From 327aaf46f8a0775d5a7ca4d7aae6ba1297a65430 Mon Sep 17 00:00:00 2001 From: Charles Date: Wed, 4 Apr 2018 12:39:40 +0200 Subject: [PATCH 1/6] created centralized function salt_reset() --- src/globals.h | 2 +- src/macsniff.h | 1 + src/main.cpp | 7 ++++--- src/rcommand.cpp | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/globals.h b/src/globals.h index 56d6b669..396f7fa9 100644 --- a/src/globals.h +++ b/src/globals.h @@ -44,7 +44,7 @@ extern configData_t cfg; extern uint8_t mydata[]; extern uint64_t uptimecounter; extern osjob_t sendjob; -extern int countermode, screensaver, adrmode, lorasf, txpower, rlim, salt; +extern int countermode, screensaver, adrmode, lorasf, txpower, rlim; extern bool joinstate; extern std::set wifis; extern std::set macs; diff --git a/src/macsniff.h b/src/macsniff.h index 423c62b8..fb00cd6d 100644 --- a/src/macsniff.h +++ b/src/macsniff.h @@ -19,6 +19,7 @@ typedef struct { uint8_t payload[0]; /* network data ended with 4 bytes csum (CRC32) */ } wifi_ieee80211_packet_t; +uint16_t salt_reset(void); void BLECount(); void wifi_sniffer_init(void); void wifi_sniffer_set_channel(uint8_t channel); diff --git a/src/main.cpp b/src/main.cpp index 63eb4f2a..0a4c2084 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -30,6 +30,7 @@ Refer to LICENSE.txt file in repository for more details. // OLED driver #include +#include // Does nothing and avoid any compilation error with I2C // LMIC-Arduino LoRaWAN Stack #include "loraconf.h" @@ -45,7 +46,7 @@ configData_t cfg; // struct holds current device configuration osjob_t sendjob, initjob; // LMIC // Initialize global variables -int macnum = 0, salt; +int macnum = 0; uint64_t uptimecounter = 0; bool joinstate = false; @@ -291,7 +292,7 @@ void wifi_sniffer_loop(void * pvParameters) { #ifdef BLECOUNTER bles.clear(); // clear BLE macs counter #endif - salt = random(65536); // get new 16bit random for salting hashes + salt_reset(); // get new salt for salting hashes u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter } @@ -489,7 +490,7 @@ wifi_sniffer_init(); // setup wifi in monitor mode and start MAC counting // initialize salt value using esp_random() called by random() in arduino-esp32 core // note: do this *after* wifi has started, since gets it's seed from RF noise -salt = random(65536); // get new 16bit random for salting hashes +salt_reset(); // get new 16bit for salting hashes // Start FreeRTOS tasks #if CONFIG_FREERTOS_UNICORE // run all tasks on core 0 and switch off core 1 diff --git a/src/rcommand.cpp b/src/rcommand.cpp index 09d813fc..2e9ea33c 100644 --- a/src/rcommand.cpp +++ b/src/rcommand.cpp @@ -70,7 +70,7 @@ void set_reset(int val) { macs.clear(); // clear all macs container wifis.clear(); // clear Wifi macs container bles.clear(); // clear BLE macs container - salt = random(65536); // get new 16bit random for salting hashes + salt_reset(); // get new 16bit salt u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter u8x8.clearLine(5); u8x8.setCursor(0, 5); From 8ca6e7b024f196727a56f98576cac84df0804a9f Mon Sep 17 00:00:00 2001 From: Charles Date: Wed, 4 Apr 2018 12:45:31 +0200 Subject: [PATCH 2/6] Optimized salt and hash --- src/macsniff.cpp | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/src/macsniff.cpp b/src/macsniff.cpp index 3b217135..1cf6786f 100644 --- a/src/macsniff.cpp +++ b/src/macsniff.cpp @@ -22,20 +22,26 @@ static const char *TAG = "macsniff"; static wifi_country_t wifi_country = {.cc=WIFI_MY_COUNTRY, .schan=WIFI_CHANNEL_MIN, .nchan=WIFI_CHANNEL_MAX, .policy=WIFI_COUNTRY_POLICY_MANUAL}; uint16_t currentScanDevice = 0; +uint16_t salt; + +uint16_t salt_reset(void) { + salt = random(65536); // get new 16bit random for salting hashes + return salt; +} bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { char counter [6]; // uint16_t -> 2 byte -> 5 decimals + '0' terminator -> 6 chars - char macbuf [21]; // uint64_t -> 8 byte -> 20 decimals + '0' terminator -> 21 chars + char macbuf [17]; // uint64_t -> 8 byte -> 16 hexadecimals + '0' terminator -> 17 chars char typebuff[8]; bool added = false; - uint64_t addr2int; + uint32_t addr2int; uint32_t vendor2int; uint16_t hashedmac; std::pair::iterator, bool> newmac; - addr2int = ( (uint64_t)paddr[0] ) | ( (uint64_t)paddr[1] << 8 ) | ( (uint64_t)paddr[2] << 16 ) | \ - ( (uint64_t)paddr[3] << 24 ) | ( (uint64_t)paddr[4] << 32 ) | ( (uint64_t)paddr[5] << 40 ); + // Only last 3 MAC Address bytes are used bay MAC Address Anonymization + addr2int = ( (uint32_t)paddr[3] ) | ( (uint32_t)paddr[4] << 8 ) | ( (uint32_t)paddr[5] << 16 ); #ifdef VENDORFILTER vendor2int = ( (uint32_t)paddr[2] ) | ( (uint32_t)paddr[1] << 8 ) | ( (uint32_t)paddr[0] << 16 ); @@ -46,8 +52,8 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { // salt and hash MAC, and if new unique one, store identifier in container and increment counter on display // https://en.wikipedia.org/wiki/MAC_Address_Anonymization - addr2int |= (uint64_t) salt << 48; // prepend 16-bit salt to 48-bit MAC - snprintf(macbuf, 21, "%llx", addr2int); // convert unsigned 64-bit salted MAC to 16 digit hex string + addr2int += (uint32_t) salt << 16; // add 16-bit salt to 24-bit MAC + snprintf(macbuf, sizeof(macbuf), "%08X", addr2int); // convert unsigned 32-bit salted MAC to 8 digit hex string hashedmac = rokkit(macbuf, 5); // hash MAC string, use 5 chars to fit hash in uint16_t container newmac = macs.insert(hashedmac); // add hashed MAC to total container if new unique added = newmac.second; // true if hashed MAC is unique in container @@ -65,11 +71,12 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { } if (added) { // first time seen this WIFI or BLE MAC - snprintf(counter, 6, "%i", macs.size()); // convert 16-bit MAC counter to decimal counter value + snprintf(counter, sizeof(counter), "%d", (int) macs.size()); // convert 16-bit MAC counter to decimal counter value u8x8.draw2x2String(0, 0, counter); // display number on unique macs total Wifi + BLE - ESP_LOGI(TAG, "%s RSSI %04d -> Hash %04x -> counted #%05i", typebuff, rssi, hashedmac, macs.size()); + ESP_LOGI(TAG, "%s RSSI %4d -> Hash %04X -> counted #%d", typebuff, rssi, hashedmac, (int) macs.size()); + ESP_LOGI(TAG, "%s Counted WiFi #%d : BLE #%d", typebuff, (int) wifis.size(), (int) bles.size()); } else { // already seen WIFI or BLE MAC - ESP_LOGI(TAG, "%s RSSI %04d -> Hash %04x -> already seen", typebuff, rssi, hashedmac); + ESP_LOGI(TAG, "%s RSSI %4d -> Hash %04X -> already seen", typebuff, rssi, hashedmac); } #ifdef VENDORFILTER From eef19c581b4b8a24e063f25e5097c61be30dacfa Mon Sep 17 00:00:00 2001 From: Charles Date: Wed, 4 Apr 2018 14:22:15 +0200 Subject: [PATCH 3/6] Cosmetic OLED display --- src/main.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/main.cpp b/src/main.cpp index 0a4c2084..4ca11419 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -271,11 +271,11 @@ void wifi_sniffer_loop(void * pvParameters) { wifi_sniffer_set_channel(channel); ESP_LOGI(TAG, "Wifi set channel %d", channel); u8x8.setCursor(0,5); - u8x8.printf(!cfg.rssilimit ? "RLIM: off" : "RLIM: %4i", cfg.rssilimit); + u8x8.printf(!cfg.rssilimit ? "RLIM: off" : "RLIM: %d", cfg.rssilimit); u8x8.setCursor(11,5); u8x8.printf("ch:%02i", channel); u8x8.setCursor(0,4); - u8x8.printf("MAC#: %-5i", wifis.size()); + u8x8.printf("MAC#: %-5d", (int) wifis.size()); // duration of one wifi scan loop reached? then send data and begin new scan cycle if( nloop >= ( (100 / cfg.wifichancycle) * (cfg.wifiscancycle * 2)) +1 ) { @@ -293,7 +293,8 @@ void wifi_sniffer_loop(void * pvParameters) { bles.clear(); // clear BLE macs counter #endif salt_reset(); // get new salt for salting hashes - u8x8.clearLine(0); u8x8.clearLine(1); // clear Display counter + u8x8.clearLine(0); // clear Display counter + u8x8.clearLine(1); } // wait until payload is sent, while wifi scanning and mac counting task continues @@ -476,7 +477,7 @@ void setup() { init_display(PROGNAME, PROGVERSION); u8x8.setPowerSave(!cfg.screenon); // set display off if disabled u8x8.setCursor(0,5); - u8x8.printf(!cfg.rssilimit ? "RLIM: off" : "RLIM: %4i", cfg.rssilimit); + u8x8.printf(!cfg.rssilimit ? "RLIM: off" : "RLIM: %d", cfg.rssilimit); u8x8.drawString(0,6,"Join Wait "); // output LoRaWAN keys to console From 204b91237c7d02b10bbe3f9ef1bf5a919b6f5ee2 Mon Sep 17 00:00:00 2001 From: Charles Date: Wed, 4 Apr 2018 14:23:02 +0200 Subject: [PATCH 4/6] optimized newnac --- src/macsniff.cpp | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/src/macsniff.cpp b/src/macsniff.cpp index 1cf6786f..312d8d9b 100644 --- a/src/macsniff.cpp +++ b/src/macsniff.cpp @@ -38,7 +38,6 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { uint32_t addr2int; uint32_t vendor2int; uint16_t hashedmac; - std::pair::iterator, bool> newmac; // Only last 3 MAC Address bytes are used bay MAC Address Anonymization addr2int = ( (uint32_t)paddr[3] ) | ( (uint32_t)paddr[4] << 8 ) | ( (uint32_t)paddr[5] << 16 ); @@ -55,17 +54,17 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { addr2int += (uint32_t) salt << 16; // add 16-bit salt to 24-bit MAC snprintf(macbuf, sizeof(macbuf), "%08X", addr2int); // convert unsigned 32-bit salted MAC to 8 digit hex string hashedmac = rokkit(macbuf, 5); // hash MAC string, use 5 chars to fit hash in uint16_t container - newmac = macs.insert(hashedmac); // add hashed MAC to total container if new unique - added = newmac.second; // true if hashed MAC is unique in container + auto newmac = macs.insert(hashedmac); // add hashed MAC to total container if new unique + added = newmac.second ? true:false; // true if hashed MAC is unique in container if (sniff_type == MAC_SNIFF_WIFI ) { rgb_set_color(COLOR_GREEN); - newmac = wifis.insert(hashedmac); // add hashed MAC to wifi container if new unique + wifis.insert(hashedmac); // add hashed MAC to wifi container if new unique strcpy(typebuff, "WiFi"); rgb_set_color(COLOR_NONE); } else if (sniff_type == MAC_SNIFF_BLE ) { rgb_set_color(COLOR_MAGENTA); - newmac = bles.insert(hashedmac); // add hashed MAC to BLE container if new unique + bles.insert(hashedmac); // add hashed MAC to BLE container if new unique strcpy(typebuff, "BLE "); rgb_set_color(COLOR_NONE); } @@ -73,10 +72,11 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { if (added) { // first time seen this WIFI or BLE MAC snprintf(counter, sizeof(counter), "%d", (int) macs.size()); // convert 16-bit MAC counter to decimal counter value u8x8.draw2x2String(0, 0, counter); // display number on unique macs total Wifi + BLE - ESP_LOGI(TAG, "%s RSSI %4d -> Hash %04X -> counted #%d", typebuff, rssi, hashedmac, (int) macs.size()); - ESP_LOGI(TAG, "%s Counted WiFi #%d : BLE #%d", typebuff, (int) wifis.size(), (int) bles.size()); + ESP_LOGI(TAG, "%s RSSI %d -> Hash %04X -> WiFi:%d BLE:%d Tot:%d", + typebuff, rssi, hashedmac, + (int) wifis.size(), (int) bles.size(), (int) macs.size()); } else { // already seen WIFI or BLE MAC - ESP_LOGI(TAG, "%s RSSI %4d -> Hash %04X -> already seen", typebuff, rssi, hashedmac); + ESP_LOGI(TAG, "%s RSSI %d -> Hash %04X -> already seen", typebuff, rssi, hashedmac); } #ifdef VENDORFILTER @@ -106,7 +106,6 @@ class MyAdvertisedDeviceCallbacks: public BLEAdvertisedDeviceCallbacks { void BLECount() { ESP_LOGI(TAG, "BLE scan started"); - int blenum = 0; // Total device seen on this scan session currentScanDevice = 0; // Set 0 seen device on this scan session u8x8.clearLine(3); u8x8.drawString(0,3,"BLE Scan..."); @@ -115,11 +114,11 @@ void BLECount() { pBLEScan->setAdvertisedDeviceCallbacks(new MyAdvertisedDeviceCallbacks()); pBLEScan->setActiveScan(true); //active scan uses more power, but get results faster BLEScanResults foundDevices = pBLEScan->start(cfg.blescantime); - blenum=foundDevices.getCount(); + int blenum=foundDevices.getCount(); + ESP_LOGI(TAG, "BLE scan done, seen %d device(s)", blenum); u8x8.clearLine(3); u8x8.setCursor(0,3); - u8x8.printf("BLE#: %-5i %-3i",bles.size(), blenum); - ESP_LOGI(TAG, "BLE scan done"); + u8x8.printf("BLE#: %-4d %d", (int) bles.size(), currentScanDevice); } #endif @@ -149,7 +148,7 @@ void wifi_sniffer_packet_handler(void* buff, wifi_promiscuous_pkt_type_t type) { uint8_t *p = (uint8_t *) hdr->addr2; mac_add(p, ppkt->rx_ctrl.rssi, MAC_SNIFF_WIFI) ; } else { - ESP_LOGI(TAG, "WiFi RSSI %04d -> ignoring (limit: %i)", ppkt->rx_ctrl.rssi, cfg.rssilimit); + ESP_LOGI(TAG, "WiFi RSSI %d -> ignoring (limit: %d)", ppkt->rx_ctrl.rssi, cfg.rssilimit); } yield(); } From 334a23a8e2ae7c8e269b5a12a016ef3537339940 Mon Sep 17 00:00:00 2001 From: Charles Date: Wed, 4 Apr 2018 14:27:36 +0200 Subject: [PATCH 5/6] Avoid buffer overflow --- src/macsniff.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/macsniff.cpp b/src/macsniff.cpp index 312d8d9b..f40711c8 100644 --- a/src/macsniff.cpp +++ b/src/macsniff.cpp @@ -70,7 +70,7 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { } if (added) { // first time seen this WIFI or BLE MAC - snprintf(counter, sizeof(counter), "%d", (int) macs.size()); // convert 16-bit MAC counter to decimal counter value + snprintf(counter, sizeof(counter), "%d", (uint16_t) macs.size()); // convert 16-bit MAC counter to decimal counter value u8x8.draw2x2String(0, 0, counter); // display number on unique macs total Wifi + BLE ESP_LOGI(TAG, "%s RSSI %d -> Hash %04X -> WiFi:%d BLE:%d Tot:%d", typebuff, rssi, hashedmac, From 0798c6388a82529119e96ee7dafefe65686fb259 Mon Sep 17 00:00:00 2001 From: Charles Date: Wed, 4 Apr 2018 14:34:44 +0200 Subject: [PATCH 6/6] Added unit of RSSI debug line --- src/macsniff.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/macsniff.cpp b/src/macsniff.cpp index f40711c8..934f05fc 100644 --- a/src/macsniff.cpp +++ b/src/macsniff.cpp @@ -72,11 +72,11 @@ bool mac_add(uint8_t *paddr, int8_t rssi, bool sniff_type) { if (added) { // first time seen this WIFI or BLE MAC snprintf(counter, sizeof(counter), "%d", (uint16_t) macs.size()); // convert 16-bit MAC counter to decimal counter value u8x8.draw2x2String(0, 0, counter); // display number on unique macs total Wifi + BLE - ESP_LOGI(TAG, "%s RSSI %d -> Hash %04X -> WiFi:%d BLE:%d Tot:%d", + ESP_LOGI(TAG, "%s RSSI %ddBi -> Hash %04X -> WiFi:%d BLE:%d Tot:%d", typebuff, rssi, hashedmac, (int) wifis.size(), (int) bles.size(), (int) macs.size()); } else { // already seen WIFI or BLE MAC - ESP_LOGI(TAG, "%s RSSI %d -> Hash %04X -> already seen", typebuff, rssi, hashedmac); + ESP_LOGI(TAG, "%s RSSI %ddBi -> Hash %04X -> already seen", typebuff, rssi, hashedmac); } #ifdef VENDORFILTER