Since I started to work on an O-RAN 5G RU radio last year (2021), my hobby of softsdr just got back to surface 😎 I work more specifically on the clock synchronization using PTP/SyncE.
I have got a HackRF One and later the Portapack H2 module, I am using Mayhem firmware for the Portapack.
Since PTP can be easily spoof, unless you protect with MACSEC, for some lazy reason, our HW/FPGA did not want to add MACSEC to protect the S-Plane/PTP. For security reason, I will not disclose where I work.
It is a child play to spoof PTP, I setup a network of many RPI with PTP, just save PTP traces from master clock and later replay those packets, we can see ptp4l goes crazy with large offset.
Some HW guy at work even goes to say PTP can be protected by GNSS, which I just told them it is the other way around as GNSS can be much more easy to attack over the air by spoofing or jamming the signal. As per new timing requirement for critical infrastructure (telecom, financial, power grid), it is essential to have an alternate clock source to back up GNSS.
I used the Portapack to replay GPS signal to my Ublox, after 2 minutes the Ublox lost it, that is time is reset to 23:59 and I lost positioning coordinate as well, worse thing is I remove the interfering signal and Ublox did not recover, I had to power-cycle the module. My theory is the Ubox entered anti-jamming anti-spoofing by trying to desense the receiver, maybe if I wait long enough it might remove the desense.
I recorded a video to demonstrate when the Ublox lost it (will upload here soon).
Some people think they can make gold from lead in 2022.
vswr1 