v1.2.6 salting & hashing MACs implemented

This commit is contained in:
Klaus K Wilting 2018-03-31 18:17:13 +02:00
parent 27af81ab5c
commit 17197b46e4
7 changed files with 20 additions and 18 deletions

View File

@ -69,7 +69,7 @@ For the LoPy/LoPy4 the original Pycom firmware is not needed here, so there is n
Note: If you use this software you do this at your own risk. That means that you alone - not the authors of this software - are responsible for the legal compliance of an application using this or build from this software and/or usage of a device created using this software. You should take special care and get prior legal advice if you plan metering passengers in public areas and/or publish data drawn from doing so.
Disclosure: The Paxcounter code stores scanned MAC adresses in the device's RAM, and keeps it in RAM temporary for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected MAC data is erased from RAM. MAC data never is transferred to the LoRaWAN network. No kind of tracking and no persistent storing of MAC data or timestamps on the device and no other kind of analytics than counting is implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are made visible and scanned by this code. The same applies to Bluetooth MACs, if the bluetooth option in the code is enabled.
Disclosure: Paxcounter generates identifiers for scanned MAC adresses and keeps it temporary in the device's RAM for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected identifiers are cleared. Identifiers are generated by sniffing, salting and hashing MAC adresses. The salt value changes after each scan cycle. Identifiers and MAC adresses are never transferred to the LoRaWAN network. No persistent storing of MAC adresses, hashes or timestamps and no other kind of analytics than counting are implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are gathered and hashed by this code. If the bluetooth option in the code is enabled, bluetooth MACs are scanned and processed by the used BLE stack, and counted by this code.
# Payload format description

View File

@ -10,9 +10,9 @@
; ---> SELECT TARGET PLATFORM HERE! <---
[platformio]
;env_default = heltec_wifi_lora_32
env_default = heltec_wifi_lora_32
;env_default = ttgov1
env_default = ttgov2
;env_default = ttgov2
;env_default = lopy
;env_default = lopy4
;env_default = lolin32lite_lora

View File

@ -32,7 +32,7 @@ extern configData_t cfg;
extern uint8_t mydata[];
extern uint64_t uptimecounter;
extern osjob_t sendjob;
extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim;
extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim, salt;
extern bool joinstate;
extern std::set<uint32_t> macs;

View File

@ -187,7 +187,7 @@ void wifi_sniffer_loop(void * pvParameters) {
configASSERT( ( ( uint32_t ) pvParameters ) == 1 ); // FreeRTOS check
uint8_t channel = 1;
int nloop=0, lorawait=0;
int nloop=0, lorawait=0, salt = rand() % 256; // random int between 0 and 255 used for salting MAC hashes
while (true) {
nloop++;
@ -219,6 +219,7 @@ void wifi_sniffer_loop(void * pvParameters) {
macs.clear(); // clear macs container
macnum = 0;
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
}
// wait until payload is sent, while wifi scanning and mac counting task continues

View File

@ -1,5 +1,5 @@
// program version
#define PROGVERSION "1.2.54" // use max 10 chars here!
#define PROGVERSION "1.2.6" // use max 10 chars here!
#define PROGNAME "PAXCNT"
// Verbose enables serial output
@ -20,7 +20,7 @@
#define WIFI_CHANNEL_MAX 13 // total channel number to scan
#define WIFI_MY_COUNTRY "EU" // for Wifi RF settings
#define WIFI_CHANNEL_SWITCH_INTERVAL 50 // [seconds/100] -> 0,5 sec.
#define WIFI_MAC_FILTER_MASK 0x000000000003 // filter local and group MACs
#define WIFI_MAC_FILTER_MASK 0x000000000003 // filter local and group MACs
// Default LoRa Spreadfactor
#define LORASFDEFAULT 9 // 7 ... 12

View File

@ -69,6 +69,7 @@ void set_reset(int val) {
ESP_LOGI(TAG, "Remote command: reset MAC counter");
macs.clear(); // clear macs container
macnum = 0;
//salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
u8x8.clearLine(5);
u8x8.setCursor(0, 5);

View File

@ -73,30 +73,30 @@ void wifi_sniffer_packet_handler(void* buff, wifi_promiscuous_pkt_type_t type) {
if ( std::find(vendors.begin(), vendors.end(), vendor2int) != vendors.end() ) {
#endif
// if ( addr2int & WIFI_MAC_FILTER_MASK == 0) {
// log rssi info for scanned MAC
ESP_LOGI(TAG, "WiFi RSSI: %02d", ppkt->rx_ctrl.rssi);
if (!(addr2int & WIFI_MAC_FILTER_MASK)) { // filter local and group MACs
// hash MAC, and if new unique one, store hash in container and increment counter on display
// alt and hash MAC, and if new unique one, store hash in container and increment counter on display
addr2int <<= 8 || salt; // append salt value to MAC before hashing it
itoa(addr2int, macbuf, 10); // convert 64 bit MAC to base 10 decimal string
hashedmac = rokkit(macbuf, 10); // hash MAC for privacy, use 10 chars to fit in uint32_t container
newmac = macs.insert(hashedmac); // store hashed MAC if new unique
if (newmac.second) {
if (newmac.second) { // first time seen MAC
macnum++; // increment MAC counter
itoa(macnum, counter, 10); // base 10 decimal counter value
u8x8.draw2x2String(0, 0, counter);
ESP_LOGI(TAG, "#%04i: MAC %llx -> Hash %u", macnum, addr2int, hashedmac);
ESP_LOGI(TAG, "RSSI %04d -> Hash %010u -> #%04i", ppkt->rx_ctrl.rssi, hashedmac, macnum);
}
// }
else // already seen MAC
ESP_LOGI(TAG, "RSSI %04d -> already seen", ppkt->rx_ctrl.rssi);
}
#ifdef VENDORFILTER
}
#endif
} else {
ESP_LOGI(TAG, "Ignoring RSSI %02d (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit );
}
} else
ESP_LOGI(TAG, "RSSI %04d -> ignoring (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit);
yield();
}