قالب وردپرس درنا توس
Home / Tips and Tricks / How to tell when a device is near the ESP8266 Friend Detector «Null Byte :: WonderHowTo

How to tell when a device is near the ESP8266 Friend Detector «Null Byte :: WonderHowTo



Smartphones and other Wi-Fi-enabled devices send radio signals called "probe frames" to search nearby wireless networks. As a result, they can easily be tracked for their unique MAC address. To show how this type of tracking works, we can program a NodeMCU in Arduino to sniff the air for packets from each device we want to track and turn on an LED if it is detected nearby.

Track devices by their MAC address from everyone, from retailers to messaging services. The information is used to gather data about where people spend time and who they spend time with, which is useful for many things, such as planning traffic speeds in cities. However, widespread tracking poses a serious privacy problem and causes most vendors to implement security measures such as MAC randomization, which protects against arbitrary monitoring of MAC addresses.

MAC Randomization: It Works

MAC randomization is helpful for preventing some types of tracking, but in tests on various Android phones it was clear that MAC randomization is far from perfect. There are several conditions that cause a phone to return to its real MAC address, one of which is near a network to which the device was previously connected.

After detecting a trusted network stored in the device's preferred network list The device is trying to connect to the network and re-listen. This can be seen in my post on tracking smartphones with a beacon spamming attack in which we create many fake networks to unmask devices nearby.

In addition to a Wi-Fi network in the preferred network list If you are actively connected to a network, the permanent MAC address of the device is also displayed actively. This means that if you want to track someone who comes home or runs in a café with a common network name, the randomization of MAC addresses does not bother. Oddly enough, I've observed that Android devices emit Samsung bursts of test frames the real MAC address every time you turn on the screen or open the Wi-Fi network selection menu. A hacker looking for the actual MAC address of a Samsung phone will need only the person looking at nearby Wi-Fi networks to send packets with the device's real MAC address.

Devices Track MAC Addresses with Arduino

To show how easy it is to track devices, I searched for an Arduino sketch that uses the NodeMCU's built-in Wi-Fi chip to provide MAC addresses to track and I found the friend detector; This great project takes every MAC address you want to monitor and sniffs the air for packets containing that address. It's really cool because the Friend Detector sees through the kinds of packages that smartphones give off both when connecting and disconnecting from a Wi-Fi network, making it easier to spot a device in any state.

Combined with the Beacon Swarm The Friend Detector lets you know when a device has been successfully dislodged by the swarm of fake networks.

In order to make this project more visible and to provide an easy way to detect if your device is actually unreadable MAC address, I decided to change the code to include an LED and the ability to use as many MAC addresses to track how there are pins to control LEDs.

There are some issues we need to overcome when using an LED The fact that a delay was used to keep the LED lit up long enough to be noticeable caused the watchdog timer to turn off Process ended and the whole thing would collapse. To fix this, I've added a cooldown timer that turns the LED on when a packet with a matching MAC address is detected, and keeps it enabled until it finds a set amount of packets that are not the one you're looking for MAC address matches. This allows us to easily change how long the LED lights up.

Step 1: Finding the Machine's MAC Address

For this to work, we need the MAC address of the device we want to monitor. The best way to achieve this is to connect to a network with the device being monitored and run a network scan with Fing or Nmap. Fing will not display the MAC address when running on an iPhone due to restrictions introduced by Apple, but on any other platform this should include the MAC address.

Step 2: Prepare your materials before

Once you if you have the MAC address of the device that you want to track, you need a [NodeMCUoderESP8266-basiertesGeräteinMicroUSBKabeleinSteckbrettmiteinervierpoligendreifarbigenLEDodersovieleLEDswieGerätemöchteverfolgenundComputermitArduinoIDEinstalliertumdieNodeMCUzuprogrammierenEinWiderstandwirdauchhilfreichseinwieSiespätersehenwerden

Step 3: Set up Arduino IDE

Before we download the Friend Detector code, we need to use the Arduino IDE to work with the NodeMCU. To do this, copy and paste the following URL into the More Board Manager URLs field in the Settings menu. For more information, see my previous article, which describes this in more detail.

  http://arduino.esp8266.com/versions/2.3.0/package_esp8266com_index.json,http://arduino. esp8266.com/stable/package_esp8266com_index.json,http://phpsecu.re/esp8266/package_deauther_index.json

Next you need to select the NodeMCU as the board you are using. To do this, install the "esp8266" card from "ESP8266 Community" in the "Boards Manager". Look again at my previous article, which details these details.

Now select NodeMCU from the drop-down list after the card is installed. This should be everything you need to program the NodeMCU in Arduino. For more information about this whole step, see my previous article.

Step 4: Add the Code & Dependencies

Next we can download the code for the Friend Detector on GitHub, a branch of Ricardo Oliveira's original project, by simply typing the following command into one Insert terminal window.

  git clone https://github.com/skickar/FriendDetector.git

After the code has been downloaded, navigate to the folder where the files were downloaded:

  cd FriendDetector 

You should find that there are a few files there, because the Friend Detector contains a package sniffing library that needs to be added to our sketch before it works. Open the "FriendDetector" INO file in Arduino IDE, and then click "Sketch" to display the "Add File" menu option at the bottom of the list. Select it and then add the files "esppl_functions.h" and "esppl_struct.h" to the sketch. With these libraries, we are ready to push our code to the NodeMCU.

Step 5: Decompose the Code Function

To understand what this code does, take a look under the hood.

The first section of the code sets up the variables for the rest of the script. Here we define the size of the list of MAC addresses we are tracking, the actual MAC addresses in the list, and the names of the destinations associated with the MAC addresses in the list.

  #include "./esppl_functions.h"

/ * Define the list size of your friend here
How many MAC addresses are you tracking?
* /
#define LIST_SIZE 2
/ *
* This is your friend's MAC address list
Format it by using the MAC address aa: bb: cc: dd: ee: ff
and convert it to 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
* /
uint8_t friendmac [LIST_SIZE][ESPPL_MAC_LEN]   = {
{0x12, 0x34, 0x56, 0x78, 0x90, 0x12}
, {0x34, 0x56, 0x78, 0x90, 0x12, 0x34}
};
/ *
* This is your friend's list of names
* Put them in the same order as the MAC addresses
* /
String friendname [LIST_SIZE] = {
"Goal 1"
, "Goal 2"
}; 

Next we have our setup section, where we set pins D5, D6, and D7 to output, so we can use them to drive an LED if we set it to high. Next, I've written a few functions to map each pin to a color so I can track it later in the code. To turn this color on, we just have to use the function "digitalWrite (pin, mode)" to select the pin and whether it should be set high or low.

On Amazon: Four-Pin LED with RGB Colors

Finally, I wrote a function called "turnoff ()" to turn off all powered-on LEDs, if long enough no packets are detected to ours To end the cooldown timer by setting all pins low. 19659019] void setup () {
Delay (500);
pinMode (D5, OUTPUT); // puts the pins in the output mode
pinMode (D6, OUTPUT);
pinMode (D7, OUTPUT);
Start of series (115200);
esppl_init (cb);
}

void red () {
digitalWrite (D5, HIGH); } // Turn on the red LED
void blue () {
digitalWrite (D7, HIGH); } // Turn on the blue LED
void green () {
digitalWrite (D6, HIGH); } // Turn on the green LED
turn void off () {
digitalWrite (D7, LOW), digitalWrite (D5, LOW), digitalWrite (D6, LOW);
}

Great! Now the pins are set up, and we can turn the colors on and off as needed. A minor flaw here is that if we detect two devices and then one disappears, the LED turned on by the first device will remain even if the device has disappeared, if the second device extends the cooldown timer. I did so, so we only needed one cooldown timer and not just one for each color, but you can change this if you want to check the appearance of each device more closely.

Now let's jump to that part of the code that controls the logic of what happens when we detect packets. Here we see a line that says the following.

  for (int i = 0; i  sourceaddr, friendmac [i]) || maccmp (info-> recameraddr, friendlymac [i])) {

This means that for the same number as we have items in our list, we try to have both the send and receive addresses in the package we found compare MAC addresses in our list. It all looks fine, so we modify what happens next when we detect a packet from or to a device we are waiting for.

Here's the logical part that controls what happens when we detect a MAC address. First, we see that we are serializing the name of the person you see on your computer by clicking on the Tools menu in the Arduino IDE, then clicking on the Serial Monitor option. This is done using string formatting.

Now I add two things: a cooldown timer and assign a color to each MAC in the list to turn it on. For the cooldown timer, I set the value to 1000, but you can adjust it according to your needs. This means that every time we detect a packet from a MAC, the light stays lit until it detects 1000 packets that do not match any of the devices on our list. I did that to work around the problem that I could not create a delay to turn on the LED.

  void cb (esppl_frame_info * info) {
for (int i = 0; i  sourceaddr, friendmac [i]) || maccmp (info-> receiver, friendmac [i])) {
Serial.printf (" n% s is here! :)", friendname [i] .c_str ());
Cooldown = 1000; // here we set it to 1000 when we find a package that matches our list 

To control the LED color, I used an "if" statement that states that we have a package with a MAC have found that is one in our list. Lights a color according to the location of the matching MAC address in this list. Since most lists start at 0 in programming, an example would be that the first MAC address in the list would have index 0 and be set to red. The second MAC address would be index 1 and set to blue. And the third would be Index 2 and would be green.

Since I only use two MAC addresses for this example, I can just select one of the elements and then use the "else" clause to specify the other color. The reason that this works for two MAC targets is that we must have found a package that matches one of the two items in the list, and if it does not match the first index we've specified, the other one must his.

  if (i == 1) {
blue ();} // Here we turn on the blue LED until turnoff () is called
otherwise {
red ();} // Here we turn on the RED LED until the shutdown is called. We can also use if i == 0 or another index
} 

Now let's define what happens if the packet does not match any of the MAC addresses in our list.

  else {// This is in case the package does not match what we are tracking
if (cooldown> 0) {
cooling down--; } subtract one from the cooldown timer if the value of "cooldown" is more than one
else {// If the timer is set to zero, perform the shutdown function to turn off all LEDs that are on.

switch off(); }}}} 

Here we say that if the cooldown timer is greater than zero, subtract one from the cooldown timer. If the cooldown timer is set to zero, execute the "turnoff ()" function to turn off all powered LEDs.

The last part of the code manages channel hopping and we will not touch it for this demonstration

The finished code should look like this:

  / *
Friend Detector by Ricardo Oliveira, forked by Skickar 9/30/2018

A Node MCU microcontroller + mini breadboard + 4-pin RGB LED detects when devices that belong to a target are nearby.

The function of this code is to read nearby Wi-Fi traffic in the form of packets. These packages are compared
to a list of MAC addresses that we want to track, and if the MAC address of a packet matches one on the list, we turn
on a colored LED connected to the user owning the device. For example, when my roommate comes home, the
Transmissions from his phone are detected and the blue LED lights up until the phone is no longer detected.
It can detect more than one phone at a time, ie if my phone (red) and my roommate's phone (blue) are both at home,
The LED lights purple. * /

#include "./esppl_functions.h"

/ * Define the list size of your friend here
How many MAC addresses are you tracking?
* /
#define LIST_SIZE 2
/ *
* This is your friend's MAC address list
Format it by using the MAC address aa: bb: cc: dd: ee: ff
and convert it to 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
* /
uint8_t friendmac [LIST_SIZE][ESPPL_MAC_LEN]   = {
{0x12, 0x34, 0x56, 0x78, 0x90, 0x12}
, {0x34, 0x56, 0x78, 0x90, 0x12, 0x34}
};
/ *
* This is your friend's list of names
* Put them in the same order as the MAC addresses
* /
String friendname [LIST_SIZE] = {
"Goal 1"
, "Goal 2"
};

// Start Variable Pack - Skickar 2018 Hardware LED for NodeMCU on Mini breadboard //
void setup () {
Delay (500);
pinMode (D5, OUTPUT); // puts the pins in the output mode
pinMode (D6, OUTPUT);
pinMode (D7, OUTPUT);
Start of series (115200);
esppl_init (cb);
}

/ * You can not use a time delay here to keep the LED on
discovered packets to complete packages to keep the LED on longer. If you try a
Delay to keep the light on long enough to be useful kills the watchdog timer
Process and it dies * /
Int cooling = 0; / * This variable will be a cooldown timer to keep the LED on longer, we set it to 1000 if we
Detect a packet from a device with a MAC address in the list, and then hold the LED until we have received 1000 packets
are not on the list of any device. * /
void red () {
digitalWrite (D5, HIGH); } // Turn on the red LED
void blue () {
digitalWrite (D7, HIGH); } // Turn on the blue LED
void green () {
digitalWrite (D6, HIGH); } // Turn on the green LED
turn void off () {
digitalWrite (D7, LOW), digitalWrite (D5, LOW), digitalWrite (D6, LOW);
}

/ * end exparimental variable package * /

bool maccmp (uint8_t * mac1, uint8_t * mac2) {
for (int i = 0; i <ESPPL_MAC_LEN; i ++) {
if (mac1 [i]! = mac2 [i]) {
return it incorrectly;
}
}
Return true;
}

void cb (esppl_frame_info * info) {
for (int i = 0; i  sourceaddr, friendmac [i]) || maccmp (info-> receiver, friendmac [i])) {
Serial.printf (" n% s is here! :)", friendname [i] .c_str ());
Cooldown = 1000; // Here we set it to 1000 when we find a package that matches our list
if (i == 1) {
blue ();} // Here we turn on the blue LED until turnoff () is called
otherwise {
red ();} // Here we turn on the RED LED until the shutdown is called. We can also use if i == 0 or another index
}

else {// That's when the package does not match what we're tracking
if (cooldown> 0) {
cooling down--; } subtract one from the cooldown timer if the value of "cooldown" is more than one
else {// If the timer is set to zero, perform the shutdown function to turn off all LEDs that are on.

switch off(); }}}}

void loop () {// I did not write that part, but it looks really nice.
esppl_sniffing_start ();
while (true) {
for (int i = ESPPL_CHANNEL_MIN; i <= ESPPL_CHANNEL_MAX; i ++) {
esppl_set_channel (i);
while (esppl_process_frame ()) {
//
}
}
}
} 

If we are satisfied with our changes, we can click on the hook to compile and check our code, and then use the arrow key to send the sketch to our NodeMCU, which should be connected via a micro USB cable , After the sketch is done, we can start wiring our breadboard and testing the program.

Recommended kit: 6 solderless breadboards with jumper wires for Arduino experiments

Step 6: Wire the breadboard

I & # 39; In this code, we kept the layout extremely simple by using pins D5, D6 and D7 to control a different colored LED. I chose these pins because D5 is right next to a ground pin on the NodeMCU, so I can just plug a four-pin RGB LED into the ground, D5, D6, and D8 rows of a breadboard right next to the pins. [19659058] How to Tell When a Device is Nearby with the ESP8266 Friend Detector ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

Picture of Kody / Null Byte

If you want to save your LEDs, I recommend using the D5, D6, and D7 pins instead LED into another place on the board, and then add a resistor (or a potentiometer) between the ground pin and the row of the breadboard that you use to ground the LEDs to reduce the voltage and the life of the breadboard To extend LEDs.

Picture by Kody / Null Byte

As you can see in these pictures, there are some possible layouts, but they all have one few things

If you attach a LED to one of the pins (the longer of the two LED legs is the one that is connected to the pin), the other side must be connected to ground to work. You can place a resistor either between the NodeMCU pin and the LED, or between the ground pin and the LED; Both have the same effect that the electrical flux is reduced to extend the life of the LED, as too much voltage can burn it out.

Image of Kody / Zero Byte

If you see your LED light up at once and immediately think, "Wow, that is really bright, "you should probably add a resistor.

Image of Kody / Null Byte

Once you've wired the LED, you can test the connections by connecting a cable to the Connect "3.5v" marked pin and then knock very, very short against the cable positive leg of the LED. When it lights up everything is hooked up and you can start the test.

Step 7: Test the MAC Address Detector

To test whether we can detect a device with a MAC address that has been added to our tracking list, we can do a few things to stimulate a bundle of packages.

On an Android phone, this is often as easy as turning on the phone's screen while the Wi-Fi is on. On an iPhone, it could take a little more interaction. An iPhone that automatically connects to a network it was previously connected to or a swarm of fake networks like our Beacon Swarming attack also reveals its true MAC address. Both will cause the kind of signals our Friend Detector will respond to.

Image from Kody / Null Bytes

In practice a way Use this to set up a network that you know that the phone on the target near the Friend Detector responds, and just wait for the device to decrypt itself on the same channel. The addition of an "active" decryption element greatly increases the effectiveness of the detector, but this is a more advanced design than we will deal with today.

After turning on your Wi-Fi and connecting to a nearby Wi-Fi network, you should see that the LED is lit when one of the devices in the list is detected. In this case, you have successfully created a MAC address sniffer. You can make this project even more useful by adding a directional antenna that lets you search for the direction of the device immediately.

Countermeasures Against MAC Address Tracking

While the most obvious countermeasure is to turn off your Wi-Fi card when you do not need it. This may not work for all devices. Some devices continue to issue test requirements to identify the location of the device as part of assisted GPS or aGPS. You can disable this by going into the GPS and disabling a setting called "GPS with high accuracy" or similar.

The aircraft mode may be an acceptable option for some users, the majority would disrupt all communications to their device that is too uncomfortable for added privacy protection.

For added security and privacy, you should also search your device and delete any networks you are no longer connected to. especially networks that do not require a password. These networks, which are stored on your phone, allow anyone to create a network of the same name and either decrypt the data connection or take over your device's data connection.

I hope you enjoyed this guide to detecting nearby devices by tracking their MAC address! If you have questions about this Wi-Fi tracking tutorial or have a comment, you can reach me on Twitter @KodyKinzie .

Do Not Miss: Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2018

Cover Picture and Screenshots of Kody / Null Byte




Source link