mirror of
https://github.com/colonelpanichacks/flock-you.git
synced 2026-06-09 13:51:53 -07:00
Colonel Panic
467901d2f7
Adds Michael / DeFlockJoplin's high-precision detection method on top of the NitekryDPaul baseline: a Flock camera is flagged when it transmits a Probe Request (type=0 subtype=4) with a wildcard SSID IE (tag 0 len 0) AND its addr2 matches the OUI list. Drive-test in Joplin: 11/12 cameras caught with only 2 false positives. - New AlertType ALERT_WILDCARD_PROBE, emitted as detection_method 'wifi_wildcard_probe' (high-precision class) - Wildcard-probe hits suppress the addr2 broad alert for the same frame to prevent double counting; non-probe OUI matches still emit as 'wifi_oui_addr2' - IE parser returns tri-state (1=wildcard / 0=directed / -1=no SSID IE), with FCS-trailer retry only on the -1 no-IE case - addr1 receiver-side sleeper-catch and the optional addr3 + SSID paths are unchanged — wildcard is purely additive - 31st OUI 82:6b:f2 added to target_ouis[] and to the dataset doc; it's the OUI of the 12th camera in Michael's drive-test that the original 30 didn't catch - README explains the wildcard-probe method, credits Michael with a link to github.com/DeflockJoplin/flock-you, and bumps Acknowledgments Source: https://github.com/DeflockJoplin/flock-you