TEMPEST working group

Any time a machine is used to process classified information electrically, the various switches, contacts. relays, and other components in that machine may emit radio frequency or acoustic energy.

… This problem of compromising radiation we have given the covername TEMPEST.

[TEMPEST: A Signal Problem. NSA 1972]

micro_research hosts a three day working group (22,23,24 April 2PM+) exploring the signal phenomenon hiding behind the covername of TEMPEST and making use of contemporary technologies such as software-defined radio (USRP). The working group focus is very much on the analysis and subsequent reconstruction of any leaked signal, for example allowing the researcher to remotely monitor a distant computer display or keyboard.

The TEMPEST working group underscores a rich adventure, making sense of fortuitous emanations of sound, light and, primarily, electromagnetic phenomena. Research topics for artistic examination include, but are not limited to: signals and noise, van Eck phreaking, decoding, encryption and hiding, surveillance, information and carrier/support, intentionality of compromising emanations.

Finally, TEMPEST, as covername with the word itself as revealing a certain relation to both hiding (information) and the state (subject). TEMPEST supposedly means nothing, quite simply denying the possibility of being decoded as itself an acronym. A codeword for the exposure of the world as (being) encoded.

Reference:

http://www.1010.co.uk/org/data\_forensics.html#sec-4.7

http://moddr.net/ps2tempest/

DSP using gnuradio: http://www.phys-x.org/grblog/grblog.html

Using gnuplot: http://www.swigerco.com/gnuradio/plotting.html

(for use with: usrp_rx_cfile)

Wideband spectral analyser: http://www.ruby-forum.com/topic/169964

1] usrp_rx_cfile.py and baudline (and/or capture to file):

./usrp_rx_cfile.py -f 1070000 -d 64 /dev/stdout |
~/src/baudline_1.07_linux_i686/baudline -reset -samplerate 4000000
-channels 2 -quadrature -stdin

a la: https://berlin.ccc.de/wiki/GNU\_Radio

tuning loop antenna + capacitance and impedance matching

from:

http://seagrant.mit.edu/auvwiki/index.php/ADAQ

For recording we are using this script:

:gr-utils/src/python/usrp_rx_cfile.py

To look at files in MATLAB (or Octave), use this script:

:gnuradio-core/src/utils/read_complex_binary.m

There are other useful MATLAB scripts in the same directory.

If connected to the ADAQ over ssh, you can remotely run this script to do a spectral plot of a logged data file:

:gnuradio-core/src/utils/gr_plot_fft_f.py

Live data display

The best choice is the live FFT plot (virtual spectrum analyzer):

:gr-utils/src/python/usrp_fft.py

which can be run remotely over SSH by the advanced user. The proper command line to invoke the spectrum analyzer chooses the decimation rate 'd', the center frequency 'f', and the receive channel where the hydrophone is connected.

On the ADAQ, we are interested in low frequencies (centered around zero), 2nd-to-maximum decimation (divide down by 128 from 64 Msample/sec), and receive channel 1 in card slot A, resulting in the command line

:usrp_fft.py -d 128 -f 0 -R A:1

A graphical spectrum plot from -250 to +250 kHz will appear. Recording data to files

Use "usrp_rx_cfile.py" as noted above.

Here is an example call to this script:

:usrp_rx_cfile.py –nsamples 500000 -f 0 -d 128 -R A:1 001.dat

Looking at recorded data files

Here is an example script which will read a data file generated with usrp_rx_cfile.py into MATLAB or Octave and then will plot the FFT of that data:

addpath ('~/gnuradio/gnuradio-core/src/utils/', '-end');
data = read_complex_binary('001.dat');
data = data ./ 32768;
n = 1024; Fs=500000; w=[0:Fs/n:Fs-Fs/n];
pPxx = 20*log(abs(fft(data,n)));
axis([0 250000 -150 20])
plot(w,pPxx);

LFRX and real/complex????

RX_MUX

• complex
• quadrature - I&Q (is_quadrature)

also https://moksec.networld.to/trac/wiki/findingGSMChannels

from:

file:gnuradio/gnuradio-examples/python/usrp/usrp_am_mw_rcv.py::adc_rate self u adc_rate 64 MS s

adc_rate = self.u.adc_rate()                # 64 MS/s
usrp_decim = 250
self.u.set_decim_rate(usrp_decim)
usrp_rate = adc_rate / usrp_decim           # 256 kS/s
chanfilt_decim = 4
demod_rate = usrp_rate / chanfilt_decim     # 64 kHz
audio_decimation = 2
audio_rate = demod_rate / audio_decimation  # 32 kHz

http://www.swigerco.com/gnuradio/plotting.html

:/root/gnuradio/gr-usrp/apps/usrp_rx_cfile -f 12000000 -N 1000000 test.dat

:./raw2numfc test.dat out.dat 0 100000