Looking for a WiFi system that can scan and Log mac addresses or GSM

[Aziphale]

I am on a small holding and we are getting a spate of people cutting our fence and coming onto the property to see what they can steal.
Apart from using beams that give tons of false alarms, I was thinking that their should be a system that could detect and log mac addresses of peoples phones as well as Bluetooth signals or even GSM signals. The alarm system would need to be able to exclude the phones of people who reside on the property but would react to unrecognised signal. The logging of their addresses could be used at a later date for identification purposes.
Obviously if they have no phone then it wont work, but who doesn't have a phone now days.

If anybody knows of something similar or something that could be retrofitted, please point me in the right direction.

 

[durbandave]

How would you track them down using MAC address? As Bluetooth and a persons mobile wifi only have a limited connectivity range cant see how this would be a practical solution

 

[RoganDawes]

Couple of thoughts:

Monitoring WiFi and Bluetooth has been done before. e.g. SensePost's Snoopy/Peanuts and http://ubertooth.blogspot.com/2012/11/so-you-want-to-track-people-with.html

Current problems with WiFi, is that many manufacturers are starting to anonymise probe requests, which means that you will be triggering on your own devices all the time. Depending on your device, and how old it is, this will be a bigger or lesser problem (older devices are not doing this, obviously)

For bluetooth, the range is fairly low, so you would need sensors scattered around the place (and call me privileged, but I don't see joe burglar using bluetooth headsets too often, so their bluetooth may be permanently turned off).

GSM is more interesting in this regard, but there are a couple of problems here too. I believe it is illegal to receive transmissions in the licensed bands (I'm open to correction on this), but even then, 2G/3G phones don't actually transmit their IMEI or IMSI very often, but rather a TMSI which is a randomised identifier. I'm not sure how often they do transmit the IMSI, so this may still be feasible, I guess.

 

[infscrtyrisk]

Interesting thought. Apart from the Wifi and ethernet use cases (which is limited to goblins who leave their wifi and bluetooth on), the GSM protocol uses that LAPD/LAPDm protocol which does provide for an OSI layer 2 address (neatly in HDLC format). So, yes, quite possible, although in order to make it useful (and to keep the goblin's GSM stack busy enough to get location), you may need to include some spoofed upper layers.
As per RoganDawes, the mere receipt (at any layer) would be an issue where it comes to the law, particularly because you would need to emulate a base station (like stingray). Then again, if you set it up in such a way that the higher layers get discarded, AND you get caught, you could (worst case) plead that the interception was with intent to gain an unlawful advantage of an unknown / foreign subject as to location (and you are up against a privacy issue here) as opposed to interception with intent to gain an unlawful advantage with intent to monitor conversations, you could <possibly> get a mitigated sentence. It all depends on the implementation, and the court.

There is a side of me that likes the idea. Chances are *very* slim that you would be caught i the first place. But it would mean a whole lot of research and testing, with no guarantees of success, and if it is, everyone will want one (which will lead to the inevitable). So if you do decide to implement, be very careful who you share it with.

Good luck!

 

[RoganDawes]

Interesting thought. Apart from the Wifi and ethernet use cases (which is limited to goblins who leave their wifi and bluetooth on), the GSM protocol uses that LAPD/LAPDm protocol which does provide for an OSI layer 2 address (neatly in HDLC format). So, yes, quite possible, although in order to make it useful (and to keep the goblin's GSM stack busy enough to get location), you may need to include some spoofed upper layers.
As per RoganDawes, the mere receipt (at any layer) would be an issue where it comes to the law, particularly because you would need to emulate a base station (like stingray). Then again, if you set it up in such a way that the higher layers get discarded, AND you get caught, you could (worst case) plead that the interception was with intent to gain an unlawful advantage of an unknown / foreign subject as to location (and you are up against a privacy issue here) as opposed to interception with intent to gain an unlawful advantage with intent to monitor conversations, you could <possibly> get a mitigated sentence. It all depends on the implementation, and the court.

There is a side of me that likes the idea. Chances are *very* slim that you would be caught i the first place. But it would mean a whole lot of research and testing, with no guarantees of success, and if it is, everyone will want one (which will lead to the inevitable). So if you do decide to implement, be very careful who you share it with.

Good luck!

The obvious problem with assuming that you won't get caught is that it becomes impossible to sell a product based on this technique, which is a pity.

There is definitely scope for this sort of technique as a protective mechanism, although there are also privacy issues (much as there are with Wifi and bluetooth tracking)

 

[infscrtyrisk]

SDRs are getting cheaper every day. Stumbled across this:

https://z4ziggy.wordpress.com/2015/05/17/sniffing-gsm-traffic-with-hackrf/

 

[DMNknight]

I am on a small holding and we are getting a spate of people cutting our fence and coming onto the property to see what they can steal.
Apart from using beams that give tons of false alarms, I was thinking that their should be a system that could detect and log mac addresses of peoples phones as well as Bluetooth signals or even GSM signals. The alarm system would need to be able to exclude the phones of people who reside on the property but would react to unrecognised signal. The logging of their addresses could be used at a later date for identification purposes.
Obviously if they have no phone then it wont work, but who doesn't have a phone now days.

If anybody knows of something similar or something that could be retrofitted, please point me in the right direction.

Maybe get a Raspberry Pi with a sniffable USB stick (in hacking terms its called a pineapple)
Then write a Python script to monitor MAC addresses in range, against a whitelist of your own/known devices.

Wifi is effective for about 30-40m or so, so depending on your proximity to a road, you could get false alerts.

However, how many "burglar" type phones will have wifi enabled?

 

[RoganDawes]

You might be able to do it following this post: http://www.rtl-sdr.com/using-an-rtl-sdr-as-a-simple-imsi-catcher/

 

[infscrtyrisk]

You might be able to do it following this post: http://www.rtl-sdr.com/using-an-rtl-sdr-as-a-simple-imsi-catcher/

Nice link!