v1.2.6 salting & hashing MACs implemented
This commit is contained in:
parent
27af81ab5c
commit
17197b46e4
@ -69,7 +69,7 @@ For the LoPy/LoPy4 the original Pycom firmware is not needed here, so there is n
|
|||||||
|
|
||||||
Note: If you use this software you do this at your own risk. That means that you alone - not the authors of this software - are responsible for the legal compliance of an application using this or build from this software and/or usage of a device created using this software. You should take special care and get prior legal advice if you plan metering passengers in public areas and/or publish data drawn from doing so.
|
Note: If you use this software you do this at your own risk. That means that you alone - not the authors of this software - are responsible for the legal compliance of an application using this or build from this software and/or usage of a device created using this software. You should take special care and get prior legal advice if you plan metering passengers in public areas and/or publish data drawn from doing so.
|
||||||
|
|
||||||
Disclosure: The Paxcounter code stores scanned MAC adresses in the device's RAM, and keeps it in RAM temporary for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected MAC data is erased from RAM. MAC data never is transferred to the LoRaWAN network. No kind of tracking and no persistent storing of MAC data or timestamps on the device and no other kind of analytics than counting is implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are made visible and scanned by this code. The same applies to Bluetooth MACs, if the bluetooth option in the code is enabled.
|
Disclosure: Paxcounter generates identifiers for scanned MAC adresses and keeps it temporary in the device's RAM for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected identifiers are cleared. Identifiers are generated by sniffing, salting and hashing MAC adresses. The salt value changes after each scan cycle. Identifiers and MAC adresses are never transferred to the LoRaWAN network. No persistent storing of MAC adresses, hashes or timestamps and no other kind of analytics than counting are implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are gathered and hashed by this code. If the bluetooth option in the code is enabled, bluetooth MACs are scanned and processed by the used BLE stack, and counted by this code.
|
||||||
|
|
||||||
# Payload format description
|
# Payload format description
|
||||||
|
|
||||||
|
@ -10,9 +10,9 @@
|
|||||||
|
|
||||||
; ---> SELECT TARGET PLATFORM HERE! <---
|
; ---> SELECT TARGET PLATFORM HERE! <---
|
||||||
[platformio]
|
[platformio]
|
||||||
;env_default = heltec_wifi_lora_32
|
env_default = heltec_wifi_lora_32
|
||||||
;env_default = ttgov1
|
;env_default = ttgov1
|
||||||
env_default = ttgov2
|
;env_default = ttgov2
|
||||||
;env_default = lopy
|
;env_default = lopy
|
||||||
;env_default = lopy4
|
;env_default = lopy4
|
||||||
;env_default = lolin32lite_lora
|
;env_default = lolin32lite_lora
|
||||||
|
@ -32,7 +32,7 @@ extern configData_t cfg;
|
|||||||
extern uint8_t mydata[];
|
extern uint8_t mydata[];
|
||||||
extern uint64_t uptimecounter;
|
extern uint64_t uptimecounter;
|
||||||
extern osjob_t sendjob;
|
extern osjob_t sendjob;
|
||||||
extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim;
|
extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim, salt;
|
||||||
extern bool joinstate;
|
extern bool joinstate;
|
||||||
extern std::set<uint32_t> macs;
|
extern std::set<uint32_t> macs;
|
||||||
|
|
||||||
|
@ -187,7 +187,7 @@ void wifi_sniffer_loop(void * pvParameters) {
|
|||||||
|
|
||||||
configASSERT( ( ( uint32_t ) pvParameters ) == 1 ); // FreeRTOS check
|
configASSERT( ( ( uint32_t ) pvParameters ) == 1 ); // FreeRTOS check
|
||||||
uint8_t channel = 1;
|
uint8_t channel = 1;
|
||||||
int nloop=0, lorawait=0;
|
int nloop=0, lorawait=0, salt = rand() % 256; // random int between 0 and 255 used for salting MAC hashes
|
||||||
|
|
||||||
while (true) {
|
while (true) {
|
||||||
nloop++;
|
nloop++;
|
||||||
@ -219,6 +219,7 @@ void wifi_sniffer_loop(void * pvParameters) {
|
|||||||
macs.clear(); // clear macs container
|
macs.clear(); // clear macs container
|
||||||
macnum = 0;
|
macnum = 0;
|
||||||
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
|
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
|
||||||
|
salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
|
||||||
}
|
}
|
||||||
|
|
||||||
// wait until payload is sent, while wifi scanning and mac counting task continues
|
// wait until payload is sent, while wifi scanning and mac counting task continues
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
// program version
|
// program version
|
||||||
#define PROGVERSION "1.2.54" // use max 10 chars here!
|
#define PROGVERSION "1.2.6" // use max 10 chars here!
|
||||||
#define PROGNAME "PAXCNT"
|
#define PROGNAME "PAXCNT"
|
||||||
|
|
||||||
// Verbose enables serial output
|
// Verbose enables serial output
|
||||||
|
@ -69,6 +69,7 @@ void set_reset(int val) {
|
|||||||
ESP_LOGI(TAG, "Remote command: reset MAC counter");
|
ESP_LOGI(TAG, "Remote command: reset MAC counter");
|
||||||
macs.clear(); // clear macs container
|
macs.clear(); // clear macs container
|
||||||
macnum = 0;
|
macnum = 0;
|
||||||
|
//salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
|
||||||
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
|
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
|
||||||
u8x8.clearLine(5);
|
u8x8.clearLine(5);
|
||||||
u8x8.setCursor(0, 5);
|
u8x8.setCursor(0, 5);
|
||||||
|
@ -74,29 +74,29 @@ void wifi_sniffer_packet_handler(void* buff, wifi_promiscuous_pkt_type_t type) {
|
|||||||
if ( std::find(vendors.begin(), vendors.end(), vendor2int) != vendors.end() ) {
|
if ( std::find(vendors.begin(), vendors.end(), vendor2int) != vendors.end() ) {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// if ( addr2int & WIFI_MAC_FILTER_MASK == 0) {
|
if (!(addr2int & WIFI_MAC_FILTER_MASK)) { // filter local and group MACs
|
||||||
|
|
||||||
// log rssi info for scanned MAC
|
// alt and hash MAC, and if new unique one, store hash in container and increment counter on display
|
||||||
ESP_LOGI(TAG, "WiFi RSSI: %02d", ppkt->rx_ctrl.rssi);
|
addr2int <<= 8 || salt; // append salt value to MAC before hashing it
|
||||||
|
|
||||||
// hash MAC, and if new unique one, store hash in container and increment counter on display
|
|
||||||
itoa(addr2int, macbuf, 10); // convert 64 bit MAC to base 10 decimal string
|
itoa(addr2int, macbuf, 10); // convert 64 bit MAC to base 10 decimal string
|
||||||
hashedmac = rokkit(macbuf, 10); // hash MAC for privacy, use 10 chars to fit in uint32_t container
|
hashedmac = rokkit(macbuf, 10); // hash MAC for privacy, use 10 chars to fit in uint32_t container
|
||||||
newmac = macs.insert(hashedmac); // store hashed MAC if new unique
|
newmac = macs.insert(hashedmac); // store hashed MAC if new unique
|
||||||
|
|
||||||
if (newmac.second) {
|
if (newmac.second) { // first time seen MAC
|
||||||
macnum++; // increment MAC counter
|
macnum++; // increment MAC counter
|
||||||
itoa(macnum, counter, 10); // base 10 decimal counter value
|
itoa(macnum, counter, 10); // base 10 decimal counter value
|
||||||
u8x8.draw2x2String(0, 0, counter);
|
u8x8.draw2x2String(0, 0, counter);
|
||||||
ESP_LOGI(TAG, "#%04i: MAC %llx -> Hash %u", macnum, addr2int, hashedmac);
|
ESP_LOGI(TAG, "RSSI %04d -> Hash %010u -> #%04i", ppkt->rx_ctrl.rssi, hashedmac, macnum);
|
||||||
|
}
|
||||||
|
else // already seen MAC
|
||||||
|
ESP_LOGI(TAG, "RSSI %04d -> already seen", ppkt->rx_ctrl.rssi);
|
||||||
}
|
}
|
||||||
// }
|
|
||||||
|
|
||||||
#ifdef VENDORFILTER
|
#ifdef VENDORFILTER
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else
|
||||||
ESP_LOGI(TAG, "Ignoring RSSI %02d (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit );
|
ESP_LOGI(TAG, "RSSI %04d -> ignoring (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit);
|
||||||
}
|
|
||||||
yield();
|
yield();
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user