HackerBox 0115: Wispier

Welcome to HackerBox 0115. Dive into the hobby of wardriving. Assemble an evolution of the popular Wispy radio frequency signal mapping platform. Now it's even Wispier. Configure the BW16 module for dual-band operation scanning both 2.4 and 5 GHz Wi-Fi signals. Leverage a quad-core ESP32 architecture to orchestrate scanning Wi-Fi channels, Bluetooth, GPS satellite geolocation, and real-time data logging. Interface a tiny OLED display, digital temperature sensor, microSD card slot, and three dual-band radio antennas. Program in the popular wardriver.uk firmware and power up with a four-cell 18650 lithium-ion power shield. Explore the elegance, and potential security risks, of JavaScript Object Notation (JSON).

Quick little video clip of the assembled Wispier project.

There is a wealth of information for current and prospective members in the HackerBoxes FAQ. Almost all of the non-technical support emails that we receive are already answered there, so we'd really appreciate it if you can take a few minutes to read the FAQ.

This Instructable contains information for getting started with HackerBox 0115. The full box contents are listed on the product page for HackerBox 0115 where the box is also available for purchase while supplies last. If you would like to automatically receive a HackerBox like this right in your mailbox each month, you can subscribe at HackerBoxes.com and join the party. Subscription members save at least $15 every month and automatically receive each new HackerBox shipped immediately off the production line.

A soldering iron, solder, and basic assembly tools are generally needed to work on the monthly HackerBox. A computer for running software tools is also required. Have a look at the HackerBox Workshops for tools and supplies along with a wide array of introductory activities and experiments.

The most import thing you will need is a sense of adventure, hacker spirit, patience, and curiosity. Building and experimenting with electronics, while very rewarding, can be tricky, challenging, and even frustrating at times. The goal is progress, not perfection. When you persist and enjoy the adventure, a great deal of satisfaction can be derived from this hobby. Take each step slowly, mind the details, and don't be afraid to ask for help.

WEAR SAFETY GLASSES WHEN SOLDERING, WHEN TRIMMING WIRE LEADS, OR WHEN CUTTING, DRILLING, ETC.

Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone (or an SoC). Software for wardriving is freely available on the internet. The term Wardriving is derived from the original wardialing. Wardialing is a method popularized by the film WarGames and is, in fact, named after the film. Wardialing consists of dialing every phone number in a specific sequence in search of modems.

Wardrivers often use a Wi-Fi-equipped device together with a GPS device to record the location of wireless networks. The results can then be uploaded to websites like WiGLE, openBmap or Geomena where the data is processed to form maps of the network neighborhood. There are also clients available for smartphones running Android that can upload data directly. For better range and sensitivity, antennas are built or bought, and vary from omnidirectional to highly directional. (Wikipedia)

Wispy - 2023

HackerBox 0089 featured the Wispy project inspired by the Wardriver.uk project from Joseph Hewitt. It was definitely one of the most popular HackerBoxes ever and it sold out rather quickly.

Wispier - 2025

Since the Wispy HackerBox, we've been planning improvements to the Wispy project. A new project that would be even more Wispy, or one might say Wispier. The most significant functional improvement is the addition of 5GHz Hardware to support dual-band Wi-Fi. Another big change is in the form factor, which now supports mating the wardriver directly onto a Four Cell 18650 Lithium Battery Power Shield.

This new form factor is originally from the Signal Sleuth designed by our friend and fellow HackerBoxer 463n7. Check out that link to see a number of improved wardriver incarnations, cases, and power supplies that 463n7 has cooked up. Consider picking up some of his gear or merch while you are there.

Back in 2023, we were discussing ideas for future wardriver hardware with 463n7 - particularly regarding the increasingly popular mods to replace the GSM module with a BW16 to add 5GHz (Dual Band) Wi-Fi support. As you can see, he has since done some amazing work. His What is Wardriving? video is definitely worth watching.

463n7 was also kind enough to contribute artwork with his barcode logo and a wicked-cool script kitty for this box's sticker sheet. We appreciate his support and contributions to the field!

NOTE: It is recommended to complete the BW16 programming process exactly as described here with only the BW16 module populated on the Wispier PCB. When attempting to program the BW16 with the other modules already populated, carefully read and follow the Power Supply Note at the end of this step.

PREPARE THE BW16 MODULE

Start by soldering these four components onto the Wispier PCB as illustrated above...

First: AI Thinker BW16 RTL8720DN Module with IPEX RF Port (datasheet)

These modules can be found here from Digikey.

Note the orientation for soldering. Review this SparkFun tutorial on castellated modules, if necessary.

Second: 6 pin Right Angle Pin Headers

Use the Right Angle Headers from the static baggie with the CP2102 Serial USB Module.

Third and Fourth: Two SMD Pushbuttons

You might have an extra one of these pushbuttons left over. This is coincidentally the same 3x4x2 mm SMD Tactile Micro Pushbutton suggested for use in Step 6 of the HackerBox 0114 (WOPR) online guide.

PREPARE THE CP2102 SERIAL USB MODULE

Break off Six Pins from the Straight Male Pin Header Strip. (The provided strip should have 8-12 pins. Set at least two pins aside for use in a later step.)

Solder the six pin header onto the CP2102 Serial USB Module.

Use four Female-Female Jumper Wires to connect the CP2102 Module to the LOG UART of the BW16 on the Wispier PCB like so:

CONFIGURE THE ARDUINO IDE

If necessary, download and install the Arduino IDE Software

In the Arduino IDE, edit "Preferences" to add the following into "Additional Boards Manager URLs":

https://github.com/ambiot/ambd_arduino/raw/master/Arduino_package/package_realtek.com_amebad_index.json

(Ever notice how often we use JSON - perhaps without even knowing exactly what it is? Curious.)

Use the Arduino IDE Board Manager to find and install "Realtek Ameba Boards"

Select Tools > Board > Realtek Ameba Boards > AI-Thinker BW16 (RTL8720DN)

Select Tools > Port > [Silicon Lab USB]

VERIFY THE FACTORY FIRMWARE ON THE BW16

Open Tools > Serial Monitor

Set the Baud Rate to 115200

Type: AT

BW16 will respond: OK

Type: AT+WSCAN

BW16 will respond with a list of identified wireless networks.

UPGRADE THE BW16 FIRMWARE

Download the BW16-Open-AT.ino sketch file from CoD-Segfault.

This BW16-Open-AT firmware is compatible with the wardriver.uk firmware that we'll be loading onto the ESP32s. BW16-Open-AT provides improved identification of Wi-Fi encryption, particularly for WPA3.

Open the BW16-Open-AT.ino sketch file in the Arduino IDE

Hit the Upload Button on the IDE

You will be instructed to "enter upload mode"...

On the Wispier board, hold BURN, press and release RESET, release BURN.

The upload process should complete with "All images sent successfully!"

Open Serial Monitor at Baud: 115200

Press RESET on the Wispier board and initialization status should appear on the monitor.

TRY OUT THE BW16-Open-AT INTERFACE (OPTIONAL)

Switch the serial line connections to the Wispier PCS to swap from the LOG UART to the primary UART like so:

Open Tools > Serial Monitor

Set the Baud Rate to 38400

Type: AT

BW16 will respond: OK

Type: ATWS

BW16 will respond with a list of identified wireless networks.

Type: ATAT

BW16 will respond with All Terrain Armored Transport

"Use your tow cables. Go for the legs." ―Luke

This 38.4KBaud serial "AT Command" interface (inspired by Hayes Telephone Modems) is what the Wardriver Firmware will use to collect 5GHz network information from the BW-16. WELCOME TO DUAL BAND!

POWER SUPPLY NOTE

When attempting to program the BW16 with the other modules already populated, DO NOT CONNECT the 3V3 wire between the CP2102 Serial USB Module and the Wispier. Only connect the other three wires. Supply main 5V power to the Wispier board through either of the ESP32 USB-C ports or the 2-pin battery header. That will allow ESP32-A to power the 3V3 rail through its (much beefier) linear regulator. This prevents the CP2102 chip on the external USB serial module from attempting to power up all the modules from its tiny internal regulator, which maxes out at 100mA.

We'll be working with two identical ESP32-based development boards. These feature the ESP32-WROOM-32U module, which specifically integrates an IPEX (aka U.FL or IPX) coaxial connector for attaching an external antenna.

Prior to soldering or otherwise connecting anything to either one of the ESP32 modules, let's get the software toolchain set up and take each of the ESP32 modules for a quick test run.

If necessary, install the Arduino IDE.

Within the IDE, use the Boards Manager to search for ESP32 (by Espressif Systems).

Select that board package and hit install.

Connect one of the ESP32 modules to your PC using a USB-C cable.

The power LED (usually red) will light up.

There is no "user LED" on the module, so nothing will be blinking, and obviously we cannot use the typical embedded "hello world" of manipulating an LED. Instead, we will perform our initial test using one of the buttons built onto the ESP32 module.

Select the correct hardware in the IDE using:

Tools > Board > ESP32 Arduino > ESP32 Dev Module

Then open the example sketch:

File > Examples > Basics > DigitalReadSerial

Find the following line and change it from IO pin 2 to IO pin 0:

The BOOT button on the module is wired to IO pin 0.

Compile and upload the sketch.

Open the serial monitor and set it to 9600 baud.

The sketch will repeatedly output a "1" to the serial monitor, but the output will change to "0" whenever the BOOT button is pressed. With that, we can be sure that everything is configured correctly to program the ESP32 and the module itself is operational.

Repeat the test for the second ESP32 module:

Perform this initial testing on both ESP32 modules prior to connecting either of them together or to anything else.

The ATGM336H GPS module (datasheet) is a tiny satellite positioning device capable of connecting with up to six global navigation satellites to compute its location almost anywhere on Earth. The ATGM336H has an accuracy of 2.5m and is capable of updating its coordinates ten times per second. The GPS module uses a serial protocol to communicate with practically any computer or microcontroller.

Assembly Notes:

Solder either of the ESP32 modules onto position A of the Wispier PCB. Note the proper orientation in the image above and as marked by the Antenna and USB connector designations on the PCB silkscreen.

Solder the GPS module into place with the IPEX coax connector facing outward from the RF capture PCB.

Feed the cable of the beige ceramic antenna from the backside of the PCB, through the circular opening, to the front of the PCB, and gently connect it to the GPS module via the IPEX coaxial connection.

Connect the USB port of ESP32-A to your computer and confirm that the sketch previously uploaded to display output associated with the BOOT button is still operational.

From the IDE menu, use Tools > Manage Libraries to search for and install these two libraries:

1. TinyGPSPlus-ESP32
2. EspSoftwareSerial

Open File > Example > TinyGPSPlus-ESP32 > DeviceExample

Note that the examples from the TinyGPS+ Library may be placed under the INCOMPATIBLE section of the IDE example files.

Find these two lines in the example sketch:

And change them to the following values:

Compile and upload the sketch.

Open the serial monitor and set it to 115200 baud.

Initially, it may take a few minutes for the GPS module to acquire the necessary satellite links. You may need to move closer to a window or even take a field trip outside.

Latitude/Longitude values can be pasted into Google maps, to verify the location.

For additional details on satellite-based geolocation, tracking, logging, and mapping check out the Hacker Tracker box guide from HackerBox 0021. (Not to be confused with the very useful Hacker Tracker mobile app, which you should probably also install.)

Open up the OLED Module. This tiny display features 128×32 pixels and interfaces to ESP32-A over I2C.

Position the OLED Module onto the Wispier PCB as shown.

Place a small piece of folded cardboard (folded if necessary) under the middle of the module to make it sit parallel to the PCB.

Solder the OLED Module onto the Wispier PCB as shown.

From the IDE menu, use Tools > Manage Libraries to search for and install these two libraries:

1. Adafruit GFX Library
2. Adafruit SSD1306

Open the example sketch:

File > Examples > Adafruit SSD1306 > ssd1306_128x32_i2c.ino

Find this text on line 35:

Change 0x3D to 0x3C

SEND IT!

Solder the second ESP32 module onto position B of the Wispier PCB. Note the proper orientation in the image above and as marked by the Antenna and USB connector designations on the PCB silkscreen.

DS18B20 Digital Temperature Sensor

The DS18B20 digital thermometer (datasheet) comes in a three pin TO-92 package (similar to a transistor). The sensor provides 9-bit to 12-bit Celsius temperature measurements over a 1-Wire bus that by definition requires only one data line (and ground) for communication with a microcontroller.

Orient the DS18B20 such that the flat surface matches the flat side marking on the PCB.

Solder the sensor in place.

Solder the 4.7K axial through hole resistor (either direction is fine).

From the IDE menu, use Tools > Manage Libraries to search for and install the library:

1. OneWire (at least v2.3.7) by Paul Stoffregen

Open the example sketch:

File > Examples > OneWire > DS18x20_Temperature.ino

Find this text on line 10:

Change the passed value 10 to 22

This is required because the data line of the temperature sensor is wired to IO22 of ESP32-B.

Upload the sketch (to ESP32-B, not ESP32-A)

Open Tools > Serial Monitor to 9600 baud.

MicroSD Card Slot Module

Position the MicroSD card module as shown, with the metal slot facing against the PCB.

Solder the module into place.

Right Angle RF Pigtail Cables

Take a look at the photo of a completed Wispier under Step 1.

Note that the three coaxial SMA connectors are mounted FROM THE BACK SIDE of the PCB.

Also note that the threaded ports of the connectors are oriented off the edge of the PCB.

Solder the three SMA pigtails accordingly.

Feed the small ends of the cables through the circular opening in the PCB through to the front.

Gently connect the small IPEX connectors onto the BW16 module and the two ESP32 modules.

Screw the three dual-band omnidirectional SMA antennas onto the Wispier's SMA ports.

Browse over to Joseph Hewitt's wardriver.uk Rev3 repository.

There are five required libraries listed there, but we've already used three of them.

Use Tools > Manage Libraries to search for and install the last two libraries:

1. MicroNMEA v2.0.x by Steven Marple
2. GParser v1.4.x by AlexGyver

The repo features an A.ino sketch and a B.ino sketch.

As you might guess, these get programmed onto ESP32-A and ESP32-B.

Dig out a 4-16GB MicroSD card and format it as FAT32.

(Larger capacity cards are not recommended and may be unsupported.)

As discussed under Advanced Config:

Make a file on the SD card named: cfg.txt

Put this text in the file: sb_bw16=yes

Insert the card into the Wispier's MicroSD slot.

Apply power to either of the ESP32 USB-C ports.

Watch the magic!

As inspired by 463n7's Signal Sleuth design, the Wispier system can mount onto a commonly available Four Cell 18650 Battery Shield like some kind of funky backpack.

Things to know about the included Four Cell 18650 Lithium Battery Power Shield:

1. Operates with any number (1-4) of 18650 cells.
2. Press the white button once to turn ON
3. Hold down the white button to turn OFF
4. Slide switch "Normal" allows auto-OFF when enough current is not drawn
5. Slide switch "Hold" prevents auto-OFF in low current conditions
6. The USB-C and MicroUSB ports charge the battery cells
7. Charge level indicator LEDs blink while charging
8. Output power can be ON while charging
9. Female USB-A is an output to power other devices (e.g. your phone)

ASSEMBLY

Remove the battery cells.

The next two steps are to protect the center coax port out of an abundance of caution.

Trim down the four pins on the back of the Female USB-A connector.

Cover the four trimmed pins with a couple layers of insulating tape.

Repeat the next two steps for each of the four corner holes of the power shield.

Insert a nylon screw into the side of the shield with the battery holder.

Thread a nylon hex standoff pillar onto the other side of the shield.

Cut a two pin male header (set aside while preparing the CP2102 USB Module)

Optionally, as shown in the red circle:

Slide the header insulation to make the mating pins about 1.5 mm longer.

Plug the two pin male header into the two pin female header.

Stack the Wispier PCB and the Shield back-to-back.

Orient the Female USB-A connector in the same direction as the RF pigtails.

Orient the Wispier modules facing out and the battery cell holders facing out.

Sandwich the mated two pin headers between the boards as shown.

That is, with the male pins on the Wispier side and female against the shield.

Tighten the four remaining nylon screws through the Wispier PCB into the standoffs.

Soldier the four 5V power pins (two on each side).

Insert at least one 18650 cell.

Tap the white button to power ON.

Charge up the cell(s) as needed.

Optionally, mount inside the HackerBox mailer or into a 4x4x1.5 inch enclosure

463N7 noted that his Signal Sleuth Case appears to fit, if you want to print one

JSON (JavaScript Object Notation) is an open standard file format and data interchange format that uses human-readable text to store and transmit data objects consisting of name–value pairs and arrays (or other serializable values). It is a commonly used data format with diverse application in electronic data interchange, including that of web applications with servers. JSON is a language-independent data format. It was derived from JavaScript, but many modern programming languages include code to generate and parse JSON-format data. (Wikipedia)

"It seems like the plot from some bad hacker movie. But it wasn’t."

We hope you are enjoying this month's HackerBox adventures into electronics, computer technology, and hacker culture. We aim to curate a challenging and rewarding experience of learning through experimentation and exploration. Thank you for joining us on this journey.

Reach out and share your success in the comments below. Email support@hackerboxes.com anytime with questions or whenever you need some help.

Hungry for more? Surf over to HackerBoxes.com and join us as a monthly HackerBox subscription member. You'll get a cool box of hackable gear delivered right to your mailbox every month and you'll enjoy a generous member discount.

Please consider sharing this free Instructable with others who may be interested in learning about these subjects. Word of mouth advertising is the greatest compliment that we can receive. We sincerely appreciate your support.