intercept/utils/tscm/__init__.py at d0731120f993667db534790a0345e9751d30e2c8 - intercept - Sovbit Git

Mirror/intercept

mirror of https://github.com/smittix/intercept.git synced 2026-04-25 07:10:00 -07:00

Files

Smittix 21b0a153e8 Add MAC-randomization resistant device detection for TSCM

- New device_identity.py: Clusters BLE/WiFi observations into probable
  physical devices using passive fingerprinting (not MAC addresses)
- Fingerprinting based on manufacturer data, service UUIDs, capabilities,
  timing patterns, and RSSI trajectories
- Session tracking with automatic gap detection
- Risk indicators: stable RSSI, MAC rotation, ESP32 chipsets, audio-capable
- Full audit trail for all clustering decisions

- New ble_scanner.py: Cross-platform BLE scanning with bleak library
- Detects AirTags, Tile, SmartTags, ESP32 by manufacturer ID
- Fallback to system tools (btmgmt, hcitool, system_profiler)

- Added API endpoints for device identity clustering (/tscm/identity/*)
- Updated setup.sh with bleak dependency
- Updated documentation with TSCM features and hardware requirements

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-14 15:19:20 +00:00

12 lines

379 B

Python

Raw Blame History

 """
 TSCM (Technical Surveillance Countermeasures) Utilities Package
 Provides baseline recording, threat detection, correlation analysis,
 BLE scanning, and MAC-randomization resistant device identity tools
 for counter-surveillance operations.
 """
 from __future__ import annotations
 __all__ = ['detector', 'baseline', 'correlation', 'ble_scanner', 'device_identity']