DIY Wardriving: Building Your Wireless Exploration Arsenal — Part 1

“Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet. Warbiking, warcycling, warwalking and similar use the same approach but with other modes of transportation. Source: Wikipedia”

So today we’re going to focus on building our own device to be able to at least scan some networks and pin them on a map for further research.

Contrary to its name, wardriving is a relaxed style of driving … when you get down to it, wardriving is actually pretty boring. But the information it yields is not.

Since going with a laptop sometimes it’s too obvious and can compromise the whole engagement there’s the need to search for smaller devices that can go more unnoticed. Something that can fit into a bag and that can be remotely controlled. Nowadays you can choose between different available options (custom ESP, RasPi, Arduino, or even a Flipper with the WiFi development board) but this time I wanted to build it with equipment & resources that can be found at home or easily ordered online, nothing fancy. Just to build it as fast as possible to get to the fun part.

Lets cut to the chase

We will need:

• Raspberry Pi 4: Main device user as a computer where the OS and additional software will run. Here we will install default raspbian OS (latest version if possible) and the complete airodump-ng + aircrack-ng suite, and configure the network setting accordingly.
• ALFA Network Wireless USB device: Works like a charm in Linux. Provides scanning, monitoring and injecting packets capabilities. We will use this interface to perform the scans while the raspi integrated wifi serves the purpose of manage the device remotely in different ways. (nowifi: attach 4G modem dongle, wifi: attach the raspi to an ad-hoc network or create an ad-hoc network with the raspi default device)
• VK-162 USB G-Mouse GPS device: provides GPS location when asked. Cheap, 100% rpi compatible and easy to use. It‘s not the most powerful GPS you will find but it has good signal antenna receiver and does the job, and it reduces drastically the battery consumption compared to others.
• Power bank battery: 5V-1A — 8000mAh. Enough for ~6,5 hours of continuous scanning.

The touch screen (RPi Display) won’t be used so I removed it

With that should be enough to build our device.
Our main goal is to be able to pin/render on a custom map the Geo-location
(lat,lon) of every access point we catch among other relevant information like cypher, authentication, channel, signal power …etc…

To do that we will need:

• MariaDB: Database to store all the structured data.
• Grafana: Interactive real time dashboard to render data. It includes an awesome plugin called GeoMap.
• Some coding to call airodump-ng toolkit, parse the output, and merge with Geo-location data to be later ingested by a database importer.

Steps:

1. Assemble everything, start the raspi, and be sure that the device is completely autonomous.
2. Install needed software and libraries for further use.
3. Start coding
4. Test, Check & Fix
5. Keep coding
6. Goto Steps 4 and 5 until it works :p

Collecting the data:

Long-short story, we’re just leveraging on the data provided by airodump-ng and the GPS to create JSON data structures like shown below. Each time we got a bunch of networks we check the GPS coordinates and create the object.

JSON object example

The final result:

Don’t expect nothing fancy like movies,…We put bit of tape as always to fix everything, just to ensure that parts don’t move and keep together.

As long as it works and does the job it’s ok, so here we go:

All parts together, connected up & running

1. Connect to the raspi via ssh
2. Run the wardriver and go to take a walk.

NOTE: To ensure the GPS is receiving signals and it’s positioned check for the green led on the GPS dongle, it indicates that its locating satellites and positioning. Red led just means power on. Also since it’s not military grade technology and due to its low power consumption be sure to be outside for better signal reception.

It’s SHOW TIME!

Launch Grafana and MariaDB somewhere. The cloud or your laptop can do the job it doesn’t matter.

> docker run -d - name=grafana -p 3000:3000 grafana/grafana

> docker run --detach --name some-mariadb --env MARIADB_ROOT_PASSWORD=my-secret-pw  mariadb:latest

Since sending the data automatically is still not fully developed we just manually import the data via an script that just copy the JSON files to our computer via scp and import them into MariaDB.

The below command, will copy all the files from the raspi to our pc into a folder named data2import (just be sure that the folder exists).

scp "pi@<raspi_addr>:/home/pi/wdr/data/*.json" data2import/ ; for i in `ls data2import` ; do echo ">> Importing file: $i "; python db_importer.py data2import/$i ; done

The db-importer script does the job and inserts all the specified fields into mariaDB.

Some results already indexed into mariadb

Grafana GeoMap can work with any field named latitude, longitude, lat, lon, …
Check the official plugin documentation for more info:

Geomap | Grafana documentation

Configure it, get some popcorn and enjoy :)

Some additional redacted data captured

In this picture you can apreciate all the fields we’re getting from airodump-ng + gps geolocation

You can also use heatmaps to render networks density

So as long as you have battery your device will scan and save the data for further processing.

Stay tuned for the part 2 were we will:

• Release the full source code for WarDriver
• Explain how we capture the data, enrich it and convert it into a structured JSON object ready to be indexed in any database.
• Share some GeoMap Grafana dashboards ready to be used.

#raspi #DIY #wardriving #wifi #hacking #stepdriving #bikedriving #radiohack