I would have never thought to use the chip like this. It's so simple, but at the same time an interesting and impressive role this simle WiFi module is playing. Using monitor mode for surveillance in this specific way is pretty clever. Respect
I misread the video title and thought it was a boring video about listing access points. But since it was YOUR video, I decided to watch it anyway. I discovered that I was mistaken and enjoyed the topic. Great stuff as usual Andreas!
i turn off WIFI on my phone when going out, even when using GPS. (If GPS is difficult to get a lock on, i'll sometimes enable it when at home with WIFI enabled, then once it has a lock i disable wifi). People can figure out your home network SSID name, by packet sniffing your phone's wifi as it calls out to familiar SSIDs to see if they are there. Couple this with databases of GPS locations of SSIDs and you have a way of scanning any location, and pin-pointing the address of everyone's home, work, everywhere they've shopped, where their mistress lives, what union meetings they've attended, etc. (this is why your phone's GPS complains about no-wifi in the first place, all phones are automatic listening devices marking their local SSIDs to GPS coordinates and sending them to Apple/Google/etc to maintain the databases. Impressive stuff).
roidroid you are saying that this is why my android handset sometimes says "turn on wi-fi" for improved location accuracy". It's because they 1. Want to map mac to location coordinates 2. The want to produce a quicker GPS fix from already established co - ordinate mac address map? But I thought GPS fix was independent of suggesting the location. How do they interface with the GPS chip to speed this up.
Yes. And not just wifi, but cellular connectivity too. GPS using purely the satellite network can take upwards of 30 seconds from powerup to finally gain a location fix. There are various ways it can be sped up by seeding the algorythm with location "hints" from local cell-phone towers & local SSID names. But these methods are reliant on the upkeep of databases of these locations, luckily for the companies all of their devices can double as listening devices for keeping these databases up to date. It's also how google-maps can show you how traffic is flowing on streets, their phones are quite literally reporting their location & speed back to Google from your pocket as you drive via your mobile data link (if active).
I checked and I have Android 5.0.1. You know if it occasionally still probes for Wi-Fi SSID presence even when Wi-Fi turned off? You know if there a good android app that optimises mac security, or is it as simple as you say; just turn wi-fi and data off when out and about. Until now I always have at least data on all the time. It's just too much hassle to turn on and off all the time. I know Google has my approximate movements on Google location. May be I will turn that off now; I can't think of a good use for that anyway. I realise now there is a good chance that most supermarkets are at this; I don't like that. If IT dept put small black box - which teller would know nothing about - beside checkout, they could by signal strength map the MAC to the card number at payment time. Then by receipt analysis they could have powerful analytics. In any case they know date and time of transaction from receipt record anyway. But with an array of Wi-Fi detectors in the store they can by triangulation see what you are looking at that you did not buy (after they have attached the card number to the MAC). Amazon big into this with their new cashless & cardless stores.
The method you are referring for breaking the MAC randomization requires to things: a) you know the HW MAC address of the device in advance (you can find out with that hack, that a randomized divice actually has a certain known HW MAC address) and b) you are able to send arbitrary RTS frames (IEEE 802.11 control frames). This is not allowed by the closed source driver of the ESP and I am not aware that anybody has managed to get around that.
Andreas, Thanks for this. Would you mind adding the Node-Red flow to Github please. I'm still learning how to use Node-red and would profit from your running examples. Thanks
Awesome project. This is going on my list of future projects. I am wondering if an array (perhaps 3 or 4) of sensors distributed around the home might actually be used to detect which room in one's home one is situated (by comparing the various signal strengths). I carry my phone everywhere (it hangs from a lanyard around my neck) so this will fit into my life seamlessly. Thank you Andreas.
I read the paper you linked, it looks like that attack doesn't fully defeat the MAC randomization. What it does is let you recognize a phone that is disconnected and using a random MAC, given that *you already know its real MAC*. So you could use it for filtering out devices that you know but are disconnected from WiFi, but not for identifying the real MAC address of unknown devices; you have to find out their real MAC address some other way before the attack works.
You can also weaken the protection offered by MAC randomisation by using multiple detectors with a known and fixed geometric relationship which allows the random MACs to be clustered using triangulation from the different signal strengths.
I realise this is just straight up pedantry, but you might find it interesting anyway: what you're probably thinking of here is actually called "trilateration". Triangulation is when you can measure angles but not distance (like with a highly directional antenna, sweeping it along the horizon), and trilateration is when you can measure distance but not angles (like with an omni antenna, measuring the ping time or signal strength from a remote station). Just a neat little distinction I came across a while ago when I was looking this stuff up myself! :D
Depends on what you want to do. If you want to track how a person is moving through a shopping mall, multiple detectors won't help. With a randomized MAC every person "appears" only once, because the next beacon packet will have another MAC.
Not exactly the same problem as location tracking, clustering can still work on very fuzzy data, you just need to statistically separate two or more streams of random MACs. We are not actually trying to locate the person, just to obtain enough information to safely assume which set a given random MAC number should be in. We are trying to solve Mr Spiess's problem, who and how many individuals were near the site at what time, when some phones will be confusing the data. See "Self Organizing Maps"
Interesting discussion. However, I will only put the known MAC addresses in my database. All others are intruders... There was another intersting comment: To distinguish if a device is connected to your WiFi or not. If so, it at least knows your credentials. This would be an automatic detection even without database and MAC address...
thanks! :) as asked as many who make node-red configs, limit that part to just showing a fixed image of the interconnections, which is not very useful if no code is visible...
Thanks for another excellent video. Your channel is a constant source of inspiration and an enthusiastic mentor encouraging us to step out of our comfort zone and push ourselves to higher places. For anyone struggling, I picked up some issues when I tried to upload the Github code: - In mqtt.h update mqttServer = "Your Broker IP address", - In WiFi_Sniffer set mySSID and MyPassword, - The github code starts on channel 7 and stops escapes at 8 but this is mentioned in the video and easy to change. - The mqtt topic is Sniffer. - If you have set-up a user and login for your mqtt broker update the sendDevices function in the Wifi_Sniffer to client.connect("ESP32Client", MQTT_USERNAME, MQTT_KEY ) in place of admin, admin. - I was getting a 'Not published' message on the Serial Monitor which I think is due to MQTT_MAX_PACKET_SIZE in the pubsubClient library. I added #define MQTT_MAX_PACKET_SIZE 256; in Wifi_Sniffer folder and it seems to be working. I hope that this is of help and not just things that I missed when watching the video. Thanks again.
Thank you very much for your valuable input. I already updated github accordingly (you find your comments in the readme). One question about the MQTT_MAX_PACKET_SIZE definition. Where exactly did you place that statement, because I had to change it in hte library (which I do not like)
I had to make the change in the pubsubClient library in the end after initially thinking that I had resolved the issue. It seems that the #ifndef MQTT_MAX_PACKET_SIZE statement in the pubsubClinet libraray doesn't so anything. The author, knolleary, says on Github 'I never found a way to allow an arduino sketch to ifdef its own value to override the library - all to do with how the Arduino tool chain preprocesses the app's files.'
1:22 It's not entirely true that all WiFi capable smartphones constantly poll for a WiFi hotspot. My Samsung in fact turns off its WiFi when outside a geo-fence of regularly connected WiFi networks. I believe this is the default battery saving setting for at least Samsung S10 and S21 phones.
Thank you for sharing this project Andreas! What changes are necessary to port it to ESP32? It is possible doing this without a router (only with others ESP32)?
Hey Andreas, awesome video! I’m considering using something similar to this for school in order to track the amount of people in different buildings to research peak times and such. Do you know an estimate of the distance which the esp8266 could would work from?
Great project, and beautiful structured code with high educational value! Do you know if anyone already adapted this for use with the ESP32? Otherwise I might give it a go... About the MAC randomization: If you want better "enemy" detection, it's possible to partially bypass this issue by using the principle of an "evil twin" AP and exploiting the fact that many companies offer free WiFi acces for the exact same reason. If you setup your ESP to function as an acces point without password and an SSID with the same name as a popular public WiFi network like from airports or fastfood chains, then most devices that have used that network before will automatically trust and connect to your fake AP. And of course you can increase the chances of devices that connect by adding more ESP's with different common SSID.s HOWEVER, I'm not 100% sure if this method is fully legal. You're not gathering any personal data this way, but it does give the possibility to target and track individual devices that are not your own, so there might be some rules against it depending on where you live.
Good idea to create a fake hotspot. Then you would reduce the number of random MAC addresses. However, the result probably would be the same because we compare with the positive hits. Or do I miss something? Maybe you check the "Approximate" library? I mentioned in previous videos.
@@AndreasSpiess No, i meant it as a way to identify the real MAC from an intruder. You'll still get a lot of fake randomized hits, but if a device receives a broadcast from a hotsppt with the same name as known one to wich it previously connected, it will most likely automatically connect to the fake one too, and then you have the real MAC and name of the device
Hi Andreas Did you record the average current consumption for this? I'm thinking to make a solar powered version as an 'iminent bus arrival' detector and need to calculate the requirements using your other videos. Where I am, there is no api relating to public transport, but all the busses on this route do have WiFi access points, with a difference in the SSID for the local and long-distance services. I would extract only the ones I want and act upon them. Obviously, I'd remove the database part of the code. Thanks
Andreas Spiess well... That makes 2 of us not knowing about BT 😀. Esp32 is just an example, in general any BT low energy capable chip could be used to scan for nearby devices.
The scanning time for each channel could be reduced to 120 ms to detect signals emmitted every 100 ms. This should be sufficient to detect at least one signal from every device present on a Channel. Speeds up scan by 40%.
Very nice and complete post Andreas. I used this technique on an ESP8266 to detect which family members are at home, just like the Weasley clock from the Harry Potter books.
Sorry I dont understand fully. Is the ESP connected to wifi when it does the sniffing? I have a project which I want to implement this, but I don't want to have to add a second ESP, as my main one needs to host a server.
Hi Andreass, i have a question that is probably stupid because I can't find the answer in google: is the orientation of a ESP2866 important for WiFi signal (like upside down vs regular)?
wieder ein sehr interessantes sonntag-morgen-Filmchen ! doch eine Frage zur Vergangenheit... in welchem Film ist das mit "// #include " erklärt also deren Aufbau / Inhalt ... ( habe es leider vergessen ).. muss es jetzt mal selber hier einführen. thanks n.
I had a similar idea and tried it. Going over the data later, it looked like the numbers of the people during that time frame were inflated. Wasn't sure if this was because I was picking up smartphones from other buildings in our area or if the phones were randomizing their MAC Addresses or what. I wondered if I could filter on RSSI, but from my reading that can be all over the place due to a million different variables, so it's not a good way to calculate distance. Well, either was it's a fun project and it can show trends and such (what times of day there's a crowd). Cool video, I'm going to check out your other stuff too.
i have heard about a project done using wifi signal for indoor geopositioning. I wonder if your project can take it to another level by mapping the signal strength to a map and use it for future indoor geo-positioning.
Is it possible to get a list of all the mac addresses of the phones near the device ?. Another question, can this be done also with the nodemcu 8266, or esp32? Thank you very much.
This channel does not address the beginner. There are many other videos out which covers the basics. So, I thought, I do not need to add another ones. But I still hope, most of the people should be able to at least get my projects running. Usually I am also willing to help if questions are asked and I see, that the viewer already tried to solve the problem himself.
None the less I will continue to watch your most interesting videos thank you for taking the time to answer and hopefully I will reach the level needed to carry out your unique projects. It gets old watching how to hook up a temp sensor.
I wonder if you could combine this with the idea of a WiFi Pineapple and just authorize any connection request a device puts out. Theoretically the device will transmit its genuine MAC address and boom, it has bypassed the OS's attempt to hide it. Very interesting stuff, been watching a lot of your videos and it's helped me understand more of the hardware world (coming from the software side it's great to see what is possible)
@@AndreasSpiess I don't either, but maybe we could get the module to act like one. Would be a good project, I will look into it one day :) again, thanks for the great content!
10:27 That could be the reason for offering free WiFi everywhere, covering the whole site of a mall, shop, etc. In addition to the data you're directly supplying by surfing in their wifi net, you also provide lots of positional data. It really is 1984 now, but with corporations controlling and observing your every move, instead of a police state. What a time to be alive.
Hi Andreass, thanks for the great video. I would like to ask you a question. Can i do the same thing by using smartphone sharing hotspot? Thank you so much!
Normally a wi-fi client doesn't send beacons, that is something only properly configured access-points do. A wi-fi client does send a signal if it is connected to a network and has to respond to something. Or it has to send probe-requests if it isn't connected to a network, but there are saved "hidden" networks. People can als start access-points on their smart-phone to allow other clients to use its internet-connection. But this inverts the roles, the client becomes an access-point and if properly configured it will send beacons. A hidden network is, when an access-point doesn't send beacons. Unfortunately this feature is still advertised as some sort of security feature and people propagate this idea because it sounds plausible if you don't understand what is going on. But the result is worse than sending beacons. The hidden access-point isn't hidden! It has to respond to requests from its clients and this makes the access-point visible again. Therefore there is nothing to win with "hidden" networks. But now all the clients have to always ask for the presence of that saved hidden network, they are now visible too. This feature is a idea with a good intention but failed implementation. It shouldn't be used but unfortunately many people still propagate that it is something "good" and it is still advertised as a security feature. -Anyways, I saw only the beginning of the video until it was clear that it is just a wi-fi scanner, monitoring mode with automatic channel-switching - i prefer to use the "horst" wi-fi scanner for this on a slightly bigger computer. I will watch the rest of the video later. ;)- _Edit: I fixed a typo and formatted the last paragraph in __-strike-through-__ because I have seen it now. In a 2nd edit I added the info about what I have edited._
As I mentioned, I do not understand everything. But the sketch discovered messages from my IPhone and labeled it "Beacon" message. That is why I named it like that.
Hi Andreas, thanks for the great video, i have a question. I would like to send all information (MAC, SSID, CHANNEL and RSSI) together to de MQTT. As it is shown at the start. Is that possible? if not, is it possible to send the SSID? Thank you
Another idea: one can identify the authorized MACs automatically by monitoring as well: each MAC that transmitts regular data frames to the known AP address must have been authenticated before -> this is a family member's device.
Good idea to distinguish between people who know the AP password and which not. Then, you even do not need a database. Unfortunately, So far I do not know how to do that...
Hallo Andi, ein Bekannter verwendet Bluetooth für den selben Zweck. Das wäre wohl mit dem ESP32 auch möglich oder täusche ich mich da? Vielen Dank für die präzisen Infos.
BT wäre natürlich schön, auch als Ergänzung zu WiFi. Die MAC Adressen sind sehr ähnlich (in meinem IPhone), so dass man sie sogar mappen könnte. Aber leider habe ich keine Ahnung von BT und die Arduino IDE unterstützt es noch nicht :-(
Excellent project. I've been using a ping to detect my cell phone on my wifi network in order to auto arm my blink system. I will investigate your approach because the iPhone regularly drops off wifi. My Android provides a reliable ping target.
This might solve this issue. However, I also had to include a "purge" time where the Smartphone is in the database even if it disapeared. As I mentioned, this part is not "realtime".
Question : is it possible to determine a phones Version by getting its mac addresses ? i know sony, iphones, etc vendors has they'r own digits in they'r mac address , like D0:22:BE:xx:xx:xx is a samsung phone, but can i also determine what version of samsung it is if i collect enough mac addresses ? like if its a Samsung xperia 1 2 or 3 ? etc i been logging mac addresses in my neighborhood for years and studied them, i have a bunch =) is there a public data base for this purpose i can contribute to ?
The first few bytes are reserved for the manufacturers of the chips. You can look them up in databases. But not more (no version, at least not officially).
my polite guess it then that you also do not know of any un-official data base for this either ? i would like to make one., bigger than the one i have with verified phones.
Great video!!! Any chance you have or know where to find the original code by Ray Burnette? That might make it easier for me to follow what's going on here. Thanks. Great stuff - Love your channel!!!
Another good video. I have a special interest in this one since 4 years ago I thought about something similar to detect bandits. I was considering if it was possible to intercept the synchronization signal between a cell phone and the tower. It was just an idea I discussed with a few friends. Nothing more than that. I did not act on it at all due to the lack of detailed technical knowledge in the area and the high probability it was illegal. Your solution is more elegant but it does depend on wifi being on. Anyway its probably on on most persons phones.
Yes double the chances. Crime is a serious problem in the Caribbean where I live hence my line of though. Just to give an idea our 2015 estimate is 30.88 murders per 100k (and it has gone up since that). We were #11 that year. Normally we are in the top 10. Switzerland is 0.69 murders per 100k. #199. Very very big difference.
Weather is great. Tail end of the Caribbean so we do not get hurricanes just heavy rain if they pass close. A cold night here is 24 degrees. The people are very third world. Everything is based on nepotism and corruption. The systems do not work especially the legal system. Corrupt police and 10 years before someone on a murder charge gets before the courts. As a direct result the default legal system here is with a gun. Legally its impossible to get a gun. Past English colony so similar laws to the UK. Practically we are next to Venezuela (less than 108 miles by sea) with very porous borders so their military sells direct to our fishermen. The majority of the murders fall into three categories: 1) Young black males fighting for gangs. Lots of rival shootings 2) Business men or others who hide behind the legal system 3) Miscellaneous including relationships gone bad and robberies Once a person is not within those categories they are generally safe. So I am safe unless I happen to be in the wrong place. Drive by shootings are becoming more prevalent.
Hi, great video. Is it possible to have the esp32 detect only a pre set Wi-Fi MAC address like in the BLE version. I want to use my iPhone but can’t do it on the BLE version.
Hi Andreas, many thanks for the video. I also had a similar idea project and found you already did it ;) Now tricky question, if you use 3 device detectors and use the rssi with triangulation, maybe we can determine roughly the position/movements of the intruder ;)
An improvement on this for detection of intruders that could be more reliable than just signal strength... If a detected device is not associated with any of the known access points in 3 "detection windows". Alert. Eliminates your neighbours devices. And gives devices a few moments to associate with an access point. This then also gets around the random mac issue by identifying it based on behaviours not macs. :)
Amazing project, thank you very much for sharing this information. However the link to the ArduinoJson lib on your github page seems to be broken. I found ArduinoJson in arduino ide library manager, but which version did you use for this project?
Is this really practical for detection? My guess is there will be many false alarms, especially regarding trying to calibrate proximity. And there are so many wifi enabled devices people have and add to their homes that it would be hard to keep track of them all. However, knowing if a known device/person is home may be helpful for automation tasks.
As usual, very interesting and informative. It may also have solved a problem I encountered yesterday when I was in a shopping mall. I connected to their service but realized I was not connected to my VPN. I connected and after several minutes I was blocked from their network. I don't know much about this topic but based on this video I suspect that the VPN MAC address or some other aspect of the link was recognized and the system automagically blocked me. I will tinker wit his device and perhaps use it to geo-fence my home so that lights turn on or off if my phone approaches the house. Thanks again for a great video.
Good, I would like to know if it is possible to locate the MAC addresses of the phones near the esp8266, but without the need for the devices to be connected to a router. That is, just by having the wifi activated.
Hey Andreas Great video!, I was testing the BT functionality of the esp32 in order to send data on small packages without establishing a connection, but due to the early development of the software Im still using esp8266. A long time ago I tested the esp8266 deauthorizer to force the esp to send specific packages... now I see this video, and I wonder... Is it possible ( well, everything is possible... I mean,,,, ), Do you see any advantage of using a esp8266 to encode specific packages like the bad deautorizer frames but with sensor data, and use this sketch to receive those frames ? By doing this i think is possible to emulate a "kind of" ble network, where one device is listening to a specific chanel / frame header, and the other device just send that frame+payload and goes back to sleep... I imagine this will be much faster than establishing a 2 point wifi connection, and you have the mac of the sender as a validation... I see an advantage of this topology in order to make a beacon network that consume less power... what do you think ?
does it also work when the thieves device is already connected to an access point nearby? or only when the smartfone has no connection to any access point/ router?
During my search for a presence detector for my cellphone I came across this project. My requirements are to detect the absence of my cellphone. When I get in the car if I forgot the phone an alarm will go off. My idea is to power an esp32 from the car USB port which is only powered when the car is running. If the phone mac is not detected within a minute then sound an alarm. The esp32 would sleep until the next power cycle. If such project already exists I have not been able to find it. But maybe this presence detector could be adapted unfortunately I have no experience in coding. Looking for any suggestions.
Thx for answer, I have another questions. A. is this code able to detect phones even if the screen is off?? B. What is the range of promiscuous mode. Can i decrease this range to detecte people they only in room A and not in A + B
Hi Mr. Andreas, what a great and fantastic videos. Can you teach on how to filter out those randomize mac from Iphone or macbook detected in our neighbour because it is very annoying and could not really make it to detect real stranger because their iphone and macbook keep pushing randomize mac. Please help ya...
This can be overcome according to this ruclips.net/video/30Eww40s9D0/видео.html I can't understand it completely but it sounds to me the phone sends fake MAC addresses only when it is looking for new networks, but it will use the real MAC address when it tries to connect to a known network or even when checks for nearby known networks. Sounds like it might put some limitations on the functionality, so you can't really detect any stranger you want.
One of the problems with Apple cloaking MAC addresses is that the excellent Fing network device identifier loses some of its functionality. It still fully works OK with Android devices. Since my iPad is no longer as useful as it used to be, under the latest iOS, plus Apple no longer controls iPad apps with iTunes, I can safely say that I have bought my last Apple device (and I've owned two iPhones, three iPads, and two Macs).
I think, randomizing the MAC address is a good thing for many of us. But as all security measures can make our life a little mor compleicated. I think, Android will follow the Apple route, because privacy issues are less and less accepted by the public.
I don't think STA devices send beacons, they send probes and receive beacons. That said, they still talk on the net, so they can still be seen. You can also see hidden SSIDs.
Andreas Spiess, the important distinction is you can find all the access points using this method, including ones which do not advertise their SSID. However, you aren’t guaranteed to find devices as they could just listen. With the WPA2 security hope planned to be announced today, WiFi may be in trouble more generally anyway. After all, it looks like a protocol flaw basically means you may as well not encrypt. Bad news.
I read, that all Smartphone use the active method to discover networks because it seems to be more energy efficient. And the sniffer always discovered my IPhone as well as the Android phone of my coworker...
That is basically true, however you can't detect a malicious sniffer for instance if it never talks. Luckily, getting modern cell phones to never talk means turning the WiFi off basically, which so many people won't basically ever do.
![Track & Connect to Smartphones with a Beacon Swarm [Tutorial]](/img/1.gif)
I would have never thought to use the chip like this. It's so simple, but at the same time an interesting and impressive role this simle WiFi module is playing. Using monitor mode for surveillance in this specific way is pretty clever. Respect
Thank you!
Brilliant! This can be modified to detect home owners and turn on/off lights etc.
For sure this could be an application
@@AndreasSpiess Can you please guide me how to do it?
Following you leads I want us to discuss some business?
Now Intruders will start using Nokia 3310
LoL
I misread the video title and thought it was a boring video about listing access points. But since it was YOUR video, I decided to watch it anyway. I discovered that I was mistaken and enjoyed the topic. Great stuff as usual Andreas!
Thanks for your confidence in me...
i turn off WIFI on my phone when going out, even when using GPS. (If GPS is difficult to get a lock on, i'll sometimes enable it when at home with WIFI enabled, then once it has a lock i disable wifi).
People can figure out your home network SSID name, by packet sniffing your phone's wifi as it calls out to familiar SSIDs to see if they are there. Couple this with databases of GPS locations of SSIDs and you have a way of scanning any location, and pin-pointing the address of everyone's home, work, everywhere they've shopped, where their mistress lives, what union meetings they've attended, etc.
(this is why your phone's GPS complains about no-wifi in the first place, all phones are automatic listening devices marking their local SSIDs to GPS coordinates and sending them to Apple/Google/etc to maintain the databases. Impressive stuff).
roidroid you are saying that this is why my android handset sometimes says "turn on wi-fi" for improved location accuracy". It's because they 1. Want to map mac to location coordinates 2. The want to produce a quicker GPS fix from already established co - ordinate mac address map?
But I thought GPS fix was independent of suggesting the location. How do they interface with the GPS chip to speed this up.
Yes. And not just wifi, but cellular connectivity too.
GPS using purely the satellite network can take upwards of 30 seconds from powerup to finally gain a location fix. There are various ways it can be sped up by seeding the algorythm with location "hints" from local cell-phone towers & local SSID names. But these methods are reliant on the upkeep of databases of these locations, luckily for the companies all of their devices can double as listening devices for keeping these databases up to date.
It's also how google-maps can show you how traffic is flowing on streets, their phones are quite literally reporting their location & speed back to Google from your pocket as you drive via your mobile data link (if active).
I checked and I have Android 5.0.1. You know if it occasionally still probes for Wi-Fi SSID presence even when Wi-Fi turned off? You know if there a good android app that optimises mac security, or is it as simple as you say; just turn wi-fi and data off when out and about. Until now I always have at least data on all the time. It's just too much hassle to turn on and off all the time. I know Google has my approximate movements on Google location. May be I will turn that off now; I can't think of a good use for that anyway. I realise now there is a good chance that most supermarkets are at this; I don't like that. If IT dept put small black box - which teller would know nothing about - beside checkout, they could by signal strength map the MAC to the card number at payment time. Then by receipt analysis they could have powerful analytics. In any case they know date and time of transaction from receipt record anyway. But with an array of Wi-Fi detectors in the store they can by triangulation see what you are looking at that you did not buy (after they have attached the card number to the MAC). Amazon big into this with their new cashless & cardless stores.
Andreas, many thanks for your informative videos. They are the best! Great works never stops.
I especially liked this one. It sparks my interest.
You are welcome!
Thanks Andreas. I had this scenario on my wish list, and your work here couldn't be a better fit !
Good to read that!
Another great idea!! now, combine this with your "TV faker" so that it turns on when you are not home and is off when you are.
Good idea. And winter comes...
Outstanding, and very useful :) Thanks for doing such a comprehensive video on this sensor Andreas :)
Thank you!
The method you are referring for breaking the MAC randomization requires to things: a) you know the HW MAC address of the device in advance (you can find out with that hack, that a randomized divice actually has a certain known HW MAC address) and b) you are able to send arbitrary RTS frames (IEEE 802.11 control frames). This is not allowed by the closed source driver of the ESP and I am not aware that anybody has managed to get around that.
Thanks for your feedback. So, we have to live with what we have for the moment...
Andreas, Thanks for this. Would you mind adding the Node-Red flow to Github please. I'm still learning how to use Node-red and would profit from your running examples. Thanks
It should be there by now
@@AndreasSpiessI'm also new to Node-red. I cant figure out how to link it to Home Assistant
@@Sparky056 there are gaps in the code...also got stuck there...and it seem its only for advance level
ESP32 has BT included... so another dimension.
rarbi.art Agreed. Especially in days where BT wearables are common.
I do not know a lot about BT. And the Arduino IDE does not support it so far. Maybe later...
Few people have BT enabled, especially with BlueBorne in the air. Quite unfortunate, really.
Awesome project. This is going on my list of future projects. I am wondering if an array (perhaps 3 or 4) of sensors distributed around the home might actually be used to detect which room in one's home one is situated (by comparing the various signal strengths). I carry my phone everywhere (it hangs from a lanyard around my neck) so this will fit into my life seamlessly. Thank you Andreas.
I think, you should be able to find out in which room you are with your concept.
I am really proud of this module, it was designed by my friend's team in China, and it is very cheap in China, just 1 american dollar.
Hey, do you know from where I can order these devices?
I read the paper you linked, it looks like that attack doesn't fully defeat the MAC randomization. What it does is let you recognize a phone that is disconnected and using a random MAC, given that *you already know its real MAC*. So you could use it for filtering out devices that you know but are disconnected from WiFi, but not for identifying the real MAC address of unknown devices; you have to find out their real MAC address some other way before the attack works.
Thanks for your comment. I have to admit, that I did not completely read this article, because it was not relevant for my project.
You can also weaken the protection offered by MAC randomisation by using multiple detectors with a known and fixed geometric relationship which allows the random MACs to be clustered using triangulation from the different signal strengths.
I realise this is just straight up pedantry, but you might find it interesting anyway: what you're probably thinking of here is actually called "trilateration". Triangulation is when you can measure angles but not distance (like with a highly directional antenna, sweeping it along the horizon), and trilateration is when you can measure distance but not angles (like with an omni antenna, measuring the ping time or signal strength from a remote station). Just a neat little distinction I came across a while ago when I was looking this stuff up myself! :D
Daniel Matthews cnlohr had tried that but with not much luck ruclips.net/video/RSQK5w6LMSc/видео.html
Depends on what you want to do. If you want to track how a person is moving through a shopping mall, multiple detectors won't help. With a randomized MAC every person "appears" only once, because the next beacon packet will have another MAC.
Not exactly the same problem as location tracking, clustering can still work on very fuzzy data, you just need to statistically separate two or more streams of random MACs. We are not actually trying to locate the person, just to obtain enough information to safely assume which set a given random MAC number should be in. We are trying to solve Mr Spiess's problem, who and how many individuals were near the site at what time, when some phones will be confusing the data. See "Self Organizing Maps"
Interesting discussion. However, I will only put the known MAC addresses in my database. All others are intruders...
There was another intersting comment: To distinguish if a device is connected to your WiFi or not. If so, it at least knows your credentials. This would be an automatic detection even without database and MAC address...
well done, good explaination :)
Andreas, why not publishing a basic node-red flow together with the supporting material? it can be useful, for sure...
You are right. I forgot it because I had to hurry up (I was out the whole weekend). Now it is on github.
thanks! :)
as asked as many who make node-red configs, limit that part to just showing a fixed image of the interconnections, which is not very useful if no code is visible...
I had never thought such tracking or detection was possible with just wifi 😯
Nice work 👌
It is widely used.
Thanks for another excellent video. Your channel is a constant source of inspiration and an enthusiastic mentor encouraging us to step out of our comfort zone and push ourselves to higher places.
For anyone struggling, I picked up some issues when I tried to upload the Github code:
- In mqtt.h update mqttServer = "Your Broker IP address",
- In WiFi_Sniffer set mySSID and MyPassword,
- The github code starts on channel 7 and stops escapes at 8 but this is mentioned in the video and easy to change.
- The mqtt topic is Sniffer.
- If you have set-up a user and login for your mqtt broker update the sendDevices function in the Wifi_Sniffer to client.connect("ESP32Client", MQTT_USERNAME, MQTT_KEY ) in place of admin, admin.
- I was getting a 'Not published' message on the Serial Monitor which I think is due to MQTT_MAX_PACKET_SIZE in the pubsubClient library. I added #define MQTT_MAX_PACKET_SIZE 256; in Wifi_Sniffer folder and it seems to be working.
I hope that this is of help and not just things that I missed when watching the video.
Thanks again.
Thank you very much for your valuable input. I already updated github accordingly (you find your comments in the readme). One question about the MQTT_MAX_PACKET_SIZE definition. Where exactly did you place that statement, because I had to change it in hte library (which I do not like)
I had to make the change in the pubsubClient library in the end after initially thinking that I had resolved the issue. It seems that the #ifndef MQTT_MAX_PACKET_SIZE statement in the pubsubClinet libraray doesn't so anything. The author, knolleary, says on Github 'I never found a way to allow an arduino sketch to ifdef its own value to override the library - all to do with how the Arduino tool chain preprocesses the app's files.'
+Kevin Nicholls Thanks. So we both came to the same conclusion.
I love this idea to extend my home automation system with. Thanks for that Andreas!
You are welcome!
1:22 It's not entirely true that all WiFi capable smartphones constantly poll for a WiFi hotspot. My Samsung in fact turns off its WiFi when outside a geo-fence of regularly connected WiFi networks. I believe this is the default battery saving setting for at least Samsung S10 and S21 phones.
Thank you for the additional info!
I really like the voice speed now. Great improvement. And i also like the topic. Summary : BIG LIKE from Me :)
Thanks for your feedback!
Great article Andreas, it's one of the best you ever made! And I was exactly looking for something like this!
Glad to read that :-)
Thank you for sharing this project Andreas! What changes are necessary to port it to ESP32? It is possible doing this without a router (only with others ESP32)?
Maybe you google "PAXcounter" ?
0:04 It's my photo(ESP8266 01) into you preview, that nice
Cool! I do not remember.
Hey Andreas, awesome video! I’m considering using something similar to this for school in order to track the amount of people in different buildings to research peak times and such. Do you know an estimate of the distance which the esp8266 could would work from?
Maybe you google for the "paxcounter" project. It counts people... The distance will be the distance of WiFi.
@@AndreasSpiess Thank you!
Great project, and beautiful structured code with high educational value! Do you know if anyone already adapted this for use with the ESP32? Otherwise I might give it a go...
About the MAC randomization:
If you want better "enemy" detection, it's possible to partially bypass this issue by using the principle of an "evil twin" AP and exploiting the fact that many companies offer free WiFi acces for the exact same reason. If you setup your ESP to function as an acces point without password and an SSID with the same name as a popular public WiFi network like from airports or fastfood chains, then most devices that have used that network before will automatically trust and connect to your fake AP. And of course you can increase the chances of devices that connect by adding more ESP's with different common SSID.s
HOWEVER, I'm not 100% sure if this method is fully legal. You're not gathering any personal data this way, but it does give the possibility to target and track individual devices that are not your own, so there might be some rules against it depending on where you live.
Good idea to create a fake hotspot. Then you would reduce the number of random MAC addresses. However, the result probably would be the same because we compare with the positive hits. Or do I miss something? Maybe you check the "Approximate" library? I mentioned in previous videos.
@@AndreasSpiess No, i meant it as a way to identify the real MAC from an intruder. You'll still get a lot of fake randomized hits, but if a device receives a broadcast from a hotsppt with the same name as known one to wich it previously connected, it will most likely automatically connect to the fake one too, and then you have the real MAC and name of the device
Hi Andreas
Did you record the average current consumption for this?
I'm thinking to make a solar powered version as an 'iminent bus arrival' detector and need to calculate the requirements using your other videos.
Where I am, there is no api relating to public transport, but all the busses on this route do have WiFi access points, with a difference in the SSID for the local and long-distance services. I would extract only the ones I want and act upon them. Obviously, I'd remove the database part of the code.
Thanks
No, I did not make any consumption measurements
What pubsubclient version did you use?
(I used arduinojson 5.13.5 because i saw you say you used version 5.)
Back then, I used a 5.xx version. Just compile and you will see if you get errors.
Thanks Andreas. Excellent video!
Thanks!
How about using BT for presence? There are a lot of BT tags, smart bands and so on that one can use.
Unfortunately, I have no knowledge about Bluetooth and AFAIK the Arduino IDE does not support BT on the ESP32. But definitively a good idea.
Andreas Spiess well... That makes 2 of us not knowing about BT 😀. Esp32 is just an example, in general any BT low energy capable chip could be used to scan for nearby devices.
Excellent commentary on these topics. Thank you
Thanks!
The scanning time for each channel could be reduced to 120 ms to detect signals emmitted every 100 ms. This should be sufficient to detect at least one signal from every device present on a Channel. Speeds up scan by 40%.
Sounds reasonable. Thanks.
Very nice and complete post Andreas. I used this technique on an ESP8266 to detect which family members are at home, just like the Weasley clock from the Harry Potter books.
Thanks for your feeback. Obviously you did a longer test and it worked.
What will happen is a person uses a Hack RF or Blade RF or Xilinx FP-RF to trick such module or jam the network ?
The network will no more be usable around this jammer. And maybe the police will show up.
Sorry I dont understand fully. Is the ESP connected to wifi when it does the sniffing? I have a project which I want to implement this, but I don't want to have to add a second ESP, as my main one needs to host a server.
How would you otherwise know the results? It is transferred via Wi-Fi to node-red
Hi Andreass, i have a question that is probably stupid because I can't find the answer in google: is the orientation of a ESP2866 important for WiFi signal (like upside down vs regular)?
Maybe you Google "polarization". Then you find that it can be important.
@@AndreasSpiess TX i Will search from that Angle (got it :)?) ...
wieder ein sehr interessantes sonntag-morgen-Filmchen !
doch eine Frage zur Vergangenheit... in welchem Film ist das mit "// #include " erklärt also deren Aufbau / Inhalt ... ( habe es leider vergessen ).. muss es jetzt mal selber hier einführen.
thanks
n.
Im vorherigen Video ab 8:46 ruclips.net/video/K28Az3-gV7E/видео.html
+ Norbert: Danke!
I had a similar idea and tried it. Going over the data later, it looked like the numbers of the people during that time frame were inflated. Wasn't sure if this was because I was picking up smartphones from other buildings in our area or if the phones were randomizing their MAC Addresses or what. I wondered if I could filter on RSSI, but from my reading that can be all over the place due to a million different variables, so it's not a good way to calculate distance. Well, either was it's a fun project and it can show trends and such (what times of day there's a crowd). Cool video, I'm going to check out your other stuff too.
Thank you!
What would be a multi-channel device in this size and price category?
I do not know what a multi-channel device is :-(
i have heard about a project done using wifi signal for indoor geopositioning. I wonder if your project can take it to another level by mapping the signal strength to a map and use it for future indoor geo-positioning.
They use different technologies for that (UWB). Normal Wi-Fi cannot be used for location, only to decide if somebody is around.
You deserve my like. It would be good to make a statistic script for it (device counting, decode manufacturera etc)
Thanks for your support.
Github is open for contributions...
Is it possible to get a list of all the mac addresses of the phones near the device ?.
Another question, can this be done also with the nodemcu 8266, or esp32?
Thank you very much.
I think so.
Your videos go beyond temp sensors and the like. Will you ever make a step by step video of how this could be built?
This channel does not address the beginner. There are many other videos out which covers the basics. So, I thought, I do not need to add another ones. But I still hope, most of the people should be able to at least get my projects running. Usually I am also willing to help if questions are asked and I see, that the viewer already tried to solve the problem himself.
None the less I will continue to watch your most interesting videos thank you for taking the time to answer and hopefully I will reach the level needed to carry out your unique projects. It gets old watching how to hook up a temp sensor.
And do not forget to ask if you run into problems! his can speed-up your learning considerably. And speed usually keeps the motivation high...
Love the accent =) Tks again.
You are welcome!
Very interesting video, thanks again Andreas!
You are welcome!
I wonder if you could combine this with the idea of a WiFi Pineapple and just authorize any connection request a device puts out. Theoretically the device will transmit its genuine MAC address and boom, it has bypassed the OS's attempt to hide it.
Very interesting stuff, been watching a lot of your videos and it's helped me understand more of the hardware world (coming from the software side it's great to see what is possible)
I am no security expert. Maybe you try it? I have no WiFi pineapple.
@@AndreasSpiess I don't either, but maybe we could get the module to act like one. Would be a good project, I will look into it one day :) again, thanks for the great content!
10:27 That could be the reason for offering free WiFi everywhere, covering the whole site of a mall, shop, etc. In addition to the data you're directly supplying by surfing in their wifi net, you also provide lots of positional data. It really is 1984 now, but with corporations controlling and observing your every move, instead of a police state. What a time to be alive.
You are right. This is a reason for offering free Wi-Fi
Hi Andreass, thanks for the great video.
I would like to ask you a question.
Can i do the same thing by using smartphone sharing hotspot?
Thank you so much!
I do not think so. Smartphones usually do not offer the needed "monitoring mode"
Fascinating, thank you.
Very best wishes
Arthur
You are welcome. Glad to read that you liked it!
Normally a wi-fi client doesn't send beacons, that is something only properly configured access-points do.
A wi-fi client does send a signal if it is connected to a network and has to respond to something. Or it has to send probe-requests if it isn't connected to a network, but there are saved "hidden" networks.
People can als start access-points on their smart-phone to allow other clients to use its internet-connection. But this inverts the roles, the client becomes an access-point and if properly configured it will send beacons.
A hidden network is, when an access-point doesn't send beacons. Unfortunately this feature is still advertised as some sort of security feature and people propagate this idea because it sounds plausible if you don't understand what is going on. But the result is worse than sending beacons.
The hidden access-point isn't hidden! It has to respond to requests from its clients and this makes the access-point visible again. Therefore there is nothing to win with "hidden" networks. But now all the clients have to always ask for the presence of that saved hidden network, they are now visible too. This feature is a idea with a good intention but failed implementation. It shouldn't be used but unfortunately many people still propagate that it is something "good" and it is still advertised as a security feature.
-Anyways, I saw only the beginning of the video until it was clear that it is just a wi-fi scanner, monitoring mode with automatic channel-switching - i prefer to use the "horst" wi-fi scanner for this on a slightly bigger computer. I will watch the rest of the video later. ;)-
_Edit: I fixed a typo and formatted the last paragraph in __-strike-through-__ because I have seen it now. In a 2nd edit I added the info about what I have edited._
As I mentioned, I do not understand everything. But the sketch discovered messages from my IPhone and labeled it "Beacon" message. That is why I named it like that.
Hi Andreas,
thanks for the great video, i have a question. I would like to send all information (MAC, SSID, CHANNEL and RSSI) together to de MQTT. As it is shown at the start. Is that possible?
if not, is it possible to send the SSID?
Thank you
I do not remember this project well. But you should be able to add any variable to the MQTT string.
I have tried this but using mac address from ble tag, but having a dead end so far, your solution give me a new life. Thanks
You are welcome!
Andreas, the project is very nice, but the cell phone uses a random MAC address now, how can I identify the cell phone?
It only uses random Mac addresses if not connected to your WiFi.
Is there a guide anywhere to make and do this, also can you next them to raspberry pi and search many channels? Thank you for great work
I assume you could do it with a Raspberry Pi, too. But I never tried. Ask Google for "PaxCounter"
Hugely enjoy your videos
Thank you!
Another idea: one can identify the authorized MACs automatically by monitoring as well: each MAC that transmitts regular data frames to the known AP address must have been authenticated before -> this is a family member's device.
Good idea to distinguish between people who know the AP password and which not. Then, you even do not need a database. Unfortunately, So far I do not know how to do that...
Hallo Andi, ein Bekannter verwendet Bluetooth für den selben Zweck. Das wäre wohl mit dem ESP32 auch möglich oder täusche ich mich da? Vielen Dank für die präzisen Infos.
BT wäre natürlich schön, auch als Ergänzung zu WiFi. Die MAC Adressen sind sehr ähnlich (in meinem IPhone), so dass man sie sogar mappen könnte. Aber leider habe ich keine Ahnung von BT und die Arduino IDE unterstützt es noch nicht :-(
Excellent project. I've been using a ping to detect my cell phone on my wifi network in order to auto arm my blink system. I will investigate your approach because the iPhone regularly drops off wifi. My Android provides a reliable ping target.
This might solve this issue. However, I also had to include a "purge" time where the Smartphone is in the database even if it disapeared. As I mentioned, this part is not "realtime".
Andreas, would it be possible to use Obstacle Detection sensor to detect a door opening from about 3 meters if used with a reflective sticker?
Maybe. You have to try.
Question : is it possible to determine a phones Version by getting its mac addresses ?
i know sony, iphones, etc vendors has they'r own digits in they'r mac address , like D0:22:BE:xx:xx:xx is a samsung phone, but can i also determine what version of samsung it is if i collect enough mac addresses ? like if its a Samsung xperia 1 2 or 3 ? etc i been logging mac addresses in my neighborhood for years and studied them, i have a bunch =) is there a public data base for this purpose i can contribute to ?
The first few bytes are reserved for the manufacturers of the chips. You can look them up in databases. But not more (no version, at least not officially).
my polite guess it then that you also do not know of any un-official data base for this either ? i would like to make one., bigger than the one i have with verified phones.
+Quad Derrick No, I do not know one
ok, thanks for reply anyway.
Great video!!! Any chance you have or know where to find the original code by Ray Burnette? That might make it easier for me to follow what's going on here. Thanks. Great stuff - Love your channel!!!
No. It disappeard on my link. Here is a newer implementation of the same principle: github.com/cyberman54/ESP32-Paxcounter
Another good video. I have a special interest in this one since 4 years ago I thought about something similar to detect bandits. I was considering if it was possible to intercept the synchronization signal between a cell phone and the tower. It was just an idea I discussed with a few friends. Nothing more than that. I did not act on it at all due to the lack of detailed technical knowledge in the area and the high probability it was illegal.
Your solution is more elegant but it does depend on wifi being on. Anyway its probably on on most persons phones.
And maybe we get a similar solution for Bluetooth one day...
Yes double the chances. Crime is a serious problem in the Caribbean where I live hence my line of though.
Just to give an idea our 2015 estimate is 30.88 murders per 100k (and it has gone up since that). We were #11 that year. Normally we are in the top 10.
Switzerland is 0.69 murders per 100k. #199. Very very big difference.
That sounds really bad. I always thought you live in a paradise :-(
Weather is great. Tail end of the Caribbean so we do not get hurricanes just heavy rain if they pass close. A cold night here is 24 degrees.
The people are very third world. Everything is based on nepotism and corruption. The systems do not work especially the legal system. Corrupt police and 10 years before someone on a murder charge gets before the courts.
As a direct result the default legal system here is with a gun. Legally its impossible to get a gun. Past English colony so similar laws to the UK. Practically we are next to Venezuela (less than 108 miles by sea) with very porous borders so their military sells direct to our fishermen. The majority of the murders fall into three categories:
1) Young black males fighting for gangs. Lots of rival shootings
2) Business men or others who hide behind the legal system
3) Miscellaneous including relationships gone bad and robberies
Once a person is not within those categories they are generally safe. So I am safe unless I happen to be in the wrong place. Drive by shootings are becoming more prevalent.
Hi, great video. Is it possible to have the esp32 detect only a pre set Wi-Fi MAC address like in the BLE version. I want to use my iPhone but can’t do it on the BLE version.
Maybe you watch the video (again)?
In the last two videos your voice has sounded like there's some kind of audio distortion on it. It has a sort of metallic sound.
I will check it. Thanks.
Maybe he's using a voice modulator?
I get some negative channel in the output, even devices connected to my same network. Any suggestion?
Unfortunately, I cannot do remote debugging :-( .
Would it be better to use a small computer with theses devices like pi or other similar devices.
Not for this reason. They are too expensive for such a simple task.
Fantastic project, thank you.
You are welcome
Very interesting project. Thanks for sharing!
You are welcome!
Very interesting. Thanks for sharing !
You are welcome!
Hi Andreas, many thanks for the video. I also had a similar idea project and found you already did it ;)
Now tricky question, if you use 3 device detectors and use the rssi with triangulation, maybe we can determine roughly the position/movements of the intruder ;)
Just try. I am not convinced because of reflexion
An improvement on this for detection of intruders that could be more reliable than just signal strength...
If a detected device is not associated with any of the known access points in 3 "detection windows". Alert.
Eliminates your neighbours devices.
And gives devices a few moments to associate with an access point.
This then also gets around the random mac issue by identifying it based on behaviours not macs. :)
Good idea. Maybe you try it out?
@@AndreasSpiess definitely on the list of stuff to do :)
Can we also sniff bluetooth devices (bluetooth classic not BLE) using esp32?
No.
Amazing project, thank you very much for sharing this information. However the link to the ArduinoJson lib on your github page seems to be broken. I found ArduinoJson in arduino ide library manager, but which version did you use for this project?
I would use the newest one. They create frequently new versions
@@AndreasSpiess I'm tried to use the newest today, and still is broken
It is easier to install it in the Arduino IDE. Chose version 5.x not 6
Good morning! Great idea to add to my home security network. Thank you!
You are welcome!
Can you do the same using bluetooth? if so you could use both lists to match users.
I do not know enough about BLE to judge.
Excellent!!
Glad you like it!
have doubts with the project how can we contact you?
RUclips is my hobby and I have no time for consulting :-(
@@AndreasSpiess can you please let me know how to connect the device to our node red based automation system
Is this really practical for detection? My guess is there will be many false alarms, especially regarding trying to calibrate proximity. And there are so many wifi enabled devices people have and add to their homes that it would be hard to keep track of them all. However, knowing if a known device/person is home may be helpful for automation tasks.
I agree that the "positive" scenario is easier and maybe more successful
Such technology is built-in to many enterprise Wi-Fi solutions and has been used by major retailers for years.
I think, I mentioned this fact in the video...
Is that voice synthesized? Sounds like it
Yes. I am a ghost ;-)
oh my gosh
@@AndreasSpiess
As usual, very interesting and informative. It may also have solved a problem I encountered yesterday when I was in a shopping mall. I connected to their service but realized I was not connected to my VPN. I connected and after several minutes I was blocked from their network. I don't know much about this topic but based on this video I suspect that the VPN MAC address or some other aspect of the link was recognized and the system automagically blocked me. I will tinker wit his device and perhaps use it to geo-fence my home so that lights turn on or off if my phone approaches the house. Thanks again for a great video.
As a male, I do not know enough about shopping malls to judge ;-)
Good, I would like to know if it is possible to locate the MAC addresses of the phones near the esp8266, but without the need for the devices to be connected to a router.
That is, just by having the wifi activated.
I think this is what was described in this video...
Oh, BTW, would the code work also with the ESP32 like Lolin?
Thanks
I do not know, I did not try.
Hey Andreas Great video!, I was testing the BT functionality of the esp32 in order to send data on small packages without establishing a connection, but due to the early development of the software Im still using esp8266. A long time ago I tested the esp8266 deauthorizer to force the esp to send specific packages... now I see this video, and I wonder...
Is it possible ( well, everything is possible... I mean,,,, ), Do you see any advantage of using a esp8266 to encode specific packages like the bad deautorizer frames but with sensor data, and use this sketch to receive those frames ?
By doing this i think is possible to emulate a "kind of" ble network, where one device is listening to a specific chanel / frame header, and the other device just send that frame+payload and goes back to sleep...
I imagine this will be much faster than establishing a 2 point wifi connection, and you have the mac of the sender as a validation... I see an advantage of this topology in order to make a beacon network that consume less power... what do you think ?
If I remember right Espressif supports a ESP to ESP communication mode, but I never looked into that so far.
Interesting video. I didn't know about Apple's MAC address gen. Thnxs !
You are welcome!
does it also work when the thieves device is already connected to an access point nearby? or only when the smartfone has no connection to any access point/ router?
You mean, if your neighbor is the thief? I assume it works too.
@@AndreasSpiess great :) thanks
Hi might I ask what mqtt server do you use because I did what you said (in my mind) but my esp is ending mqtt connection loop
I use Mosquitto on a Raspberry (There are videos about it on this channel). Did you enter the credentials?
How dumb of me Thank You for the help and keep Your great work going.
I cant found: MQTT_USERNAME, MQTT_KEY ?
Usually it is admin/admin
During my search for a presence detector for my cellphone I came across this project. My requirements are to detect the absence of my cellphone. When I get in the car if I forgot the phone an alarm will go off. My idea is to power an esp32 from the car USB port which is only powered when the car is running. If the phone mac is not detected within a minute then sound an alarm. The esp32 would sleep until the next power cycle. If such project already exists I have not been able to find it. But maybe this presence detector could be adapted unfortunately I have no experience in coding. Looking for any suggestions.
The only suggestion I have is to learn to code ;-)
alsum given me something to think out like the idea thanks for taken the time to make it
You are welcome!
Hi,
What is the battery live with a 18650 ?
Can we make a request to the module to ask the battery level ?
1. I do not know. It uses about 80 mA.
2. The ESP8266 has an analog input which can be used to measure voltages. Just google
I was recently considering logging GSM devices in the vicinity of equipment trailers left overnight.This is much easier.
:-)
Hi there check out xandem tomographic motion detection is it possible to do a DIY version of this sensor
It should be possible to do something. But it is a very niche application and maybe also for larger rooms (the presenter mentioned warehouses)
I am totaly new in Hardware community, can u tell me which device should i buy to build this project???
You should find the needed components in the description and the vide. But maybe you start with easier things. This is not a beginners project
Thx for answer, I have another questions.
A. is this code able to detect phones even if the screen is off??
B. What is the range of promiscuous mode. Can i decrease this range to detecte people they only in room A and not in A + B
Thank you! so much love your videos! perfect and clear explanation
You're very welcome!
Hi Mr. Andreas, what a great and fantastic videos. Can you teach on how to filter out those randomize mac from Iphone or macbook detected in our neighbour because it is very annoying and could not really make it to detect real stranger because their iphone and macbook keep pushing randomize mac. Please help ya...
I do not know how. If you can distinguish between a random and a right number you probably get the Nobel Price ;-)
This can be overcome according to this ruclips.net/video/30Eww40s9D0/видео.html I can't understand it completely but it sounds to me the phone sends fake MAC addresses only when it is looking for new networks, but it will use the real MAC address when it tries to connect to a known network or even when checks for nearby known networks. Sounds like it might put some limitations on the functionality, so you can't really detect any stranger you want.
One of the problems with Apple cloaking MAC addresses is that the excellent Fing network device identifier loses some of its functionality. It still fully works OK with Android devices. Since my iPad is no longer as useful as it used to be, under the latest iOS, plus Apple no longer controls iPad apps with iTunes, I can safely say that I have bought my last Apple device (and I've owned two iPhones, three iPads, and two Macs).
I think, randomizing the MAC address is a good thing for many of us. But as all security measures can make our life a little mor compleicated. I think, Android will follow the Apple route, because privacy issues are less and less accepted by the public.
I don't think STA devices send beacons, they send probes and receive beacons. That said, they still talk on the net, so they can still be seen. You can also see hidden SSIDs.
As I mentioned in my video, I do not completely understand everything. I jus saw messaged the code named "beacon"
Andreas Spiess, the important distinction is you can find all the access points using this method, including ones which do not advertise their SSID. However, you aren’t guaranteed to find devices as they could just listen.
With the WPA2 security hope planned to be announced today, WiFi may be in trouble more generally anyway. After all, it looks like a protocol flaw basically means you may as well not encrypt. Bad news.
I read, that all Smartphone use the active method to discover networks because it seems to be more energy efficient. And the sniffer always discovered my IPhone as well as the Android phone of my coworker...
That is basically true, however you can't detect a malicious sniffer for instance if it never talks. Luckily, getting modern cell phones to never talk means turning the WiFi off basically, which so many people won't basically ever do.
I did not really get the part where you solve the randomized MAC address from an iphone
It cannot be solved. But since the inhabitants usually are connected to Wi-Fi they have no random address. All others are "enemies"
This could also be used to control your central heating, and not turn it on if you or any family member is not at home
I think, this could be a good application.