Closed xloem closed 6 years ago
Hey man. Very good research questions indeed :)
TempestSDR was entirely designed around the needs of rasterizing a video signal in real time without access to sync pulses: resampling the IQ input from an IQ sample clock frequency into a pixel clock frequency with very high adjustable frequency resolution (fractional-N NCO), AM demodulation, periodic averaging at frame rate, high throughput for displaying at video bandwidth, cross-correlation to estimate the vertical and horizontal sync frequencies, a list of standard VESA mode presets. I don't think there is much, if any, code in there useful for analyzing other sources of compromising emanations, such as eavesdropping attacks on keyboards.
You would be much better off starting from scratch if you want to play with other emission sources.
Van Eck Phreaking is great, but the EM spectrum must allow for so many more attacks. Device fingerprinting, sniffing of keystrokes and mouse activity ... The repeating behavior of the video signal is very similar to that of RAM refresh; could ram be extracted wirelessly if an antenna were placed close to the chip?
Let's refactor TempestSDR to separate between functions that are useful in general, and enumerated attacks which make use of these functions.