User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Phone Detecting Anti-Stalker Contraption

Thu Sep 25, 2014 10:34 am

Hello,

I was walking the dog yesterday evening and found myself in a pretty creepy wood. As you do when you're alone in the dark and have been watching too much Midsummer Murders I then started to imagine that someone was watching me or that I was being followed and freaked myself out. So, being a Pi owner, I wondered if there was anything I could build that would help reassure me next time I wander through the woods with my (wimpy, would-run-away-rather-than-help) dog.

So here's my crackpot idea:

- Everyone has a mobile and they've always got Wi-Fi (when was the last time you switched off your phone's Wi-Fi when you left the house?).
- A Pi with a USB Wi-Fi dongle in promiscuous/monitor (I think those are the terms) mode could detect the phones’ periodic 'any open networks?' signals.
- This would let me know if someone was nearby & how long they had been within detection range (i.e. how long have they been stalking me?).

Now, I'm not as paranoid as this post probably makes me seem, but I can't resist trying to get this project to work. I've done a bit of web searching and forum trawling and have got my Pi to detect all the wireless routers in the vicinity (using kismet), but I've had no luck detecting mobiles/tablets/other devices. Obviously I want to do this when my pi is far from any Wi-Fi hotspots so none of the devices will be connected to a network while I'm trying to detect them.

So my questions are:

- Have any of you managed to find a helpful tutorial that I've missed?
- Can anyone make any suggestions on how to detect these items (does kismet refer to them as 'clients')?
- And most importantly, am I missing something that means its not even possible to detect the phones in this way?

Thank you very much!

Gareth
https://github.com/PangolinPaw

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Update

Sun Sep 28, 2014 10:24 am

Here's an update on what I've managed over the weekend:

I found an article/paper on how someone could use a MAC address to identify an individual (http://hal.archives-ouvertes.fr/docs/00 ... alking.pdf), which is sort of the opposite of what I want to do but uses all the same Wi-Fi monitoring techniques.

The authors happened to list the two bits of software they used so I went and found a couple of excellent tutorials on how to install them on the Pi:

Airmon-ng - http://blog.petrilopia.net/linux/raspbe ... kng-suite/

T-shark - http://blog.cvallance.net/?p=212

These work, they display all the wireless routers in range like Kismet, but I'm also getting signals from other things. I think its safe to assume that these are nearby phones and tablets because one of the MAC addresses listed was my mobile.

Next up; use python to collect this information and display it in a more friendly format. ^_^
https://github.com/PangolinPaw

masterdrain
Posts: 36
Joined: Fri Jun 07, 2013 7:44 pm
Location: Isle of Wight

Re: Phone Detecting Anti-Stalker Contraption

Sun Sep 28, 2014 11:13 am

Living in Wiltshire I would be more concered about falling over live ordnance left behind from a training exercise. You probably are being watched - by a bunch of heavily camouflaged sqaddies out on a night exercise!!!!

Does sound a good project though.

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Re: Phone Detecting Anti-Stalker Contraption

Tue Oct 07, 2014 10:48 am

Time for another update:

I really struggled to get t-shark to run from a python program. My grasp of subprocess is fairly rudimentary, but I think I'm getting there.

For the moment, I run t-shark for x seconds, then save the output to a file. I then have a bit of string manipulation going on to extract the bits I want from this output (for example, although its interesting to see the SSID all these devices last connected to, it’s not what I'm after).

Using what is definitely an over-complicated series of steps I find all the signals detected since the last loop, remove any duplicates (many devices seem to send 2 or 3 probe requests in quick succession) and record the time they were detected.

At the moment the end result is a simple display of individual MAC addresses currently in range & the time they were detected on my monitor.

My next move is to store these and compare the addresses in range during loop 1 to those in loop 2, loop 3 etc. so I can see how long an individual has been following me.

I'm only storing individual addresses for the duration my program is running and since the data I'm collecting is openly transmitted and anonymous, I don't think there are no legal implications of analysing it.

Anyone have any insight on this front?
https://github.com/PangolinPaw

broo0ose
Posts: 318
Joined: Wed Dec 14, 2011 3:59 pm
Location: Wirral, UK

Re: Phone Detecting Anti-Stalker Contraption

Tue Oct 14, 2014 4:52 am

It would be fairly easy to look up the manufacturer of the WiFi card by the first characters of the MAC.
That way you could identify Apple devices etc.

You can download the list of manufacturers against OIDs here.
http://standards.ieee.org/develop/regau ... ublic.html

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Re: Phone Detecting Anti-Stalker Contraption

Tue Oct 14, 2014 3:54 pm

broo0ose wrote:It would be fairly easy to look up the manufacturer of the WiFi card by the first characters of the MAC.
That way you could identify Apple devices etc.

You can download the list of manufacturers against OIDs here.
http://standards.ieee.org/develop/regau ... ublic.html
Your right, I had intended to include a means of comparing the MAC address' prefixes with a list of common manufacturers.

As it turns out, t-shark already seems to do this as it returns most addresses with the prefix substituted. I get something like this as its output:

{Apple:E4:67:AB} (that's not a real address, by the way)

In the end I want my device to just tell me how many individual devices there are in range & how long they've been there, probably with a set of LEDs or a small LCD display. I won't be displaying their addresses so I don't really need to bother converting the ones that t-shark doesn't do automatically.

I'm thinking this would be useful for other, more practical things now too. For example, turning off the toaster when both my wife and I have left the house in the morning. This would work because my little program would know what our addresses are & just response when they are detected/not detected for x number of minutes.

I realise this is an unnecessarily complicated way of doing this sort of thing, but I've learned a lot while doing it and I'm having great fun. :D

G
Last edited by PangolinPaws on Fri Nov 21, 2014 10:55 am, edited 1 time in total.
https://github.com/PangolinPaw

toxibunny
Posts: 1382
Joined: Thu Aug 18, 2011 9:21 pm

Re: Phone Detecting Anti-Stalker Contraption

Tue Oct 14, 2014 4:49 pm

I'm in ur thread, following with interest.
note: I may or may not know what I'm talking about...

User avatar
Paul Webster
Posts: 856
Joined: Sat Jul 30, 2011 4:49 am
Location: London, UK

Re: Phone Detecting Anti-Stalker Contraption

Tue Oct 14, 2014 7:55 pm

You could add Bluetooth sensing to detect when your follower is in your shadow!

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Re: Phone Detecting Anti-Stalker Contraption

Mon Oct 20, 2014 10:56 am

Hello again,
You could add Bluetooth sensing to detect when your follower is in your shadow!
That sounds interesting... Do you mean that the Bluetooth, since it's range is shorter, could be used detect when a follower is closing in?

As for my current setup, I've added in 6 LEDs (that I salvaged from one of those solar-powered garden lights)
to indicate how many unique signals are in range. One light turns on for each of up to 5 MAC addresses and the 6th light reassuringly blinks to tell me everything is still running, even if no signals are being detected.

The code also distinguishes between people in range now, those who have been for 1 minute and those that have been following for 2 minutes. The next step is to add a button to my circuitry so that I can toggle between displaying an LED-based output for each of these lists.

I'll also need to find a way to get the program to start and stop with a headless pi. I don't want it to just run at boot, because I generally use the Wi-Fi dongle to connect to the pi via SSH, which isn't possible while it's in the monitor mode needed for my project.

Perhaps that single button I own can be used to start and stop the program as well as toggle between displays... Who'd have thought this ridiculous little idea would get so complicated.

G
Last edited by PangolinPaws on Fri Nov 21, 2014 10:56 am, edited 1 time in total.
https://github.com/PangolinPaw

User avatar
Paul Webster
Posts: 856
Joined: Sat Jul 30, 2011 4:49 am
Location: London, UK

Re: Phone Detecting Anti-Stalker Contraption

Mon Oct 20, 2014 12:25 pm

PangolinPaws wrote: That sounds interesting... Do you mean that the Bluetooth, since it's range is shorter, could be used detect when a follower is closing in?
Yes.
See http://www.raspberrypi.org/forums/viewtopic.php?t=47059 for some general ideas.

User avatar
joan
Posts: 16001
Joined: Thu Jul 05, 2012 5:09 pm
Location: UK

Re: Phone Detecting Anti-Stalker Contraption

Mon Oct 20, 2014 12:36 pm

toxibunny wrote:I'm in ur thread, following with interest.
I was watching toxibunny. Frankly I found his behaviour suspicious. Have you considered buying a braver dog?

oscbex
Posts: 8
Joined: Tue Dec 09, 2014 7:22 pm

Re: Phone Detecting Anti-Stalker Contraption

Tue Dec 09, 2014 7:59 pm

Interesting thread. May I ask what dongle you are using and if you check both 2.4 and 5GHz or just one of them? Do you look for all packets or just probe requests?

Cheers,
Oscar

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Re: Phone Detecting Anti-Stalker Contraption

Wed Dec 10, 2014 9:24 am

oscbex wrote:Interesting thread. May I ask what dongle you are using and if you check both 2.4 and 5GHz or just one of them? Do you look for all packets or just probe requests?

Cheers,
Oscar
Hello,
I'm using this dongle:
https://www.modmypi.com/wireless-usb-1n ... ifi-dongle

I just bought it to SSH to my Pi without having to plug it into my router and only later found that it could work in monitor/promiscuous mode.

It only supports 2.4GHz so I'm stuck only picking up signals at that frequency at the moment.

I have messed around with other packets but figured that probe requests were the only ones that a phone would regularly send when away from a WiFi signal. Of course this means my device is complety useless while you're within range if an open network (i.e anywhere near a coffee shop).

The code is a bit if a mess at the moment and I haven't figured out multi threading yet. Once its reached a state that isn't going to embarass me I'll stick it all on GitHub. I'm pretty sure most people reading this thread could do a better job from the same starting point I had, but never mind!
https://github.com/PangolinPaw

oscbex
Posts: 8
Joined: Tue Dec 09, 2014 7:22 pm

Re: Phone Detecting Anti-Stalker Contraption

Wed Dec 10, 2014 2:49 pm

Thanks!

oscbex
Posts: 8
Joined: Tue Dec 09, 2014 7:22 pm

Re: Phone Detecting Anti-Stalker Contraption

Sat Jan 03, 2015 3:07 am

Hi,
Me again. Have now got a pie and the WLAN USB is on the way. Few questions:

1. Which Linux version did you use? Have googled and found that Kali is made for this kind of stuff but maybe you used something else? I don't really mind, just want it to work.

2. Do you have a script or some java program running to monitor the traffic? Is there something you can share?

3. Other tips/suggestions? I'm a complete rookie to Linux and RPi. Used to program in Java and C++ ages ago, so I don't have a problem reading code and understand how things are related. Any hints are very welcome :-)

Cheers!

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Re: Phone Detecting Anti-Stalker Contraption

Sun Jan 04, 2015 9:52 am

Hello.
oscbex wrote: 1. Which Linux version did you use? Have googled and found that Kali is made for this kind of stuff but maybe you used something else? I don't really mind, just want it to work.
I used Raspbian because it’s what I had already installed on my SD card. At the time I didn't have a spare and hadn't figured out how to make a backup of the image.

You're right about Kali, though. It has all sorts of things like t-shark already included and so would probably make more sense if you were planning on using your Pi for all sorts of security/penetration testing stuff but isn't necessary for just this project.
oscbex wrote: 2. Do you have a script or some java program running to monitor the traffic? Is there something you can share?
T-shark does all the hard work monitoring the signals. My script runs it in the background for 30 seconds, saving the output to a file and then parses that file to analyse and display only what interests me.

I run T-shark with this command:

Code: Select all

tshark -i mon0 -a duration:30 subtype probereq > scan.out
The code I use to extract the MAC addresses from the scan.out file is a bit of a mess (sorry!) and I know now that there are much easier ways to do what it does but I haven't had a chance to go back and change it.

If you want to take a look, I store a backup copy of it all here: https://github.com/PangolinPaw/pangolin ... analyse.py but I'd recommend you take a look at T-shark's output and write your own script to analyse it (especially if you prefer a language other than Python).
oscbex wrote: 3. Other tips/suggestions? I'm a complete rookie to Linux and RPi. Used to program in Java and C++ ages ago, so I don't have a problem reading code and understand how things are related. Any hints are very welcome :-)
I was new to Linux too before getting a Pi and it took me a little while to get my head around the terminal, Google-fu will help you out there.

Other than improving the analyse.py script, the one big thing I would change is the way it scans then analyses then scans again. If you figure out multi-threading and get t-shark working at the same time as analysing and displaying the output it would be much more useful.

Let me know how you get on!
https://github.com/PangolinPaw

oscbex
Posts: 8
Joined: Tue Dec 09, 2014 7:22 pm

Re: Phone Detecting Anti-Stalker Contraption

Sun Jan 04, 2015 2:41 pm

Thanks a lot! I'm not interested in the actual packet content or to do anything with that, only the headers to do a similar thing as you. Noticed yesterday that I ordered the wrong SD card so have to fix a new one before I start off. But if I'm not looking for the analyzing stuff that Kali can offer, would I be able to get the full packet headers with Raspbian and T-shark? I'm interested in getting all packets that I can hear from my broadcast domain (i.e. all clients/APs operating on the same channel that I can hear).

Thanks again. Very good info and I will of course share what I've done if it works later on ;-)

oscbex
Posts: 8
Joined: Tue Dec 09, 2014 7:22 pm

Re: Phone Detecting Anti-Stalker Contraption

Sun Feb 15, 2015 3:59 am

Hi again,
Have now got the Pi up and running and I can do packet captures, but only on channel 1. I use the airmon-ng command to set wlan0 in monitoring mode and it obviously works, but no matter how I try, I can't change the channel number from 1.

The code you shared before was for post-processing data, right? Do you have some RPi commands to share on how you get things up and running?

Cheers!

User avatar
PangolinPaws
Posts: 89
Joined: Wed Mar 05, 2014 9:04 pm
Location: Wiltshire, UK

Re: Phone Detecting Anti-Stalker Contraption

Sun Feb 15, 2015 9:44 am

oscbex wrote:Hi again,
Have now got the Pi up and running and I can do packet captures, but only on channel 1. I use the airmon-ng command to set wlan0 in monitoring mode and it obviously works, but no matter how I try, I can't change the channel number from 1.

The code you shared before was for post-processing data, right? Do you have some RPi commands to share on how you get things up and running?

Cheers!
Hello again!

Its been a while since I tried anything WiFi related so I'm a little hazy on what I did to get it working. However, I know I used T-shark to do the capturing once wlan0 was in monitor mode.

The command I used to start capturing was:

Code: Select all

tshark -i mon0 -a duration:30 subtype probereq > scan.out
That will capture a 30 second snapshot of any probe requests in range and save the details to the file 'scan.out'.

I never tried to change the channel I'm afraid. Try looking into incorporating something like 'channel_number' into that command then running it once for each channel in turn.

Alternatively, Kismet has a channel-hopping feature. You could have it running in the background, hopping between channels every x seconds while T-shark continuously captures packets.
https://github.com/PangolinPaw

oscbex
Posts: 8
Joined: Tue Dec 09, 2014 7:22 pm

Re: Phone Detecting Anti-Stalker Contraption

Sun Feb 15, 2015 8:46 pm

Hi,
The thing with probe requests is that any devices regularly probes on all channels to find relevant networks, so what you're doing works perfectly fine even if you're just sitting on channel 1 all the time. You still see the requests from all clients in the vicinity.

I tried to change channels with airmon-ng but it didn't work. Will check Kismet also when I have time.

Thanks!

Return to “Other projects”