Tuesday, February 6, 2018

Running TempestSDR on Windows 10

TempestSDR is a nice tool which can be used to eavesdrop on computer monitors using the electromagnetic (EM) emissions causes by them. While this concept is not a new thing, the use of cheap software defined radio (SDR) hardware has enabled the possibility of performing this attack a lot more easier. I was struggling to get the tool up and running on Ubuntu Linux for a while and ended up without a result. Finally, I moved into Windows platform and tried it. Luckily, things went so smoothly and I got TempestSDR tool running with both RTL-SDR and HackRF hardware.

In this post, I'm writing down the steps I followed to get TempestSDR running on Windows 10 operating system with both RTL-SDR and HackRF hardware.

Preparing RTL-SDR and HackRF hardware:

It is necessary to have the required drivers installed on Wondows 10 in order to use both RTL-SDR and HackRF devices. Therefore before everything, let's get the drivers installed. A previous post written by me describes the required steps for. Refer it and install the drivers described here: http://recolog.blogspot.ie/2018/02/installing-drivers-for-rtl-sdr-and.html

Identifying the EM emission frequency of a target monitor:

Before we prepare the TempestSDR tool to eavesdrop on a computer monitor, we need to identify the frequencies where EM emissions occur on the target. This is a little bit cumbersome task as we have to go through the spectrum and identify them. We'll use SDR# software for this purpose.

(1) Download SDR# from here.
https://airspy.com/download/

(2) Extract the ZIP archive, and then inside it, double-click on the install-rtlsdr.bat file. A CMD prompt will start and download some files. It will exit automatically.

(3) Now double click on the SDRSharp.exe tool and it will open the window. You can select the "RTL-SDR (USB)" option for the source.

(4) Keep scrolling while looking for a signal which varies the peaks when I make any change in the screen of the computer such as maximizing / minimizing windows, etc. If there's a strong signal which changes the amplitude when a window is maximized, there's a good chance that it is an emission from the monitor. Note down such frequencies.

Setting up TempestSDR software:

(1) Installed JDK 8 - 32-bit version. I downloaded it from here,
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html The exact file I downloaded is jdk-8u151-windows-i586.exe

(2) Download and install MinGW and MSYS. We have to download a single installer and inside it, we can select the packages of MingGW and MSYS that we want to install.
https://sourceforge.net/projects/mingw/files/

(3) Set the bin folder paths to MinGW and MSYS in Windows PATH. The instructions to set PATH environmental variable on Windows can be found here: https://www.computerhope.com/issues/ch000549.htm

In my system, the paths to the bin folders of those tools after the installation were as follows.

C:\MinGW\bin
C:\MinGW\msys\1.0\bin


(4) Add JAVA_HOME path variable too. The instructions to do this can be found in this link: https://www.mkyong.com/java/how-to-set-java_home-on-windows-10/
 In my system, the path to the directory where Java was installed is as follows.

C:\Program Files (x86)\Java\jdk1.8.0_151

(5) Download TempestSDR from here. Then extract the files.

https://github.com/rtlsdrblog/TempestSDR

(6) In the very first makefile, remove the following line

@$(MAKE) -C TSDRPlugin_Mirics/ all MIRICS_HOME=$(MIRICS_HOME)

(7) Due to the fact that there are spaces in the path to Java installation directory, TempestSDR tool faces some difficulties while running the make file. Therefore, let's copy java installation folder to a new place which does not have spaces in the path.

I copied "C:\Program Files (x86)\Java" folder to "C:\Java" location.

(8) Now go into TempestSDR folder from CMD prompt and and run the following command.

make all JAVA_HOME=C:\Java\jdk1.8.0_151

If the compilation completes successfully, we are good to go.

Running the TempestSDR software:

(1) Connect either RTL-SDR dongle or HackRF device into a USB port of the computer.

(2) Go to the JavaGUI folder in the TempestSDR source code directory. There should be a jar file which we need to run.

java -jar JTempestSDR.jar

(2) From the File menu, select the "Load ExtIO source" option. Then browse to the installation directory of HDSDR software where you copied the ExtIO DLL driver for either RTL-SDR or HackRF. Select that DLL file.

(3) Select the resolution and refresh rate of the monitor being eavesdropped. Then, select the frequency of EM emanation which we manually found using SDR# software. Click "Start" and we are good to go.

Trouble Shooting:

Time to time, TempestSDR tool faced difficulties in detecting the RTL-SDR or HackRF device. In such situations, I used the following steps to resolve the issue.

(1) Restart the machine.

(2) Run SDR# with RTL-SDR/HackRF first to get the correct driver running.

(3) Then try running TempestSDR jar file from the beginning.

Following are some of the screenshots of my attempts.

A checker board image was placed on the target computer screen.

TempestSDR capturing data from a Dell monitor with RTL-SDR
 
TempestSDR capturing data from a Samsung monitor with HackRF


~*******~

7 comments:

  1. GiamMa-based researchers SDR R&D IoT

    This is my test:

    Test - TempestSDR with RTL SDR on windows - Desktop DVI Monitor

    https://www.youtube.com/watch?v=-V50plHPQpY

    Test - TempestSDR with RTL SDR on windows - Desktop VGA Monitor

    https://www.youtube.com/watch?v=8wLhS5SgSX4

    Test - TempestSDR with RTL SDR on windows - Laptop Monitor

    https://www.youtube.com/watch?v=OK70F4RsLjw



    During my windows tests I encountered various errors and exceptions such as “Exception in thread” AWT-EventQueue-0 “java.lang.UnsatisfiedLinkError:”.
    The solution that worked for me was to follow the following tutorial, How to settings MinGW / MinGW C++ Download and Installation:
    http://www.ics.uci.edu/~pattis/common/handouts/mingweclipse/mingw.html
    The version of java to be used must be higher than release 52, with version 8 I have not encountered problems on windows 32 and 64 bit.
    My test of Eavesdropping on DELL Laptop Computer Screens via electromagnetic interference (EMI) using rtl sdr on Windows. Monitor Resolution WXGA 1280×800 60hz:
    https://www.youtube.com/watch?v=OK70F4RsLjw
    To look for the frequency of interference signal, I recommend searching by scanning one waveform with many subsequent peaks between 300 and 700 Mhz.
    After tuning in to the targhet frequency let the software take autocalibriums and try to move a few Mhz to center the targe

    ReplyDelete
  2. It would be great to get a guide for *nix as well.

    ReplyDelete
  3. i cant execute a make command because there is no make! also why setting JAVA_HOME to C:\Java\jdk1.8.0_151 when moving it afterwards anyways?

    ReplyDelete
  4. i cant follow any of this. pls make video

    ReplyDelete