Experiment 2 Overview

Experiment 2 focuses on constructing a single step in the data pipeline: automating data acquisition from a sensor to run an experiment.

Experiment Summary:

• The Raspberry Pi runs a boot script that starts a Python script that puts the wireless card in monitor mode and uses airodump-ng to collect wireless network data.

Materials:

• Sensor hardware - in this case, a single Raspberry Pi with a wireless card
• Python script that controls wireless card, airodump-ng processes
• Boot script that calls Python script on boot

Methods:

• Remotely connect to Raspberry Pi via SSH
• Create Python script that controls wireless card and starts airodump-ng process for specified amount of time
• Start/stop airodump processes so CSV files are created at N-minute or N-second intervals
• Create boot script that runs Python script

Code:

• All of the code covered in this post is on Github: https://github.com/charlesreid1/wifi-data

Implementation

We'll assume you can connect to the Pi via SSH.

(Extraneous) Passwordless Login Raspberry Pi

Set up passwordless login following http://charlesreid1.com/wiki/SSH#Passwordless_Login

Then define the following alias in your .bashrc or wherever:

alias pi="pi"
function pi() {
  ssh-agent > ~/ssh.file # env vars in ssh.file 
  chmod +x ~/ssh.file # execute file
  ~/ssh.file > /dev/null
  rm -f ~/ssh.file
  export IP="10.0.0.4"
  ssh -Y root@${IP} # the actual ssh call
}

Now you can connect to the pi by typing:

$ pi

Create a Test Startup Service

Create a test startup service by doing the following.

Create a custom startup script in /etc/init.d/custom-script with the following contents:

root@kali:/etc/init.d# cat custom-script 
#! /bin/sh

### BEGIN INIT INFO
# Provides:		custom-script
# Required-Start:	$local_fs $remote_fs
# Required-Stop:	$local_fs $remote_fs
# Default-Start:	2 3 4 5
# Default-Stop:		0 1 6
# Short-Description:	Here ya go buddy, custom script
### END INIT INFO

set -e

touch /root/ohai

exit 0

Make the script executable with chmod +x custom-script

Make sure this is linked in the proper rcN.d/ folders by running update-rc.d custom-script defaults.

Now make sure there's no file rm /root/ohai and then run reboot. Once you reboot, you should see a file named ohai in the root directory.

Create Wifi Data Capture Startup Service

Create a real startup service that will start capturing wifi data on boot. Assume wifi card is wlan0. More info on Raspberry Pi startup service here: https://charlesreid1.com/wiki/RaspberryPi/Reverse_SSH

Starting with the Python script that will run airodump-ng and capture wifi data into CSV files:

capture_wifi_data.py

import subprocess
import os
import time
from datetime import datetime

script_name = "capture_wifi_data.py"

# each experiment will be Nhours in duration
Nhours = 2

# each CSV file will be Nseconds in duration
Nseconds = 15
 
# figure out how many files there will be 
Nfiles = (Nhours*3600)/Nseconds

# create a unique file prefix for this experiment
prefix = datetime.now().strftime('%Y-%m-%d_%H-%m')

print("[%s] About to put card in monitor mode."%(script_name) )
subprocess.call(['ifconfig','wlan0','down'])
subprocess.call(['iwconfig','wlan0','mode','monitor'])
subprocess.call(['ifconfig','wlan0','up'])
print "Done."

for i in range(Nfiles):

    # construct the airodump command and pipe all its output to /dev/null so it doesn't blow up the syslog
    FNULL = open(os.devnull,'w')
    the_cmd = ['airodump-ng','wlan0','-w',prefix,'--output-format','csv']
 
    # call it
    p = subprocess.Popen(the_cmd,stdout=FNULL, stderr=subprocess.STDOUT)
 
    # wait for it
    time.sleep(Nseconds)

    # aaaaand bail 
    p.kill()
 
print("[%s] Success!"%s(script_name) )

This python script will run airodump in a way that redirects all of its output to /dev/null. THIS IS EXTREMELY IMPORTANT. If you don't redirect stdout, it will go into your syslog, and you will have 500 MB of airodump-ng output (refreshed/printed every second, unless you turn it off) in /var/log/syslog. Whoops.

That's the reason for the stdout/stderr redirects.

Now you can create a startup service to launch this Python script in the background:

/etc/init.d/capture-wifi-data

#! /bin/sh

### BEGIN INIT INFO
# Provides:             capture-wifi-data
# Required-Start:       $local_fs $remote_fs
# Required-Stop:        $local_fs $remote_fs
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Capture wifi data.
### END INIT INFO

set -e


case "$1" in
  start)
        cd /root/wifi_data
        /usr/bin/python capture_wifi_data.py
        ;;
  stop)
        pkill airodump-ng
        ;;
  *)
        exit 1
        ;;

esac

exit 0

You can enable the script with update-rc.d capture-wifi-data defaults. This will run a two-hour experiment, beginning at the point the Pi is plugged in.

More information at Kali Raspberry Pi/Startup Services

Creating Startup Service

To create the startup service without logging into the Pi, you can mount the SD card from Linux (or a Mac with FUSE or the ability to read ext4 filesystems) and modify the contents of the NON-BOOT partition of the SD card, which contains the Raspberry Pi file system.

You put your startup script into /sdcard/etc/init.d and then you symlink that startup script into whichever run levels you'd like, with the prefix S02, which indicates this is a runtime level 2 or higher service. (The Raspberry Pis boot into runtime level 2 by default, and sshd starts in runtime level 2.)

$ cd /sdcard/etc/init.d/
$ chmod +x capture-wifi-data
$ ln -fs capture-wifi-data ../rc2.d/S02capture-wifi-data

and optionally, what you would do on a heavy duty system that uses multiple runtime levels,

ln -fs capture-wifi-data ../rc3.d/S02capture-wifi-data
ln -fs capture-wifi-data ../rc4.d/S02capture-wifi-data
ln -fs capture-wifi-data ../rc5.d/S02capture-wifi-data
ln -fs capture-wifi-data ../rc6.d/S02capture-wifi-data

The Result

A nice haul of booty from an evening of scanning wifi networks: