v1.2.6 salting & hashing MACs implemented

2018-03-31 18:17:13 +02:00 · 2018-03-31 18:17:13 +02:00 · 17197b46e4
commit 17197b46e4
parent 27af81ab5c
7 changed files with 20 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -69,7 +69,7 @@ For the LoPy/LoPy4 the original Pycom firmware is not needed here, so there is n

 Note: If you use this software you do this at your own risk. That means that you alone - not the authors of this software - are responsible for the legal compliance of an application using this or build from this software and/or usage of a device created using this software. You should take special care and get prior legal advice if you plan metering passengers in public areas and/or publish data drawn from doing so.

-Disclosure: The Paxcounter code stores scanned MAC adresses in the device's RAM, and keeps it in RAM temporary for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected MAC data is erased from RAM. MAC data never is transferred to the LoRaWAN network. No kind of tracking and no persistent storing of MAC data or timestamps on the device and no other kind of analytics than counting is implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are made visible and scanned by this code. The same applies to Bluetooth MACs, if the bluetooth option in the code is enabled.
+Disclosure: Paxcounter generates identifiers for scanned MAC adresses and keeps it temporary in the device's RAM for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected identifiers are cleared. Identifiers are generated by sniffing, salting and hashing MAC adresses. The salt value changes after each scan cycle. Identifiers and MAC adresses are never  transferred to the LoRaWAN network. No persistent storing of MAC adresses, hashes or timestamps and no other kind of analytics than counting are implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are gathered and hashed by this code. If the bluetooth option in the code is enabled, bluetooth MACs are scanned and processed by the used BLE stack, and counted by this code.

 # Payload format description

--- a/platformio.ini
+++ b/platformio.ini
@ -10,9 +10,9 @@

 ; ---> SELECT TARGET PLATFORM HERE! <---
 [platformio]
-;env_default = heltec_wifi_lora_32
+env_default = heltec_wifi_lora_32
 ;env_default = ttgov1
-env_default = ttgov2
+;env_default = ttgov2
 ;env_default = lopy
 ;env_default = lopy4
 ;env_default = lolin32lite_lora
--- a/src/globals.h
+++ b/src/globals.h
@ -32,7 +32,7 @@ extern configData_t cfg;
 extern uint8_t mydata[];
 extern uint64_t uptimecounter;
 extern osjob_t sendjob;
-extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim;
+extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim, salt;
 extern bool joinstate;
 extern std::set<uint32_t> macs; 

--- a/src/main.cpp
+++ b/src/main.cpp
@ -187,7 +187,7 @@ void wifi_sniffer_loop(void * pvParameters) {

    configASSERT( ( ( uint32_t ) pvParameters ) == 1 ); // FreeRTOS check
    uint8_t channel = 1;
-    int nloop=0, lorawait=0;
+    int nloop=0, lorawait=0, salt = rand() % 256; // random int between 0 and 255 used for salting MAC hashes

  	while (true) {
        nloop++;
@ -219,6 +219,7 @@ void wifi_sniffer_loop(void * pvParameters) {
                macs.clear(); // clear macs container
                macnum = 0;
                u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
+                salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
            }      

            // wait until payload is sent, while wifi scanning and mac counting task continues
--- a/src/main.h
+++ b/src/main.h
@ -1,5 +1,5 @@
 // program version
-#define PROGVERSION                     "1.2.54" // use max 10 chars here!
+#define PROGVERSION                     "1.2.6" // use max 10 chars here!
 #define PROGNAME                        "PAXCNT"

 // Verbose enables serial output
@ -20,7 +20,7 @@
 #define	WIFI_CHANNEL_MAX                13  // total channel number to scan
 #define WIFI_MY_COUNTRY                 "EU"  // for Wifi RF settings
 #define	WIFI_CHANNEL_SWITCH_INTERVAL    50  // [seconds/100] -> 0,5 sec.
-#define WIFI_MAC_FILTER_MASK            0x000000000003 // filter local and group MACs             
+#define WIFI_MAC_FILTER_MASK            0x000000000003 // filter local and group MACs       

 // Default LoRa Spreadfactor
 #define LORASFDEFAULT                   9 // 7 ... 12
--- a/src/rcommand.cpp
+++ b/src/rcommand.cpp
@ -69,6 +69,7 @@ void set_reset(int val) {
            ESP_LOGI(TAG, "Remote command: reset MAC counter");
            macs.clear(); // clear macs container
            macnum = 0;
+            //salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
            u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
            u8x8.clearLine(5);
            u8x8.setCursor(0, 5);
--- a/src/wifisniffer.cpp
+++ b/src/wifisniffer.cpp
@ -73,30 +73,30 @@ void wifi_sniffer_packet_handler(void* buff, wifi_promiscuous_pkt_type_t type) {

 		if ( std::find(vendors.begin(), vendors.end(), vendor2int) != vendors.end() ) {
 #endif
-
-//		if ( addr2int & WIFI_MAC_FILTER_MASK == 0) {
 		
-			// log rssi info for scanned MAC
-			ESP_LOGI(TAG, "WiFi RSSI: %02d", ppkt->rx_ctrl.rssi);
+		if (!(addr2int & WIFI_MAC_FILTER_MASK)) { // filter local and group MACs   

-			// hash MAC, and if new unique one, store hash in container and increment counter on display
+			// alt and hash MAC, and if new unique one, store hash in container and increment counter on display
+			addr2int <<= 8 || salt; // append salt value to MAC before hashing it
 			itoa(addr2int, macbuf, 10); // convert 64 bit MAC to base 10 decimal string
 			hashedmac = rokkit(macbuf, 10); // hash MAC for privacy, use 10 chars to fit in uint32_t container
 			newmac = macs.insert(hashedmac); // store hashed MAC if new unique
 			
-			if (newmac.second) {
+			if (newmac.second) { // first time seen MAC
 				macnum++; // increment MAC counter
 				itoa(macnum, counter, 10); // base 10 decimal counter value
 				u8x8.draw2x2String(0, 0, counter);
-				ESP_LOGI(TAG, "#%04i: MAC %llx -> Hash %u", macnum, addr2int, hashedmac);
+				ESP_LOGI(TAG, "RSSI %04d -> Hash %010u -> #%04i", ppkt->rx_ctrl.rssi, hashedmac, macnum);
 			}
-//		}
+			else // already seen MAC
+				ESP_LOGI(TAG, "RSSI %04d -> already seen", ppkt->rx_ctrl.rssi);
+		}

 #ifdef VENDORFILTER
 		}
 #endif
-	} else {
-		ESP_LOGI(TAG, "Ignoring RSSI %02d (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit );
-	}
+	} else
+		ESP_LOGI(TAG, "RSSI %04d -> ignoring (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit);
+
 	yield();
 }