EEVblog Electronics Community Forum
Electronics => Projects, Designs, and Technical Stuff => Topic started by: MrLoops on December 29, 2014, 08:05:44 pm
-
I'm reading some wild and intuitive things people invent to sniff, for example keystrokes. Take for example: http://dev.inversepath.com/download/tempest/tempest_2009.pdf (http://dev.inversepath.com/download/tempest/tempest_2009.pdf)
Really nice, especially considering its simplicity.
Now I want to try to do something myself, but the other way around. The idea is to average the power consumption over a long enough timeframe, such that the resolution decreases by enough, thus no conclusive data can be gathered about what keys were pressed.
The implementation is two power banks (capacitors), "A" and "B". B is directly charged by external power supply (19V). When charging is complete, it is discharged into A. Then A is used to provide power to the device. When A nears complete discharge, B is (hopefully) full again, to refresh it. Normally, A and B are disconnected, in order not to give away some info's.
So I made some project in LTSpice to simulate this... Anyone has some time for checking it out or share some ideas? Tnx! :box:
Edit: I added schematic, so people without LTSpice can look at it.
-
I don't see much of this surviving the switched power supply to begin with, I think it's getting transmitted through the PS2 cable shield.
-
You'd be much better off trapping everything in shielding as well as possible (information leakage is electromagnetic leakage, it's healthier for the radio spectrum to keep things shielded anyway!), then shunt regulating the power supply so that its power consumption remains constant, or changes only slowly.
A flying capacitor filter has that kind of effect, but doing it for any kind of power is ridiculous: you have to manage a lot of capacitance, big transistors, big current spikes and big possible power dissipation (how much energy is stored in one of those capacitors? what happens the first time a transistor turns on?).
Tim
-
I agree with the other posters - Tempest is mainly about lifting data off radiated EMI from poorly shielded data paths. Doing outrageous things with the power supply will not help with that at all.
Processing keystrokes on a PC is a microsecond-scale event and such small-scale events have little to no visibility beyond the motherboard - it will already be averaged as one lump by the motherboard's decoupling caps, not much information there apart from some power event having occurred - they may know you pressed a key but will not be able to determine which key from that. Even with your monstrous decoupling caps, that power-related information would still leak due to wires between your caps and computer/motherboard.
Most keyboard however are almost entirely plastic with the keyboard controller sometimes bonded directly to one of the keyboard membranes. Reading radiations from the 8051 or equivalent microcontroller running the keyboard would be a much easier way to eavesdrop on your typing.