I am playing with idea to setup my Raspberry Pi 4B with Openhabian in a way that it will automatically detect when my mobile phone (with bluetooth or wifi turned on) comes near by. It would be nice if Openhabian runs a my arbitrary script in this situation. I know it is possible to scan wireless devices in the area and show MAC addresses of these devices. It would be awesome if Openhabian would run my arbitrary shell script when certain MAC address shows up in the list at any given time. Is there a way to achieve this or similar functionality?
The usage: I want to prohibit my motion sensor to trigger alarm in my garage when I come there with my phone which I carry with me almost always.
Here’s the problem you will have. Most modern cell phones will spoof their MAC addresses for both WiFi and Bluetooth. Periodically (once every 15 minutes or so) it will just up and change to use a different MAC address. This is a good thing as it means you are much harder to individually track as you move about the world. But it means your plans to scan for BT MAC addresses of your phone won’t work.
You can tell that an iPhone is present. You can’t tell that your iPhone is present.
You can turn off the MAC address randomization for the WiFi but you can’t for BT.
If despite this limitation you still want to do this see:
- reelyActive Smart Spaces Revisited
- GitHub - rkoshak/sensorReporter: A python based service that receives sensor inputs and publishes
There are many other approaches I’m sure.
If you have an Android I’d recommend using FIND (https://www.internalpositioning.com/) the server for which can be installed from openhabian-config. This uses the wifi signal strengths from your and you neighbor’s wifi APs to triangulate the phone’s position inside a building.
Openhabian is about setting up the system environment, and won’t be much help here.
Openhab rules are probably what you have in mind, but they need data to work with. Have you some Bluetooth integrated with openHAB yet? And/or does openHAB have access to your router, to enquire about WiFi population?
Another option you could try is Room-Assistant. I got it running on a pi zero as a test for in room detection and it works pretty good.
I can detect if someone is in the bedroom or not.
Uses Bluetooth and calculates distance of it.
I then report it via mqtt to openhab.
I have an old iPhone so I guess that option is not applicable for me.
No and no. My openHAB runs on R-Pi which is connected to the internet directly via USB modem without any router or local network.
Thanks for the idea. I was putting hope into that solution but after trying to set it up couple hours I gave up for now. I assume “Bluetooth Classic” integration is relevant for me so I have followed the relevant docs. I hope I have configured it correctly because after triggering “room-assistant” command all services seems to be running with no errors. Into local.yml file I have written:
global: integrations: - bluetoothClassic bluetoothClassic: addresses: - 'D6:A2:BC:54:79:9C'
(MAC is just for example, everything else is original)
But as rlkoshak mentioned…
…I am not sure how it will work when MAC address will be constantly changing anyway.
And I have also installed room-assistant app into my iPhone. When I open the app there is some long ID string that should be copied/pasted into some integration allowlist but could not find where this list is located.
Maybe should I put that ID somewhere into local.yml file?
EDIT: It seems like room-assistant require some other services to be installed like Home Assistant Core or MQTT which I did not use before.
That sounds like a really bad idea. I trust you are at least running a host based firewall like UFW or iptables with pretty strict rules to dictate who can access the RPi over the network.
I am not sure. My networking skills are very superficial. But I use off shelf Huawei 3G modem (USB stick) with SIM card with very cheap data plan. I was assuming there is some basic protection for average consumer. This stick is plugged into my R-Pi running openhabian and openHAB.
Is this setup by default vulnerable from clearnet or LAN or both?
I am just looking into UFW in this article in hope to learn how to apply some basic protection to my setup.
While you’re sorting out security…
You seem to have no hardware capable of detecting a phone nearby. Why not turn the process on its head? Have the phone tell you when it’s nearby. i.e. some service or app on the phone can use onboard GPS to figure out when it is near some fixed location, and send a message (Telegram or whatever) to your openHAB.
There is not. If you choose to expose your devices to the internet, as far as the ISP is concerned that’s your business. They don’t really care if you get hacked.
If you can reach this device over the internet, everyone in the world can too. And that means everyone in the world can also access your openHAB, ssh, and any other service that may be running. Get your IP address and go search your IP address at shodan.info. That will show you everything you have exposed to the internet. If you can find it on Shodan, all the bad guys can too.
Frankly, you are probably already hacked and your little RPi is burning itself up mining crypto currency for some bad actor somewhere. Or it’s participating in DDoS attacks or the like.
By default people have a “gateway” between their ISP and their local network. This gateway has a very simple firewall configuration. Deny all connections from the Internet, period. Unless you really know what you are doing and have the time to do the monitoring and maintenance, this is how everyone’s network should be configured. There should be no way to directly access your hardware from the internet (connections from your devices to the Internet are OK).
Perhaps there was a misunderstanding and this is in fact how you are set up in which case all is good. But if not and you can access your device over the Internet then you have to protect it or else it’s not going to be your device for long. It will become some some bad actor’s device.
To access the services on your RPi you should use third party tools like myopenhab.org, Tailscale, remote RPi, etc. which do not require the ability to connect directly to your device over the Internet. That way the attackers won’t even see that your device exists. If they can’t reach it they can’t attack it.
Sorry for my late reply. Got no regular access to my OH at the moment due to travel.
Below is my config yml with masked MAC codes etc.
I remember that it took some time to get the “right” MAC or UUID codes for each device.
This way it does not matter if the MAC address changes (I think, but please correct me if I am wrong).
An interesting post here at their github:
11/12/2020, 11:31:45 - info - BluetoothLowEnergyService: Attempting app discovery for tag 7214500ef242 11/12/2020, 11:31:46 - info - BluetoothLowEnergyService: Discovered companion app with ID UID-VERY-LONG-AND-MANY-DASHES for tag 7214500ef242 11/12/2020, 11:31:46 - info - BluetoothLowEnergyService: Discovered new BLE peripheral UID-VERY-LONG-AND-MANY-DASHES with ID UUID-VERY-LONG-AND-MANY-DASHES and RSSI -82
global: integrations: - homeAssistant - bluetoothLowEnergy - bluetoothClassic instanceName: masterbedroom room: masterbedroom homeAssistant: mqttUrl: mqtt://URL:PORT sendAttributes: true mqttOptions: username: USER password: PW rejectUnauthorized: false bluetoothLowEnergy: hciDeviceId: 0 maxDistance: 13 timeout: 70 updateFrequency: 10 allowlist: - Garmin Watch MAC - OnePlus Phone MAC - iPHone (32 long UUID code) tagOverrides: AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAAAAAA: name: iphone measuredPower: -60 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA-1-1: name: oneplus measuredPower: -70 AAAAAAAAAAAA: name: watch_garmin measuredPower: -82
Hope this helps a bit.
EDIT: I run room-assistant on a Pi Zero.
Sorry I almost forgot. I most likely indeed have non-public IP because I was already trying to solve remote SSH access to my R-Pi before but because device likely has non-public IP from ISP I was then “forced” to use third party tool to create SSH tunnel. And I also use myopenhab cloud connector.
Nearby phone detection solution
I appreciate all above comments. For now I have solved this wireless detection issue using this steps:
- Create wifi AP from my R-Pi using linux router tool and required dependencies.
- Use this command
sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhraseto start AP without internet connection sharing.
- Create systemd service that will run this AP after reboot
- Connect my phone to this new wifi AP.
- Create script with conditional statement that will do actions based on the presence of my phone’s MAC address in this command output:
sudo iw dev wlan0 station dump
My phone’s MAC address seems to be always same for this particular AP. I think it changes with every AP it is connected to.
- Finally in the script I use openHAB REST API that will switch dedicated item ON/OFF based on my phone connection to AP.