sync OUIs with @nitekry/nite-oui-collection — 12 adds, 1 demote

Brings the target OUI array up to parity with @NitekryDPaul's upstream
nite-oui-collection (April 2026):

  - Adds 12 prefixes: 04:0d:84, f0:82:c0, 1c:34:f1, 38:5b:44, 94:34:69,
    b4:e3:f9, b4:1e:52, 14:b5:cd, 94:2a:6f, f4:e2:c6, d4:11:d6, e0:0a:f6
  - Demotes f8:a2:d6 — flagged as a Sony Media Player false positive
    in his my_tested_flock.md notes, retained only as documentation in
    the dataset's "Demoted / low confidence" section.

Active firmware count is now 42 (29 from @NitekryDPaul's original set,
12 April 2026 additions, 1 from Michael / DeFlockJoplin).

Also: replaces the stylised cyrillic researcher name with its decoded
form OrdoOuroborous and links his GitHub @nitekry, since the unicode
glyphs don't render reliably and made the credit hard to follow.

README.md

@@ -1,20 +1,16 @@
-# Flock-You: Promiscuous WiFi Edition (`promiscious-dev` branch)
+# Flock-You: Promiscuous WiFi Edition (`promiscious` branch)
 
 <img src="flock.png" alt="Flock You" width="300px">
 
 **Passive 2.4 GHz promiscuous-mode detector for Flock Safety surveillance infrastructure. Runs standalone or feeds the Flask dashboard over USB for live GPS-tagged wardriving.**
 
-> **Dev note:** This is the `promiscious-dev` branch — adds the
-> DeFlockJoplin wildcard-probe tightening and a 31st OUI on top of the
-> `promiscious` baseline. See "Further research" below.
-
 ---
 
 ## Credit
 
-All WiFi promiscuous detection research — the **30-OUI target list**, the **promiscuous-mode strategy**, and the **addr1-receiver detection technique** — is the work of **ØяĐöØцяöЪöяцฐ / @NitekryDPaul**. The firmware here is a mod of his original firmware with added SPIFFS persistence and Flask-dashboard integration. Full research writeup: [`datasets/NitekryDPaul_wifi_ouis.md`](datasets/NitekryDPaul_wifi_ouis.md).
+All WiFi promiscuous detection research — the **41-OUI Flock Safety target list**, the **promiscuous-mode strategy**, and the **addr1-receiver detection technique** — is the work of **OrdoOuroborous / @NitekryDPaul** (GitHub [@nitekry](https://github.com/nitekry)). The firmware here is a mod of his original work with added SPIFFS persistence and Flask-dashboard integration. Upstream OUI source: [nitekry/nite-oui-collection](https://github.com/nitekry/nite-oui-collection). Full research writeup: [`datasets/NitekryDPaul_wifi_ouis.md`](datasets/NitekryDPaul_wifi_ouis.md).
 
-Additional research credit to **Michael / DeFlockJoplin** for the **wildcard-probe-request signature** and the 31st OUI (`82:6b:f2`). Field-tested to 11/12 cameras caught with only 2 false positives in Joplin. Source: [DeflockJoplin/flock-you](https://github.com/DeflockJoplin/flock-you).
+Additional research credit to **Michael / DeFlockJoplin** for the **wildcard-probe-request signature** and OUI `82:6b:f2`. Field-tested to 11/12 cameras caught with only 2 false positives in Joplin. Source: [DeflockJoplin/flock-you](https://github.com/DeflockJoplin/flock-you).
 
 ---
 
@@ -43,7 +39,7 @@ Checking `addr1` in addition to `addr2` picks those silent stations up. It requi
 - `addr1` is broadcast (`ff:ff:ff:ff:ff:ff`) in beacons and broadcasts — **multicast filter**
 - Modern devices use randomised (locally-administered) MACs that can't be fingerprinted by OUI — **randomised-MAC filter** on byte 0 bit 1
 
-Both are applied before the OUI match. This whole approach, including the 30-OUI list, is **@NitekryDPaul's research**.
+Both are applied before the OUI match. This whole approach, including the 41-OUI list, is **@NitekryDPaul's research**.
 
 ---
 
@@ -53,7 +49,7 @@ Michael / DeFlockJoplin used the OUI + addr1/addr2/addr3 work above as a startin
 
 > The cameras are hopping channels and sending out a wildcard WiFi probe request on every channel. This specific type of request combined with OUI matching has created what seems to be a fairly unique signature.
 
-His drive-test in Joplin caught **11 of 12 cameras** with only **2 false positives**. The 12th camera was doing the same wildcard-probe behaviour but with an OUI (`82:6b:f2`) that wasn't in @NitekryDPaul's original 30 — it's now the 31st entry in our list, credited to him.
+His drive-test in Joplin caught **11 of 12 cameras** with only **2 false positives**. The 12th camera was doing the same wildcard-probe behaviour but with an OUI (`82:6b:f2`) that wasn't in @NitekryDPaul's original set — it's now in our list, credited to him.
 
 The tightened signature that's active on this branch:
 
@@ -104,15 +100,22 @@ The split between callback and loop is deliberate: the WiFi task has hard real-t
 
 ## OUI target list (@NitekryDPaul research)
 
-All lowercase, colon-separated. 31 Flock Safety infrastructure prefixes:
+All lowercase, colon-separated. 42 Flock Safety infrastructure prefixes —
+29 from @NitekryDPaul's original set, 12 from his April 2026 additions, plus
+1 from Michael / DeFlockJoplin. `f8:a2:d6` from the original set has been
+demoted as a Sony Media Player false positive (see
+[`datasets/NitekryDPaul_wifi_ouis.md`](datasets/NitekryDPaul_wifi_ouis.md)).
 
 ```
 70:c9:4e   3c:91:80   d8:f3:bc   80:30:49   b8:35:32
 14:5a:fc   74:4c:a1   08:3a:88   9c:2f:9d   c0:35:32
-94:08:53   e4:aa:ea   f4:6a:dd   f8:a2:d6   24:b2:b9
-00:f4:8d   d0:39:57   e8:d0:fc   e0:4f:43   b8:1e:a4
-70:08:94   58:8e:81   ec:1b:bd   3c:71:bf   58:00:e3
-90:35:ea   5c:93:a2   64:6e:69   48:27:ea   a4:cf:12
+94:08:53   e4:aa:ea   f4:6a:dd   24:b2:b9   00:f4:8d
+d0:39:57   e8:d0:fc   e0:4f:43   b8:1e:a4   70:08:94
+58:8e:81   ec:1b:bd   3c:71:bf   58:00:e3   90:35:ea
+5c:93:a2   64:6e:69   48:27:ea   a4:cf:12
+04:0d:84   f0:82:c0   1c:34:f1   38:5b:44   94:34:69   ← Apr 2026 adds
+b4:e3:f9   b4:1e:52   14:b5:cd   94:2a:6f   f4:e2:c6
+d4:11:d6   e0:0a:f6
 82:6b:f2   ← contributed by Michael / DeFlockJoplin
 ```
 
@@ -253,8 +256,8 @@ The BLE-only sibling of this firmware lives on the [`main` branch](https://githu
 
 ## Acknowledgments
 
-- **ØяĐöØцяöЪöяцฐ (@NitekryDPaul)** — **WiFi promiscuous detection research**: the 30-OUI Flock Safety target list and the addr1-receiver detection technique that are the baseline of this firmware. The code here is a mod of his original work.
-- **Michael / DeFlockJoplin** ([DeflockJoplin/flock-you](https://github.com/DeflockJoplin/flock-you), [deflockjoplin.today](https://deflockjoplin.today)) — **wildcard-probe-request signature** + the 31st OUI (`82:6b:f2`). Drive-tested in Joplin to 11/12 cameras caught with only 2 false positives.
+- **OrdoOuroborous (@NitekryDPaul, GitHub [@nitekry](https://github.com/nitekry))** — **WiFi promiscuous detection research**: the 41-OUI Flock Safety target list and the addr1-receiver detection technique that are the baseline of this firmware. The code here is a mod of his original work. Upstream OUI tracking: [nite-oui-collection](https://github.com/nitekry/nite-oui-collection).
+- **Michael / DeFlockJoplin** ([DeflockJoplin/flock-you](https://github.com/DeflockJoplin/flock-you), [deflockjoplin.today](https://deflockjoplin.today)) — **wildcard-probe-request signature** + OUI `82:6b:f2`. Drive-tested in Joplin to 11/12 cameras caught with only 2 false positives.
 - **Will Greenberg** ([@wgreenberg](https://github.com/wgreenberg)) — BLE manufacturer company ID detection (`0x09C8` XUNTONG) sourced from his [flock-you](https://github.com/wgreenberg/flock-you) fork (used by the BLE companion on `main`)
 - **[DeFlock](https://deflock.me)** ([FoggedLens/deflock](https://github.com/FoggedLens/deflock)) — crowdsourced ALPR location data and detection methodologies. Datasets included in `datasets/`
 - **[GainSec](https://github.com/GainSec)** — Raven BLE service UUID dataset (`raven_configurations.json`) used by the BLE companion

datasets/NitekryDPaul_wifi_ouis.md

@@ -1,8 +1,8 @@
 # Flock Safety WiFi OUIs — Research by @NitekryDPaul
 
-**Researcher:** ØяĐöØцяöЪöяцฐ (**@NitekryDPaul**)
+**Researcher:** OrdoOuroborous (**@NitekryDPaul**, GitHub [@nitekry](https://github.com/nitekry))
 
-This dataset documents Flock Safety and related surveillance-infrastructure WiFi MAC-address OUIs (first three octets) discovered through 2.4 GHz promiscuous-mode analysis. All 30 prefixes below were identified by @NitekryDPaul during his promiscuous-mode research on Flock camera air traffic.
+This dataset documents Flock Safety and related surveillance-infrastructure WiFi MAC-address OUIs (first three octets) discovered through 2.4 GHz promiscuous-mode analysis. The 42 active prefixes below come from @NitekryDPaul's promiscuous-mode research on Flock camera air traffic (41) and Michael / DeFlockJoplin's wildcard-probe drive-testing (1). Upstream OUI source: [nitekry/nite-oui-collection](https://github.com/nitekry/nite-oui-collection). One prefix from the original set (`f8:a2:d6`) has been demoted — see the [Demoted](#demoted--low-confidence) section.
 
 ## Why promiscuous mode
 
@@ -10,12 +10,15 @@ Flock stations spend most of their duty cycle asleep, waking briefly to upload a
 
 This addr1 technique is @NitekryDPaul's discovery and is the basis of the `promiscuis-flock-you` firmware.
 
-## OUI list (31 prefixes, lowercase, colon-separated)
+## OUI list (42 prefixes, lowercase, colon-separated)
 
-@NitekryDPaul contributed the first 30. The 31st (`82:6b:f2`) was contributed
-by **Michael / DeFlockJoplin** during follow-up drive-testing in Joplin — it's
-the OUI of the 12th camera in his field test, which the original list didn't
-catch. See [DeflockJoplin/flock-you](https://github.com/DeflockJoplin/flock-you).
+@NitekryDPaul contributed 41 active prefixes — 29 from his original
+promiscuous-mode set plus 12 from his April 2026 additions in
+[nite-oui-collection](https://github.com/nitekry/nite-oui-collection).
+The 42nd (`82:6b:f2`) was contributed by **Michael / DeFlockJoplin** during
+follow-up drive-testing in Joplin — it's the OUI of the 12th camera in his
+field test, which the original list didn't catch. See
+[DeflockJoplin/flock-you](https://github.com/DeflockJoplin/flock-you).
 
 ```
 70:c9:4e
@@ -31,7 +34,6 @@ c0:35:32
 94:08:53
 e4:aa:ea
 f4:6a:dd
-f8:a2:d6
 24:b2:b9
 00:f4:8d
 d0:39:57
@@ -48,6 +50,18 @@ ec:1b:bd
 64:6e:69
 48:27:ea
 a4:cf:12
+04:0d:84
+f0:82:c0
+1c:34:f1
+38:5b:44
+94:34:69
+b4:e3:f9
+b4:1e:52
+14:b5:cd
+94:2a:6f
+f4:e2:c6
+d4:11:d6
+e0:0a:f6
 82:6b:f2
 ```
 
@@ -68,7 +82,6 @@ a4:cf:12
 | 94:08:53 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | e4:aa:ea | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | f4:6a:dd | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
-| f8:a2:d6 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | 24:b2:b9 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | 00:f4:8d | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | d0:39:57 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
@@ -85,8 +98,29 @@ a4:cf:12
 | 64:6e:69 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | 48:27:ea | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
 | a4:cf:12 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul |
+| 04:0d:84 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| f0:82:c0 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| 1c:34:f1 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| 38:5b:44 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| 94:34:69 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| b4:e3:f9 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| b4:1e:52 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| 14:b5:cd | Flock Safety infrastructure (high confidence) | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| 94:2a:6f | Flock Safety infrastructure (high confidence) | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| f4:e2:c6 | Flock Safety infrastructure (high confidence) | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| d4:11:d6 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
+| e0:0a:f6 | Flock Safety infrastructure | WiFi 2.4 GHz | @NitekryDPaul (Apr 2026) |
 | 82:6b:f2 | Flock Safety infrastructure | WiFi 2.4 GHz (wildcard probe) | Michael / DeFlockJoplin |
 
+## Demoted / low confidence
+
+These prefixes were in earlier revisions of the list but have been removed
+from the active firmware OUI array.
+
+| Prefix | Reason | Source |
+|---|---|---|
+| `f8:a2:d6` | Low confidence; observed hitting a Sony Media Player rather than a Flock device. Demoted per @NitekryDPaul's [my_tested_flock.md](https://github.com/nitekry/nite-oui-collection/blob/main/groups/flockers/my_tested_flock.md) field notes. | @NitekryDPaul |
+
 ## Detection strategy
 
 For each observed 802.11 management or data frame:

main.cpp

@@ -82,12 +82,19 @@ static const size_t SSID_KEYWORD_COUNT = sizeof(target_ssid_keywords) / sizeof(t
 // ============================================================
 
 static const char* target_ouis[] = {
+  // @NitekryDPaul / OrdoOuroborous — original promiscuous-mode set, 29 OUIs.
+  // f8:a2:d6 has been demoted (Sony Media Player false positive — see
+  // nite-oui-collection/groups/flockers/my_tested_flock.md).
   "70:c9:4e", "3c:91:80", "d8:f3:bc", "80:30:49", "b8:35:32",
   "14:5a:fc", "74:4c:a1", "08:3a:88", "9c:2f:9d", "c0:35:32",
-  "94:08:53", "e4:aa:ea", "f4:6a:dd", "f8:a2:d6", "24:b2:b9",
-  "00:f4:8d", "d0:39:57", "e8:d0:fc", "e0:4f:43", "b8:1e:a4",
-  "70:08:94", "58:8e:81", "ec:1b:bd", "3c:71:bf", "58:00:e3",
-  "90:35:ea", "5c:93:a2", "64:6e:69", "48:27:ea", "a4:cf:12",
+  "94:08:53", "e4:aa:ea", "f4:6a:dd", "24:b2:b9", "00:f4:8d",
+  "d0:39:57", "e8:d0:fc", "e0:4f:43", "b8:1e:a4", "70:08:94",
+  "58:8e:81", "ec:1b:bd", "3c:71:bf", "58:00:e3", "90:35:ea",
+  "5c:93:a2", "64:6e:69", "48:27:ea", "a4:cf:12",
+  // @NitekryDPaul April 2026 additions (nite-oui-collection).
+  "04:0d:84", "f0:82:c0", "1c:34:f1", "38:5b:44", "94:34:69",
+  "b4:e3:f9", "b4:1e:52", "14:b5:cd", "94:2a:6f", "f4:e2:c6",
+  "d4:11:d6", "e0:0a:f6",
   // Contributed by Michael / DeFlockJoplin — discovered via wildcard-probe
   // + OUI signature during field testing. The 12th camera in his drive-test
   // used this prefix and wasn't in @NitekryDPaul's original 30.