Joshua Rykowski - Who, When, Where - A Cheap Hardware Solution to Develop Pattern of Life

all right so thank you for the introduction i do appreciate it and uh and looking across the room here i i do acknowledge the fact that uh i believe i'm a speed bump on your way out of here possibly um on the last speaker you know it's it's uh whenever they put you on the last slot you're like wow they maybe they they put me there to anchor the conference or they're like hey we really don't want to hear this guy talk so let's just throw him at the other day maybe he'll get you know a few people in there anyways i do appreciate the opportunity to speak to everyone i do appreciate everyone's time

um here in the room because i do know you had uh you had decisions to make across the talk so i do appreciate the time you're going to devote to me here so i'm spending the next 45 minutes to kind of talk about my my research here and the stock is called who win wear and a cheap hardware solution to develop pattern of life additionally i'm going to talk a little bit about the uh the lessons learned while conducting this research because again i started off with a great idea and as i kind of unfold this in front of you we might laugh we might cry or you may laugh i may cry but we'll see we'll get

there right there are a lot of lessons i learned here um and route to this before i kick off i just want to mention kind of my process here was typically i kind of build a whole idea and then i i get to the point where i want to present it in a talk conference um this one is a little backwards um i took a friend of mine's approach to uh challenge development and he picks a name first and then he writes a challenge around that name and so that's when i kind of went here thinking this is a great idea there's got to be this has got to be a new avenue for people to approach with hardware

i learned a lesson here and so i'll kind of share that with you as we go so this is the agenda this is kind of my talking points here that i'm going to cover i'm going to tell you a little bit about me and that's not really the grandiose piece that's just so i can kind of let you know like where i come from and why i'm approaching what i'm doing here um i'm going to talk a little bit about the why right um essentially you know i identified a problem and um i wanted to kind of solve this problem then i'm going to dip into the design process that i use to kind of get

after this and kind of dissect the the problem some of the unique technologies um that are that are both old and new in this particular talk i'm going to talk my development process show you a demo then we're going to talk lesson learns and then kind of future work close it out with like hey i know i stumbled a little bit in my research i know i stumbled a little bit into the application of these ideas however i do see some avenues where i can go ahead and take this to the next level before i jump into my the meat of my slides here i do want to say i like to keep it marginally interactive so don't think um

so if you have a question please raise your hand while i'm in the middle of the talk i would rather address the question in the context of the information i've already presented that way we can all learn as we go so don't don't think you need to wait until the end of the com name my talk to go and ask a question i don't mind being interrupted yes

okay perfect we got an alpha an alpha card for wi-fi sniffing and a practical iot hacking on theme for the talk i appreciate it fantastic all right so a little bit about myself josh rakowski um reicho212 on on the twitters there um first and foremost i'm a husband and father of four um i am a cyber officer in the army as you kind of seen this theme here you heard albert alberto earlier he was a prior officer i do a lot of programming in my spare time focus a lot on on python i am one of the executive directors and founders of the runcode.ninja programming challenge nonprofit we are going to be running a competition here in november

um if you're interested check it out on runcode.ninja and then um with my copious amounts of spare time i do like to uh spend some time reviving old technology right so i revive 1980 technology and also collect 80s and 90s video games for those of you that's like the atari collegial vision and television going way back the stuff you kind of see in museums nowadays and then all the way there at the bottom in the fine print just know that kind of the views and everything i'm talking about here do not represent the views of my employer i just kind of got to throw that out there no official policy this is all research conducted in my spare time

so just kind of keep that in mind as we move through here all right the why so before um i start to do the research before i start do the the development what i need to do is kind of a little bit of a gap analysis right and so that gap analysis is really taking a look at what i can do or sorry what i want to do and then compare that to what i actually can do right and that intersection hopefully in a perfect world that's a venn diagram right you have a little intersection in the middle there you're like ah this is what i want to do this is what i can do i'm going to live right

there in the middle and focus my research there sometimes it doesn't work that way sometimes it does but that's kind of where i start um when i start when i when i do my research so in this particular instance what i wanted was i wanted to prove individuals were on the network and then i thought well how can i actually do that well i can sit out you know i can sit in the parking lot in my car or the camera and take pictures and that's only just a tad creepy but i'm like well wait a second i do like to do a little tinkering i do like to build small devices you know i do

some wi-fi research on my own i'm like wait a second wait maybe i can prove people are in the network by just seeing i'm seeing people's mobile devices their phones you know passed by the entrance to a building so i'm like perfect that's what i want to do i want to prove they're on the network by taking a look at the data that's leaked out of your phone as it sits there and looks for wireless networks and so there that was kind of the crux of my idea here build a pattern of life sensor for transient devices at a static location so again transient devices being mobile phones in a static location being that entrance to the building now

again there's some assumptions being made there right those assumptions are the everyone who walks through that door is eventually going to get on the network again those are assumptions i can go ahead and kind of stock away for maybe another iteration of this problem but initially i just wanted to prove that people were walking through that front door with the assumption that they'll eventually get on the network in that building so from the y i transitioned to the design process itself so initially i wanted a small device that i could go ahead and just toss somewhere right so don't nothing clunky something small enough to where i can toss in some bushes i can set under a doormat i can

sit around somewhere so it it doesn't stick out it's hard to see but in doing so there's a chance that someone may see it so i also want it to be cheap i want to be able to have it be disposable and so if someone sees that and says oh cool here's something with an antenna i'm going to take it home and see what's going on with it i'm out 20 which may or may not be a big budget but if you're looking at pen testing or any sort of thing like that it's really you know that's not that much in terms of the the price you pay for tools and some of the the pre-made stuff out there

in addition to that i wanted to be able to move the data that i'm finding right so just having that device at the front door the building does me no good because then i have to sit there maybe they'll see that usb cable run over to the bush with my laptop as i'm waiting for the data to come in right that doesn't look odd so i need to be able to move that data wirelessly to somewhere else so i need some long distance communication vectors to go ahead and continue to solve this problem additionally it needs to have low power consumption because again i want it to be small and conspicuous you know if i throw it out

there at the 12 volt car car battery again may cause some questions raised some issues so i want to have low power consumption so i can put it on the least amount of battery power possible and again back to that just kind of toss it into the bush toss it in the corner and it doesn't raise any issues and then finally once i've got the data once i've backhauled the data somewhere else i want to be able to centralize that data and then process it and do some aggregation against it do that analysis to go ahead and look at it because again we're looking at a lot of potential information coming back so i want to

bring it all to one one area so i can look at it or i can share to share it with others to look at it as well so that was kind of the initial design process that i applied against this as i started to to kind of work the problem then it caused me to build this neat little diagram right here okay let me go ahead and just draw it out and so i can visualize it right so i kind of broke it out into three different sections i wanted to sense the data i wanted to move the data and then i wanted to present the data and so once i did that i was then able to think okay

now i've got some smaller chunks to my problem to solve i can solve the sensing piece i can solve the move piece and i can solve the presentation piece with uh with different technologies and different approaches and you see there on the bottom the sensing piece identified i can go ahead and use an esp32 microcontroller for those particular sensors and if you don't know what that is i'll talk a little bit about here in a second so you can also kind of we all kind of level set our understanding of that for the move piece i identified that i want to do long haul potentially low bandwidth low power consumption communications so identified loracom's or laura communications lorowan right

long-range long-range um communications there and then finally the presentation piece so again like i said i mentioned my intro i'm a python programmer you know by trade and also you know deep in my heart so every problem in my eyes can always be solved with python so again i can build a flask website to go ahead and and receive that data and then aggregate the data and present it back out moving on to the technology piece so now that we've talked the the the design piece i'm going to talk about the different technologies involved and then kind of give you a little idea to kind of like i said level set our understanding of what we're looking at

here so initially there were three technologies that i was looking at to you i was looking to use two that were new to me and one was kind of old to me the first one is the esp32 development board right so a microcontroller board the second was the lower the lower communications and then finally the old one because i've done some work with with alpha cards i've done some work with with wireless sniffing the wi-fi piece to it so the esp32 development board relatively cheap it's uh it's an iot focused development board it's dual core most most um applications you've run on it only use a single core it's got four megs of memory sorry four makes a flash memory it lists

it has wi-fi 802 to 802.11 bgn hd40 it also has dual mode bluetooth and then down there at the bottom almost at the bottom the power regulator is built in so that that's that was a key piece that i was looking for so that allows me to use pretty much any type of battery i want if you've ever worked with any small device before you know that they are very susceptible and very very uh it's very susceptible to changes in power cons or to power that you're inputting into it however with this one with the power regulator built in i could put a series of double a batteries on there it'd be fine i could throw a nine volt on there it'd

be fine so again i'm not i'm not restricted to to providing it the exact voltage that it needs i can give it more and have it still run and then of course as with all things i like to do when i start off i ended up buying the cadillac of boards right so i got a there's an oled display on it and then it had the lower rand lorawan radio so when i first built out the sensor this is this is about the size so again it doesn't show up in there that little green box right there is the size of the uh the esp32 development board so relatively small the second technology so again that was

the sense piece this is the move piece so lorawan is a long-range wide area network and it can push data approximately two to eight kilometers right out of these little tiny radios now again i say that with the uh you know a little bit of a caveat there it's still a radio and it still has limitations right so terrain based so point to point it can probably make that you're trying to send data through walls through buildings in an urban environment your signal deck is going to degrade um a lot so just keep that in mind but it can go approximately two to eight two to eight kilometers however that long distance you pay a price it is

low bandwidth so depending on your settings and depending on the factors you apply when you first set up your your lora communications um you either you can get as low as 300 bits per second all the way up to 37.5 kilobits per second which is really not not that much however again depending on what you're trying to do with it in my case i'm just looking at packets and pushing a little bit of data so to me that wasn't that big of a big of a deal the lora technology is also interference resistant so it uses what's called a chirp spread spectrum which is really kind of a unique way for it to to work against the interference so every

time it pushes out a little bit of data it sends it out in little chirps they call it and those trips maintain the amplitude but then change the frequency so the frequency will start off wider and then get closer as it gets gets to the end of the chirp and finally laura is also low power so as it's pushing that long range in the low bandwidth it's not utilizing that much power to push it over that long range so again it allows you to maintain the battery life in addition the lower radials can also put the device into a deep sleep so if it's not pushing any sort of information it can then sip it stand back and just

go to a very very low power consumption mode and maintain itself now moving on into kind of the problem decomposition piece so the first part was the build so when i say problem decomposition what i'm looking at is let me take a look at this very this difficult problem and try to decompose it into solvable chunks now this was a lesson learned this was a kind of a hard lesson for me here because again as with some things i do and maybe some of you out here do the same thing you know i approach a problem with a little bit of hubris i'm like i've done this before i've tinkered before this is easy let me just go ahead

and just slam all the code together hit compile and then try to load up the board while i put all the code together i hit compile and it failed failed with a lot of errors and so i was like wait a second i've got lora communications i've got wi-fi sniffing i've got you know http post requests going on where is it failing i don't know so i took a step back instead of flipping my desk take a step back i'm like wait a second let me get a little smart about this and build a better approach so i did some problem decomposition you know sat down with some markers and and some some white you know some paper and just drew

out the problem and said okay what can i solve first and then i'm like let me just do the wi-fi sniffing code first let me just build that simple or pull that from somewhere else because again there's some repos out there where you can go and find these as solid problems and so i built that out i was just printing that out to the serial out on the board so that way i can test and say okay am i actually seeing networks around my house perfect then i shelved that and i said okay let me just get the door radios talking to each other or at least talking one way you know send a receiver

perfect so i went ahead and found some example code for that and then i just had to increment a simple counter packet sent packet received boom and again nothing else nothing more than that and then work that until it was done took that out shelved it and i'm like okay let's figure out how to connect the esp32 to wi-fi same thing i had to connect to my access point figured up perfect very little small sip of the code shelved it and then finally the http json post request so again decompose the problem into several steps and then once i was done with that then we layered them right so then i had i'm going to do the

sniffing code loracoms works together perfect sniffing code loracom's pushing the mac address that i was seeing okay still good and then laura comes pushing the mac address receiving it and then put you know building an http request and like i said it was a kind of an incremental process so that way if something went wrong i knew it was an issue with the code i had i had added since i last updated so i was good like i said didn't have to flip a desk during that process however it did take a little extra time and so just know that when you try to do when you do any starting problem decomposition you do eventually or you do extend the time you

you uh you work to solve the problem however it pays dividends on the next piece in the build out writing the code i found out hey this is a little different process i'm using arduino sketch has anyone here used uh are doing the sketch before i got a few folks out there perfect so again you you open a new file you're like oh it's blank but you got some some curly braces in there some mustache brackets and you're like how do i start well if you take again take a step back and think i cannot be the only person who thought who has thought of this problem before so i hit up the google search for esp32 wi-fi sniffer boom get

up coughed up a repo for me perfect and then i'm like okay how do i figure out the lower code again the board i bought the helltech company actually had libraries built in with their once you updated your arduino sketches and then example libraries so you can just go ahead boom pull them down and pre-popu populate them into your sketch environment the other piece that i learned too and again for those of you who are are radio gurus or smees or whatever i apologize up front i am not all i know is that the antenna has a direct impact to the transmission distance fair enough right however i don't know if my antennas are are tuned to the 9 15

megahertz frequency i don't know any of that so that was more of a that was on me that's something that i have to to work to kind of get better at but again part of that build process was identifying that was a gap it worked good enough for me however moving forward i'll go ahead and try to work that a little better so that was the build process now going into the collect piece right how do i go and find those those packets to go ahead and sniff and pull out the appropriate information that i want so i fell on probe requests what are some other does anyone have any other ideas of what i could have been

looking for at this point do you even know the other other data types for the management frames no one what's that clear to saying clearly there's a couple of beacons right so there's also beacon packets if you heard that before so so again this was kind of a decision that i had to make do i look for probes or do i look for beacons so again this kicked off a little mini thread of research for me to go in there and look and you know found some some difference there and i'm like okay so beacon just just for the for the crowd here the beacon request is your device i'm sorry is the actual access point

saying i'm here i'm ready to accept connections this is my ssid here are my settings but think about my initial charter my initial kind of problem though i'm not looking for that i'm looking for transient devices devices that are moving so i'm assuming you it's a phone or some other communications device that they have on their body i'm not going to see any beacons from that so then i kept looking kept researching and i found probe requests so the probe request is your phone or your device saying hey i'm looking for an open access point right and there's a couple of different types of pro requests and a couple of different ways for them to do it but

essentially you can say i'm looking for this device or sorry this particular ssid is it out there or it can say i'm looking for any ssid and out and let me know what's out there so that's what i fell on i like i started to focus in on probe requests and i started scanning for pro requests across all the channels right so again on wi-fi you got multiple channels based on uh you know the country and then as i broke it down i looked at hey i want to go ahead and pull that source mac because again i'll talk a little bit more on the next slide of the frame the breakout of that frame header

and i just want the source mac because i don't need any other information i just want to identify uniquely identify that device so i can prove that that device has passed by my sensor and then once i identify that i want to go ahead and package it up and send the probe source mac and the sensor id to the gateway so again the idea was for me to have multiple sensors potentially to set across different entrances of the building so i want to uniquely identify that particular sensor as well so i wanted to send that sensor id with it so here is the kind of the probe request breakout so anytime you have these management frames that come across

wi-fi it has this particular format frame control duration id address one two three sequence control address four and then some other stuff qos um so on and so forth for this particular for a probe request it is a management frame of type four and what that means is adder one is the destination address where it's sending it to adder two is the source address the the mac address of what's sending it adder three is the vss id that it's looking for so again remember i told you there are kind of two different types of probe requests one it's look it's saying hey i've seen this at this uh this network before i want to connect to

it if i see it or it's going to leave that blank and if it leaves it blank it essentially slips it's a response from the bs from the the access point to say here's my my bssid and then adder 4 is not used in this particular pro request however it's there for the other different types of wi-fi frames so you'll see that used in other places moving on to the next piece right so once i've found the information i want i wanted to go and move it to my destination so for this what i did is i established a point-to-point lora connection between two lora radios and essentially it was my sp-32 lora sensor to an esp32 lower receiver or the

gateway i called it and in my testing i was about to i was able to get about 200 meters of distance before it would fall off now just keep in mind like i said i am not a radio smee and i'm pretty sure that's i had some some antennas were bad and of course i was probably you know fighting terrain so on and so forth about 200 meters which is fine because if you think about the scenario i built throw the sensor at the front of the building go sit out maybe sit on the parking lot with my gateway and a laptop or gateway in my phone and then i'm receiving those lower packets and then

pushing them up to uh where i need to aggregate them so then establish the lower gateway and i pass the data from the lower interface to then the wi-fi interface on that particular device so again um hold these up a little bit so this is my sensor that i can drop and same thing this is my sensor that then just receives it and connects to wi-fi and pushes the data up into the into my uh my particular website then finally the presentation piece so again built a flask website um receive that data in a json format process it the biggest thing in this particular piece is i'm going to check to see if that id is

allowed so again if someone's able to figure out the system sitting out there they may not have that particular sensor id so again it'll just be the website will receive it will throw it out uh check store the data in the database and when it does that it's going to conduct an oui look up so essentially look for that kind of company information of the mac address and provide and add that information to kind of the the database entry and then finally present the data in a in a simple table format on the website all right so today i've been carrying around my device and just kind of looking for those frames and so here is my site

as it sits and so these are all of the probe requests that i've picked up so far so someone's definitely spamming the airways you see the top one there i'm pretty sure that dead beef dead is not a legit mac address so someone's out there spamming it which is great that's fine but you see what i've done here so you see the the mac address i put the the time that it's last seen now again that was kind of a guesstimate on my part um because it's the time it hits the gateway in assorted database and then the count the number of probes it's seen the actual lat long so again that's set statically on the website

itself the sensor id and then it doesn't like i said it does an oui look up and so look all the way over there right a lot of cisco makes sense right you look up above you i'm pretty sure we've got some cisco access points hanging around somewhere a lot of cisco in this building so it makes sense that we have cisco however that's not what i'm looking for i'm looking for those phones that are out there potentially right so still more cisco still more cisco some motorola so there's a neat one but again let's go all the way down to the bottom so once we come out of this demo we'll start talking some lessons learned

and here's here's a it was a hard lesson for me to learn here right so i have one 11 180 unique entries in my database i'm fairly certain that there have not been 11 000 devices that have flowed through here since this morning fairly certain so again why could that be why am i seeing 11 000 unique ouis what's that possibly that's a good one so so the answer was multiple radios but let's think about it they sold 500 tickets here even with multiple radios i would expect to see maybe maybe a couple thousand answers reconnection of the same device but think about it if it's connecting the mac address should stay the same right

that source mag what's that so it's so possibly but but again though that mackel should still say should still stay static in the back there

boom thank you all the way the back i got a i got a book up here for you so if you didn't hear the answer the answer was me not dropping my microphone

thanks all right so if you didn't hear the answer the answer was in recent os updates to windows to mac os to android to ios they have all implemented a feature called randomized mac addresses for specifically for probe requests and they've done that and here's the kicker they've done that to combat exactly what to do here to a t so i think my gears but yeah so randomized mac addresses so if you go through this list you will find and i've got a data set from my house that the oui will change but the actual unique identifier for that device will stay the same sometimes so again a lot of a lot of analysis there so

but what that does is it kind of took the wind out of my sails if you will i'm like i had this fantastic idea i'm crushing it i'm tinkering i'm making things and i'm like what are these things that i'm seeing that i should not be seeing and that's what i came up on my buddy was like hey you know because again i have a slack channel with some friends and they're like hey take a look at this boom throws me a link and i'm like yep that's my problem now so it was a lo it was a lesson to learn so let me go back here get the presentation all right and continue on so lessons learned

measured in oof levels right oof cubed or that or the oof is the mac randomization for pro request was built to combat exactly what i'm trying to do here right so keep that in mind mac randomization just for pro requests now again every os implements it differently and you might have seen that if you went back and look at my data set there are some that are that had no oui that was identified but it had a bunch of packets and then all the way down to the bottom of the list i had several thousand that are just a single packet at a time so again but again that that kind of boils back to

the number or the way the os implements that mac randomization so another oof cubed was please share and discuss your code i understand wholeheartedly that that is easier said than done no one no one more than i understands that when i create when i write code it's a very personal thing i don't want to share that with anybody why because it's an iterative process right i've learned early on through many hard lessons that i don't delete any code until i'm finally ready and even then it's an emotional event i comment it out or i put it in another file i stock it away for later because you know what there's a good chance i've messed up

somewhere i know i have i i don't write code well however the only way to get better at writing code is to share it with someone else do that left seat right seat ride do that over the shoulder programming the the pair program whatever you want to call it do that because again if you don't you will run into confirmation bias you will run into the to the fact that hey i wrote this code there's no way it is bad two lessons i learned here or two specific examples as i was going through i was writing my website in flask i had version control going sweet writing my urgent arduino sketches i did not because you have to have all

your files in one location it was a whole thing it seemed like a bridge too far i hit the easy button i'll just have it on my my desktop perfect then i went and i was making some changes this was when i was doing my arduino to sorry my lord of laura communications and so i had to set the actual um frequency it was talking on then i had to set the bandwidth the frequency was like 915 e6 the bandwidth is 250 e3 now if you write code in an editor it's typically courier type kerning right so standard kerning everything lines up on one i'm going i'm going or going sweet save compile upload it works

same on the other one save compile upload it works however none of the counters were incrementing like wait a second it was just working yesterday what is going on so then i'm start i start stripping out code right at that point i'm just mad right i violate my own principle and i'm just deleting code adding code deleting code adding more code deleting more code and what i found that i had done and i would have found this faster it took me about a day and a half to figure this out i found out what i'd done is i set my frequency to 915 i think e6 and my bandwidth to 250 e6 on one and then 915 e3

or e6 and the 250 e3 so the bandwidth wasn't matching up so one was talking the right way the other one was not listening the right way now again as that code lines up everything looked perfect right it's very hard when staring at two different editors to see the six and a three and so again i'm i'm ripping code out i'm destroying it and finally when i when i came back the next day i sat down it was right there right now if i would have asked someone else to look at it for me at that moment they probably there's a good chance they probably would have found that you know it probably gave me a hard time

about it too but hey that's the life we live so please that's one example of sharing your code to get some help the second example that i ran into so i mentioned in my design process that i was doing an oui look up right on my flask website fairly simple i had a large json file that i'd load up one time and then just do lookups on the fly and then as my sensor was sitting there talking and looking website was getting slower and slower to load and then all of a sudden i can you know went to bed one night woke up the next morning and i hit refresh three seconds i counted it three of

mississippi's from a website to load i'm like man am i that bad at website design and i'm like well josh yes you are because you don't do web you do flask and so then i'm like am i that bad at python i'm like man it can't be that i can't be that i kept looking and it kept going i'm like there is something i am doing really wrong here could not find it so again called in my buddy's act i said hey hey please take a look at this it's loading it's taking forever to load it took him 30 seconds he looked at my code he's like yeah good job there buddy how about this

little look up right here i'm like the look up's fine i mean i'm just doing an oui look up he's like correct that was fine when you had 10 packets you have 100 000 packets now and you're doing a json lookup every refresh of your website for every single packet i'm like oh yeah that's a that's a that's an oof cubed right there he nailed it so again what that having to do is go back and refactor add a new column in my database so i did one lookup the minute i saw the packet stored it with the oui problem solved so again hard lesson learned for it for that so here's an oof squared though

take time to develop your design first right i know we talk about it i know if you've had any sort of design class or any sort of uh you know programming class or anything like that they've told you hey sit down and just maybe whiteboard your idea sit down with a piece of paper it doesn't have to be fancy and just do that however if you're like me you're like you know what design i'm going to jump in head first i've written code before i've set up a website this is too easy so you dive in head first sometimes you don't realize that's a shallow end and that's what i that's what i did here i mentioned it

earlier in the talk right i jumped in i'm like i'm going to throw all my code on my editor at the same time because it all works separately so why not why should it work together boom ran into the huge issues right not even know where to start because again it started throwing errors and again compiled code is always funny because it'll find that first error and you don't know what follows you've got to fix that one and then it's an integrative process so again just just take time to develop your design first the other oof square that i have is use version control right i already mentioned about my arduino sketches ran into that the hard way it

was it was rough going it was a it was a hard day in in the josh household that that time um because when i was done ripping out code and replacing code and then i switched that six into three i then realized i had a i had a follow-on problem i was i don't know how many deletions away from my original product that worked right we've all been there and if i would have been using version control it should have been you know a revert it should have been just a quick look up in my git repo of the submits or the commits i had and just to switch back to a known good version so again

use version control if possible the final lesson learned is just a simple oof right but do not be intimidated by hardware i know it's a lot easier for me to stand up here and say that because i've tinkered with a lot um however it's a very mature space at this point if it was maybe 15 or 20 years ago and you're looking at an arduino and you have to write you know embedded c code just to get that thing to work it's a rough go however there's a lot of examples out there you know to start from with that are mature libraries mature examples good places for you to start and like i said i've got a couple

in mind um that i've used to start from and then you go ahead and take that and you deviate from that path and keep going and again so don't be intimidated by hardware it's not that hard and again you can learn as you go right the biggest thing is just jumping in and figuring out what you need to learn by using those libraries all right so now like i said i failed but but again there's success and failure always right so again when i failed i've i now know that i so at the end of the day i know that this does not work and i validate it that doesn't work right so i consider that a success

however i still want to continue on down this path so i think for my future work this is where i'm going so instead of focusing on pro requests i'm going to go and shift to see if i can do bluetooth sniffing i should be able to kind of transition that like just rip out that wi-fi sniffing code and replace it with bluetooth sniffing so again i you know make an assumption that it's going to be easy but we'll see but that's what i'm going to move towards for at least the sniffing part and identifying the unique devices i also want to refactor my code so i i wholeheartedly acknowledge that my code is not the best code at this point you

know there's no comments it's hard to read you know a lot of the code has been commented out and there's different versions of the functions and whatnot in there so i need to go ahead and fix that also i mean you saw my website very simple just a table organized by a number of packets of scene so i want to apply some analytics to that right it's a flask website should be easy to build some additional routes and do some analysis there so that's where i'm going to go for that for that piece you also notice that i only capture the date of the last packet scene so i want to go and add some timeout

logic right so if it sees it one time it doesn't see it again maybe it throws a flag on the website i don't know because again at the end of the day if you look at what i've i've completed i can only prove that someone has gone into the building i can never prove when they've left or if they're still in the building so i want to build out some uh some some logic there to kind of identify that or at least clue folks into like hey i haven't seen this particular packet you know in x amount of time there's a good chance they've left the building and then finally i want to refactor my design on a

smaller board so right now like i said i've got the cadillac of esp32 it's got the oled display it's got you know the it's got everything on it um however i don't need that display it was nice for troubleshooting but now that i've gotten to the point where it seems to work i can go ahead and find a smaller board it doesn't have the oled display um i don't need gpio pins so i don't need that general purpose i o pins on there so again working myself to get down to a smaller board however the whole purpose of that is to get down to lower power consumption right i want that sensor to run on the least amount

of battery power possible however so with the hell tech just to give you a little bit of an idea though that device has been running on three double a batteries since six o'clock this morning and it's still going so it's got already got pretty low battery consumption i haven't tested it fully yet but i want to continue to push the envelope on that because maybe it becomes a multi-day affair maybe i throw it and i leave it for a weekend or for a week and i want to come back to it so again that's kind of i want to i want to refactor the design to get to a lower power consumption on on the board itself

so at this point i've released both of my gitla get lab repos out there in the wild that is my commitment to everyone here because again share your code it's i i'm seeing it right now you can go look at it um if you want to poke fun at me please i'm on twitter you please tell me how bad my code is but i've got two two repos there one is the webs the flask website with with directions on how to stand it up um and how to get it going the other ones is the actual lower code for the uh the esp32 boards both the sender and the receiver um kind of in both of those

repos again my name is josh rorkowski reicho2 and two on twitter um email there at the bottom uh ryko212 runcode.ninja feel free to hit me up let me know what you need what any questions you have but i just want to open up the floor to any questions about the research or anything i presented here today yes

okay

okay so just to recap so everyone if you didn't hear the question he's asking me if i was if i chose the esp32 board specifically for the lower communications on it or could i have gone another route with the esp8266s that and then use it in kind of a mesh network to get the same functionality so i started off with the idea of doing long-haul communications that was at two kilometers eight kilometers piece right i wanted to be able to possibly you know be very physically separated from the devices that's where i started um however you know again at the end of the day when you start applying that that middle piece that of that design slide

that i had up you can put anything in there right i could have left it wi-fi and then been within 100 meters and then just push it over wi-fi to the device so a lot of different solutions there i just was trying to get that longer term never got there probably because my antenna tuning and whatnot um but that's how i ended up with the 32 though that was a great question thank you any other questions oh yes any other questions i've got a brand new alpha card up here yes wow that is a fantastic question i appreciate that and sure boom what's going on man all right any other questions like i said about this anything i've talked

about oh yes

wow great question okay so the question was before right before i dive into this one the question was hey i he knows i love python and he knows i lean on that for flask but then he he threw me a curveball and said hey did you think about writing everything in c um the answer is no and let me tell you why right so again having programmed as long as i have in python i've been doing this since 2009 i'm writing python code making that switch back to the arduino sketch and c plus plus format was a very emotional event for me right because i'm thinking okay you know i'm going to do i'm going to do some

quick lookups on the mac address i just want to do the membership operator right in python that's easy i want to see if the letter a is in a string is a in stringvar anyone know how to do that in c because i don't right it's it's it's literally i'm going to iterate over all the characters wait i'm going to take the string bar push it into a buffer iterate over that buffer and when i find it i'm going to stop and say true if not it's going to get to the end the no the null terminator and say false and that just took my one line of python to well by the time i'm done with it

right multiple versions it's going to be down here fantastic question yes if i'm if i'm looking for what's that yes

correct exactly right but you know at this point um and i try to tell folks the same thing oftentimes and i'm guilty of it as well if all you have is a hammer all you see are nails i'm comfortable with python that's why i've gone in there and i've seen people do a lot of things but you're exactly right if i were to sit back you know write that and see i would definitely see a lot of optimizations and a lot of efficiencies once i got over the hump of hating my life for four months yes great question though thank you any other questions yes

so the question was um some folks he's seen some folks use micropython and regular python and he asked me if i've looked in a micropython i so is micropython the um python that they use on embedded devices okay yeah so so that is a possibility um so i have i haven't looked at it before i mean i know it exists i know it's out there i'd have to go look because i'm making some assumptions here but because of the the the amount of um memory you have on those embedded devices it cannot load all of your battery's included modules of python in there so it might not bring everything with it um that is definitely a path that i can

look at to see if micropython would carry a lighter uh lighter load and then allow me to write python code on my esp32 um that's actually a good a good point only bringing okay

yeah no and that makes sense right and just to just so everyone can hear and recap what he said um so what it sounds like is when you write your python code for this embedded device it compiles it down to the embedded device pulling the modules it needs only for that code to run in there so it makes a small footprint okay yeah definitely that's definitely a good path forward i'd have to take a look at that and make some of some things easier but yeah thank you for that that's adafruits library all the way in the back nick

in terms of okay so the question was did i did i write any of my own custom modules or did i use existing code um for all of this it was existing code right just manipulated in certain ways understood what it was doing um commented out some stuff i didn't need so so for instance the wi-fi sniffer code that i found um it was actually pulling and printing all three of those those adders so if i go back here to the format it was printing address editor one two and three so again i didn't want the destination address i didn't want the bss id it was looking for so i just wanted that actual source

address so i commented out address one and three in fact if you go look at my code it's literally listed as adder two in there and i've commented out the other two so i didn't actually um work i just worked with the code that i had so you kind of hit that easy button there to to get to the solution to this problem though it's a good question thank you anyone else that's it no more questions all right so i'll just close it out with thinking i thank you for your time i do appreciate it you know see some friendly faces out there i do appreciate it see some new faces out there so thank you

for spending some time with these this afternoon um you've got my contact information so if you have any questions and you don't want to raise your hand here or if you have that epiphany you know you know tomorrow morning at two in the morning you wake up you're like oh i want to ask this question again hit me up on twitter hit me up on that email i got on my on my page here um and i will definitely get an answer back to you may not be right away got a lot of stuff going on but i i i will get something back to you if you do have any questions other than that i do

appreciate your time thank you