Bluetooth WarDriving with the nRF52

  • nRF52DK, I’m using PCA10040
  • Unix system or WSL

Project Requirements

Before we start, it’s a good idea to define where we want to end up. I’ll list some requirements below.

  1. The device can scan for nearby Bluetooth devices.
  2. The device can timestamp the data.
  3. The device can keep the addresses in non-volatile memory
  4. The device is battery-powered and lasts for days.

Building / Flashing Blinky

Please keep in mind code prefixed with “$” are bash commands, while code with no prefix is output. To conserve space, I haven’t displayed all output. Start by navigating to the zephyr folder and update. I am assuming you checked out zephyrproject right in your home directory.

$ cd ~/zephyrproject/zephyr/
$ west update
$ ls boards/arm | grep nrf52dk
$ cd samples/basic/blinky
$ west build -b nrf52dk_nrf52832
$ west flash

Device Tree

A keen observer would note that samples/basic/blinky/ is not related to any specific hardware. Blinky knows the correct GPIO for this LED using the nrf52 device tree file.

$ cd ~/zephyrproject/zephyr/ # Move back to the project root
$ find . -name nrf52dk_nrf52832.dts
./boards/arm/nrf52dk_nrf52832/nrf52dk_nrf52832.dts

Config Files

Before we move on, it’s important to understand the config system. These are files of the form: *.conf and *_defconfig. You can edit these files manually or with menuconfig. After launching west build you should see something like this.

Loaded configuration '(path)/nrf52dk_nrf52832_defconfig'
west build -t menuconfig
menuconfig

Bluetooth Central

Let’s do something with Bluetooth! We want to develop a device that scans for other Bluetooth devices. This is called a “Central” in Bluetooth speak.

$ cd ~/zephyrproject/zephyr/samples/bluetooth/central_hr
$ west build -b nrf52dk_nrf52832
$ west flash
$ screen /dev/ttyACM0 115200 # Or whatever ACM you are
# Now reset the board, you should see something like this \/

SD Card

SD cards are a cheap and easy way to log some data from a microcontroller. They usually use SDIO but can also work over SPI. I had an Arduino SD card breakout lying around.

Arduino SD card interface
cd ~/zephyrproject/zephyr/samples/subsys/fs/fat_fs

Device Tree Overlays and Configs

Device Tree overlays are special files that get laid on top of base device tree files. Let’s take a look in nrf52840_blip.overlay

/*
* Copyright (c) 2019 Tavish Naruka <tavishnaruka@gmail.com>
*
* SPDX-License-Identifier: Apache-2.0
*/
&spi1 {
status = "okay";
cs-gpios = <&gpio0 17 GPIO_ACTIVE_LOW>;
sdhc0: sdhc@0 {
compatible = "zephyr,mmc-spi-slot";
reg = <0>;
status = "okay";
label = "SDHC0";
spi-max-frequency = <24000000>;
};
};
CONFIG_DISK_DRIVER_SDMMC=y
CONFIG_SPI=y
cd boards
cp nrf52840_blip.overlay nrf52dk_nrf52832.overlay
cp nrf52840_blip.conf nrf52dk_nrf52832.conf
cd ..
west build -b nrf52dk_nrf52832
spi1: spi@40004000 {
#address-cells = < 0x1 >;
#size-cells = < 0x0 >;
reg = < 0x40004000 0x1000 >;
interrupts = < 0x4 0x1 >;
status = "okay";
label = "SPI_1";
compatible = "nordic,nrf-spi";
sck-pin = < 0x1f >;
mosi-pin = < 0x1e >;
miso-pin = < 0x1d >;
cs-gpios = < &gpio0 0x11 0x1 >;
sdhc0: sdhc@0 {
compatible = "zephyr,mmc-spi-slot";
reg = < 0x0 >;
status = "okay";
label = "SDHC0";
spi-max-frequency = < 0x16e3600 >;
};
};

New Project

It’s about time we start to build our app. I want to fork this app and make it our own.

$ west init -m https://github.com/zephyrproject-rtos/example-application --mr main my-workspace
$ cd my-workspace
$ west update
$ cd example-project
$ west build

One Small Hiccup

I noticed one of the LEDs on the board was flickering. This wiring isn’t ideal as I want to dead drop the device for days and flicker a pointless LED is very power hungry. I looked into the board’s schematic, and it turned out my chip select (CS) pin for my micro SD card was sharing a pin with LED1!

The Drop

With everything in place, it’s time for the dead drop. I opted for an old pelican case buried in the dirt.

Just in case someone thought it was a bomb.

The Retrieval

Once my back healed up, I picked up the drop. I slammed together a quick python script to analyze the data, and it reported there were 7054 MAC addresses discovered and 799 unique MAC addresses! A keen code observer would note that I imported a little API for finding the vendors as well. I then plotted this.

Moving Forward

I want to continue my wardriving work but up the ante with location inference. In the dataset, we have the RSSI strength, which is correlated to distance from the device. RSSI gives a magnitude of a vector with the angle θ unknown.

θ Unknown

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store