1) Introduction:
The 2.4 Ghz (ISM) band is the most crowded slice of the electromagnetic spectrum in modern urban environments.This band facilitates everything from critical internet infrastructure to low-power medical devices. However, the open nature of this frequency range makes it inherently vulnerable to Physical Layer Denial of Service (DoS) attacks, commonly known as jamming.
At its core, jamming is the radiation of radio frequency
(RF) signals to disrupt communications by decreasing
the Signal-to-Interference+Noise Ratio (SINR) at a
receiver.
When the noise generated by a jammer exceeds the
power level of the legitimate signal, the receiver can
no longer distinguish data from background noise,
leading to packet loss, increased latency, or total
connection failure.
This project explores the mechanics of a Fast-Sweep
Jammer (or Hopping Jammer) implemented using
an ESP32 microcontroller and nRF24L01
transceivers.
2) Solution/Methodology:
To jam/ block a legitimate signal s(t) operating in 2.4 Ghz ISM band I built a low-power jammer that transmits carrier signals or ‘Noise’ in the same 2.4 Ghz band. At a given instant of time (T) the jammer can produce only ‘one’ particular type of frequency ‘F’ in the range of [ 2.4 Ghz, 2.525 Ghz ]. But this alone cannot jam the entire band, so we change the frequency ‘F’ to another frequency in the same band after time ‘T’ and continue to do this after every interval ‘T’. This is called ‘Frequency Hopping’ mechanism. In our case we keep this interval ‘T’ to be 100 microseconds so that the frequencies generated by the jammer appears to be ‘noise’ for a larger time interval say ~ 1 second, in other words our jammer changes the carrier frequency 10,000 times in a single second.
3) Communication Theory Tools Used:
~ Non-Stationarity : While background thermal noise is modeled as a Wide-Sense Stationary (WSS) process, the jammer is explicitly Non-Stationary. Its statistical properties specifically its mean power at a given frequency are time-variant.
~ Uniform Probability Distribution : By using the rand() function in our source code, the jammer's presence across the 125 Mhz bandwidth follows a Discrete Uniform Distribution. This ensures that the probability ‘P’ of the jammer occupying any specific 1 Mhz channel is: P(f) = 1/N , where N=125.
~ The "Comb" Effect: In the short term (< 100 microseconds), the Power Spectral Density (PSD) shows a single, narrow peak. Over time, the high-speed hopping creates a flattened PSD that mimics Band-Limited White Noise. This "masks" the entire ISM band, raising the noise floor across all channels simultaneously.
~ Frequency Hopping Spread Spectrum (FHSS) : By setting the ESP32 timer to 100 microseconds, we transition from "Slow-Hopping" (longer than a packet) to "Fast-Hopping" (multiple hops per packet). This is a critical tool for bypassing defences ( like Adaptive Frequency Hopping (AFH) that Bluetooth uses to avoid interference with other channels ), as the jammer moves faster than the target before it can re-map the "clean" channels.
~ SINR : When the SINR at the Target Receiver (RX) goes down below a certain threshold value, the Receiver discard the entire packet and after sometime of being ‘jammed’ it terminates the connection with the Target Transmitter (TX).
4) Insights:
Protocol-Specific Vulnerabilities : The project highlighted distinct failure modes for different 2.4 GHz protocols:
~ Wi-Fi (2.4Ghz) : Suffers primarily from CCA (Clear Channel Assessment) Failure. The jammer mimics a busy medium, tricking the Wi-Fi chip into "Backoff Mode," where it waits indefinitely for a clear airtime that never comes.
~ Bluetooth : Suffers from CRC (Cyclic Redundancy Check) Failures. The jammer hits enough 1 MHz slots to ensure that the packet headers are corrupted, causing the link-layer to drop the connection due to excessive retransmission timeouts.
5) Data-Pipeline:

divyanshu__