github JesseCHale/HaleHound-CYD v3.5.0
HaleHound-CYD v3.5.0
on GitHub

7 hours ago

What's New

New Modules

BLE Predator — GATT Reconnaissance + Honeypot Credential Trap

Three-phase BLE attack. SCAN discovers nearby devices and classifies them by threat tier (RED/YELLOW). RECON connects via GATT client, enumerates all services and characteristics, caches read values. HONEYPOT clones the target as a connectable GATTS server — logs every CONNECT/READ/WRITE/DISCONNECT event. WRITE captures contain credential data (PINs, tokens, passwords). 3-mode on-screen keyboard for device name filtering. Pulsing LIVE indicator, color-coded event log, SD card loot save.

Flock You — Flock Safety Surveillance Camera Detector

Passive SIGINT module that detects Flock Safety ALPR cameras, Raven/ShotSpotter gunshot sensors, and associated infrastructure via BLE advertisement fingerprinting. 22 OUI prefixes, 4 BLE name patterns, XUNTONG manufacturer ID, 8 Raven GATT service UUIDs with firmware version estimation. Dual-core BLE scan. SD card save with GPS coordinates.

Upgrades

Radio Test Overhaul

  • NRF24: 126-channel spectrum scan (30 sweeps via testRPD()) + TX test
  • CC1101: RSSI baseline on 315/433.92 MHz, 3-second signal detection
  • GPS: inline test with gradient progress bar
  • 4-button layout: NRF24 / CC1101 / GPS / WIRING

Radio Test upgrade source code by Duggie

AP-Locked 2.4GHz Spectrum Analyzer

  • Tap AP Select to WiFi scan, pick an AP, locks analyzer to that channel's NRF24 range (~22 channels)
  • Zoomed view with wider bar spacing, channel + SSID in title bar

Fast Touch Engine

  • Bypasses TFT_eSPI getTouch() 5x validation loop with direct raw reads cached per frame
  • 100-200x faster touch response — quick taps register instantly

Jammer Flicker Fix

  • Draw-once standby pattern on all 4 jammer screens (BLE, WLAN, ProtoKill, SubGHz)
  • Idle refresh reduced from 30ms to 200ms when not jamming

BLE Database — 94 company IDs, 73 service UUIDs, 52 GAP appearances for device identification

New Hardware Support

ESP32-3248S035C (CYD35C) — 3.5" Capacitive Touch

  • GT911 capacitive touch controller (I2C) — same ST7796 display as E32R35T
  • Edge-triggered debounce tuned for capacitive panels
  • Build: pio run -e esp32-cyd35c

3.5" UI Scaling — BLE Spoofer, Beacon, Sniffer + SubGHz Jammer/Brute Force touch zones properly scaled for 320x480

Removed

BLE Ducky — T-vK/ESP32-BLE-Keyboard library is abandoned (240+ open issues, broken Windows reconnect). Replaced by BLE Predator honeypot.

Menu Changes

  • BLE Predator replaces BLE Scanner + Sniffer in Bluetooth menu
  • AirTag hub renamed to Lunatic Fringe hub (Tracker Scan, AirTag Detect, Phantom Flood, AirTag Replay)
  • Flock You added to SIGINT menu

Supported Boards

Board Build Target Status
ESP32-2432S028 (2.8") esp32-cyd Fully Tested
QDtech E32R35T (3.5") esp32-e32r35t Fully Tested
ESP32-3248S035C (3.5" Cap Touch) esp32-cyd35c Fully Tested
QDtech/Hosyond E32R28T (2.8") esp32-e32r28t Fully Tested
NM-RF-Hat (2.8") esp32-cyd-hat Supported

Credits

Duggie — Radio Test upgrade source code (spectrum scan, TX test, signal detection)

Check out latest releases or
releases around JesseCHale/HaleHound-CYD v3.5.0

Don't miss a new HaleHound-CYD release

NewReleases is sending notifications on new releases.

Get notifications