1d14d06e5SXianjun Jiao<!-- 2d14d06e5SXianjun JiaoAuthor: Xianjun jiao 3d14d06e5SXianjun JiaoSPDX-FileCopyrightText: 2021 UGent 4d14d06e5SXianjun JiaoSPDX-License-Identifier: AGPL-3.0-or-later 5d14d06e5SXianjun Jiao--> 6d14d06e5SXianjun Jiao 7*8e3dc371SJiao Xianjun[Openwifi CSI fuzzer for authorized sensing and covert channels](https://arxiv.org/pdf/2105.07428.pdf) (submitted to ACM WiSec 2021) 8*8e3dc371SJiao Xianjun 9b49db4c5SXianjun JiaoCSI (Channel Station Information) of WiFi systems is available in some WiFi chips and can be used for environment (people, object, activity) sensing passively and secretly. 10d14d06e5SXianjun Jiao 11b49db4c5SXianjun JiaoHow could a CSI fuzzer stop unauthorized sensing? 12b49db4c5SXianjun Jiao 13b49db4c5SXianjun Jiao 14b49db4c5SXianjun Jiao 15b49db4c5SXianjun JiaoCSI fuzzer implementation principle. 16b49db4c5SXianjun Jiao 17b49db4c5SXianjun Jiao 18b49db4c5SXianjun Jiao 19b49db4c5SXianjun JiaoCSI fuzzer in openwifi system architecture and related commands. 20b49db4c5SXianjun Jiao 21b49db4c5SXianjun Jiao 22b49db4c5SXianjun Jiao 23b49db4c5SXianjun JiaoThanks to the full-duplex capability and CSI extraction feature of openwifi, you can monitor the artificial channel response via [side channel](./csi.md) by Tx-Rx over the air coupling without affecting the normal operation/traffic of openwifi. Before the self-monitoring, the auto-mute during Tx needs to be disabled: 24b49db4c5SXianjun Jiao 25b49db4c5SXianjun Jiao``` 26b49db4c5SXianjun Jiao./sdrctl dev sdr0 set reg xpu 1 1 27b49db4c5SXianjun Jiao``` 28b49db4c5SXianjun Jiao 29b49db4c5SXianjun JiaoCSI self-monitoring before fuzzing. 30d14d06e5SXianjun Jiao 31d14d06e5SXianjun Jiao 32d14d06e5SXianjun Jiao 33b49db4c5SXianjun JiaoCSI self-monitoring after fuzzing command: `csi_fuzzer.sh 1 45 0 13` 34d14d06e5SXianjun Jiao 35d14d06e5SXianjun Jiao 36b49db4c5SXianjun Jiao 37b49db4c5SXianjun Jiao`csi_fuzzer_scan.sh` can scan the c1 and c2 in different styles/modes by calling `csi_fuzzer.sh`. 38
