How do you audit your home Wi-Fi network? Perhaps you log into your router and have a look at the connected devices. Sometimes you’ll find an unexpected guest, but a bit of detective work will usually lead you to the younger nephew’s game console or that forgotten ESP8266 on your bench.
Wouldn’t it be useful if your router could tell you where all the devices connected to it are? If you are [Zack Scholl], you can do all this and more, for his FIND-LF system logs Wi-Fi probe requests from all Wi-Fi devices within its range even if they are not connected, and triangulates their position from their relative signal strengths across several sniffing receivers. These receivers are a network of Raspberry Pis with their own FIND-LF server, and any probe requests they pick up are forwarded to [Zack]’s FIND server (another of his projects) which does the work of collating the locations of devices.
It’s an impressive piece of work, though with a Raspberry Pi at each receiver it could get a little pricey. [Zack] has done other work in this field aside from the two projects mentioned here, his other work includes an implementation of the [Harry Potter] Marauder’s Map.
This is by no means the only indoor location system we’ve seen over the years. One that uses ESP8266 modules for example, or this commercial product that is similar to the project shown here.
How about using esp8266 as receivers and just one Raspberry pi server? I know it would be more difficult to achieve, but will made it cheaper and smaller.
I did something very much like this for my final year university project last academic year.
Though it was designed for outside use so each module logged to an sd card which could be imported to a database and then an application I wrote would overlay each MAC addresses path using GMaps.
Each ‘sniffer’ was the size of a pack of cigarettes and would run about 30 hours on its lithium battery.
I have been contemplating writing it up for a HaD article; if there is interest I might do so.
Sounds interesting, I hope you do write it up!
Let us know (tips@hackaday.com) when you do! That sounds great.
Or even the Orange Pi Zero running ARMbian with it’s Ethernet and built in WiFi, no big issues with code reuse either, and they are very cheap.
For FIND-LF ESP8266’s will not work. Though they can see other access points, I’m pretty sure they can’t sniff probe requests (which requires a Wi-Fi chip with monitor mode).
If you use the normal FIND server by itself (link in article) you can instead download an App / CLI program onto the device that you want to track. In this case the devices probes the surrounding Wi-Fi access points itself, and these APs can include ESP8266 recievers (as you mention), Rokus, routers, etc. And since you don’t have to connect to them for it to work, so it will use information from your neighbor’s routers as well!
By the way, I’m happy to answer any questions that come up for people that try this!
They can sniff /everything/ that’s in cleartext. See: esp8266rawpackets
Cool! Thanks, I will be trying that then.
ESP8266s never ceases to amaze me.
I am trying to get espressif to “officially” support that sort of thing, but so far no dice.
There exists something called mac-address randomization implemented by iOS devices, which should circumvent tracking.
Law Enforcement uses Moocher Hunter and a directional antenna to triangulate on the mac-address of the client of interest to catch someone borrowing someones wifi to download stuff. So you are saying Apple has a tool to circumvent that?
Just like we can purchase rifles for hunting, or home defense they have been used for assassinations. Likewise computers can improve a companies efficiency or bring it to it’s knees. A tool is simply that, who you decide to use it is on you.
I can understand why Apple would want to enable their customers to prevent tracking of themselves as super markets and ad firms use the exact same technology. We have the right to privacy.
Something…something…one of those amendments.
My understanding is that is irrelevant if the device is already a part of the network in question. The feature is intended to be used when scanning for WiFi connections in the wild.
The MAC *must* be revealed, or at the very least consistent, in order to comply with some networks using MAC filtering. If the MAC was randomized on connection, then MAC filtering would fail.
Oops… missed this was for the probe requests. I stand corrected.
You would think that, but because the crystal oscillators inside RF device are not perfect (+/-100ppm).
There is a new technique to detect devices that change their MAC address using SDR whereby the actual frequency offset of each device is measured, which is relatively stable once the device has warmed up. And when combination with other bits and bobs of meta data, they can be tracked, it is not trivial.
ref: https://rftap.github.io/blog/2016/09/01/rftap-wifi.html
Interesting and the other information gained can also be useful.
You’re absolutely right – but currently MAC-address randomization will only occur if the iOS device is un-associated.
You *can* use this system to track iPhones that are connected to a Wi-Fi network (e.g. your own!). I’ve tested this for iPhone 5s and it works just fine.
people actually use wifi? for what? you constantly wander around your house unable to sit down? wires are the future. this wireless stuff will all blow over mark my words.
Pah! Mark my words, everything will be wireless soon. Telephones, computers, aircraft, electricity… You name it, and wires will stop being used with it.
Soon, even the human body will be wireless. No more unplugging before taking a walk
Wires will be the “buggy-whip” of their generation.
A Pogoplug with a bunch of WiFi dongles might do it cheaper.
This is pretty cool, but with my passwords it’s futile.
I would like to receive a notification every time a new unrecognized device connects to the network.
+1
I get emails everytime an unkown device gets connected by running arpwatch on my network
Hmm. If I have a client I don’t recognize I change my wifi password. Should it reappear I’d do an inventory but usually what happens is that someone in the household reports that a device isn’t working and I think “ah, thats the one”. Put in the new password and that’s that.
No raspberry pi or coding required.
I love this idea for home automation, room presence sensors. Is anyone aware of a way to do something like this with RTL-SDR usb devices? I figure with 3 rtl-sdr dongles on 3 pi’s, you should be able to triangulate a wifi devices position within the home.
RTL-SDR dongles have a max bandwidth of only 2 or 3 MHz. A WiFi signal is 20 MHz wide, so you can’t receive the signal with one of those dongles. Also, all of the dongles I know of can only receive up to around 1.8 GHz, whereas WiFi falls in the 2.4 GHz (or higher) range.