THE
-----------------by Al Muick for P-80 Systems, OCT 86----------
Let me begin by a brief history of myself. I spent the better part of six years in
What I'm about to tell you comes under the heading of
The interception of radiated data from computers and computer terminals is known in the world of the
To run a
Your tape deck MUST run at either 7 1/2 or 15 i.p.s in order for it to record this signal. You will later play that signal back into your IF for exploitation.
As soon as you have your intercept station (it is best to use a van) set up with receiver, antenna, and recorder, you are ready to engage your intercept target. Most computers are RF shielded these days, so your receiver had better be damn sensitive and have a very selective bandwidth. If you are planning to intercept such a computer, you will need to be outside its building location (if possible). Since we know, most microprocessors operate at frequencies between 2-12 MHz, we will look for the radiated data here in that frequency range. It is here that a spectrum analyzer, connected to your IF output will aid in discerning the signals and binary emissions of your target computer. If you know how to use a spectrum analyzer, it will prove invaluable, but since they are so complicated, I will not attempt to explain their proper use here.
You will simply scan the bands between 2-12 MHz until you find the radiated signal (if you must, go for the 2nd, 3rd, 4th, etc. harmonics if local interference on the primary frequency is too high) and then tune to the spot where it comes in best.
Once you have your target tuned in, you may want to drive around the block or further away, to avoid detection. Remember, not to go too far or you will lose the signal. Mainframe computers (when unprotected) sometimes radiate a signal for 3 to four miles! A typical PC computer will radiate a signal for at least 1/2 mile if unprotected!
You should, by now, have picked your intercept site, have parked the van, and have made sure that you still have your signal coming in at good strength. The next step is easy! Simply connect the output of your low frequency IF to the input of your deck and let 'er rip! I find that 10" reels suit this purpose just fine, and you should be able to get at least one or two UIDs or
Once home, you will need another piece of equipment, possibly two. In various surplus magazines, you will see a machine called a "visi-corder" advertised. This is a machine that burns a copy of binary code onto light-sensitive paper. They cost some money, but are basically invaluable. You are now ready for signal exploitation.
You now need to play your recorded tape into the IF input of your communications receiver. The output of your IF will be connected to the IF input on the visi-corder. This will give your the truest binary representation on the paper. If you so desire, you may connect the audio out of your communications receiver to the audio input of the visi-corder. The audio is rectified into DC and then you get a crisp, clear presentation on the paper. But remember this....DC LIES!!! While the representation may be clear, the binary spacing will be off slightly, increasing in error as you continue, until you finally wind up with continuous error.
Assuming you have made the proper connections, get some beer for your relaxation (or them funny l'il pills, or whatever makes you relax....here comes the hair-pulling part). Begin playback of the deck into your receiver and initiate the visi-corder's print mode. I recommend a medium-fast speed, because if you use slow speed to conserve paper (you cheap fucker!), the bauds will be so close together as to render the paper useless and wou wind up wasting the paper anyway!
At this point, print out about 2 minutes worth of paper. Once the paper is printed, expose it to light so it develops and have several 3x5" cards handy. As soon as it develops, scan the paper and the binary stream on it for a section that has three or four of the smallest (closest together) bits. This is ASCII. Once you have found the section, place one 3x5" card at the base of the section and mark off tick marks where each bit stops and ends (on the smallest bits only!!). You are now ready to do what we in the
As you know, one ASCII byte consists of 8 bits. simply start at a reasonable point at the beginning of your interception and begin to mark off tick marks along the binary stream. Even if you come across 1s and 0s that are very wide, mark as many thin ticks from your 3x5" card on them. This is necessary to break the ASCII code.
The complete 8 bit ASCII code is at the end of this tutorial for your convenience.
Once you have marked off the paper, count off the first eight bits, e.g. 10011101 and refer to the ASCII chart to find a character that fits it. If you can't find one immediately, don't despair! Try using the complement of the 8-bit code in front of you (i.e. the reverse of what you've decoded. Instead of 10011101, try 01100010.). If you still have not found anything, slide your card over one bit and try to get another byte of ASCII. This time you may come up with 00111010 (complement 11000101). Check it with the table.
Note: this is illegal and is punishable under federal law. I assume no responsibility for your actions, and neither does the operator of P-80. This is presented for your information only. If you have any questions, please leave me mail!......happy hacking!....Al Muick.
The 8 bit ASCII code:
(for 7 bit ASCII, simply delete the last bit...it's not always there...something to keep in mind....al)
BINARY MEANING
00000000 Null
10000000 Start of message
01000000 End of address
11000000 End of message
00100000 End of transmission
10100000