wifi-geolocate

wifi-geolocate is a project in the making.

— Geolocate any devices, anywhere, where any WIFI channel can be seen even if not authenticated.

Description

Enhancing the geographic location of a mobile device using public, not associated WIFI signal

Multiple way exists to determine the geographic location of a mobile device. Using directly internet or by using the cellular network (HSPA, LTE, WiMaX, CDMA). The proposal will add a new way by using public WIFI network anonymously.

This will bring new capability like such;

  1. Having a device without cellular or GPS hardware, the said device will be able to have a basic geographic localization enabled if the device support WIFI. (like for mobile sport device, tracking device, etc..)
  1. It will greatly enhance geographic localization of a cellular device when only one cellular tower covers the area where the device is standing. Such enhancement will help in urgency call or any other example where the tracking become a priority.
  1. It would enhance GPS device that can be affected by line of sigh obstacle for geographic localization.

All the proposed change inside this document is backward compatible with actual device to allow an easy implantation.

Abstract

For the full Abstract please see there

Implantation

For an actual implantation test please see there

A simple technical example with hostapd

Example we have an accesspoint located at that point : 48.2435112812535,-79.04041822286098 (That is there on googlemap)

We put the access point to show that info to everyone near:

Due a limitation of hostapd, I will make sure only one IE is added, thus I will do a text to hex from “48.2435112812535|-79.04041822286098”, which become:

48.2435112812535|-79.04041822286098 = 34382e323433353131323831323533357c2d37392e3034303431383232323836303938

We need a divisible per 2 LEN, so we add a | to our string.

48.2435112812535||-79.04041822286098 = 34382e323433353131323831323533357c7c2d37392e3034303431383232323836303938

Now the LEN is 36 (0x24)

Now we play with the vendor specific tag in the WIFI beacon message

The message is ID (DD) + LEN(x) + OUI(xxxxxx) + our info

vendor_elements=dd2755555534382e323433353131323831323533357c7c2d37392e3034303431383232323836303938

nb. I choosed the OUI 555555 as it’s not used yet. 111111 is for private use, but in case someone else already use it for another reason I didnt choose it.

There is a running printscreen with that flag:

IMG_5236

 

On a linux desktop the command iwlist scan wlanX will show the vendor tag

My next step is to create mobile app to read those coordinate in real time. Stay tuned !

 

 

 

Contributor

Philippe Lévesque

Advertisement