Improbinator – My first ESPduino project

I committed my first ESPduino project to Github the other day, ESPduino – Improbinator.

ESPduino – Improbinator – Flood of faked 802.11 Probe Request Frames

Background: Living in a town with about 20 wifi-probes mounted on walls in the city center, which collects 802.11 Probe Request frames to measure and map visitor flows through the city kicked off the idea that I could dilute and skew the measurements by flooding the devices with a controlled stream of nearly-real looking but obviously faked probe request frames.

OUI Data: Collected by war-walking sessions around town and other cities and countries – both for client and router OUI’s.

It’s an open project, you could send pull requests or fork the project.


Yup, got myself an ESPduino which is a combination of an Arduino-compatible with an ESP8266 on-board.

This will be the platform for my little project, where I aim to run interference to disrupt the WiFi-based visitor-counting system the local town has installed.

As preparation I’ve been walking around town, trying to identify and photograph the installed devices and I have found 6 or 7 this far, rumor says they have 15-20 devices installed around busy walking streets and squares. I have also done some research and happened to find that a friend has been involved in a similar project previously, through my research I got a bit better picture of what they are doing and how their measurement of visitors/people are moving through town.

With my ESPduino and some clever coding, I can spray the air with faked frames, to make it appear as many people are walking by, through lists of popular OUI prefixes I can generate millions of what looks like genuine phones with WiFi from popular brands, with some focus of a particular fruit brand. This will probably screw up and skew the measurements so much that the data they collect will become pretty much useless.

I’m guessing the setup will be simple, after deploying the code to the ESPduino, the hard work is pretty much done, now the fun starts. With a powerbank of reasonable capacity, you could run the ESPduino for hours. As broadcasting the same MAC-addresses over and over would not be very useful, the program would change a few of them every minute, if you got 50 faked MACs and 5 of them got changed every minute, it would look like a busy street, people coming and going. This is going to be parameters you can tweak in the program.

Why am I doing this? Well, there is the privacy angle, I do not like to be monitored, I think I should be able to walk through the city without becoming a number or a hash in a database somewhere unless I participate with consent. All smartphones today has WiFi and unless you turn it off when leaving your home, you can and will be tracked and some point or another, most people aren’t even aware of this fact and won’t even give it a thought. I want to protect them as well as myself by throwing grit into the machinery, to make the tracking data less valuable as they can not trust it completely.

Furthermore, I aim to release the full source code along with a list of OUI-prefix, so everyone interested and able, can roll their own configuration in their copy of the source code, to minimize the risk of duplicate entries at the same time. Source code with instructions on how-to setup, configure and run the ESPduino.

Makerspace Västerås

Yesterday I did something I’ve been thinking about a lot the last couple of months, I started the Facebook group Makerspace Västerås to have a discussion platform for the possible creation of an actual makerspace in Västerås.
Now, some 30 hours later, there is about 35 members and we have discussions about the vision, I described my vision to get discussions going.

I’d really like to have access to a local makerspace, furnished with equipment and people with knowledge of how to use the equipment.

The information about what makerspaces are date the start of makerspaces to around 1995.

A few friends and I rented a basement in a regular apartment building and started programming, building and hacking devices in mid 1993, just among friends. When we shut it down a few years later, mid 1997, we counted in about 50 friends and probably as many that just came along with them. At the time we were just kids with soldering irons and assembly language on the screens, running BBSes (plural) from the basement, we had no jobs but we spent time and collaborated on pretty much everything, many of us have massively technical jobs today.

I’d like to bring my son to a functional makerspace, to teach him how to repair stuff, to repurpose things, basically to hack his world. I like the idea and would love to see it become a reality.

The move, in hindsight

Today it is a year since we packed up our home in boxes, shipped them off to storage and left for a two month journey towards our destination.

We have landed, unpacked, furnished and decorated our new home, in another city. Our way here was not a walk in the park, it was uphill struggle to keep sane, to not go completely bonkers and just endure. Our two year old son wasn’t all that happy but adapted when he saw us adapt to new surroundings and situations.

I kept blogging to keep sane and also to scribble down thoughts and daily progress. Some entries are short, others are a bit more meaty.

In chronological order, from beginning to end. (Use Ctrl-click to open each post in a new tab)
2015-07-30: We are leaving Home Base B19
2015-08-01: First day at Habitat L
2015-08-03: Hab L, Day 3
2015-08-04: Hab L, Day 4
2015-08-05: Hab L, Day 5
2015-08-07: Hab L, Day 7
2015-08-08: Hab L, Day 8
2015-08-12: Hab L, Day 12
2015-08-14: Hab L, Day 14
2015-08-16: Hab L, Day 16
2015-08-18: Hab L, Day 18
2015-08-19: Hab L, Day 19
2015-08-20: Hab L, Day 20
2015-08-21: Hab L, Day 21
2015-08-23: Hab L, Day 23
2015-08-25: Hab L, Day 25
2015-08-27: Hab L, Day 27
2015-08-29: Hab L, Day 29
2015-08-30: Hab X, Day 30
2015-08-31: Hab X, Day 31
2015-09-01: Hab B, Day 32
2015-09-02: Hab B, Day 33
2015-09-03: Hab B, Day 34
2015-09-05: Hab X, Day 36
2015-09-06: Hab B, Day 37
2015-09-07: Hab B, Day 38
2015-09-08: Hab B, Day 39
2015-09-09: Hab B, Day 40
2015-09-11: Hab B, Day 42
2015-09-12: Hab B, Day 43
2015-09-13: Hab B, Day 44
2015-09-14: Hab B, Day 45
2015-09-15: Hab B, Day 46
2015-09-17: Hab B, Day 48
2015-09-19: Hab B, Day 50
2015-09-20: Hab B, Day 51
2015-09-22: Hab B, Day 53
2015-09-24: Hab B, Day 55
2015-09-26: Hab B, Day 57
2015-09-28: Home base FLV5, Day 58
2015-09-30: The long journey is over

As predicted, I said before we took off onto this journey that “in a year or two, we’re gonna laugh at this madness” … and we do. This is one of the most crazy and slightly mental projects I have ever participated in, go live in a knapsack for almost two full months with a toddler and emerge alive from it.

Friends followed these almost daily blog posts, to keep up with what was going on, others who heard about this have read these entries and came back with a deeper understanding about how and what went on. Please comment.

To buy a book

I went looking for a book I read thousands of years ago, Clifford Stoll’s The Cuckoo’s Egg. Found it on printed media, no problem. But I mostly listen to books now a days, so I went looking for the audio book, because it exists… on tape.

The price for used tape is about $40.

That would trigger a few other costs if bought, like a USB-tape deck which is another $40 .. to just get it onto my phone.

I wish the book would get recorded as an audiobook again, either Mr Stoll himself narrating the book, or a professional at Audible. I’d buy it in a blink.

Found the C-SPAN video from 1989 where Clifford Stoll is interviewed about his book. Clifford Stoll.
Clifford Stoll: The call to learn
Tech Icons: Cliff Stoll

Telia – not so netneutral

Telia, not so netneutral
Telia, not so netneutral

I first received an SMS telling me that Telia now provides free surf on social media, Facebook, Instagram, Twitter, Whatsapp, Kik and so on, sounds good at first .. but this is how they want you to think, “what a great deal, now my measly 2G surf plan will last longer”. This is where you need to do some more thinking, to achive this they need to listen and filter your traffic to know which traffic is “free” and what traffic to count against your surf plan, let that sink in for a while.

This is not what we want done to the internet, road tolls or rather favoring selected services which skews the landscape of the internet, all internet traffic are created equal, traffic to and from sites and services should not be treated differently.

Now, about a day later I got a promotional mail from them as well, yet again I feel like screaming.

If anyone at Telia marketing department would read this, please go home, sit down and think this one through again, go back to work and pull this campaign back, dig a hole and throw it in, fill the hole and get another job. You are clearly not mentally fit for the job.

GTFO of my social media participation, it is my business what I do online and you should not treat it differently than anything else, your job is and should be to provide DUMB PLUMBING.

Theme fuckup

I fiddled around with some plugins and the then current theme completely shit itself, nothing worked and I was forced to commit to violence to get another theme in and from there choose yet another theme.

I haven’t customized it yet and it looks very ‘out-of-the-box’ at the moment. New header image, some day.

Anyways, I threw out a few really old plugins that were active but no longer served any purpose, looked them up and saw that they hadn’t been updated in 8 years. Yes, 8 years. Now gone and deleted.

Also while working a bit with the blog I decided to completely switch over the categories to English as they were mostly in Swedish, rearranged them into tree-structure to group them in a neat fashion.


I somehow bid on a FPGA development board the other day, thinking that someone would over-bid me in the last couple of seconds, snatching the item out of my hands. I won it.

Winning bid was 1 SEK and additional freight of course, checked the sellers other auctions and found a VHDL book, which I put a bid on as well and won that too. Another 1 SEK bid, with additional freight.

2 SEK + freight makes 127 SEK. That is about a sushi meal with a few extra rolls.

Can’t wait to get my hands on it.

Blocking 1 IP

Just by blocking a single IP, I managed to choke the amount of spammy comments on this blog to a minimum, zero spam comments to be honest.

An IP originating in Russia, from an ISP that can be described as non-responsive. I gave them about two weeks to resolve the issue, reporting the IP to them like an up-right citizen, got a immediate response and thought things will be sorted out, no such luck, days passed and I got tired of waiting, mailed abuse@<isp name>.ru and got the same exact answer back again, with the same ticket number as the first time. Waited another few days, nothing, the spam bot kept pounding my comment fields. Wrote them a new email, pretty much telling them that since they were so slow, I’d contact their up-link provider if it continues .. and it continues.

But, I don’t bother with it anymore, I just blocked the single IP and no spam comes through.

Idea dump: Arduino ESP8266 – WIFI Beacon Attacker

Update 2016-11-12: I wrote a piece about ESPduino – Improbinator where much of the ideas were implemented, there is also a Github repo at Improbinator where you find the code.

I accidentally bought an Arduino ONE R3 for cheaps and had no project to use it in, so I toyed around with different ideas and this hit me while taking my son for a walk.

This assumes a few things:

  • ESP8266 has ways to generate (custom) beacon frames
  • 1+N ESP8266 is possible to connecto to Arduino ONE

Use an Arduino + ESP8266 + SDCard shield, to emit lots of beacon frames and keep iterating them for a set period of time, to imitate or mimic real phones moving around in an area. MAC addresses randomized from a table of 24bit OUI prefixes of popular makes/brands and the remaining 24 bits random.

As my brain seems to work a bit different, I tend to strive for edge-cases, to over optimize and extend beyond limits – I don’t even know if it’s possible with the hardware combination to attach a second or even a third ESP8266 board to an Arduino ONE R3, or if it’s possible to drive two or three shields through software/electronics.

With one, two or three ESP8266, I imagine having as many buffers with lists of pre-generated MAC addresses to run through and broadcast beacons, depth of lists TBD. OUI prefixes would be stored on SDCard and I already have the data, both from OUI prefix list and collected data from the last 5+ years of War-walking.

If outfits like Libelium are making devices for identifying customers in stores/gallerias/malls and can even identify the type of smartphone – we could throw some dirt into their machinery, as we could generate beacons with MAC addresses for devices based on statistics from collected data. No harm would be done as they are generated and only “visible” in a small physical “bubble” for a limited time, even with the possibility that a generated MAC address would clash with a real MAC address in the same area, it would not be any long term effects.

The build would be cased in acrylic, either a stock box with modification for sheild(s) or complete custom. Powerbanks of 10000mAh (or more) @ 5V to run it off-grid/backpack.

Pry-fi by Chainfire on XDA-Developers.

Frustration och julångest

Frustrationen består i att jag just nu försöker få ett recept förnyat, då behöver min nya vårdcentral min journal. Min journal är “fast” i ett annat landstings journalsystem, så de (det gamla landstinget) föreslog att jag skulle ta ut ett utdrag ur min journal, transportera det på döda träd för att låta den nya vårdcentralen i det nya landstinget digitalisera det som skrivits ut på de döda träden.

Nu har jag pratat med den gamla vårdcentralen, som bekräftade att min journal inte alls var låst som den nya vårdcentralen hade sagt, men att det kan vara så att de olika landstingens journalsystem inte pratar samma språk och därmed kan man inte flytta en journal på annat sätt än att göra en analog kopia i ena änden, transportera den fysiskt ~40 kilometer för att sedan göra om in formationen från analog till digital igen i det andra journalsystemet.

Som integrationskonsult så skapar det här problemet våldsam klåda.

Jag sitter och vänder och vrider på orden, det kommer ut mycket och många fula ord jag vill använda, skriver i affekt.


Sedan minns jag varför jag har ett jobb, jag skapar och underhåller integrationer där man löser problem som dessa, skyfflar data mellan system.

Julångesten kryper på när man rör sig i stan och det är 3 gånger så många människor i omlopp, alla med det där jagade i blicken, “måste hitta den perfekta klappen”. Jag försöker behålla lugnet men påverkas, som tur är pågår detta endast ett par dagar till, sedan infinner sig post-jul och pre-födelsedagar som i sig är en stressfaktor.

Update 2015-12-23:
En sköterska från den nya vårdcentralen ringde idag och frågade om medicin och dos, svarade och gav kort bakgrund, hon skrev ut den medicin jag behövde. Känns lite som att den nya vårdcentralen och jag kommer ha ett bra förhållande.