1d14d06e5SXianjun Jiao<!-- 2d14d06e5SXianjun JiaoAuthor: Xianjun jiao 3d14d06e5SXianjun JiaoSPDX-FileCopyrightText: 2021 UGent 4d14d06e5SXianjun JiaoSPDX-License-Identifier: AGPL-3.0-or-later 5d14d06e5SXianjun Jiao--> 6d14d06e5SXianjun Jiao 7*b49db4c5SXianjun JiaoCSI (Channel Station Information) of WiFi systems is available in some WiFi chips and can be used for environment (people, object, activity) sensing passively and secretly. 8d14d06e5SXianjun Jiao 9*b49db4c5SXianjun JiaoHow could a CSI fuzzer stop unauthorized sensing? 10*b49db4c5SXianjun Jiao 11*b49db4c5SXianjun Jiao 12*b49db4c5SXianjun Jiao 13*b49db4c5SXianjun JiaoCSI fuzzer implementation principle. 14*b49db4c5SXianjun Jiao 15*b49db4c5SXianjun Jiao 16*b49db4c5SXianjun Jiao 17*b49db4c5SXianjun JiaoCSI fuzzer in openwifi system architecture and related commands. 18*b49db4c5SXianjun Jiao 19*b49db4c5SXianjun Jiao 20*b49db4c5SXianjun Jiao 21*b49db4c5SXianjun JiaoThanks to the full-duplex capability and CSI extraction feature of openwifi, you can monitor the artificial channel response via [side channel](./csi.md) by Tx-Rx over the air coupling without affecting the normal operation/traffic of openwifi. Before the self-monitoring, the auto-mute during Tx needs to be disabled: 22*b49db4c5SXianjun Jiao 23*b49db4c5SXianjun Jiao``` 24*b49db4c5SXianjun Jiao./sdrctl dev sdr0 set reg xpu 1 1 25*b49db4c5SXianjun Jiao``` 26*b49db4c5SXianjun Jiao 27*b49db4c5SXianjun JiaoCSI self-monitoring before fuzzing. 28d14d06e5SXianjun Jiao 29d14d06e5SXianjun Jiao 30d14d06e5SXianjun Jiao 31*b49db4c5SXianjun JiaoCSI self-monitoring after fuzzing command: `csi_fuzzer.sh 1 45 0 13` 32d14d06e5SXianjun Jiao 33d14d06e5SXianjun Jiao 34*b49db4c5SXianjun Jiao 35*b49db4c5SXianjun Jiao`csi_fuzzer_scan.sh` can scan the c1 and c2 in different styles/modes by calling `csi_fuzzer.sh`. 36
