Radio transmitter on the system bus

Some computers for security purposes are specially isolated from the outside world (air gap or physical isolation). They do not have access to the Internet, there is no local network, WiFi, Bluetooth, even the USB interface and the audio card are disabled. How, then, to transfer information from this computer?

New program System Bus Radio solves the problem. Even in such a situation with its help, you can transmit a radio signal.

Let's check. The source code is published on Github. Compile (author checked on Apple MacBook Air).
')

gcc main.c -Wall -O2 -o main 

We start.

 ./main 

In the radio tuned to 1580 kHz AM, the song “ Mary Had a Little Lamb ” will sound in an endless loop.

The author of the program is American hacker William Entriken (William Entriken). He says that according to leaked documents, the US National Security Agency and the US Department of Defense have long discussed the possibility of information leaks from protected systems through electromagnetic radiation, there are various ways to remotely remove data. So the System Bus Radio project will be a new argument in this discussion.

By trial and error, the author found out that the frequency of 1580 kHz is best suited for transmitting and receiving data on its equipment (Apple MacBook Air and Sony STR-K670P radio with antenna).

Radiation of radio waves occurs by different electronic components. Here, the memory bus radiation (I / O bus clock) is used when exchanging data between the CPU and RAM.


Radio emission distribution of a motherboard with an 800 MHz I / O bus using DDR3-1600 RAM. Blue shows the normal operation of the PC, red shows the result of the data transfer algorithm using the multi-channel memory architecture.

In the program, the generation of radiation is implemented using the instructions _mm_stream_si128 or x++ , which writes to the address in RAM. This concept was presented in a report at the last USENIX Security 15 conference.

Guri, M., Kachlon, A., Hasson, O., Kedma, G., Mirsky, Y., and Elovici, Y., 2015. GSMem: data exchange rate. In 24th USENIX Security Symposium (USENIX Security 15) ( pp. 849-864 ).

The transmission rate depends on the quality of the signal, that is, on the quality of the receiver and the distance to the transmitter. The authors of the original report tested the transmitter on a desktop computer, and used a Motorola C123 phone and a Lenovo ThinkPad T530 laptop with a software-defined radio system (SDR) as a receiver. At a distance of 2.6 meters per SDR, the transmission rate was about 1000 bps. When using a special optimized directional antenna like LP0410 ($ 53), the transmission distance increases to 30-40 meters from the front of the system unit.



Returning to the System Bus Radio program, it uses rectangular modulation.



The author also provides links to various APIs for working with high-precision time under OS X.