Data Transport

Testing Non-traditional Data Transport via RF

In high-security environments, standard data transport over common network protocols is often monitored by sophisticated EDR and DLP systems. Mycelium provides a novel way to test these systems: transmitting data over low-profile RF bands using in-memory obfuscation to evaluate a network's true electromagnetic visibility.

The Strategy: RF-Based Transport Channel

We will build a tool that listens on a local TCP port for data from a test system, applies a basic XOR obfuscation layer, adds a decoy header, and transmits it via a low-power ISM transmitter.

Step 1: Ingesting Data

We use the TCP_Receive action to pull data into Mycelium's internal buffer.

Step 2: In-Memory Obfuscation

To prevent the signal from being easily decoded by a standard SDR scanner, we apply an XOR mask to the entire buffer. This happens entirely in memory before the data ever hits the airwaves.

Step 3: Decoy Header Injection

To further hide the nature of the transmission, we'll prepend a fake header that makes the packet look like a standard, unencrypted industrial sensor broadcast.

Step 4: Silent Transmission

Finally, we tune the SDR to a quiet part of the 915 MHz ISM band and transmit the payload.

The Receiving End

The receiving Mycelium instance simply reverses the process: strips the 4-byte decoy header, applies the same XOR mask, and outputs the clean data.

digraph { graph [bgcolor="transparent" fontname="Inter" rankdir=LR pad=0.4] node [fontname="Inter" fontsize=12 fontcolor="#e2e8f0" style=filled fillcolor="#1a1033" color="#8b5cf6" penwidth=1.5 margin="0.2,0.15" shape=box] edge [color="#8b5cf6" fontcolor="#a78bfa" fontname="Inter" fontsize=10 arrowsize=0.8] subgraph cluster_tx { label="Transmitting Side" fontcolor="#e2e8f0" color="#8b5cf6" style=dashed bgcolor="#0f0a1e" src [label="Test Data" shape=note] chtx [label="Mycelium"] xor [label="XOR_Data"] hdr [label="Insert_Variable\n(decoy header)"] src -> chtx [label="TCP :4444"] chtx -> xor -> hdr } air [label="915 MHz\nISM Band" shape=ellipse fillcolor="#2d1b69"] subgraph cluster_rx { label="Receiving Side" fontcolor="#e2e8f0" color="#8b5cf6" style=dashed bgcolor="#0f0a1e" chrx [label="Mycelium"] strip [label="Slice_Data\n(strip header)"] recover [label="XOR_Data"] out [label="Original Data" shape=note] chrx -> strip -> recover -> out } hdr -> air [label="Transmit 915.5 MHz BPSK"] air -> chrx [label="Receive"] }

Conclusion

Mycelium’s ability to manipulate data buffers on the fly makes it an invaluable tool for testing non-traditional data transport paths. By combining network ingestion with RF physical layer control, security teams can evaluate their organization's true visibility into the electromagnetic domain.



← Back to Blog