Hacker News new | past | comments | ask | show | jobs | submit login
System Bus Radio (github.com)
499 points by sssilver on Mar 1, 2016 | hide | past | web | favorite | 87 comments



Generating music via radio interference goes way, way back. The IBM 1401 (1960's era) could do this:https://www.youtube.com/watch?v=EPk8MVEmiTI It could also play music on the line printer by banging out the right sequence of characters. http://mail.computerhistory.org/pipermail/1401_software/2009...

Strangely, the 1401 radio music was later set to orchestra and released as a CD by an Icelandic composer: http://www.npr.org/templates/story/story.php?storyId=7408766


Old HP scanners used to have a music-making easter egg: http://youtu.be/8JwU5mcIwDw


Back in the early 1980's this was the standard way to produce sound on the (Timex) Sinclair ZX80.


In the vein of old hardware playing music, you should absolutely check out this cover of Radiohead’s “Nude,” if this sort of thing interests you. I find it strangely moving. http://alanhogan.com/big-ideas-dont-get-any (direct link http://www.vimeo.com/1109226?pg=embed&sec=1109226)


For those that do not have a Mac or AM radio, I made a small video for you: https://youtu.be/oXAeGZaka7o

It's a Macbook Pro late 2013 and a pretty stock FM/AM radio.


https://www.youtube.com/watch?v=Nroc2BtO6NU

There's already a PR with Linux support, it works! There's another PR to play the Super Mario theme, that also works.


Couldn't make the PR with the Super Mario theme play on my Macbook. It played only the first two notes than it got stuck there.


I won't be one of the cool kids and make a video but;

Thinkpad T61 works with the Linux branch.


Somewhere out there is the story of the guy who brought his Alto computer and electric guitar to the infamous Computer Club. He set the guitar on the computer and the speaker started playing Mary Had A Little Lamb. He had written a program to set and unset registers at specific frequencies.


According to Steven Levy's 'Hackers'[0] it was Steve Dompier's Altair, it was a radio not a speaker, and the tune was the Beatles' Fool on the Hill.

[0] Which it turns out is online at http://www.gutenberg.org/cache/epub/729/pg729.html


Question to Radio Yerevan: "Is it correct that Grigori Grigorievich Grigoriev won a luxury car at the All-Union Championship in Moscow?"

Radio Yerevan answered: "In principle, yes. But first of all it was not Grigori Grigorievich Grigoriev, but Vassili Vassilievich Vassiliev; second, it was not at the All-Union Championship in Moscow, but at a Collective Farm Sports Festival in Smolensk; third, it was not a car, but a bicycle; and fourth he didn't win it, but rather it was stolen from him."


(The canonical version says something like "The information is generally correct, but subject to four adjustments".)


This is how we got sound to play on the TI graphing calculators. It sounded bad and drained the batteries but it was fun. Another fun thing was getting grayscale graphics on those screens. They had only black and white pixels but flipping them on and off at different frequencies made them gray.


What about receiving these communications using computer without special hardware? Could this interfere with audio, wifi or some other component in away that could be detected by software?

Quite certainly decent bit rates would be out of question, but would it be possible to pass any information between two computers using this?


It would certainly be very difficult. If you could get the bus noise near the 2.4GHz freq range (unlikely), you could use the wifi of the other computer to potentially receive.

Another thing people have experimented with is using the speaker/microphone at above human hearing range. This method usually falls flat because crappy laptop speakers have a hard time going above 20kHz.

One thing I could potentially see working is a laptop with a hard drive generating vibrations with the motor. Then, a smartphone or laptop with an accelerometer could pick up the signal using the coupling through a table.


Wifi being so high bandwidth it'd be very difficult. Bluetooth Low Energy supports very small bandwidths and would be significantly easier to generate in the end.

You generally don't get good enough control over the motors or voice coil in a hard drive to be able to make vibrations like that. I'd probably look at controlling the fans instead to get a similar effect and use the microphone to listen for the noise from them.


I was thinking along the lines of hard drive spin down/spin up due to power state configurations. The fans would probably be easier, though, provided you could pick up on it.


There are videos on youtube with people making hard drives "sing" by carefully computed seek actions.


Something remotely related: hijacking Siri via radiowaves and iPhone headphones https://news.ycombinator.com/item?id=10387486


Generally computer busses are designed to operate without impact from external interference, bc there is so much of it around us all the time. You might be able to tip the scales though in some sensitive areas. Microphone input would be one, by influencing any high-impedance parts. Radio systems might be vulnerable... although typically they're designed so you don't get access to the baseband signal. For the most part, you'd be limited to up/down state. Coupling noise onto a USB cable though would require lots and lots power. I wonder if DRAM could be influenced? Hmmm....


I'm reminded of the classic video of a guy shouting at hard drives and causing their latencies to spike:

https://www.joyent.com/blog/shouting-at-the-datacenter


Very interesting. Reminds me of a similar project from Fabrice Bellard, using a VGA card to broadcast a DVB-T digital television signal:

http://bellard.org/dvbt/


Thanks, this was at the edge of my memory, but I was struggling to recall :-)

I think Fabrice's demo is much more interesting, as it's significantly denser information.


I wonder if deployed around the world there is a network of radios sync by GPS to receive time encoded encrypted communications signals of every electrical powered devices configured to transmit according to the same principle and all the things about security are just a curtain behind the capability of capturing everything that has already been deployed.

Given that this is CPU and subsystems related doesn't have anything to do with software running... it could be capture and executed by a routine in the CPU out of every possible observance by dedicated circuitry, this would fall under all the requisites mentioned by the poster

    Be emitted by the computer processor and other subsystems
    Escape the computer shielding
    Pass through the air or other obstructions
    Be accepted by the antenna
    Be selected by the receiver
Neurosis off...

Edit: Neurosis on

You know what escapes computer shielding? cables... like the ones with cpus that are used for connecting to external devices...

Neurosis off.


Is what you're looking to be paranoid about?

https://en.wikipedia.org/wiki/Tempest_(codename)



And thus, it's obligatory that someone recommend Neal Stephenson's _Cryptonomicon_, in which this features quite heavily.


And, within 24 hours or so someone will submit the Van Eck Phreaking Wikipedia page link as a standalone submission on HN.


it was already done ~86 days ago, so it won't be back for a bit longer

https://news.ycombinator.com/item?id=10684447


As long as we're making tangential recommendations and expecting to be reintroduced to things within 24 hours, I'd like to throw John Dies at the End into the ring.


RF leaks are an old tune, NSA was using it back in the 60's I believe. There was an article in Wired about this topic in 2008[0] Gene Hackman and Will Smith in a movie Enemy Of The State (2009)[1] hinted at this technology.

[0] http://www.wired.com/2008/04/nsa-releases-se/

[1] http://www.imdb.com/title/tt0120660/?ref_=nm_flmg_act_10

(edit for formatting)


huh, I was wondering if everybody else noticed the standard nerd sniping pattern on HN.


It's a long book but it is worth reading. One of my favorite books.


There's this DEFCON talk that (among other things) covers how an unshielded display cable can potentially leak screen contents over RF. Well worth a watch if you've got the time.

https://www.youtube.com/watch?v=_g9yUiAHiFo


I recall seeing a cryptographic side channel attack based on radio frequency interference from the victim computer. I don't have a source for this but I'm sure someone will find a link soon enough.


I remember this being done with microphones, listening to the clicks of the coils. Related?

http://www.cs.tau.ac.il/~tromer/acoustic/

Edit, found in one of the links on that page, seems this is the same group http://www.cs.tau.ac.il/~tromer/ecdh/


If this was true, you'd expect hobbyist radio operators to notice, right? That increases the required conspiracy size by orders of magnitudes.


Out of the Neurosis joke area and in line with your hobbyist radio operator comment, probably the person who most know about how to perform radio transmissions using a component by re-purposing them are those who work shielding sensible components away from it.

For example power bricks that contains every day more and more circuitry could implement a protocol of communication by de-modulating a message sent by AC and then sending via radio to the computer the message; process that's even easier with power cables with data lines.... like the usb cable.


I feel like you've just written half of the script for the next Transformers movie.


Another bit of prior work was Tempest For Eliza [1], which generated patterns on old CRT screens to play music (arbitrary MP3 files!) on nearby AM radios.

Edit: And here's another one that transmits data over radio by toggling GPIO pins and the UART on a cheap laser printer: http://www.funtenna.org/

[1] http://www.erikyyy.de/tempest/


One more example, from the 70s: TARGET, a text-mode shootem-up on the SOL-20 had sound effects—just put your transistor radio (every kid had one) near the computer while playing. Took a bit of futzing with the tuner, but there used to be more time in the day.


Yes. What happened to time? I tried loading a C64 game from tape - and I could not believe that it took that long when I was a kid.


This is probably the wrong reaction to this article, but it is mostly making me nostalgic for the distinctive musical RF interference that comes from a C64 while it is in a FOR delay loop.


That's not the only part of the C64 you could make music out of.

My co-worker told me of a program he downloaded from a BBS back in the day called "Drive Music" that turned his C64's floppy drive heads into a musical instrument.



I had this! It was amazing but IIRC it came with a disclaimer that you may need to re-align your drive heads afterwards.


There also used to be a program that would transmit audio over radio waves using a CRT monitor.



Andrews Airforce Base's Emission Security Information Guide https://web.archive.org/web/20011117002220/http://www.andrew...


I am in kind of dark here, where is the antenna? the wires on the system bus? or the copper coil in the speaker? could someone please explain it a little bit more?


It's just leakage. Any high power component which can be controlled by the program is likely to do it. Remember that the radio receiver's gain is essentially infinite- the limit is the noise floor. If there is any leakage above the noise floor, you are going to pick it up.

There are lots of related tricks: tune a communications receiver to 455 KHz, and you will pick up the station that a nearby radio is receiving (because it's picking up IF leakage). Also the inverse works: the IF amp is where all the gain is, so if you transmit on 455 KHz, you can jam nearby AM radios no matter what they are tuned to. My dad did this when he was a kid in the 40s with a single tube transmitter.


Any oscillating electric current transmits magnetic waves of a certain strength. Certain oscillations at particular frequencies represent radio waves. At lower frequencies, one might merely act directly upon the magnetic transducers of a poorly-shielded audio speaker, creating sounds at volumes and within ranges audible to humans.

Any segment of electric wire, carrying a current that can change direction, might be used to this effect. Stronger electrical activity over a bigger, better wire has higher chance of sending a signal that can be detected.


It's what have been done in 1977 on the MITS Altair 8800 by Steve Dompier at the Homebrew Computer Club. The beginning of the personal computer history.


We did this on the zx81 too. I think there was a game that used an AM radio for sound. It was certainly written up in the contemporary computer magazines.

I guess this will be rediscovered every time someone happens to figure out timing loops while they have a radio nearby.


> Instructions in this program cause electromagnetic radiation to emit from the computer.

I understand that part. but don't understand the technical details. Could someone elaborate a bit how this works?


Just tested on a MacBook Pro (Retina, 15-inch, Late 2013) and it didn't work. (Although I see in the README it says to run it on an Apple MacBook Air 13-inch, Early 2015). Anyone else get it to work?


Works here on a Retina 15-inch mid-2012 MacBook Pro. You've got to have the antenna real close to the machine (talking 10 cm here), turn the dial pretty much to the end of the AM band and then you can hear the tune through loads of AM static.


Thanks for your feedback. Even different models of the same computer will have different results. But I suspect that the MBPR you have will likely still work. Please check different AM channels and put the antenna directly on the computer to get started. If you find another frequency that works please let me know (email on the project page).


Works fine on my MacBook Pro Retina, 13-inch, Early 2015. Quite a lot of static, but an amazing moment when you do pick out the tune for the first time !


Works for me on an Early 2014 MacBook Air and Mid 2011 iMac, although the iMac signal is very, very weak.


UPDATE: This DID work for me on my MacBook Pro (Retina, 13-inch, Late 2013). Nicely done @fulldecent!


Working on a mid-2012 15" non-retina MBP. I was able to pick up the tune on various frequencies, starting around 650khz and on various other bands right up to around 1500khz (my radio's upper limit).


[deleted]


Replacing _mm_stream_si128 with a simple x++ will work too.


This is the same idea as using an AM radio as an audio tachometer in old cars. You can hear the ignition system hum rise and fall in pitch on the radio as the engine rotation rate changes.


Neat. In the 1970s there was a program that triggered the S100 bus of the time and played Flight of the Bumble Bee on a nearby radio.


Ha Ha! Yes. I was thinking the same thing. My old college roomie had an old 8080 system (Cromemco??? I can't remember.. it was the pre-Apple II days...) and used to run that program and similar radio noise makers. I think there was some space game that used bus noise for weapon effects.


Mine was IMSAI 8080. But I had forgotten- I think one of the Star Trek games did the phasers on the radio.


"Different results will be achievable with different equipment. Please send your results to sbr@phor.net"

I think the barrier to entry for this is raised by the fact that most people don't have AM receivers anymore. If I find one lying around though, I will certainly give this a try.

Ah, and apparently this proof-of-concept works exclusively on OSX for now.


Almost all cars still have them, just bring a laptop into a car.


BMW i3 has the AM hardware builtin but disabled it in firmware [1] due to the exact same reason: electromagnetic interferences caused poor quality of the AM reception.

Obviously, AM radio on i3s can be re-enabled by firmware hacking - called "coding". [2]

Even with the full metal body/frame, AM radio noise caused by EMI emitted from EV motor/circuits was still significant. I guess it's still VERY HARD to shield these EMIs.

Full disclosure: I've owned BMW ActiveE and BMW i3.

[1] http://www.greencarreports.com/news/1098893_bmw-i3-electric-...

[2] http://www.greencarreports.com/news/1099782_bmw-i3-rex-elect...


The Tesla Model S has AM. It's fun to tune the radio to an unused frequency and drive around. The radio picks up a ton of noise that sort of emulates just a little bit how a loud gasoline engine would sound.

I hear that they've removed AM from the Model X.


   The radio picks up a ton of noise that sort of emulates just a little bit how a loud gasoline engine would sound.
It's the same behavior in BMW EVs(i3/i8/ActiveE/MiniE). It's not a constant noise on AM radio but really when you press the accelerator pedal hard on a quiet street could you hear the interference. BMW consider that unacceptable based on their "standards".

Apparently a lot ofTesla Model S owners agree with BMW on the subpar AM radio reception and complaint on their forum[1], which was probably why AM radio removed from Model X. I do consider that a surprise feature (of emulating engine revs) albeit it's a bit annoying sometimes.

[1] https://forums.teslamotors.com/forum/forums/am-radio-station...


Funny that alternator whine is the bane of all car audio installers and a similar thing is a feature in EVs :)


The Mitsubishi Outlander PHEV have an AM radio, and while there is some interference it's actually not much except on a few frequences. I admit that I spent quite a while searching for the most amount of noise.


It's slightly non-trivial to even shield modern car audio system itself from interfering with it's own AM receiver. It involves things like dynamically scaling various clocks to be outside of the currently tuned AM channel and so on.


Do they give you some alternative way to listen to AM stations?

I find AM stations very useful for traffic/weather while traveling. Also for road notices.


I had assumed it was mandated that cars in the USA have AM radios so that they could listen to TIS stations. https://en.wikipedia.org/wiki/Travelers'_information_station

I can't find anything that enforces that mandate, though. So I guess there's nothing keeping you from shipping a car radio without AM.


This is crazy, so many people have SDR but not AM radios! FYI car radios did not work for me, maybe because they have better shield. Also, I understand that someone has translated this to linux APIs but have not seen a PR yet.


Just did a PR right after you posted the message :)


I did something similar back in the day using CRT monitors that displayed the right image at the right time to produce desired radio waves. The range was very limited, however, and lots of background noise but you could certainly hear the music that was playing if you tuned your radio and brought it real close to the monitor.


Usenix paper this code mentions in the README, includes presentation video: https://www.usenix.org/node/190937

I'll try to find time to try to transmit some data this way and receive it with my rad1o.


Worked great on my MacBook Air (13-inch, Early 2015) with an old panasonic boombox. Very cool!


Can this read other data in the system bus?


If I put my ear up to my late 2013 rMBP I can actually hear the tune playing without breaking out my SDR. Cool.


Wow, if this works, that is awesome!


Fascinating!!!


RIP Airgap




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: