Raspberry pi wardrivers?

The gear needed for wardriving

30 posts • Page 2 of 2

Postby strasharo » Tue Feb 02, 2016 3:03 pm

Great one, morbz! Thanks for sharing it with us. :)

Postby cyphonix » Tue Feb 09, 2016 8:43 pm

While conceptually there may not be differences, in reality, there are.

The question becomes, how crazy do you want to get with the RasPi based WD rig?

Some observations:
- I was unable to get more than 4 cards (regardless of distributing them across powered hubs) to work on the Pi. My goal was to get
one rig running 4 2.4Ghz cards and 4 5.8GHz cards.
- By my numbers, 97% of 2.4Ghz APs are on channels 1,6 or 11. (based on my first 100,000 or so discovered APs), which means you could still capture nearly all of that data with 3 cards instead of 4.
- Power can be finicky. By that I mean, if under load, the Pi gets less than 4.75 or so, it may crash.
- The Pi Model 2 (quad core CPU) does yield better results than it's predecessors.. at least, I would get occasional "no GPS coordinates for AP nn:nn:nn:nn", but with a Pi 2, I never get any gps coordinate "drop outs". I attribute this to gpsd does not get timesliced out.
- External mag-mount antennas are your friend... Especially those mounted on the metal roof of a vehicle, even better if it's a TALL vehicle (truck or SUV)
- for 2.4GHz, I run 4 cards. One each locked on channels 1, 6 and 11, and a fourth card that scans all of the other channels. It generates roughly 6-10x more gpsxml data (reporting every AP heard at every coordinate)... and it VERY effective. In dense urban settings, I've seen on the order of 12,000 APs in an hour.

I had planned to build a 3 or 4-sided box, "cube" with high-gain plane antennas on each side, but the cost would be significantly more...

I also have a Pi that is a 4-card 5.8Ghz rig. Both are very effective.

If you're running from a battery, do some testing of what happens when the voltage begins to drop off. Two ways to overcome this issue are
1) get the "booster" from adafruit that delivers 5.2v with a varying input voltage (down to 3v I believe) or
2) get a DC-DC converter to step down the vehicles power (usually 13.8-14.5v) down to 5.2v., ideally, run a line to the battery, or to an unswitched circuit/fuse. This will prevent reboots/restarts when shutting off the vehicle.

Let us know what you learn and observe with your experiences!

Postby Andr0idian » Thu Jul 28, 2016 3:24 pm

Hey guys I could use a bit of help. I'm a n00b to Kismet and gpsd.

Attached is my current proto build, a neo 6m gps unit and a realtek 8187 wifi adapter (yes, I know I've got a yagi antenna on it, but I'd use it on the road to patch in to wifi at a distance. It's got a wider beam than my planar antenna. I have an omni buried in a box about 2000 miles from here).

I'm having two problems that I could use a bit of help with:

1. GPSD - I've got the service enabled to run at runtimes 2-5, but the service doesn't actually start unless I start it manually by calling cgps to get a status. Kismet won't get the gps coordinates unless I call cgps first to check the status, then Kismet knows where it is. At this point, I'm tempted to just call cgps -s at boot and kill it after a minute but that seems like a stupid workaround.

2. Kismet - I'm a complete n00b here, I've never used it. I can fire it up manually but have to point it to the adapter each time. And I have no idea what it's logging or where.

Ashamedly, my google fu is failing and I could use some pointers please? (It would be even better if someone had a working script that I could use lol)

Thanks guys!

KiK: ArendG
ICQ: 4008649

Edit: Shoot me. Should have read earlier. Going to give clickwir's script a shot :)
14697181919580.jpg (156.32 KiB) Viewed 25762 times

Postby strasharo » Thu Jul 28, 2016 4:39 pm

What distribution are you using on the Raspberry? I can help with the setup, I have a similar one already running.

Postby Andr0idian » Thu Jul 28, 2016 6:45 pm

What distribution are you using on the Raspberry? I can help with the setup, I have a similar one already running.
Raspian Jessie.

I just followed the instructable at http://www.teambsf.com/wireless/war-pi-2-0/ ... got it to reboot and it's semi-functional. I'm not sure of all the kismet output files yet, but it seems to be packet sniffing. I don't care about packet capture. I just want the ssid,mac,gps etc... Wigle stuff :)

So now I've got Kismet running. my pcapdump and gpsxml files are getting pretty big, about 1-2kbyte/sec when I'm stationary and only picking up 2 wifi. These will be unnecessarily large files if I upload them as they are. There's got to be a setting somewhere for trimming and gps proximity.

Postby strasharo » Fri Jul 29, 2016 7:15 am

You don't really need the pcapdump files, you can safely turn off their collection from the kismet configuration. Only stuff Wigle cares about from kismet is *.netxml *.nettxt and *.gpsxml files.

Postby Andr0idian » Sat Jul 30, 2016 2:07 pm

I haven't figured out where to shut off the pcapdump ... just change the filename formatting. :x

... I've contemplated taking my gps off of the pi and slapping it onto my old router running openwrt. No reason why I can't use it instead lol

Postby strasharo » Sat Jul 30, 2016 2:22 pm

Alter the logtypes variable in your kismet.conf . By default it should be something like:

Code: Select all

Remove alert and pcapdump from it, you don't need those.

Postby Andr0idian » Sun Jul 31, 2016 3:12 pm

Alter the logtypes variable in your kismet.conf . By default it should be something like:

Code: Select all

Remove alert and pcapdump from it, you don't need those.
Looked right over it several times. Don't I feel like a moron. Thanks strasharo!

Next to-do list:
Migrate to my new rpi 3...
Setup my old router with Kismet drone to feed back to the pi.
write script to zip and export the capture to my phone for upload.

Probably should find a way to shut it all down too... one thing at a time.

Postby strasharo » Mon Aug 01, 2016 10:00 am

Are you planning the setup to be stationary or mobile running off a powerbank? If you go for mobile one, please keep in mind that the power consumption of RPI 3 will be bigger:

That's why I'm currently in process of migrating my wardriving setup from a BeagleBone Black to Raspberry Zero.

Postby Andr0idian » Mon Aug 01, 2016 3:20 pm

In my car I'm slightly worried about power consumption if left unattended for a while, but when I'm rolling I'm not very concerned about consumption. I'm debating just wiring it into a switched line - probably a relay tied the remote on for my amp. Bad practice to just kill everything but it's fast and dirty.

In my truck I dgaf ... I've got a 3000w inverter and accidentally left it on with my fridge plugged in, in the middle of the summer. A week later I still had enough juice left in the batteries to fire it up... But barely.

I just got openwrt and kismet drone up and running on my old router (DIR 835, with Atheros AR9340 + AR9380 wifi cards) and it'll tie to the gpsd and kismet-server on the pi.

Got the pi scripted to zip, upload and archive the observations. Just need to setup a cron job to do it automatically every 24-48 hours or so. Otherwise it'll do it whenever it gets a bluetooth connection, or picks up my wifi at home. ... work in progress. Got the important parts done, the rest is just gravy.

Pi over my phone gives me +75% observed networks for the same run and thats just with an old 2.4ghz adapter.

.... I wonder if I should sniff bluetooth networks too. I'll see car radios and headsets everywhere lol

Postby Andr0idian » Sat Aug 06, 2016 9:41 pm

Rpi3 with a Neo6m gps running Raspian and Kismet watching it's little wifi N chip and a Realtek 8187 (BG adapter) on USB.
Dlink 835 router (2x Atheros cards) Openwrt and Kismet Drone (2010 release... anything else didn't work - hardware or software compatability issues)

Took it for a test run, places I've been to LOTS wiggling with my phone. 1300+ new wifi.

Got a script I've plunked into cron so every hour it'll restart kismet, zip and upload my observations. (Or queue and retry later if there's no network available).

Ordered a small screen coming from ebay http://r.ebay.com/yCsagd - I have the same case. Will be interesting to watch Kismon on it :)

It's ghetto with tape and whatnot for now. Got some work to do.
14705121412670.jpg (175.89 KiB) Viewed 25437 times
smallscreen.JPG (122.79 KiB) Viewed 25437 times

Postby Andr0idian » Mon Aug 29, 2016 1:47 am

Question to @strasharo or possibly @bobzilla
I'm watching my upload list and I had a question about the wigle engine and kismet...

I'm uploading 3 file types, gpsxml, nettxt and netxml, I understand there's a lot of duplication between them. I get credit for the gpsxml file because that has the ssid's, mac and gps info - but what good does it do to upload the nettxt and netxml files on your end?
example.png (10.32 KiB) Viewed 25358 times

Postby strasharo » Tue Oct 04, 2016 11:56 am

Just open the files and check what's the data in them. They're all plain text.

Postby RyanHLouw » Thu Oct 20, 2016 11:40 am

I think you can skip the uploading of the nettxt, and the netxml contains a lot more info about the network, like the SSID which is not in the gpsxml file.

30 posts • Page 2 of 2

Return to “Net Hugging Hardware and Software”

Who is online

Users browsing this forum: No registered users and 4 guests