Most of us see the world in a very narrow band of the EM spectrum. Sure, there are people with a genetic quirk that extends the range a bit into the UV, but it’s a ROYGBIV world for most of us. Unless, of course, you have something like this ESP32 antenna array, which gives you an augmented reality view of the WiFi world.
According to [Jeija], “ESPARGOS” consists of an antenna array board and a controller board. The antenna array has eight ESP32-S2FH4 microcontrollers and eight 2.4 GHz WiFi patch antennas spaced a half-wavelength apart in two dimensions. The ESP32s extract channel state information (CSI) from each packet they receive, sending it on to the controller board where another ESP32 streams them over Ethernet while providing the clock and phase reference signals needed to make the phased array work. This gives you all the information you need to calculate where a signal is coming from and how strong it is, which is used to plot a sort of heat map to overlay on a webcam image of the same scene.
The results are pretty cool. Walking through the field of view of the array, [Jeija]’s smartphone shines like a lantern, with very little perceptible lag between the WiFi and the visible light images. He’s also able to demonstrate reflection off metallic surfaces, penetration through the wall from the next room, and even outdoor scenes where the array shows how different surfaces reflect the signal. There’s also a demonstration of using multiple arrays to determine angle and time delay of arrival of a signal to precisely locate a moving WiFi source. It’s a little like a reverse LORAN system, albeit indoors and at a much shorter wavelength.
There’s a lot in this video and the accompanying documentation to unpack. We haven’t even gotten to the really cool stuff like using machine learning to see around corners by measuring reflected WiFi signals. ESPARGOS looks like it could be a really valuable tool across a lot of domains, and a heck of a lot of fun to play with too.
Thanks to [Buckaroo] for the tip.
Passive radar using existing WiFi signals is a very interesting idea.
I seem to recall that has been done.
Just did a little HaD search and see a few articles over the years, but this one is pretty interesting https://hackaday.com/2018/07/02/using-an-ai-and-wifi-to-see-through-walls/
Kraken SDR (8channel SDR) had to pull their passive radar code due to ITAR.
Well, they pulled it, but I am not convinced they actually had to pull it. I think they got bad legal advice. Both ITAR and EAR have specific carve-outs for Open Source.
Best explanation I saw is by them providing the software, legally they’d be selling passive radar hardware which is restricted. Looks like the code is still out there along with other projects doing similar things.
The whole passive radar thing is fascinating. When it reaches maturity it’s game changing as your assets are no longer telling everyone where they are.
Batman did it already, wifi
5:30 in the video, when explaining the phase differences between PLLs, the block diagram omits the reference divider. It’s actually the reference divider that’s the problem here – each PLL may have a different phase at the output of the reference divider even if they have the same input clock. (Not that it matters, given that the calibration method.)
I swear those 2.4 patch antenna look just like gps receiver antenna’s.
Hmm this scares me. A terrorist could easily target an individual with a drone or missile that homed in on the signal.emanating from a MAC address on a users device. Even detecting user presence by the activity. Everything is a double edged sword.
It’s an unnerving demonstration of what carrying an RF beacon or two most of the time looks like; but the threat seems pretty narrow in practice: commercially available location surveillance for marketing purposes is already alarmingly pervasive, no need to have suspicious equipment and someone to operate it onsite; and if you want to go a little upmarket there are the mercenary spyware types always looking to have handsets bug themselves.
Seems more like a nation state thing: those are the ones more likely to at least theoretically be against bringing down the whole building just to get one person inside; and more likely to be operating in places where commercial surveillance doesn’t pay well enough to be trivially available over the counter and electronic intrusions are safer than personal surveillance.
Your MAC is normally randomized per WiFi network. It would be interesting to see cellular network signals, though.
That’s not entirely accurate. It is only a somewhat recent option compared to how long WiFi has been around and it’s your phone doing the randomization, not the network; plus it can be disabled.
MAC randomization was not the intended reality when they were created. Unfortunately, just like IPv4 there are only so many unique values, 2^48 in fact. Makes me wonder if randomized MACs ever result in an actual collision.
This same sort of solution could track BT/BTLE signals as well, and AFAIK those MACs are usually static.