v1.2.6 salting & hashing MACs implemented

This commit is contained in:
Klaus K Wilting 2018-03-31 18:17:13 +02:00
parent 27af81ab5c
commit 17197b46e4
7 changed files with 20 additions and 18 deletions

View File

@ -69,7 +69,7 @@ For the LoPy/LoPy4 the original Pycom firmware is not needed here, so there is n
Note: If you use this software you do this at your own risk. That means that you alone - not the authors of this software - are responsible for the legal compliance of an application using this or build from this software and/or usage of a device created using this software. You should take special care and get prior legal advice if you plan metering passengers in public areas and/or publish data drawn from doing so. Note: If you use this software you do this at your own risk. That means that you alone - not the authors of this software - are responsible for the legal compliance of an application using this or build from this software and/or usage of a device created using this software. You should take special care and get prior legal advice if you plan metering passengers in public areas and/or publish data drawn from doing so.
Disclosure: The Paxcounter code stores scanned MAC adresses in the device's RAM, and keeps it in RAM temporary for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected MAC data is erased from RAM. MAC data never is transferred to the LoRaWAN network. No kind of tracking and no persistent storing of MAC data or timestamps on the device and no other kind of analytics than counting is implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are made visible and scanned by this code. The same applies to Bluetooth MACs, if the bluetooth option in the code is enabled. Disclosure: Paxcounter generates identifiers for scanned MAC adresses and keeps it temporary in the device's RAM for a configurable scan cycle time (default 240 seconds). After each scan cycle the collected identifiers are cleared. Identifiers are generated by sniffing, salting and hashing MAC adresses. The salt value changes after each scan cycle. Identifiers and MAC adresses are never transferred to the LoRaWAN network. No persistent storing of MAC adresses, hashes or timestamps and no other kind of analytics than counting are implemented in this code. Wireless networks are not touched by this code, but MAC adresses from wireless devices as well within as not within wireless networks, regardless if encrypted or unencrypted, are gathered and hashed by this code. If the bluetooth option in the code is enabled, bluetooth MACs are scanned and processed by the used BLE stack, and counted by this code.
# Payload format description # Payload format description

View File

@ -10,9 +10,9 @@
; ---> SELECT TARGET PLATFORM HERE! <--- ; ---> SELECT TARGET PLATFORM HERE! <---
[platformio] [platformio]
;env_default = heltec_wifi_lora_32 env_default = heltec_wifi_lora_32
;env_default = ttgov1 ;env_default = ttgov1
env_default = ttgov2 ;env_default = ttgov2
;env_default = lopy ;env_default = lopy
;env_default = lopy4 ;env_default = lopy4
;env_default = lolin32lite_lora ;env_default = lolin32lite_lora

View File

@ -32,7 +32,7 @@ extern configData_t cfg;
extern uint8_t mydata[]; extern uint8_t mydata[];
extern uint64_t uptimecounter; extern uint64_t uptimecounter;
extern osjob_t sendjob; extern osjob_t sendjob;
extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim; extern int macnum, blenum, countermode, screensaver, adrmode, lorasf, txpower, rlim, salt;
extern bool joinstate; extern bool joinstate;
extern std::set<uint32_t> macs; extern std::set<uint32_t> macs;

View File

@ -187,7 +187,7 @@ void wifi_sniffer_loop(void * pvParameters) {
configASSERT( ( ( uint32_t ) pvParameters ) == 1 ); // FreeRTOS check configASSERT( ( ( uint32_t ) pvParameters ) == 1 ); // FreeRTOS check
uint8_t channel = 1; uint8_t channel = 1;
int nloop=0, lorawait=0; int nloop=0, lorawait=0, salt = rand() % 256; // random int between 0 and 255 used for salting MAC hashes
while (true) { while (true) {
nloop++; nloop++;
@ -219,6 +219,7 @@ void wifi_sniffer_loop(void * pvParameters) {
macs.clear(); // clear macs container macs.clear(); // clear macs container
macnum = 0; macnum = 0;
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
} }
// wait until payload is sent, while wifi scanning and mac counting task continues // wait until payload is sent, while wifi scanning and mac counting task continues

View File

@ -1,5 +1,5 @@
// program version // program version
#define PROGVERSION "1.2.54" // use max 10 chars here! #define PROGVERSION "1.2.6" // use max 10 chars here!
#define PROGNAME "PAXCNT" #define PROGNAME "PAXCNT"
// Verbose enables serial output // Verbose enables serial output

View File

@ -69,6 +69,7 @@ void set_reset(int val) {
ESP_LOGI(TAG, "Remote command: reset MAC counter"); ESP_LOGI(TAG, "Remote command: reset MAC counter");
macs.clear(); // clear macs container macs.clear(); // clear macs container
macnum = 0; macnum = 0;
//salt = rand() % 256; // get new random int between 0 and 255 for salting MAC hashes
u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter
u8x8.clearLine(5); u8x8.clearLine(5);
u8x8.setCursor(0, 5); u8x8.setCursor(0, 5);

View File

@ -74,29 +74,29 @@ void wifi_sniffer_packet_handler(void* buff, wifi_promiscuous_pkt_type_t type) {
if ( std::find(vendors.begin(), vendors.end(), vendor2int) != vendors.end() ) { if ( std::find(vendors.begin(), vendors.end(), vendor2int) != vendors.end() ) {
#endif #endif
// if ( addr2int & WIFI_MAC_FILTER_MASK == 0) { if (!(addr2int & WIFI_MAC_FILTER_MASK)) { // filter local and group MACs
// log rssi info for scanned MAC // alt and hash MAC, and if new unique one, store hash in container and increment counter on display
ESP_LOGI(TAG, "WiFi RSSI: %02d", ppkt->rx_ctrl.rssi); addr2int <<= 8 || salt; // append salt value to MAC before hashing it
// hash MAC, and if new unique one, store hash in container and increment counter on display
itoa(addr2int, macbuf, 10); // convert 64 bit MAC to base 10 decimal string itoa(addr2int, macbuf, 10); // convert 64 bit MAC to base 10 decimal string
hashedmac = rokkit(macbuf, 10); // hash MAC for privacy, use 10 chars to fit in uint32_t container hashedmac = rokkit(macbuf, 10); // hash MAC for privacy, use 10 chars to fit in uint32_t container
newmac = macs.insert(hashedmac); // store hashed MAC if new unique newmac = macs.insert(hashedmac); // store hashed MAC if new unique
if (newmac.second) { if (newmac.second) { // first time seen MAC
macnum++; // increment MAC counter macnum++; // increment MAC counter
itoa(macnum, counter, 10); // base 10 decimal counter value itoa(macnum, counter, 10); // base 10 decimal counter value
u8x8.draw2x2String(0, 0, counter); u8x8.draw2x2String(0, 0, counter);
ESP_LOGI(TAG, "#%04i: MAC %llx -> Hash %u", macnum, addr2int, hashedmac); ESP_LOGI(TAG, "RSSI %04d -> Hash %010u -> #%04i", ppkt->rx_ctrl.rssi, hashedmac, macnum);
}
else // already seen MAC
ESP_LOGI(TAG, "RSSI %04d -> already seen", ppkt->rx_ctrl.rssi);
} }
// }
#ifdef VENDORFILTER #ifdef VENDORFILTER
} }
#endif #endif
} else { } else
ESP_LOGI(TAG, "Ignoring RSSI %02d (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit ); ESP_LOGI(TAG, "RSSI %04d -> ignoring (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit);
}
yield(); yield();
} }