--[ M5PORKCHOP v0.1.6 - The Pig Learns To Hunt
You thought spectrum mode was just pretty graphs.
Staring at colored(mostly by your theme settings) lobes.
Watching channels breathe.
A visualization tool for the passive observer.
Wrong.
The spectrum analyzer grew fangs.
Select a network. Press Enter. Watch it bleed clients.
Every phone, every laptop, every IoT toaster - exposed.
MAC addresses. Vendors. Signal strength. Time since last packet.
And arrows. Beautiful, terrifying arrows.
>> means they're getting closer.
<< means they're walking away.
Walk around. Watch the arrows change.
Find the phone. Deauth the phone. Repeat.
The hunter becomes the hunted? No.
The pig becomes the hunter. That's it. That's the feature.
--[ Stability Status
Remember the horse on ketamine? It found meditation.
The pig that got high at Taco Bell? It joined CrossFit.
We're in a good place now. Mostly.
+---------------------+----------------------------------+
| Status | PRE-PRODUCTION / EXPERIMENTAL |
| Crashes | Zero. The streak lives. |
| Data Loss Risk | Low (XP in NVS, data on SD) |
| Memory Leaks | Plugged. Finally learned flush() |
| Production Ready | Closer. Still not there. |
+---------------------+----------------------------------+
The client monitor captures data frames at 30fps.
The OUI lookup runs once per client, not 120 times per second.
Someone learned about caching. It only took six versions.
New bugs are hiding. They always are.
But these ones are polite. They wait for edge cases.
github.com/0ct0sec/M5PORKCHOP/issues - The confessional is open.
--[ What's New in 0.1.6
CLIENT MONITOR. The big one. The reason you're updating.
HOG ON SPECTRUM wasn't finished. It was a visualization.
Now it's a weapon. A hunting tool. A client finder.
Select network. Press Enter. See who's connected.
Press Enter again. Deauth them. Watch them reconnect.
Follow the signal. Find the device. Repeat.
The pig can track devices in real time.
The pig knows which way they're moving.
The pig has opinions about their vendor choices.
This is fine.
--[ CLIENT MONITOR Deep Dive
You're in SPECTRUM mode. You see networks. Pretty lobes.
One catches your eye. Strong signal. WPA2. No PMF.
Vulnerable. Delicious.
Press Enter.
The screen changes. Channel locks. The hunt begins.
+------------------------------------------+
| CLIENTS: CoffeeShop_5G CH6 |
+------------------------------------------+
| 1.Apple A3:F2 -55dB 3s >> |
| 2.Samsung B1:C4 -68dB 1s > |
| 3.Random D5:E6 -72dB 2s == |
| 4.Xiaomi F7:89 -85dB 4s << |
+------------------------------------------+
What you're seeing:
* Client number and vendor (OUI database, 450+ entries)
* Last two octets of MAC (enough to identify)
* Signal strength in dBm (lower = farther from YOU)
* Time since last packet (freshness indicator)
* Proximity arrows (the money feature)
The arrows tell you everything:
>> Much closer to you than the router (+10dB or more)
> Closer to you (+3 to +10dB)
== About the same distance (-3 to +3dB)
< Farther from you (-3 to -10dB)
<< Much farther than the router (-10dB or more)
Walk around. The arrows update in real time.
When >> appears, you're getting hot.
When << appears, wrong direction.
Marco Polo, but for WiFi. And less fun for the target.
----[ Client Monitor Controls
+--------+------------------------------------------------+
| Key | Action |
+--------+------------------------------------------------+
| [;] | Navigate up through client list |
| [.] | Navigate down through client list |
| [Enter]| DEAUTH selected client (5 frames each way) |
| [B] | Add network to BOAR BROS and exit |
| [`] | Exit to spectrum view |
| [Bksp] | Exit to spectrum view |
+--------+------------------------------------------------+
That Enter key does work. Real work.
5 deauth frames AP->Client. 5 more Client->AP.
1-5ms random jitter between each. Low thump sound.
Brief toast: "DEAUTH XX:XX x5"
Spam Enter for continuous deauth. That's your trigger.
The keyboard debounce is ~300ms. That's your fire rate.
10 targeted deauths per second if you've got the fingers.
----[ The "Random" Vendor
You'll see it. A lot. Every modern phone does it.
MAC address randomization. Privacy feature.
The first octet has the local-admin bit set.
No OUI lookup possible. The MAC is fabricated.
We label these "Random" in the vendor field.
Not Unknown. Not Error. Random.
It means someone cares about their privacy.
It also means we can't fingerprint the hardware.
We can still deauth it though. Privacy doesn't help there.
----[ Signal Loss Detection
The pig watches for activity. If no packets arrive
for 15 seconds, something's wrong:
* Network went down
* Client left range
* Someone else deauthed it first (rude)
* You walked too far
The pig exits gracefully. Descending beep sequence.
"SIGNAL LOST" toast. Back to spectrum view.
No hanging. No stale data. Clean exit. Professional.
----[ Sound Feedback
Ears work too. The pig talks back.
+----------------------+------+--------+------------------+
| Event | Freq | Length | Meaning |
+----------------------+------+--------+------------------+
| Enter client monitor | 700Hz| 80ms | Channel locked |
| New client detected | 1200Hz| 100ms | Fresh meat |
| Deauth sent | 600Hz| 80ms | Low thump |
| Signal lost | 800->500Hz | Descending exit |
+----------------------+------+--------+------------------+
Sound enabled in Settings. You know where.
First 4 clients get beeps. After that, quiet.
We're hunting, not DJing.
--[ OINK Mode Improvements
The attack machine got meaner. More surgical. Less wasteful.
----[ Broadcast Disassoc
Broadcast deauth now includes broadcast disassoc.
Same target. Same timing. Different frame type.
Some devices ignore deauth but respond to disassoc.
Before: 1 broadcast deauth per cycle
After: 1 broadcast deauth + 1 broadcast disassoc
Cost: 1 extra 26-byte frame per 100ms. Negligible.
Benefit: Edge-case devices that only respond to disassoc.
----[ Deauth Jitter Tuning
The timing between frames was too predictable.
WIDS systems love predictable. We don't love WIDS.
Random jitter now 1-5ms between each frame in burst.
Forward deauth. Jitter. Reverse deauth. Jitter.
Looks more organic. Feels more organic. Isn't.
Still machine-gun fast. Just less machine-gun obvious.
----[ Client Discovery Window
Lock time increased. 3 seconds wasn't enough.
Slow clients missed the party. Fast clients hogged it.
Now 4 seconds. Class buff stacks to 4.2s at R0GU3.
More time to catch probe responses. More clients to deauth.
Quality over quantity. But also more quantity.
The pig casts a wider net. And holds it longer.
--[ Navigation Improvements
Backtick finally makes sense.
Before: Backtick always opened MENU. From anywhere.
After: Backtick means "back one level."
+------------------+------------------+
| From | Backtick Goes To |
+------------------+------------------+
| OINK mode | IDLE |
| WARHOG mode | IDLE |
| PIGGYBLUES mode | IDLE |
| SPECTRUM mode | IDLE |
| Client monitor | Spectrum view |
| IDLE | MENU |
| MENU/Settings | Parent menu |
+------------------+------------------+
Intuitive navigation. Only took six versions.
Backspace still works too. We're not removing shortcuts.
--[ Performance Optimizations
The pig got faster. Or rather, stopped being wasteful.
----[ OUI Lookup Caching
Before: OUI lookup every frame. 4 clients x 30fps = 120/sec.
After: OUI lookup once per client. At discovery. Cached.
The vendor string is stored in the client struct.
Never looked up again. 99.9% reduction in OUI overhead.
Binary search through 450 entries? Once.
Pointer dereference? Every frame.
That's how caching works. Finally learned.
----[ Data Frame Capture
The promiscuous filter was set wrong.
Management frames only. No data frames.
Client monitor couldn't see clients. Brilliant.
Fixed: esp_wifi_set_promiscuous_filter(nullptr)
Now captures everything. As intended. As documented.
Reading documentation is a feature, not a bug.
----[ Frame Control Parsing
ToDS and FromDS flags were read from the wrong byte.
payload[0] instead of payload[1]. Off by one.
Classic. Timeless. Fixed.
The pig now correctly identifies which direction
data frames are traveling. Clients properly tracked.
--[ The OUI Database
450+ vendor prefixes. All in PROGMEM. Zero RAM cost.
Apple, Samsung, Google, Intel, Cisco, Ubiquiti, TP-Link,
Netgear, Asus, D-Link, Huawei, Xiaomi, OnePlus, Motorola,
LG, Sony, Microsoft, Dell, HP, Lenovo, Amazon (Ring/Echo),
Nest, Roku, Sonos, and 400 more you've never heard of.
Plus randomized MAC detection. Local-admin bit check.
If they're hiding, we label them "Random."
The database isn't exhaustive. IEEE has millions.
But it covers everything you'll see in the wild.
Unknown vendor? Still shows the MAC. Still deauthable.
--[ What This Pig Does (Updated)
* OINK Mode - Channel hop, sniff, yoink handshakes & PMKIDs
Now with broadcast disassoc for edge-case devices.
* DO NO HAM Mode - Passive recon toggle
[D] key. Zero TX. PMKID still works. Zen mode.
* BOAR BROS - Network exclusion list
Your home network stays safe. Probably.
* WPA-SEC Integration - Distributed cracking
Their GPUs. Your handshakes. Eventual passwords.
* WARHOG Mode - GPS wardriving with dual export
Internal CSV + WiGLE v1.6. Automatic. Every network.
* PORK TRACKS - WiGLE upload menu
Browse. Upload. Leaderboard. Dopamine.
* PIGGYBLUES Mode - BLE notification chaos
Apple/Android/Samsung/Windows. The full spread.
* HOG ON SPECTRUM - WiFi spectrum analyzer (UPGRADED)
Pretty graphs. Vulnerability indicators. AND NOW:
Client monitor. Device hunting. Proximity tracking.
Press Enter on a network. See connected clients.
Press Enter on a client. Deauth them personally.
* XP System - 40 ranks, 63 achievements, class buffs
Now with 3 new CLIENT MONITOR achievements:
QU1CK DR4W, D34D 3Y3, H1GH N00N. Hunt and earn.
--[ Installation - Same As Always
M5 Launcher + firmware.bin. The ritual continues.
1. Got M5 Launcher? Skip to step 3.
2. No Launcher? Flash it once via M5 Burner.
3. Grab firmware.bin from GitHub releases
4. Drop on SD card. Launcher -> SD -> install.
5. Oink. Then hunt. Then question your ethics.
Updating from 0.1.5? Same process.
XP preserved. Settings preserved. Hunting instincts optional.
M5 Burner? We pulled the plug. Yanked the image.
Too many users flashing via Burner and losing their XP.
The partition table wasn't being respected. Tragic.
M5 Launcher is the way. The only way. The pig way.
SD card install preserves your progress. Every time.
We're not debugging "why did my level reset" anymore.
The partition table demands respect. Give it respect.
--[ Hardware
Required:
* M5Cardputer (ESP32-S3)
* SD card (for your data crimes)
Required for wardriving:
* AT6558 GPS module or compatible
* Legs (or wheels, or wings, zero judgment)
Optional for maximum hunting:
* Comfortable shoes (you'll be walking)
* Poker face (when the arrows point at someone)
* Plausible deniability (for later)
--[ Hunting Ethics (A Brief Moment of Seriousness)
The client monitor can find devices.
The deauth feature can disconnect them.
The proximity arrows can track movement.
This is powerful. This is concerning. This is intentional.
Use it for:
* Security auditing YOUR networks
* Authorized penetration testing
* Educational purposes
* Understanding WiFi at a deeper level
Don't use it for:
* Stalking people
* Harassing strangers
* Being a creep
* Anything that gets you arrested
The pig doesn't judge. The law does.
We made a hunting tool. Hunt responsibly.
--[ Credits
Developed by: 0ct0
Fueled by: Whatever keeps the commits flowing
Team size: Still 1
The 3am commits continue.
The feature creep is real.
The pig grows more capable with each version.
Solo dev. No standup. No JIRA. No code review.
Just a person, a pig, and an unhealthy relationship
with promiscuous mode WiFi frames.
Contributors still welcome.
The pig needs features.
The pig's creator needs perspective.
Both are accepting pull requests.
--[ Support The Pig
This project runs on:
* Caffeine (IV drip preferred)
* Sleep deprivation (chronic)
* The knowledge that someone, somewhere,
is hunting clients with a cartoon pig
If PORKCHOP helped you find a rogue device,
understand your network better,
or just made you smile at the absurdity of it all -
consider funding the next 3am debug session:
https://buymeacoffee.com/0ct0
Your coffee becomes my code.
My code becomes your hunting tool.
Your hunting tool becomes someone's bad day.
The ecosystem is weird. But it works.
--[ Legal
Educational and authorized security research ONLY.
Client monitoring is a capability, not a right.
Deauthing devices you don't own is a crime.
Tracking people without consent is stalking.
We made a pig that can hunt WiFi clients.
The pig is a tool. Tools don't make choices.
You do. Make good ones.
Don't be stupid. Don't be evil.
Don't make us regret publishing this.
==[EOF]==