This page covers a project that implements a rogue AP detector using a Flipper Zero, ESP32 board, and a C program running on the Flipper Zero. The C program collects background observations about wifi networks to create a baseline, then performs analysis scans to compare to the baseline and identify possible Rogue APs.

Plan

Program Flow Mapping

Phase 1: Learning Mode

• Input: Live WiFi scan data
• Process: scanner.c → baseline.c
• Output: legitimate_aps.dat file

Phase 2: Detection Mode

• Input: Live WiFi scan data + legitimate_aps.dat
• Process: scanner.c → analyzer.c → detector.c → ui.c
• Output: Rogue AP alerts on screen

Implementation Plan (Step-by-Step)

Step 1: WiFi Scanner Module (scanner.c):

• Initialize ESP32 WiFi in monitor mode
• Scan all channels (1-13) for beacon frames
• Parse 802.11 management frames
• Extract: SSID, BSSID, RSSI, encryption type, channel
• Return structured AP data array

Step 2: Baseline Manager (baseline.c)

• Store legitimate APs in persistent storage
• Functions: save_baseline(), load_baseline(), update_baseline()
• Data aging (remove old entries, update signal ranges)
• Handle storage limitations on Flipper Zero

Step 3: Analysis Engine (analyzer.c)

• Compare current scan vs baseline
• Calculate similarity scores for SSIDs (Levenshtein distance)
• Check MAC OUI against known manufacturer database
• Analyze signal strength patterns
• Generate suspicion scores (0-100)

Step 4: Detection Logic (detector.c)

• Apply detection rules with configurable thresholds
• Flag APs scoring above suspicion threshold
• Classify threat types: typosquatting, signal anomaly, unknown device
• Maintain detection history to reduce false positives

Step 5: User Interface (ui.c)

• Display scanning status
• Show baseline AP count
• Alert interface for rogue APs
• Settings menu for thresholds

Inputs/Outputs Specification

External Inputs:

• WiFi beacon frames (802.11 management)
• User button presses (mode switching, acknowledgments)
• Configuration parameters (thresholds, scan intervals)

Internal Data:

• AP structure: {char ssid[33], uint8_t bssid[6], int8_t rssi, uint8_t encryption, uint8_t channel, uint32_t timestamp}
• Baseline database: Array of legitimate AP structures
• Detection results: Array of flagged APs with threat classifications

Outputs:

• Screen display: Current mode, scan results, alerts
• Storage: Persistent baseline database
• Optional: Serial debug output for development

Memory Considerations

• Flipper Zero has limited RAM (~256KB)
• Store baseline on SD card or internal flash
• Implement circular buffer for recent scan results
• Limit active monitoring to ~50 APs simultaneously

Implementation

Step 1 - Wifi Scanner Module scanner.c

• Initialize ESP32 WiFi in monitor mode
• Scan all channels (1-13) for beacon frames
• Parse 802.11 management frames
• Extract: SSID, BSSID, RSSI, encryption type, channel
• Return structured AP data array

Flipper Zero/Rogue AP Detector/scanner.c

Step 2 - Baseline Manager (baseline.c)

• Store legitimate APs in persistent storage
• Functions: save_baseline(), load_baseline(), update_baseline()
• Data aging (remove old entries, update signal ranges)
• Handle storage limitations on Flipper Zero

Flipper Zero/Rogue AP Detector/baseline.c

Step 3 - Analysis Engine (analyzer.c)

(This is arguably the module that is at the heart of the project - how you detect rogue APs)

• Compare current scan vs baseline
• Calculate similarity scores for SSIDs (Levenshtein distance)
• Check MAC OUI against known manufacturer database
• Analyze signal strength patterns
• Generate suspicion scores (0-100)

Flipper Zero/Rogue AP Detector/analyzer.c

Step 4 - Detection Logic (detector.c)

• Apply detection rules with configurable thresholds
• Flag APs scoring above suspicion threshold
• Classify threat types: typosquatting, signal anomaly, unknown device
• Maintain detection history to reduce false positives

Flipper Zero/Rogue AP Detector/detector.c

Step 5 - User Interface (ui.c)

• Display scanning status
• Show baseline AP count
• Alert interface for rogue APs
• Settings menu for thresholds

Flipper Zero/Rogue AP Detector/ui.c