Wireless Keylogger

Brian CroneEvan GravesSamuel OshinYonatan FelekeWireless KeyloggerProject Overview of Wireless KeyloggerThe Wireless Keylogger will be able to monitor keystrokes entered on a target keyboardIt will be equipped with DES encryption to avoid just anyone from accessing the contents of the SRAMData would be transmitted wirelessly to keep its presence discreet.Features:USB InterfaceEncryption of KeystrokesOff Chip SRAM StorageBluetooth Wireless transferSystem Level DiagramWireless KeyloggerWireless ReceiverHost ComputerKeyboardUSBUSBBluetoothArchitecture DiagramUSB RECIEVERENCRYPTIONMEMORYBLUETOOTHRECIEVERFullEmptyDatar_enableFullEmptyDatar_enabler_enableDataAntennaPowerGroundD+D-KeyboardHost ComputerR_ERRORSequence FlowchartData PacketTransmit to ReceiverStore in Off Chip SRAMRead from SRAMEncryptListening on USB lineTransmit Packet?Listen on BluetoothOutput to ScreenYesYesNoNoDECODE

SHIFT_REGW/ BIT STUFFINGTIMEREDGE_DETECTCRC REGISTER(MODIFIED SHIFTREGISTER)RCV_FIFOEOP_DETECT(COMBINATIONAL)

RCU(FSM)CLOCK DIVIDER/3D_PLUSD_MINUSEOPD_EDGED_EDGED_PLUSEOPDATAW_ENABLER_ENABLERCV_DATA[7:0]CRC_ERRORSHIFTD_ORIGSHIFT_ENABLECLKRSTRCLKR_DATA[7:0]EMPTYR_ERRORFULLRCVINGUSB RECEIVERRCVINGTIMERTIMER NEXT STATE LOGICTIMER STATE REG. TIMER OUTPUT LOGICnextstate[3:0]clkrstState[3:0]D_EDGERCVINGSHIFT_ENABLEDescription:

Strobe SHIFT_ENABLE every 8 clock cycles (12 Mb/s)If an edge is detected, timer will resynchronize start its count over. It will wait 3 cycles, strobe SHIFT_ENABLE, then restart its 8 count.DECODEDECODE NEXT STATE LOGICDECODE STATE REG. DECODE OUTPUT LOGICnextstate[1:0]clkrstState[1:0]EOPSHIFT_ENABLED_ORIGDescription:

Samples the D_PLUS line when SHIFT_ENABLE is asserted highIf there is a transition in the D_PLUS line, D_ORIG will be asserted low. No transition will result in D_ORIG being asserted high.D_PLUSSHIFT_ENABLEEDGE DETECTEDGE NEXT STATE LOGIC

EDGE STATE REG. nextstateclkrstD_EDGED_PLUSxEOP DETECTD_PLUSD_MINUSEOPDescription:Edge Detect will strobe high when it detects a high to low or low to high transition on D_PLUS.Description:EOP Detect will set the EOP signal when both D_PLUS and D_MINUS are set low simultaneously.RegisterIF 1_ctr = 6 ThenRCV_DATA

ELSE RCV_DATA[7:1] & D_OrigIF D_Orig = 1 then 1_ctr++

ELSE 1_ctr = 0D_OrigD_OrigRCV_DATAnextRCV_DATAShift Register w/ Bit StuffingDescription:Shifts in serial data to a 8-bit parallel outIf it receives 6 consecutive 1s, the shift register will ignore the next shift command and not shift in the next data bit (which will be a zero)SHIFT_ENABLEReceive First ByteReceive PID ByteReceive Next Data ByteLoad ByteInto FIFOSync Byte?PID: Data Type?EOP?Does CRC Agree?Error.Ignore PacketYESYESYESYESNONONOFiestel FunctionENC_ControllerRound Key Gen1 01 0Fiestel RegisterRound CounterFIFOclkRndCtclkDataFullEmptyEnc_LeftStartEnc_RightR_enableW_enableF_RF_LR_KeyIn_SelectF_RF_LDataEncryption BlockEncryption block, gets the data, 64 bits at a time, encrypts and stores in a fifo to be stored in memory.Shift

PBOX1PBOX2LHRnd_#RHRnd_#LH_SRH_SP1_LHP1_RHP2_LHP2_RH1 01 0Enc_LeftEnc_RightF_RF_LRound Key Gen32323232323232323232Generates the Round Key, by using the key in halves, shifting them determined by the round counter, and Permuted twice.EXP_PERMSBOXHDATAEXP_DATASDATAXORDATARKEYPBOXPDATA32323232Fiestel FunctionBasic functions outline in the Fiestel Function, Expansion permutation, Xor with Round Key, Substitution Box, and Permutation Box. 0 1 State RegisterIf X< 8 then X+1 else 0Compile BlockEmptystart0clkEmptystartDataAllw_enableDatar_enable6483ENC ControllerENC Controller is used to control the function of the encryption block, it sends a start signal, a w_enable and also a r_enable. Shifts data according to countCNT16State REgisterIf X < 16 then X + 1 else 00 1StartCntDataDataAllCntClk0Cntw_enableDataAll (63:32)DataAll (31:0)644Compile BlockCompile Block compiles the 8 by 8 Fifo provided by the USB receiving block, into a single 64 bit Data, and also includes a timer to count how long it will take for the encryption to be done.0 1 State RegisterIf X< 16 then X+1 else 00clkEmptyEmptyIn_SelectRnd_Cnt4Round CounterRound counter increments from 0 to 15, identifying all rounds of a typical DES encryption. The In_Select is used to choose the inputs for encryption (once past 0 it should use the previous output)MemoryMemory receives a Full or Empty signal from the Encryption block. Memory doesnt start reading in the Encrypted data until the Full strobe is asserted. Once the data is read in, the data is stored in the SRAM if the Read_enable signal from the Bluetooth is high. The Bluetooth then can receive 256 bits of stored memory.

Bluetooth Send BlockAppendAcessCodeStartChkCodeGenENEncodePacketRCUANTTransENANTUATHeaderGendataEncodeENHeaderGenENReadENStopSendpacketSendENThe Bluetooth send block utilizes a section OBEX file transfer protocol. The way it gets implemented is that when a send packet is received from a Bluetooth device the process block sends out the data packet. Since 474 bytes are supported on one transmission we are assuming that only one send sequence is going to occur. The various Bluetooth inticate details are accomplished via the gen blocks.stripPayloaddata

RegClkAcesscodeheaderresendENerr

nextpacketANTANTstrobeRegClkSRam444bitrENpcktemptystoreENstoreENstoreENStateReg-idle-transstatestopSendtransENOutputLogicCodeGenENNxtstateLogicnxtstateEncodeENHeaderGenENresendENReadENThe RCU is the controller block that sends a readenable when a packet has been successfully been transmitted. If packet failed to be transmitted correctly then the rcu resends the packet all over again.clkRCUEncodeENEncodePacketClkrstCounterRegNextStateIf(ctr