Skip to content

Wifi based heuristics#1042

Open
jacklund wants to merge 7 commits into
EFForg:mainfrom
jacklund:wifi-based-heuristics
Open

Wifi based heuristics#1042
jacklund wants to merge 7 commits into
EFForg:mainfrom
jacklund:wifi-based-heuristics

Conversation

@jacklund
Copy link
Copy Markdown
Contributor

@jacklund jacklund commented May 18, 2026

First pass at a solution for issue #1000.

Some notes:

  • I've managed to shoehorn my code into the analysis flow, although whether it's in the best place I'll leave up to y'all. I've added a WifiOUIAnalyzer type, which implements Analyzer, and which gets added to the analyzer harness by default (and is configurable). I've also added the configured OUIs to the AnalyzerConfig which felt weird, since everything else on that are booleans, but there didn't seem to be a better place to put that and still have it available in the Harness code.

  • I've added a config line to specify the target OUIs as a comma-separated list of strings. I don't currently validate the OUIs (which should be done), because I'm not certain that's the best way to specify them. At some point there should probably be lists of well-known OUIs for specific types of target devices (similar to what Colonel Panic does in his OUI-spy apps), but until we have those lists, this might have to do.

  • I've also marked a OUI match as a HIGH event type, which might not be what is wanted here, it just seemed like a good place to start.

  • There's some code duplicated from DiagTask::process_container where I send the information to the notification channel and the display, which is not great, but I figured that some refactoring of the analysis flow to make this code fit better might make that go away anyway.

  • Also, I'm using my fork of wifi-station for this PR - I have a PR pending on that repo which will add the BSSID to the list of items returned when scanning. Hopefully when/if that PR is merged, we can put that back.

Pull Request Checklist

  • The Rayhunter team has recently expressed interest in reviewing a PR for this.
    • If not, this PR may be closed due our limited resources and need to prioritize how we spend them.
  • Added or updated any documentation as needed to support the changes in this PR.
  • Code has been linted and run through cargo fmt.
  • If any new functionality has been added, unit tests were also added.
  • CONTRIBUTING.md has been read.
  • Your pull request is fewer than ~400 lines of code.

You must check one of:

  • [ x No generative AI (including LLMs) tools were used to create this PR.
  • Generative AI was used to create this PR. I certify that I have read and understand the code, and that all comments and descriptions were authored by myself and are not the product of generative AI.

jacklund added 7 commits May 17, 2026 18:55
@jacklund
First pass towards adding wifi scan for OUIs
8263637 
EFForg#1000
Added ability to scan wifi networks (with a change to the wifi-station
library, which I will PR once I get this working). Trying to integrate
it into the analysis setup didn't work well, because that's pretty much
only set up for packet analysis, so I'm instead sending the change to
the display state directly from the wifi analysis function, which
probably isn't really what's needed.
@jacklund
Try to hook wifi oui analyzer into analysis harness
4d10143
@jacklund
Got wifi oui analyzer working!
db6b5b3
@jacklund
Clippy & fmt
daeffa6
@jacklund
Add test
eb99f74
@jacklund
npm lint
0ab0a1a
@jacklund
Add wifi_ouis to TS AnalyzerConfig
b981cc8
@cooperq cooperq self-requested a review May 19, 2026 17:43
@cooperq cooperq self-assigned this May 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cooperq cooperq Awaiting requested review from cooperq

At least 1 approving review is required to merge this pull request.

Assignees

@cooperq cooperq

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jacklund @cooperq