This talk will demonstrate techniques used to reverse engineer the LoRa PHY via software defined radio. LoRa is a proprietary Low Power Wide Area Network (LPWAN), an emerging class of wireless technology similar to cellular data service but optimized for embedded and IoT applications. LoRa is unique because it uses a chirp spread spectrum modulation that encodes data into RF features more commonly seen in RADAR systems. The protocol's rapid adoption rides on its use of unlicensed ISM frequency bands, both avoiding costly spectrum licensing requirements and democratizing long-range network infrastructure to consumers and new commercial entrants alike. After briefly introducing the audience to LPWANs, I will walk through the SDR and DSP techniques required to demodulate and decode LoRa's novel closed-source waveform. In addition I will introduce gr-lora, an open-source GNU Radio module that can be used to implement LoRa security test tools, LoRaWAN gateways, and end node applications.