Knowledge be the key, to unlock your brain and set your mindstate free.

you are here: Home >> Projects >> WiFinder >>



WiFinder



Updated 10/09/2006:
WiFinder is an embedded passive network scanner using a PIC 18LF8527. It receives all packets sent in any
802.11b/g network in range. Management frames are sniffed for relevant information, such as the BSSID (MAC
address of the source), the SSID (network name), source device manufacturer, channel number, network type
(access point or ad-hoc), security features (wep/wpa/none) and authentication security (open, pre shared key).
All of this information is displayed on a nokia cell phone LCD. Up to 15 networks can be detected and displayed.
The network finding function only scans one channel at a time in order maintain integrity of the data. Since
adjacent channels overlap, packets received on an adjacent channel can be corrupted. Assistance in choosing a
channel to scan can be had in the channel scan function. The channel scan function increments through all 11
channels, counting the number of packets received on each. Usually, a channel with the most packets received is
a channel a network is operating on. The channel can be changed in the configuration menu, along with a few other
options. GPS and FAT32 logging will be implemented at a later date.

A few goals have been revised due to what I've learned in the process and some limitations. One change is that
the network detection is entirely passive. That means WiFinder doesn't send any packets at all. This approach is
better than active scanning for a few reasons. One is that the device is completely undetectable. Active scanners
send out probe request packets in order to find networks. Anyone with a sniffer will be able to see an active
scanner. Active scanners also can only receive packets sent specifically to them. Passive scanners can see any packet
sent in range of the device and send no packets. Changing to active mode is simple enough, but I ran into other
problems first.

I underestimated the amount of code this project would take by a quite a bit. I figured 48k of ROM would be enough,
but I ran out of space before I could implement the GPS and FAT functions, let alone any type of active connecting
to other networks. The next version will fix all of these issues. I plan on switching to an ARM7 based micro. These
have much more ROM and are many times faster. I ordered a Philips LPC ARM prototyping board to play around with.
The enclosure will also have to be upgraded to the longer version. I forgot I changed the board length and now
the GPS module won't fit.

                   

                   

                   

    

Video: Usage demonstration of WiFinder (2.9mb AVI)

Updated 8/17/2006:
This is a fairly large undertaking, so it won't be done for awhile. It uses a Compact Flash 802.11b card to scan
for SSID broadcast packets. If it finds any, the SSIDs will be displayed on an LCD. That's my first goal. The next
goal is to try connecting to any networks it finds. WEP will be supported, but nothing more advanced than that.
The next goal is to implement some form of GPS to track the location and time of scanned networks. The final goal
is to store all of this information in .txt files on a FAT32 formatted SD flash card.