13:54 Radiosnifer keyboard | |
| Such malicious hakeryuga like you, of course, not once spoken to software keyloggers. Run once this program from the enemy - and you're done: all the passwords and typing, you can assume you have already. However, this approach has a drawback: you have to somehow start cFosSpeed ??on another computer that is not always possible. Therefore, we decided to make the elementary device with which you can easily benefit from logging all the typing, just coming closer to a computer enemy. The essence of the ideas and methods briefly explain what will be discussed. All tokopotreblyayuschie device, be it television, mouse, keyboard, hard drive or cooler during operation creates in the surrounding electromagnetic field. His appearance, as we know from physics course is directly related to a current of different voltage passing through the wires and channels of printed circuit boards. The magnitude of these electromagnetic waves can be measured by special devices. Field often creates interference to radios, televisions and other appliances. You probably noticed that delivered near a TV FM-radio begins to take less channels, the signal in the truest sense of the word "hammered" extraneous radiation. This fact prompted me to a good idea: if the TV pollutes the signal that "listens" to the radio, it would be nice to see how it will do the same keyboard. After interference, ie, electromagnetic pulses generated by it, belong to, according to the directories range from 10 Hz to 1000 MHz, and the range and is the main conduit of information leakage from today's PCs. For work, I armed the following tools: 1. Complex with a sound card 2. Cheap Chinese radio Fusun 3. Connecting cord to connect the FM-receiver to line sound card. As for the receiver, it can be any (better - with manual frequency adjustment, as the search for the right of interference - work fine), the main thing - do not use the internal FM-tuner, because electromagnetic interferences inside will bring to naught all attempts to get at least some result. Cord - the standard, you can solder yourself from scraps left over from the old broken headphones or microphones. At first, better connected to the output of your sound card headphones and carry out all operations in them - so will better hear the nuances of sound. With "sndvol32.exe" Adjust the volume recorded signal to a minimum, pre-selected as the recording line-in, otherwise you run the risk of deaf, hearing the noise of a wild, issued a radio. The receiver is connected to the line input and turn on his power. It is possible that instead we need the noise you hear music that you twist on some FM-station. In this case, slightly twisted wheel adjust the frequency until you hear "white noise", as they say physics. Further, your actions should be as follows: Hold down any button on the keyboard and begin to carefully adjust the frequency until you hear a crash with a frequency of about 200 "creaking" in a minute (or 3 per second). If you release the button keyboard, a crack must cease. This is a sure sign that you have found the desired frequency. In some cases, the desired signal may appear as a continuous, relatively low humming mixed with noise, change your tone when you press the buttons on the keypad. If the result does not come, it is likely that you're holding the receiver too close to the monitor. Particularly strong interference gives a CRT monitor. If you can not find the right frequency - Adjust the length of the external antenna tuner. Analyze data Suppose that you found the frequency at which the interference from the keyboard, can hear very well. In this case, you did a great piece of work. Can only write the interference from different keystrokes, using any advanced wave-editor, such as Nero Wave Editor, and analyze them. Differences in the wave structure of sound form interference from the keyboard, will help us to discern in the confusion of white noise scan codes keystrokes:). Free audio editor and start writing signal applied to the line input by typing on the keyboard simple word, consisting of 4-5 characters. To then see the graphic image sound wave where the usual noise mixed with noise - "a bang" keyboard, recording the signal is better to hold each key a little longer, at least 0.5 seconds. Of course, in a real situation, when you scan someone else's keyboard, no one will be special for you long press the buttons, but our challenge now - to understand the method, then to perform more complex scan. Write your message, carefully look at the graphic representation of the sound wave. It is a region of relative calm - in these time periods, none of the keyboard keys are pressed. There are also areas that are composed of solid "spikes." At the hearing, they are perceived as clicks. This period of time, when a key was pressed. At this time the circuit was closed, and electromagnetic interference generated correctly with some frequency. Mark a small piece of the chart containing the keyboard noise, and will scale it up to such a size that can clearly be seen every nuance, every single oscillation of sound waves (in my case, the scale was equal to 700%). In "NeroWaveEditor"-e scaling is performed torsion mouse wheel (scale - a very useful tool, with it you will always be distinguished from the usual noise that we need the fragments that contain valuable information). Now pay attention to the fact that the sound wave has some of the fragments (I would call them the keys) that are repeated constantly, and at regular intervals (see screenshots). These repetitive snippets give our seemingly random sound wave, the nature of a periodic function. I counted at 2 fragments-key for each key. The most interesting thing is that each button has its own keyboard parts keys. "But we can find sequences for your keyboard! - You cry out in indignation. Not a problem! In the presence of a large number of recorded "keyboard noise" can be carried out frequency analysis (it can be read in any book on cryptography). It is based on the fact that each letter of the alphabet, as well as punctuation in the text with a certain probability, for example, in Russian, the letter "o" is much more common letter "u". To perform frequency analysis will need to prepare an array containing all kinds of interference. Next you need to write a program - the analyzer audio file, compares it contains noise interference from an array. Program must write the codenames in a file (for example, "pomexa1, pomexa5, ..."). This file will be material for frequency analysis. Take a look at my screenshot, which considers the wave structure for the letter "a", and compare it with the appropriate structure for the letter "h". Letter "a" can immediately visually distinguished from the other by the characteristic w-shaped fragment of the-ray burst. In doing so, you will soon learn to accurately identify which character is behind this sequence of bursts. Antishum Here, we present a brief advice for those experimenters who do not wish to be deaf at an early age:). I can assure readers that all the preset filters, built-in, even in the most famous audio editor (such as Noice Reduction), will not help us weed out interference and leave the desired signal. He simply removed when filtering with the "rubbish" because the analyzers filters perceive the needed signal-ray bursts as "clicks" that is, as defects recording. To create the correct filter may have to work his head. A long analysis, I found that on sound frequencies above 3700 Hz is contained mainly the only one whistling noise. It helped me figure out the menu NeroWaveEditor-as "Enhancement-> Filter Toolbox" (I've highlighted a sound fragment containing the desired signal, zayuzat aforementioned tools and checking the box "Band Pass Filter", choose the following options: "lower" = 3700 Hz, "upper" = 22050 Hz. useful signal almost ceased to hear, therefore, the whole sound information, which lies on the value of "lower" to "upper" - garbage, and the rest - a useful signal). So, singled out the entire record and apply the above filter with the parameters "lower" = 0 and the "upper" = 3700. During this operation, of course, lost some of the information from the upper frequencies. It is possible to avoid such losses, set the equalizer ("Tools-> Equalizer"), but it will take a little longer. Experiment with filters - and you'll get the desired result. The reasons for using this method advantage of this method lies primarily in its relative simplicity and accessibility of anyone. For the mobile race, that is, tracking of any interest to you on foreign soil, can be used a laptop with a small "makeweight - external radio. To ensure a good result, better screen the last or carry it away from the laptop, otherwise you can accept radiation from a laptop for signals from the keyboard of the target. Another, more secure solution - recording signal desired frequency to the recorder and its subsequent withdrawal. Other methods of removal met me valuable information from the electromagnetic interference generated by the keyboard, requiring a minimum of a spectrum analyzer, oscilloscope, frequency counter, multimeter, and similar devices, which is hardly suitable even for very wealthy citizen. Plus, fumbling on the Internet, you're always easy to find a radio transmitter circuits, which, if you know how to use a soldering iron, will help you in the remote transmission of data, which will make your life much safer and almost guaranteed to save you from the prison soup. In this case, to ensure its security, you must install a powerful antenna and place the receiver signal as far as possible. I advise you to look at the site http://www.radist.izmuroma.ru. Another, quite good and, in my opinion, a more convenient way to scan (at least by virtue of the ability to fine tuning and long range) - the use of short-wave transceivers. Alas, they are relatively expensive (unpretentious designs - from 200-300 dollars). But if you - the person concerned, the transceiver is for you to be a real treasure. With it you can not only intercept the electromagnetic radiation, but also listen to the secret transfer - "morse code", and do many other useful and interesting things. But that's another story. Interesting fact: the Belarusian radio telephone "Altai" (do not know whether he is available now), being, in essence, a simple transceiver, has a good opportunity to radio communications. Attention! If you're going to intercept information by the method that is described in this article, in large volumes, you just need a good soundcard, noise level is negligible. Otherwise, headache from fatigue can not be avoided. So be sure to check, whether suit your sound card for such activities in the "industrial" scale, with the utility RightMark Audio Analyzer (http://audio.rightmark.org/rus). .. And finally, If you run on your computer, the important work that requires secrecy, or maintains any server, you simply must have a reliable means to protect against information leakage through electromagnetic radiation. And these funds are very diverse: filtering, grounding devices, shielding, electromagnetic noise, and so on. These funds will be acquitted because there are ways to remove the signal even with a computer monitor, the victim, it is possible to obtain a reliable picture of the user of the computer. The best way to learn all about the impending danger - is to understand the principle of attack realization and test it in practice. Good luck! ------ This article was written as an addition to the news of the vulnerability of keyboards Wireless-published Tylerskald express the same thanks a lot Isupova Leonid aka Cr @ wler for he wrote this article, and thanks to Editorial] [aker of good stuff in their journals. | |
|
| |
| Total comments: 0 | |