Person detection without cameras using wifi beacons

@M4DM4NZ You have any working code for this project?

Also, people who have no phones or have dumb phones would not be detected via this method.
Yup, i have working code, its archived somewhere on external HDD, it was only about 30 lines of bash script, and im sure someone here who's actually a programmer could do a better job.

is that you?

also, your right, the only requirements for a person to get "spotted" is holding a smartphone with wifi turned on. thats it.... (so no dumb phones)
phones are always trying to connect to their saved wifi connections, hence why when you arrive home from work, your phone automatically connects to your home wifi.
its the phone asking to connect, not the wifi router in your house, the router just does the handshake when it gets the request from the phone providing the right password.
 
I don't get it, but when you have something working it would be interesting to see what you can do with it.

I find that so many of my friends get new phones so often, and others do as well. Each delivery truck is a Truck with a new person - and a new phone.

I guess I am just trying to see how you can eliminate the "noise" so that you have something useful. But again an interesting subject for sure.

Thinking back, one of the tricks i used to do to minimize noise, is unscrewing the antenna from the wifi dongle and wrapping the dongle in tinfoil (with small holes)

This limits the range to how far the dongle can sniff beacon packets so your only detecting devices directly around your property.
 
You cant eliminate the "noise" because the phones (station) MAC is always changing, but the wifi access points SSID's are always the same (unless the user changes them on their router) but that's pretty uncommon.

Hence why i stopped doing this a few years back when apple,android updated their mobile operating systems. but still.... using timeframes and signal strength is still a possibility to harvest accurate data to combine with camera footage, and even act as triggers.
FYI see the timeframe below when google/apple started making these changes...

1662610175029.png
 
Forget the MAC what you want is to interogate the phone for it's IMEI number. This is a unique identifier on every phone that identifies it to a mobile network. It's independent of SIM card. Whether you can legally do this I wouldn't know.

If you can, and you have the IMEI, you have the owners identity (or the police do) as it can be linked to the phone number / registered owner, or at the very least, tracked on the network as the network knows at all times the IMEI of every phone connected to it and where it is.
 
  • Like
Reactions: SpacemanSpiff
Forget the MAC what you want is to interogate the phone for it's IMEI number. This is a unique identifier on every phone that identifies it to a mobile network. It's independent of SIM card. Whether you can legally do this I wouldn't know.

If you can, and you have the IMEI, you have the owners identity (or the police do) as it can be linked to the phone number / registered owner, or at the very least, tracked on the network as the network knows at all times the IMEI of every phone connected to it and where it is.
Yes, having the IMEI number would be great, but thats not broadcasted over wifi frequency range, so all your left with is the metadata that's available to you via the beacon packets.
 
Though not as prevalent as cel phones (yet), many cars now have the wifi abilities. AP's closest to our parking lots show a lot of air traffic from vehicles looking for networks.

Nice project! Was it difficult to get Kali on the Pi?
 
Though not as prevalent as cel phones (yet), many cars now have the wifi abilities. AP's closest to our parking lots show a lot of air traffic from vehicles looking for networks.

Nice project! Was it difficult to get Kali on the Pi?

Thanks dude, yeah pretty sure Kali has an ARM build you can download on their website, but using any flavor of linux will work, just install the aircrack-ng suite
Kali just has all the tools preinstalled.
 
Update:

1662809491586.png

Decided to play around with the raspberry Pi this weekend and make some progress with the "Person Detection System"

So, when cars drive past my place, its all over in about 6 sec before they fall out of range, but people walking by is fine because there is plenty of time to capture the beacon packets.

I decided to catch the cars, for this i needed 3 wireless adapters ( one for each radio channel ).
When you use only 1 wifi adapter, it works but that adapter has to cycle through each channel (around every 500ms) so you don't always have time to catch the beacons flying from peoples cars.

But I've found a good strategy for catching them, because there are only 3 common channels used where i live, I setup the wifi adapters to each only monitor a single channel. That way the system can detect the beacons faster.

You have to filter out all the noise, so firstly without any filters, I just scanned for a few hours to pickup all the common wifi access points within range of the front of my house.

then after noticing which ones stick around, i whitelisted them so the live scanning feed doesn't display them.

Now all thats left are "random" MAC address that ONLY show up if a person walks or drives past.

it took a bit of customizing but for anyone who is interested i will post the airodump command below.

============================================================================================================================
sudo airodump-ng -w output.cap --essid-regex '^(?!.abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)^(?!.*abc123)' -f 500 -a -c 1,6,11 --wps --uptime --berlin 20 --output-format csv -s 1 --update 1 --ht40+ --manufacturer wlan0mon,wlan1mon,wlan2mon

============================================================================================================================

I've use a Regex filter for whoever wants to try this on their own system, just replace abc123 with the names of your neighbors access points. (note the above command is all one line)

also , the final interface names could be different on your system, wlan0mon etc. change them accordingly.

plus you'll need to adjust the channels to suit your needs, just change "-c 1,6,11" to the 3 common channels used in your area. (note: the more channels you add, the longer it takes to detect a person.)

another thing, if your not using a dualband NIC that supports 2.4Ghz and 5Ghz, remove the --ht40+ section (2.4Ghz is default)

Obviously the script to trigger alerts or make lights flash in the house from reading the output.cap log file isnt done yet, but its getting there.

but yeah, so far its working really well... i can actually see from the output that "someone is approaching" just before the camera sees them

also, try playing with putting the wifi adapters in pringles cans and pointing them at the road, ive had mixed results, might need extra tin foil lol

FYI: syntax to the commands:


have fun!
 
Last edited:
  • Like
Reactions: Looking Out