Table of Contents
How it Works
The 3rd generation portable wardriver contains 2 ESP32 dual-core microcontrollers, both of which contain a 2.4GHz radio for WiFi/Bluetooth. The wardriver also contains an SD card, GPS, LCD, temperature sensor, and a GSM modem.
The 2 ESP32 modules are referred to as “A” and “B” and they both run different software.
The “A” ESP32 is responsible for most operations. On one core, communication with the GPS, SD card, LCD, and ESP “B” takes place. Current GPS and date/time information is stored in variables which the second core can read; this allows the second core to spend more time scanning.
The second core is dedicated to scanning WiFi; it scans channels 1-13 and spends 110ms on each channel meaning a full scan takes ~1.4 seconds. Since the average WiFi access point transmits a beacon every ~102ms, every channel hop should yield the vast majority of the WiFi APs in range operating on that channel.
The “B” ESP32 is responsible for secondary operations and also Bluetooth scanning. On one core, communication with the DS18B20 temperature sensor and SIM800L modem takes place and is forwarded to ESP32 “A” over serial.
The second core is dedicated to Bluetooth and WiFi scanning; a loop runs continuously which first performs a 2.5 second Bluetooth scan and then scans WiFi channels 1, 6, 11, and 14 for 110ms each. This means that one loop run takes approximately 3 seconds but both Bluetooth and the primary WiFi channels are scanned in that time.
Most of the data processing happens on the ESP32 “A”, specifically the raw data is converted into Wigle.net CSV and saved onto the SD card. To prevent writing data for the same network multiple times, the last 512 seen BSSIDs (MAC addresses) are stored in RAM and won't be saved to the SD card if they are seen again. The same is done for the previous 128 GSM cell towers.