Flipper Zero/Rogue AP Detector: Difference between revisions
From charlesreid1
(→Plan) |
No edit summary |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Main|Flipper Zero}} | |||
This page covers a project that implements a rogue AP detector using a Flipper Zero, ESP32 board, and a C program running on the Flipper Zero. The C program collects background observations about wifi networks to create a baseline, then performs analysis scans to compare to the baseline and identify possible Rogue APs. | |||
__TOC__ | |||
=Plan= | =Plan= | ||
| Line 15: | Line 22: | ||
* Output: Rogue AP alerts on screen | * Output: Rogue AP alerts on screen | ||
==Step-by-Step | ==Implementation Plan (Step-by-Step)== | ||
Step 1: WiFi Scanner Module (scanner.c): | Step 1: WiFi Scanner Module (scanner.c): | ||
| Line 80: | Line 87: | ||
* Implement circular buffer for recent scan results | * Implement circular buffer for recent scan results | ||
* Limit active monitoring to ~50 APs simultaneously | * Limit active monitoring to ~50 APs simultaneously | ||
=Implementation= | |||
==Step 1 - Wifi Scanner Module scanner.c== | |||
* Initialize ESP32 WiFi in monitor mode | |||
* Scan all channels (1-13) for beacon frames | |||
* Parse 802.11 management frames | |||
* Extract: SSID, BSSID, RSSI, encryption type, channel | |||
* Return structured AP data array | |||
[[Flipper Zero/Rogue AP Detector/scanner.c]] | |||
==Step 2 - Baseline Manager (baseline.c)== | |||
* Store legitimate APs in persistent storage | |||
* Functions: save_baseline(), load_baseline(), update_baseline() | |||
* Data aging (remove old entries, update signal ranges) | |||
* Handle storage limitations on Flipper Zero | |||
[[Flipper Zero/Rogue AP Detector/baseline.c]] | |||
==Step 3 - Analysis Engine (analyzer.c)== | |||
(This is arguably the module that is at the heart of the project - how you detect rogue APs) | |||
* Compare current scan vs baseline | |||
* Calculate similarity scores for SSIDs (Levenshtein distance) | |||
* Check MAC OUI against known manufacturer database | |||
* Analyze signal strength patterns | |||
* Generate suspicion scores (0-100) | |||
[[Flipper Zero/Rogue AP Detector/analyzer.c]] | |||
==Step 4 - Detection Logic (detector.c)== | |||
* Apply detection rules with configurable thresholds | |||
* Flag APs scoring above suspicion threshold | |||
* Classify threat types: typosquatting, signal anomaly, unknown device | |||
* Maintain detection history to reduce false positives | |||
[[Flipper Zero/Rogue AP Detector/detector.c]] | |||
==Step 5 - User Interface (ui.c)== | |||
* Display scanning status | |||
* Show baseline AP count | |||
* Alert interface for rogue APs | |||
* Settings menu for thresholds | |||
[[Flipper Zero/Rogue AP Detector/ui.c]] | |||
[[Category:Flipper Zero]] | |||
[[Category:Wireless]] | |||
Latest revision as of 17:23, 26 August 2025
Main article: Flipper Zero
This page covers a project that implements a rogue AP detector using a Flipper Zero, ESP32 board, and a C program running on the Flipper Zero. The C program collects background observations about wifi networks to create a baseline, then performs analysis scans to compare to the baseline and identify possible Rogue APs.
Plan
Program Flow Mapping
Phase 1: Learning Mode
- Input: Live WiFi scan data
- Process: scanner.c → baseline.c
- Output: legitimate_aps.dat file
Phase 2: Detection Mode
- Input: Live WiFi scan data + legitimate_aps.dat
- Process: scanner.c → analyzer.c → detector.c → ui.c
- Output: Rogue AP alerts on screen
Implementation Plan (Step-by-Step)
Step 1: WiFi Scanner Module (scanner.c):
- Initialize ESP32 WiFi in monitor mode
- Scan all channels (1-13) for beacon frames
- Parse 802.11 management frames
- Extract: SSID, BSSID, RSSI, encryption type, channel
- Return structured AP data array
Step 2: Baseline Manager (baseline.c)
- Store legitimate APs in persistent storage
- Functions: save_baseline(), load_baseline(), update_baseline()
- Data aging (remove old entries, update signal ranges)
- Handle storage limitations on Flipper Zero
Step 3: Analysis Engine (analyzer.c)
- Compare current scan vs baseline
- Calculate similarity scores for SSIDs (Levenshtein distance)
- Check MAC OUI against known manufacturer database
- Analyze signal strength patterns
- Generate suspicion scores (0-100)
Step 4: Detection Logic (detector.c)
- Apply detection rules with configurable thresholds
- Flag APs scoring above suspicion threshold
- Classify threat types: typosquatting, signal anomaly, unknown device
- Maintain detection history to reduce false positives
Step 5: User Interface (ui.c)
- Display scanning status
- Show baseline AP count
- Alert interface for rogue APs
- Settings menu for thresholds
Inputs/Outputs Specification
External Inputs:
- WiFi beacon frames (802.11 management)
- User button presses (mode switching, acknowledgments)
- Configuration parameters (thresholds, scan intervals)
Internal Data:
- AP structure:
{char ssid[33], uint8_t bssid[6], int8_t rssi, uint8_t encryption, uint8_t channel, uint32_t timestamp} - Baseline database: Array of legitimate AP structures
- Detection results: Array of flagged APs with threat classifications
Outputs:
- Screen display: Current mode, scan results, alerts
- Storage: Persistent baseline database
- Optional: Serial debug output for development
Memory Considerations
- Flipper Zero has limited RAM (~256KB)
- Store baseline on SD card or internal flash
- Implement circular buffer for recent scan results
- Limit active monitoring to ~50 APs simultaneously
Implementation
Step 1 - Wifi Scanner Module scanner.c
- Initialize ESP32 WiFi in monitor mode
- Scan all channels (1-13) for beacon frames
- Parse 802.11 management frames
- Extract: SSID, BSSID, RSSI, encryption type, channel
- Return structured AP data array
Flipper Zero/Rogue AP Detector/scanner.c
Step 2 - Baseline Manager (baseline.c)
- Store legitimate APs in persistent storage
- Functions: save_baseline(), load_baseline(), update_baseline()
- Data aging (remove old entries, update signal ranges)
- Handle storage limitations on Flipper Zero
Flipper Zero/Rogue AP Detector/baseline.c
Step 3 - Analysis Engine (analyzer.c)
(This is arguably the module that is at the heart of the project - how you detect rogue APs)
- Compare current scan vs baseline
- Calculate similarity scores for SSIDs (Levenshtein distance)
- Check MAC OUI against known manufacturer database
- Analyze signal strength patterns
- Generate suspicion scores (0-100)
Flipper Zero/Rogue AP Detector/analyzer.c
Step 4 - Detection Logic (detector.c)
- Apply detection rules with configurable thresholds
- Flag APs scoring above suspicion threshold
- Classify threat types: typosquatting, signal anomaly, unknown device
- Maintain detection history to reduce false positives
Flipper Zero/Rogue AP Detector/detector.c
Step 5 - User Interface (ui.c)
- Display scanning status
- Show baseline AP count
- Alert interface for rogue APs
- Settings menu for thresholds