Our Blog

Release the hounds! Snoopy 2.0

Reading time ~5 min

theHoundsFriday the 13th seemed like as good a date as any to release Snoopy 2.0 (aka snoopy-ng). For those in a rush, you can download the source from GitHub, follow the README.md file, and ask for help on this mailing list. For those who want a bit more information, keep reading.

What is Snoopy?

Snoopy is a distributed, sensor, data collection, interception, analysis, and visualization framework. It is written in a modular format, allowing for the collection of arbitrary signals from various devices via Python plugins.

It was originally released as a PoC at 44Con 2012, but this version is a complete re-write, is 99% Python, modular, and just feels better. The ‘modularity’ is possibly the most important improvement, for reasons which will become apparent shortly.

Tell me more!

We’ve presented our ongoing work with snoopy at a bunch of conferences under the title ‘The Machines that Betrayed Their Masters‘. The general synopsis of this research is that we all carry devices with us that emit wireless signals that could be used to:

  • Uniquely identify the device / collection of devices
  • Discover information about the owner (you!)

This new version of snoopy extends this into other areas of RFID such as; Wi-Fi, Bluetooth, GSM, NFC, RFID, ZigBee, etc. The modular design allows each of these to be implemented as a python module.  If you can write Python code to interface with a tech, you can slot it into a snoopy-ng plugin.

We’ve also made it much easier to run Snoopy by itself, rather than requiring a server to sync to as the previous version did. However, Snoopy is still a distributed framework and allows the deployment of numerous Snoopy devices over some large area, having them all sync their data back to one central server (or numerous hops through multiple devices and/or servers). We’ve been working on other protocols for data synchronisation too – such as XBee. The diagram below illustrates one possible setup:

Architecture Diagram

OK – but how do I use it?

I thought you’d never ask! It’s fairly straight forward.

Hardware Requirements

Snoopy should run on most modern computers capable of running Linux, with the appropriate physical adapters for the protocols you’re interested in. We’ve tested it on:

  • Laptop
  • Nokia N900 (with some effort)
  • Raspberry Pi (SnooPi!)
  • BeagleBone Black (BeagleSnoop!)

In terms of hardware peripherals, we’ve been experimenting with the following:

Technology Hardware Range
Wi-Fi AWUS 036H 100m
Bluetooth Ubertooth 50m
ZigBee Digi Xbee 1km to 80kms
GSM RTL2832U SDR 35kms
RFID RFidler 15cm
NFC ACR122U 10cm

The distances can be increased with appropriate antennas. More on that in a later blog post.

Software Requirements

Essentially a Linux environment is required, but of more importance are the dependencies. These are mostly Python packages. We’ve tested Snoopy on Kali 1.x, and Ubuntu 12.04 LTS. We managed to get it working on Maemo (N900) too. We’re investigating getting it running on OpenWRT/ddWRT. Please let us know if you have success.

Installation

It should be as simple as:

git clone https://github.com/sensepost/snoopy-ng.git
cd snoopy-ng
bash ./install.sh

Usage

Run Snoopy with the command ‘snoopy’, and accept the License Agreement. We’d recommend you refer to the README.md file for more information, but here are a few examples to get you going:

1. To save data from the wireless, sysinfo, and heartbeat plugins locally:

snoopy -v -m wifi:iface=wlanX,mon=True -m sysinfo -m heartbeat -d <drone name> -l <location name>

2. To sync data from a client to a server:

Server:

snoopy_auth –create <drone name> # Create account
snoopy -v -m server # Start server plugin

Client:

snoopy -v -m wifi:iface=mon0 -s http://<server hostname>:9001/ -d <drone name> -l <location name> -k

Data Visualization

Maltego is the preferred tool to perform visualisation, and where the beauty of Snoopy is revealed. See the README.md for instructions on how to use it.

I heard Snoopy can fly?

You heard right! Well, almost right. He’s more of a passenger on a UAV:

There sure is a lot of stunt hacking in the media these days, with people taking existing hacks and duct-taping them to a cheap drone for media attention. We were concerned to see stories on snoopy airborne take on some of this as the message worked its way though the media. What’s the benefit of having Snoopy airborne, then? We can think of a few reasons:

  1. Speed: We can canvas a large area very quickly (many square kilometres)
  2. Stealth: At 80m altitude the UAV is out of visual/audible range
  3. Security: It’s possible to bypass physical security barriers (walls, men with guns, dogs)
  4. TTL (Tag, Track, Locate): It’s possible to search for a known signature, and follow it

We’re exploring the aerial route a whole lot. Look out for our DefCon talk in August for more details.

Commercial Use

The license under which Snoopy is released forbids gaining financially from its use (see LICENSE.txt). We have a separate license available for commercial use, which includes extra functionality such as:

  • Syncing data via XBee
  • Advanced plugins
  • Extra/custom transforms
  • Web interface
  • Prebuilt drones

Get in contact (glenn@sensepost.com / research@sensepost.com) if you’d like to engage with us.