Like all time-varying voltage and current, a video interface connecting a PC to its monitor emits electromagnetic waves. The attack commonly known as TEMPEST (or Van Eck Phreaking) consists in receiving this signal and inferring the image being displayed on the monitor; that is to say, pointing an antenna to a PC and spying the monitor. This is a particularly interesting application for Software Defined Radio, as it requires modeling the signal and implementing a custom receiver.
However, and although the first public demonstrations date back to the mid-80s by Wim Van Eck, no open-source implementation was available until Martin Marinov’s TempestSDR was published in 2014 (see https://github.com/martinmarinov/TempestSDR). TempestSDR consists of a module written in C that takes care of the signal processing, plug-ins for various models of SDR hardware, and a Java-based GUI. This results in a multi-platform software which works great, but is difficult to extend or tweak. For instance, new plug-ins have to be written for new SDR hardware, or including filters or other DSP blocks in the signal’s flow is not straightforward at all.
To this end, in 2020 I published gr-tempest, a GNU Radio-based implementation of TEMPEST (see https://github.com/git-artes/gr-tempest/). This is an on-going project whose objective is to emulate and extend TempestSDR functionalities, while enabling simpler experimentation and taking advantage of GNU Radio’s functionalities and support. In this talk, I will describe the mathematical principles behind the TEMPEST attack and present how gr-tempest works. Furthermore, I will show several real-world examples including both VGA and HDMI, and the fundamental differences between both types of signals.