While I’ve followed post DEF CON news for years, DEF CON 25 was my first DEF CON. The first I actually attended. It was a breakthrough moment for me, as it is for many of the techno-nerd kind who intend to “see what it’s all about” and find themselves hooked, waiting all year for the next glorious iteration. It’s part the weirdness of it all, part the reunion, part the challenges, part the parties, and part some things you just can’t explain.
I’m gifted in that my wife, a Navy Veteran who served as a crypto-maintenance technician and now holds a Computer Science Degree in Web Development, humored the idea of coming with me to DC25. She was just as enthusiastic as I was afterwards, and we immediately started brainstorming how we could DO something that would be part of DEF CON, that we could bring to DEF CON, and would let us do more than just wander around the conference. What we ended up deciding on was inspired by a project I’d done and presented at the Wenatchee Mini Maker Faire some years ago, a project called WiFiCreep (I meant to do a blog entry on it years ago, but never did. Maybe I’ll get around to it eventually).
We never did come up with a real name for this project, but we ended up just referring to it as “The Wifi Project” or, “The Wifi Jean Vest Thingy”. The project was inspired by our skills post DC25, and solidified into the “Jean Vest” wearable after the announcement of the DC26 theme, “1983”. We’d planned a wearable with Matrix LEDs at first, but the seven segment panels fit the theme and turned out to be much easier to program. My wife (who goes by the moniker “Sunfire”) would end up wearing the project around DEF CON.
So what IS it?
A question often asked over the course of the conference. At its core, simply, it’s a counter. The seven segment ticker represents a total number of unique MAC addresses recorded during the course of wearing it out and about during conference hours.
The core of the project is a Raspberry Pi running Raspian. A small no-brand wireless adaptor with an Artheros chipset serves as our monitor interface. The Seven Segment display is a Wingoneer module running on a MAX7219 chipset.
The whole thing is powered by an 8,000mAh battery pack typically used to charge cell phones. We had several batteries, some of which where much larger volume.
The software, which I’m not going to share because it’s true hacker fashion slapped-together-quick-and-dirty-gross-don’t-let-your-mentors-see-or-they-will-scold-you code, was heavily inspired by the same code that WiFiCreep was inspired by: wireless packet sniffing found in the book Violent Python (TJ O’Connor). This code introduced me to the scapy library, which we use here to simply examine PROBE requests, but unlike in Violent Python we don’t care about what the network being probed for is, we’re interested in the MAC of the device making the request. This ensures that we get a client device not connected to wifi; no APs, nothing already connected.
Each time the monitor mode interface detects a probe request, the MAC is cross checked against a sqlite database on the PI. If the MAC is not in the database, it’s added to the database. That’s it. No other data is recorded. Not time, not number of times seen, not where, not what they were looking for, just the device MAC. The code then converts the digit value of the length of the database into an 8 digit number with leading 0s as spacers, then displays the number (thanks to the library we found for the seven segment display) on said display, which is connected to the pi via the GPIO pin outs. The whole thing runs automatically on boot, with a start function to test the display, running a counter from 0-9001, because, well, it’s over 9000 ;-).
At first I considered using a good WiFi interface for our monitor. It turns out our crappy wireless interface worked great for limiting the range of picking up traffic. This gave us what we need to get the effect we really wanted: limiting our scan to very close range. A proximity scan, rather than all the data in the world. The project wasn’t during party hours, late night events, or in our hotel room.
So how did it turn out?
The end result, what we were looking for, was a count of the number of unique 2.4ghz wifi devices around us. The results didn’t disappoint. After the conference, I wrote a script to iterate through the database and, like WifiCreep, cross reference the OUIs of each MAC address with Wireshark’s OUI file to tell us the vendors of each device so we could get a vendor representation as well. And finally, we are pleased to give you our results:
______ ___________ _____ _____ _ _ _____ ____ | _ \ ___| ___| / __ \ _ | \ | | / __ \ / ___| | | | | |__ | |_ | / \/ | | | \| | `' / /'/ /___ | | | | __|| _| | | | | | | . ` | / / | ___ \ | |/ /| |___| | | \__/\ \_/ / |\ | ./ /___| \_/ | |___/ \____/\_| \____/\___/\_| \_/ \_____/\_____/ (ASCII font 'DOOM' by Frans P. de Vries, 18 June 1996) WIFI COUNTER JEAN JACKET PROJECT THINGY! (very technical) by Rego and Sunfire Defcon26, 2018 Caesars Palace, Las Vegas Total MACS recorded: 74900 MAN-UNKWN @ count of 57839 accounting for 77.2216288385 % Google @ count of 5894 accounting for 7.8691588785 % Apple @ count of 2163 accounting for 2.88785046729 % Motorola @ count of 1830 accounting for 2.4432576769 % SamsungE @ count of 1812 accounting for 2.41922563418 % MurataMa @ count of 1290 accounting for 1.72229639519 % LgElectr @ count of 1028 accounting for 1.37249666222 % IntelCor @ count of 488 accounting for 0.651535380507 % Htc @ count of 385 accounting for 0.514018691589 % HuaweiTe @ count of 231 accounting for 0.308411214953 % OneplusT @ count of 183 accounting for 0.24432576769 % TctMobil @ count of 133 accounting for 0.177570093458 % Zte @ count of 119 accounting for 0.158878504673 % SonyMobi @ count of 75 accounting for 0.100133511348 % AlpsElec @ count of 75 accounting for 0.100133511348 % ZebraTec @ count of 74 accounting for 0.0987983978638 % HonHaiPr @ count of 72 accounting for 0.0961281708945 % Microsof @ count of 71 accounting for 0.0947930574099 % AsustekC @ count of 71 accounting for 0.0947930574099 % EtekTech @ count of 67 accounting for 0.0894526034713 % Arcadyan @ count of 64 accounting for 0.0854472630174 % Raspberr @ count of 62 accounting for 0.0827770360481 % ExtremeN @ count of 60 accounting for 0.0801068090788 % LiteonTe @ count of 50 accounting for 0.0667556742323 % AmazonTe @ count of 49 accounting for 0.0654205607477 % XiaomiCo @ count of 34 accounting for 0.045393858478 % RivetNet @ count of 34 accounting for 0.045393858478 % Azurewav @ count of 34 accounting for 0.045393858478 % Espressi @ count of 29 accounting for 0.0387182910547 % BluProdu @ count of 28 accounting for 0.0373831775701 % Alfa @ count of 26 accounting for 0.0347129506008 % Private @ count of 26 accounting for 0.0347129506008 % Essentia @ count of 25 accounting for 0.0333778371162 % LgInnote @ count of 25 accounting for 0.0333778371162 % WistronN @ count of 23 accounting for 0.0307076101469 % ProwareT @ count of 19 accounting for 0.0253671562083 % Z-Com @ count of 18 accounting for 0.0240320427236 % Shenzhen @ count of 17 accounting for 0.022696929239 % RedpineS @ count of 17 accounting for 0.022696929239 % Kyocera @ count of 16 accounting for 0.0213618157543 % ChiconyE @ count of 15 accounting for 0.0200267022697 % Blackber @ count of 13 accounting for 0.0173564753004 % Pronet @ count of 13 accounting for 0.0173564753004 % IeeeRegi @ count of 13 accounting for 0.0173564753004 % AirgoNet @ count of 12 accounting for 0.0160213618158 % Guangdon @ count of 11 accounting for 0.0146862483311 % Tp-LinkT @ count of 10 accounting for 0.0133511348465 % YulongCo @ count of 10 accounting for 0.0133511348465 % SummitDa @ count of 10 accounting for 0.0133511348465 % Vizio @ count of 10 accounting for 0.0133511348465 % HmdGloba @ count of 9 accounting for 0.0120160213618 % ChiunMai @ count of 8 accounting for 0.0106809078772 % Essys @ count of 8 accounting for 0.0106809078772 % CompalIn @ count of 7 accounting for 0.00934579439252 % QuantaCo @ count of 7 accounting for 0.00934579439252 % Pepwave @ count of 6 accounting for 0.00801068090788 % Shanghai @ count of 6 accounting for 0.00801068090788 % AmpakTec @ count of 6 accounting for 0.00801068090788 % Nvidia @ count of 6 accounting for 0.00801068090788 % HewlettP @ count of 6 accounting for 0.00801068090788 % MoxaTech @ count of 5 accounting for 0.00667556742323 % EdimaxTe @ count of 4 accounting for 0.00534045393858 % Razer @ count of 4 accounting for 0.00534045393858 % QikuInte @ count of 4 accounting for 0.00534045393858 % Fairphon @ count of 4 accounting for 0.00534045393858 % Dream-Mu @ count of 3 accounting for 0.00400534045394 % Barnes&N @ count of 3 accounting for 0.00400534045394 % HongKong @ count of 3 accounting for 0.00400534045394 % OrientPo @ count of 3 accounting for 0.00400534045394 % ReboundT @ count of 3 accounting for 0.00400534045394 % ChiMeiCo @ count of 3 accounting for 0.00400534045394 % TexasIns @ count of 3 accounting for 0.00400534045394 % Roku @ count of 3 accounting for 0.00400534045394 % KingjonD @ count of 3 accounting for 0.00400534045394 % Netgear @ count of 3 accounting for 0.00400534045394 % Digiboar @ count of 3 accounting for 0.00400534045394 % D-LinkIn @ count of 3 accounting for 0.00400534045394 % Universa @ count of 3 accounting for 0.00400534045394 % Wisol @ count of 3 accounting for 0.00400534045394 % OpenMesh @ count of 2 accounting for 0.00267022696929 % GioneeCo @ count of 2 accounting for 0.00267022696929 % PandaWir @ count of 2 accounting for 0.00267022696929 % CloverNe @ count of 2 accounting for 0.00267022696929 % Sharp @ count of 2 accounting for 0.00267022696929 % VivoMobi @ count of 2 accounting for 0.00267022696929 % RovingNe @ count of 2 accounting for 0.00267022696929 % ViaNetwo @ count of 2 accounting for 0.00267022696929 % Longchee @ count of 2 accounting for 0.00267022696929 % Ingenico @ count of 2 accounting for 0.00267022696929 % Ezurio @ count of 2 accounting for 0.00267022696929 % Pantech @ count of 2 accounting for 0.00267022696929 % AskeyCom @ count of 2 accounting for 0.00267022696929 % SilexTec @ count of 2 accounting for 0.00267022696929 % ArrisGro @ count of 2 accounting for 0.00267022696929 % BeijingL @ count of 2 accounting for 0.00267022696929 % Ubiquiti @ count of 1 accounting for 0.00133511348465 % XiamenMe @ count of 1 accounting for 0.00133511348465 % Gopro @ count of 1 accounting for 0.00133511348465 % GarminIn @ count of 1 accounting for 0.00133511348465 % Pittasof @ count of 1 accounting for 0.00133511348465 % CameoCom @ count of 1 accounting for 0.00133511348465 % Reacheng @ count of 1 accounting for 0.00133511348465 % Bq @ count of 1 accounting for 0.00133511348465 % Nisca @ count of 1 accounting for 0.00133511348465 % XNet2000 @ count of 1 accounting for 0.00133511348465 % OculusVr @ count of 1 accounting for 0.00133511348465 % RandMcna @ count of 1 accounting for 0.00133511348465 % QuantaMi @ count of 1 accounting for 0.00133511348465 % Xirrus @ count of 1 accounting for 0.00133511348465 % EfmNetwo @ count of 1 accounting for 0.00133511348465 % Canal+ @ count of 1 accounting for 0.00133511348465 % Cisco @ count of 1 accounting for 0.00133511348465 % Entorian @ count of 1 accounting for 0.00133511348465 % Smartisa @ count of 1 accounting for 0.00133511348465 % Microchi @ count of 1 accounting for 0.00133511348465 % Abocom @ count of 1 accounting for 0.00133511348465 % Canon @ count of 1 accounting for 0.00133511348465 % MarvellS @ count of 1 accounting for 0.00133511348465 % NubiaTec @ count of 1 accounting for 0.00133511348465 % Palladiu @ count of 1 accounting for 0.00133511348465 % LenovoBe @ count of 1 accounting for 0.00133511348465 % SonimTec @ count of 1 accounting for 0.00133511348465 % AcctonTe @ count of 1 accounting for 0.00133511348465 % Epigram @ count of 1 accounting for 0.00133511348465 % Fn-LinkT @ count of 1 accounting for 0.00133511348465 % AtherosC @ count of 1 accounting for 0.00133511348465 % XaviTech @ count of 1 accounting for 0.00133511348465 % EcoPlugs @ count of 1 accounting for 0.00133511348465 % QingdaoH @ count of 1 accounting for 0.00133511348465 % Nintendo @ count of 1 accounting for 0.00133511348465 % RealtekS @ count of 1 accounting for 0.00133511348465 % Legra @ count of 1 accounting for 0.00133511348465 % Lemobile @ count of 1 accounting for 0.00133511348465 % Sparklan @ count of 1 accounting for 0.00133511348465 % ChengHon @ count of 1 accounting for 0.00133511348465 % EdupInte @ count of 1 accounting for 0.00133511348465 % Cisco-Li @ count of 1 accounting for 0.00133511348465 % B-LinkEl @ count of 1 accounting for 0.00133511348465 % Veracity @ count of 1 accounting for 0.00133511348465 % Wearable @ count of 1 accounting for 0.00133511348465 % SeikoEps @ count of 1 accounting for 0.00133511348465 % Continen @ count of 1 accounting for 0.00133511348465 % RuckusWi @ count of 1 accounting for 0.00133511348465 % ChinaPal @ count of 1 accounting for 0.00133511348465 % Routerbo @ count of 1 accounting for 0.00133511348465 % LenovoMo @ count of 1 accounting for 0.00133511348465 % GemtekTe @ count of 1 accounting for 0.00133511348465 % PolarEle @ count of 1 accounting for 0.00133511348465 % 00:00:00 @ count of 1 accounting for 0.00133511348465 % OuWeiTec @ count of 1 accounting for 0.00133511348465 % JinanUsr @ count of 1 accounting for 0.00133511348465 % TecnoMob @ count of 1 accounting for 0.00133511348465 % ZhongSha @ count of 1 accounting for 0.00133511348465 % Panasoni @ count of 1 accounting for 0.00133511348465 % SmartInn @ count of 1 accounting for 0.00133511348465 % TendaTec @ count of 1 accounting for 0.00133511348465 % HongyuCo @ count of 1 accounting for 0.00133511348465 % NewportM @ count of 1 accounting for 0.00133511348465 %