djedi/loki-ble-chaff
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add README

Browse source 
What Loki is, how the BLE chaff works (decoy identities, randomized MACs,
swarm cycling, timing jitter), modes (stealth/medium/storm), hardware,
build/flash, and scope/ethics.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
rpriven 2026-06-22 13:42:16 -06:00
parent 4a90022b93
commit 95f3200477
Signed by: djedi
GPG key ID: D04DED574622EF45
1 changed files with 52 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
README.md Normal file
View file

@ -0,0 +1,52 @@
# Loki — BLE Chaff
**A BLE countermeasure that floods the air with realistic decoy Bluetooth devices, so passive scanners can't pick your real device out of the noise.**
Loki broadcasts a rotating crowd of fake-but-plausible BLE advertisements — randomized MACs, cycling identities, and natural timing variation. To a passive surveillance scanner it looks like a shifting crowd of ordinary phones and wearables walking by. Your actual device's signature gets buried in decoys.
> Part of the **Gwaith Dantir** counter-surveillance toolkit. Where [Dantir](https://git.djeditech.com/djedi/dantir) *detects* surveillance gear, Loki *defends* against the passive device-fingerprinting side of it.
## Why
Passive BLE scanners fingerprint and track people by the Bluetooth their devices constantly emit — retail analytics (RetailNext, ShopperTrak), and increasingly law-enforcement/ALPR add-ons that correlate device signatures to vehicles and identities. You can't easily stop your phone from advertising. So Loki inverts the problem: instead of going silent, it makes the dataset worthless by drowning your real signature in plausible decoys. **Poison the data, not the device.**
## How it works
- **Decoy identities** — 24 realistic device profiles with verified Bluetooth-SIG company IDs and real protocol shapes (Apple Continuity *Nearby Info* + *Proximity Pairing*, Samsung continuity payloads), so each decoy reads as a genuine nearby device.
- **Randomized MACs** — every identity rotates its address; per-broadcast auth bytes are randomized for realism.
- **Identity cycling + swarm** — fast-cycles through shuffled profiles, multiple per scan window, so the "crowd" is always changing.
- **Timing jitter** — smoothed (Perlin-style) random dwell/gap so the cadence looks organic, not machine-generated.
## Modes
Cycle with the **BOOT button** (long-press); the LED blinks the mode number. Setting persists across reboots.
| Mode | Profiles | Feel |
|------|----------|------|
| **STEALTH** | 6, slow | looks like a few normal phones nearby |
| **MEDIUM** | 24, moderate | general-purpose chaff |
| **STORM** | 24, fastest | maximum tracker confusion |
## Hardware
- **ESP32-C3 Super Mini** (onboard blue LED on GPIO8 active-low, BOOT button GPIO9)
- USB-C power (any battery/power bank for portable use)
## Build & flash
```bash
# PlatformIO
pio run -t upload
```
Framework: Arduino + NimBLE 1.4.x (ESP-IDF 4.4.x for C3 BLE).
## Scope & ethics
Loki is a **defensive, personal-privacy** tool. It emits its own decoy advertisements — it does **not** jam, deauth, flood, or interfere with other devices' communications, and it transmits nothing about you. It adds plausible noise to the public BLE namespace, the same namespace anyone is free to advertise on. Use it on yourself, in your own space, to resist passive tracking. Check your local radio regulations.
## License
See [LICENSE](LICENSE).
---
*"Loki" = the trickster. The chaff that makes the watchers chase ghosts.*