engineered first, of course. Using a repurposed commercial reader, Raspberry Pi, and cellular modem, a remote monitoring system gathered tag date for 5 weeks. Details of the protocol and monitoring system will be presented, along with video demonstrations.

gulp WOW! That’s massively impressive!

Break a leg, Eric!!


PS: Don’t blow your layout budget on the buffets!! But if work is paying for it, well, the more you eat the more you make!

Have a great time and Wow! 'em.

I bet this will be a great talk. Go get 'em, Eric

Good luck!

Rooster : has puked and passed out

Whoooooaaaaa, Nellie! I’ll bet this will be fascinating. Knock 'em dead!

Eric "YOU "might need sunblock 200 in Vegas … Have fun and good luck !

don’t forget to have fun


Code release for my talk today. This is a GNU Radio/Python EOT decoder.

The talk went well. I had 120 people or so, and was unexpectedly nervous at first. It’s a lot different than my usual gig teaching 18 to 22-year-olds! Here are the slides:

After DEFCON, I drove north to visit the Nevada Northern, then over to Heber City, UT to ride the Heber Valley Railroad, then up to Promontory, and finally finished the trip at the Utah State Railroad Museum in Odgen.


A lot of things don’t like the space between DC26 and talk in the file name.


You can just go to this link and select the file:




My talk is finally up on YouTube: