Monday, January 29, 2018

System Bus Radio

The System Bus Radio program exploits the design of your computer's system bus to transmit AM radio without any other radio transmitting hardware. When I first heard of System Bus Radio I thought that it's inventor must be a genius hacker. I was right.

A system bus is a single computer bus that connects the primary components of a computer system. these are the CPU, Memory and Input/Output (I/O). This combines the functions of a data bus to carry information, an address bus to determine where it should be sent, and a control bus to determine its operation. The expression "system bus" covers all related hardware, components, wire electronic pathways, and software. (Early computer buses were parallel electrical wires.) If you are still not sure what the bus is, check out this link here. The genius who wrote the original machine code was William Entriken, and he was kind enough to agreed to a short interview with Arcane Radio Trivia.

JF: What gave you the idea to try to convert your Macbook into a radio station?

WE: Well first of all I realized that it was possible.  One day I was sitting downstairs in my basement where I have an actual radio, which is hard to believe nowadays. I do listen to AM radio and the reception is just terrible down there. Some stations still turn off at night. I had the radio on and of course it [the frequency] got silent, and as I got into that room, it started getting louder. I realized this was interference from the computer. I thought wow, that's a lot of interference to pick it up like that. I just got lucky because there are only certain frequencies that it works on... and that's where the idea started.

 JF: Can you explain what components you are exploiting to emit a signal?

WE: I believe that it is the connection between the processor [CPU] and the RAM. There is a lot of space there. Basically you want something that's not shielded. If you have a shielded connection you don't get any signal that's leaking outside. So the processor is in steel, you can't have anything leak out of that, and the wires are only two atoms wide. It's airtight. The RAM likewise. The RAM is extremely tight. But between the processor and the RAM is the system bus. So the ideal is that you can push something onto the system bus that's where your emission is going to come from. It's less shielded. You don't need to have 14 nanometer wires on the system bus because there's not as much going on.

JF: The field tests indicate that it's working on a wide variety of devices.

WE: It's really exciting. It went on to some Portuguese website, then Hackernews, it hit something big. So many people came in and they're from all over the world, Japan and all over Europe, and the interesting thing is that they have different radio stations in Japan and Europe, and the US and different devices. So luckily testing it on all different frequencies on shortwave and long wave, and AM, and it's great because you're not going to know unless you test it.

JF: That sounds like we're exploring the different system buses on all these devices.

WE: Yes! So you're multiplying a bunch of things together. How hard are you hitting the system bus? What is the radio frequency emission envelope of your system bus? Then once it hits your system bus it has to exit your enclosure. So there is shielding on your enclosure too. On an open air system you're have more radiation than something enclosed. Even the same computers in different model years might have different designs. The NSA has a file about this, it's called Tempest

JF: Tempest?

WE: They went through these issues a long time ago and they studied this in much more detail. Tempest is an acronym and they have standards on every component you could get near electricity. So you can read them and see whether they are approved or not, and of course these ones aren't because they're leaking like crazy.

JF: I read about the script that is controlling the transmission. How is that able to modulate the pitch.

WE: So there are only two parts, one of them is modulation, it couldn't be easier onoff, onoff, onoff. That's all you're doing. The "off" is hopefully just using a sleep signal. There's a command on the computer for sleeping, it would just wait hopefully. That's accurate enough, and then the "go" signal. That's the timing. That's it. That's why it only works on AM. That's your carrier on AM.

JF: What about the On signal?

WE: The other half of the program is is the "On" part, that's actually the hard part. The ideal is that the baseline is when the computer sleeping, and ideally it has a different radiation signature than when it's not sleeping and you want as broad a contrast as possible.  The problem is that when you write a program there's no function for "make noise." So typically we make a loop, I=1, then I=2, I=3... all the way up to a million. What happens is that the compiler, because it's so smart, skips over that. The end result is that the computer's not really working but it's telling you that it did. They're too smart for their own good. So what we had to do was find something that the compiler would not skip over, and we want it to load from memory.And computers are very lazy. They don't want to load something from memory if they don't have to. It's expensive. So what they'll do is cache it. You will get it from memory but then keep a residual copy in the processor. Again, that means you'll loading from the processor and nothing leaks out of the processor.  We want it to load something from memory over and over, and computers really hate doing that, and will try very hard to avoid that.

JF: So how did you get around that?

WE: The one way we did that is something called break-cache. It avoids the [CPU] cache and loads what you want from memory. It's a very specific instruction, I don't even know why they have it but that's what we used. So it takes the data from the memory across the system bus to the processor.

JF: Do you have any background in radio previous to this?

WE: I do have a engineering degree. I went to Villanova for Electrical and computer engineering. I'm use to breaking things and building things.

JF: You do know that Villanova has a campus radio station...

WE: I was on that station, WXVU. My show was called the V-Spot. There were these cards we had to read for community announcements. Nothing we pre-recorded, everything was low-budget, do whatever you want, bring guests on, bring your roommate on, everything was off the cuff and super-fun.

JF: Any last thoughts?

WE: It's great to talk about this stuff, to know that other people care, and care about breaking stuff, trying things, and making things. It's going to be a dying trade in the future. You can't open an iPhone. You can take a radio apart with a screwdriver. It's a real shame... I used to take stuff apart until it didn't work anymore then find more stuff to take apart... I hope that your blog inspires people. I hope you're making engineers out of people rather than just history majors. 

JF: Me too.