An Implementation of Tempest in GNU Radio

栏目: IT技术 · 发布时间: 4年前

内容简介:Status:The examples folder contains several examples that work with recordings. Until the end of the quarantine I won't be able to test it on hardware, but I'm confident it should work. Feedback is more than welcome!TEMPEST (or

gr-tempest

An implementation of TEMPEST en GNU Radio.

An Implementation of Tempest in GNU Radio

Status:The examples folder contains several examples that work with recordings. Until the end of the quarantine I won't be able to test it on hardware, but I'm confident it should work. Feedback is more than welcome!

If you find the code useful, please consider starring the repository. This will help us get funding to support the project.

TEMPEST (or Van Eck Phreaking ) is a technique to eavesdrop video monitors by receiving the electromagnetic signal emitted by the VGA/HDMI cable and connectors (although other targets are possible, such as keyboards, for which the same term is generally used, see Wikipedia/Tempest ).

This is basically a re-implementation of Martin Marinov's excelent TempestSDR in GNU Radio (see https://github.com/martinmarinov/TempestSDR ). The reason is that I felt it may be easier to maintain and extend. Note however that the basic ideas were imitated, but the synchronization algorithms are different, and some functionalities (particularly in the GUI) are missing.

For a technical explanation you may read Marinov's thesis or Pablo Menoni's thesis (in spanish). For a demo using TempestSDR you may see the following video .

Notes and examples

See the examples folder for working examples (and https://www.youtube.com/watch?v=oTCu8HTaN3Y to see them in action). Recordings may be obtained from https://iie.fing.edu.uy/investigacion/grupos/artes/es/proyectos/espionaje-por-emisiones-electromagneticas/ (in spanish).

There are four examples:

  • manual_simulated_tempest_example.grc . This is a simulation of TEMPEST and the signal you are actually spying. It helps to understand the parameters involved and the resulting signal's problems. Both the channel's and the synchronization algorithms' parameters may be modified on the fly from the interface. The image source was mostly copied from gr-paint's and any image file readable by PIL may be used (and in any size, as the block reshapes it to the size indicated in the block).
  • manual_tempest_example.grc . Feed a recording or the USRP pointing to a VGA cable and you should see an image! However, in this example all parameters of the VGA signal are manually set (and sampling errors are corrected based on these parameters). Moreover, the fine sampling correction should be modified until a stable image is obtained (and horizontal and vertical alignment are also changeable).
  • semi_automatic_tempest_example.grc . Same as above, but the resolutions are obtained from a list of the most typical resolutions available. I've obtained the list from TempestSDR (although the command xrandr --verbose should produce the list too).
  • automatic_tempest_example.grc . Same as above, but the horizontal line is synchronized (thus, only manual vertical alignment is necessary). To achieve this, you should estimate the number of pixels that separate two vertical lines that always appear in the image (due to blanking). Note however that the algorithm may be unstable. In that case, fall back to semi_automatic_tempest_example.grc .
  • Semi-automatic and manual examples are also included to spy on HDMI signals. Due to the significant difference between VGA and HDMI, there is no automatic version yet.

Limitations:

  • A vertical alignment block is under testing, although it still does not work.
  • The spied image is shown in a Video SDL Sink , which has its limitations (such as dynamically setting its dimensions). However, the block Framing somewhat solves this problem by choosing a user-defined rectangle of the incoming signal. Thus, exploring resolutions while executing the flowgraph is now possible. See the comments on the flowgraph.
  • The synchronization blocks may be heavy on the PC. This may be alleviated by properly configuring VOLK as explained below. Moreover, if CPU is still a problem with the sampling synchronization block, you may try reducing the variable d_proba_of_updating and/or d_max_deviation in lib/sampling_synchronization_impl.cc (and using only manual_simulated_tempest_example.grc ).

Requirements: GNU Radio 3.7, either compiled from source or installed with a binary (see below if this this is your case for further requirements). A 3.8-compatible version coming soon.

Build instructions

For a system wide installation:

git clone https://github.com/git-artes/gr-tempest.git  
cd gr-tempest
mkdir build  
cd build  
cmake ../  
make && sudo make install

For a user space installation, or GNU Radio installed in a location different from the default location /usr/local:

git clone https://github.com/git-artes/gr-tempest.git  
cd gr-tempest 
mkdir build  
cd build  
cmake -DCMAKE_INSTALL_PREFIX=<your_GNURadio_install_dir> ../
make
make install

Please note that if you used PyBOMBS to install GNU Radio the DCMAKE_INSTALL_PREFIX should point to the PyBOMBS prefix.

On Debian/Ubuntu based distributions, you may have to run:

sudo ldconfig

Remarks

  • Instructions above assume you have downloaded and compiled GNU Radio (either with the build-gnuradio script or with PyBOMBS). If you've used a pre-compiled binary package (like in $ sudo apt-get install gnuradio), then you should also install gnuradio-dev (and naturally cmake and git, if they were not installed, plus libboost-all-dev, libcppunit-dev, liblog4cpp5-dev and swig).

  • Note that gr-tempest makes heavy use of VOLK. A profile should be run to make the best out of it. Please visit https://gnuradio.org/redmine/projects/gnuradio/wiki/Volk for instructions, or simply run:

    volk_profile

FAQ

Q : Cmake complains about unmet requirements. What's the problem?

A : You should read the errors carefully (though we reckon they are sometimes mysterious). Most probably is a missing library. Candidates are Boost (in Ubuntu libboost-all-dev) or libcppunit (in Ubuntu libcppunit-dev).

Q : Cmake complains about some Policy CMP0026 and LOCATION target property and who knows what else. Again, what's the problem?

A : This is a problem with using Cmake with a version >= 3, which is installed in Ubuntu 16, for instance. The good news is that you may ignore all these warnings.

Q : It is not compiling. What's the problem?

A : Again, you should read carefully the errors. Again, it's most probably a missing library, for instance log4cpp (in Ubuntu liblog4cpp5-dev). If the problem is with the API of GNU Radio, you should update it. I've tested gr-tempest with GNU Radio 3.7.11. Finally, if it complains about the random number generator, you have to compile using the -std=c++11 flag.

Q : I got the following error: "AttributeError: 'module' object has no attribute 'sampling_synchronization'" (or some other block). Why?

A : This problem may be generated by several factors. Did you "sudo ldconfig"? Another possibility is that you don't have swig installed (in this case, you must uninstall gr-tempest, delete CMakeCache.txt in the build directory, and re-install; that is, after installing swig).

IIE Instituto de Ingeniería Eléctrica

Facultad de Ingeniería

Universidad de la República

Montevideo, Uruguay

http://iie.fing.edu.uy/investigacion/grupos/artes/

Please refer to the LICENSE file for contact information and further credits.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Web表单设计

Web表单设计

[美] Luke Wroblewski / 卢颐、高韵蓓 / 清华大学出版社 / 2010-6 / 49.00元

精心设计的表单,能让用户感到心情舒畅,愉快地注册、付款和进行内容创建和管理,这是促成网上商业成功的秘密武器。本书通过独到、深邃的见解,丰富、真实的实例,道出了表单设计的真谛。新手设计师通过阅读本书,可广泛接触到优秀表单设计的所有构成要素。经验丰富的资深设计师,可深入地了解以前没有注意到的问题及解决方案。 本书专为表单设计或开发人员准备,但同时也适合可用性工程师、网站开发人员、产品经理、视觉设......一起来看看 《Web表单设计》 这本书的介绍吧!

JSON 在线解析
JSON 在线解析

在线 JSON 格式化工具

XML 在线格式化
XML 在线格式化

在线 XML 格式化压缩工具

html转js在线工具
html转js在线工具

html转js在线工具