commit 569bc92dc1bd363cd14a5f912f0ea158f89bb1c6 Author: urko Date: Sun Apr 6 12:29:14 2025 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..24c4fee --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.notes diff --git a/README.md b/README.md new file mode 100644 index 0000000..5e1a6ad --- /dev/null +++ b/README.md @@ -0,0 +1,144 @@ +#COVID-bit: Real‐life demonstration scenario + +The idea is to first show that a standard air-gapped computer can be “attacked” via a covert electromagnetic channel (similar to the COVID‑bit attack), +and then to show that applying a shielding solution (such as a Faraday cage) significantly reduces or blocks the signal. + +--- + +## 1. Demonstration Overview + +### Attack Phase (Unshielded) +- **Transmitter:** Use a standard desktop or embedded computer running Linux. The computer runs a custom program (provided below in Rust) that deliberately modulates CPU load to generate low‑frequency electromagnetic emissions (in the 0–60 kHz band). The code toggles the workload on each CPU core at a specific frequency. +- **Receiver:** Use a smartphone or laptop with a software-defined radio (SDR) dongle (such as an RTL‑SDR) or even an audio input device with a tuned loop antenna. The antenna, built from a few turns of copper wire on a non‑conductive frame, is connected to the receiver. An SDR app (or a simple FFT analyzer) can then capture and visualize the emission spectrum. +- **Observation:** With the device unshielded, the receiver will pick up the emissions from the computer—confirming that the covert channel is active. + +### Shielding Phase +- **Shielding Solution:** Enclose an identical computer (or the same computer in a separate test) in a makeshift Faraday cage. This could be a simple enclosure made from copper mesh or aluminum foil that completely surrounds the computer (with proper grounding and ventilation considerations). +- **Re-Test:** Run the same transmitter code inside the shielded enclosure and capture the emissions with the same receiver. +- **Expected Result:** The electromagnetic emissions should be drastically reduced (or even eliminated), proving that the shielding solution effectively mitigates the attack. + +--- + +## 2. Electronics and Materials List + +### For the Transmitter (Air-Gap Computer) +- **Computer:** A standard desktop or embedded system running Linux. +- **Power Supply & Motherboard:** Standard components as used in regular workstations. +- **Operating System:** Ubuntu or any Linux distribution. +- **Software:** Custom transmitter program (provided below in Rust). + +### For the Receiver +- **Receiver Device:** + - **Option A:** A smartphone with an SDR app or audio spectrum analyzer. + - **Option B:** A laptop with an RTL‑SDR dongle and SDR software (e.g., SDR# or GQRX). +- **Loop Antenna:** + - A simple loop antenna made by winding several turns of insulated copper wire around a plastic frame (approximately 20–30 cm in diameter). + - Coaxial cable and appropriate connectors to attach the antenna to the SDR or audio jack. + +### For the Shielding +- **Shielding Materials:** + - Copper or aluminum mesh (or heavy aluminum foil). + - Conductive adhesive tape for seams. + - Non‑conductive interior lining (foam or plastic) to prevent short-circuits. +- **Enclosure:** A box or cabinet into which you can fit the computer. Ensure all seams are properly sealed to block electromagnetic leakage. + +--- + +## 3. Rust Source Code for the Transmitter + +Below is a simplified Rust program that spawns one thread per available CPU core. Each thread alternates between a busy (computational load) period and a sleep period to approximate a square wave at a given frequency. You can adjust the frequency and duration via command-line arguments. + +```rust +use std::thread; +use std::time::{Duration, Instant}; +use std::env; + +fn transmit(frequency: f64, duration: Duration) { + // Calculate the period (seconds) and half-period duration + let period = Duration::from_secs_f64(1.0 / frequency); + let half_period = period / 2; + let end_time = Instant::now() + duration; + + while Instant::now() < end_time { + // Busy-wait for half of the period to generate load + let busy_until = Instant::now() + half_period; + while Instant::now() < busy_until { + // Perform dummy computations (the actual operation can be optimized if needed) + let _ = 2 * 2; + } + // Sleep for the other half to create a duty cycle + thread::sleep(half_period); + } +} + +fn main() { + // Parse command-line arguments: frequency in Hz and duration in seconds + let args: Vec = env::args().collect(); + if args.len() < 3 { + eprintln!("Usage: {} ", args[0]); + return; + } + let frequency: f64 = args[1].parse().expect("Invalid frequency"); + let duration_secs: u64 = args[2].parse().expect("Invalid duration"); + let duration = Duration::from_secs(duration_secs); + + // Determine number of threads (use all available CPU cores) + let num_threads = num_cpus::get(); + println!("Starting transmission at {} Hz using {} threads for {} seconds", frequency, num_threads, duration_secs); + + // Spawn threads that perform the transmission concurrently + let mut handles = Vec::new(); + for _ in 0..num_threads { + let freq = frequency; + let dur = duration; + let handle = thread::spawn(move || { + transmit(freq, dur); + }); + handles.push(handle); + } + + // Wait for all threads to finish + for handle in handles { + handle.join().unwrap(); + } + + println!("Transmission complete."); +} +``` + +### How to Run the Code +1. **Build the program:** + Ensure you have [Rust installed](https://www.rust-lang.org/tools/install) and compile the code: + ```bash + cargo build --release + ``` +2. **Execute the program:** + For example, to run the transmitter at 10 kHz for 30 seconds: + ```bash + ./target/release/your_program_name 10000 30 + ``` + +*Note:* The busy-wait loop is a simple way to load the CPU; real-life attack code might use more refined timing and modulation (e.g., for data modulation using FSK or OFDM as described in the paper). + +--- + +## 4. Demonstration Steps Summary + +1. **Setup Unshielded Scenario:** + - Place the computer in an open area. + - Connect the loop antenna to the SDR receiver. + - Run the Rust transmitter code. + - Use the SDR software to visualize the frequency spectrum and verify that the modulated signal is detectable. + +2. **Setup Shielded Scenario:** + - Enclose an identical computer (or the same one in a controlled test) inside the shielding enclosure. + - Repeat the transmission test. + - Show that the electromagnetic emissions are significantly attenuated (or no longer detectable) on the receiver. + +3. **Discussion:** + - Explain how the electromagnetic leakage occurs due to dynamic power consumption and switching in the SMPS. + - Discuss the trade-offs of shielding (cost, practicality, potential for heat buildup, etc.). + - Highlight how your shielding solution can be implemented in sensitive environments (e.g., military or critical infrastructure settings). + +This comprehensive scenario demonstrates both the vulnerability and the countermeasure, providing a solid foundation for discussion at your university research program. + diff --git a/docs/covid-bit-mordecha.pdf b/docs/covid-bit-mordecha.pdf new file mode 100644 index 0000000..6c00e34 Binary files /dev/null and b/docs/covid-bit-mordecha.pdf differ