An Android app that scans for hidden Bluetooth earbuds, disrupts wireless cheating devices, and triangulates their exact position in the exam room — in real time.
Convert signal strength to meters using a path-loss model calibrated for indoor environments.
d = 10^((-59−rssi) / 25)Closer teachers contribute more to the estimate. Weight decays with the square of distance.
w = 1 / d²Each axis computed independently. The result is the most likely device position in the room.
x = Σ(tX·w) / Σ(w)Drawn as a translucent ring on the map. Shrinks as more teachers see the same device.
σ = avgDist × 0.5Miniature Bluetooth earbuds, smartwatches, and hidden phones allow students to receive answers in real time — and traditional supervision cannot detect them.
Most exam cheating incidents involve Bluetooth-connected audio devices, invisible from a distance.
Modern earbuds are smaller than a fingernail — completely invisible to proctors walking the room.
An accomplice outside the room can transmit answers directly to the student's earbud over BLE.
Simultaneously scans Classic Bluetooth and BLE. All nearby devices appear instantly with RSSI, MAC, device class and suspicious flag.
Device class heuristics (audio = 0x200) and name matching (Buds, AirPods, Earbud) auto-flag suspicious devices with a haptic alert.
RSSI readings from multiple teachers feed a weighted trilateration algorithm, placing the device on a live room map with ±0.5m accuracy.
Select an attack mode — RFCOMM flood, L2CAP SDP, BLE GATT, or BLE spam — to render the device unusable during the exam.
Built for real exam environments, tested on actual Android hardware.
Scans Classic BT (BR/EDR) and BLE simultaneously. Device class decoded from Android's CoD bitmask — icon and color per type. Haptic vibration on new suspicious device.
RFCOMM connection flood, L2CAP PSM=1 pre-auth SDP flood (Android 10+), BLE GATT characteristic storm, and BLE advertisement spam (Apple/Samsung payloads).
CustomPainter canvas shows all teachers as labeled circles with initials, detected devices as colored dots with uncertainty rings, and RSSI distance circles per teacher.
One teacher creates a session (6-digit code). Others join. GPS auto-positions all teachers. RSSI readings sync via Firebase Realtime Database in under 200ms.
Offline fallback: UDP multicast on 239.255.43.21:5555. WifiManager.MulticastLock prevents Android battery optimization from dropping packets. No internet required.
Full exam report: device list, suspicious count, located positions with coordinates, teacher coverage map. Copy to clipboard for immediate sharing.
Firebase Auth with Google. Teacher's display name auto-populates as their ID on the map. Sign-out from the app menu. Works with the same keystore as other apps.
Haptic feedback on suspicious device detection. NEW banner with device name. Stale BLE devices auto-pruned after 60s. Unnamed device filter toggle.
Room dimensions, teacher name, and position saved to SharedPreferences. Auto-restored on next launch. GPS-based positioning in Cloud mode requires no manual setup.
All attack logic runs in Kotlin coroutines via MethodChannel. The Flutter UI selects the mode; native Android executes it. Based on publicly documented CVEs: BlueBorne, BIAS, KNOB, L2Fuzz, CVE-2020-0022.
Parallel RFCOMM connection attempts. Real SDP UUIDs used first, random UUIDs as fallback. Up to 8 threads.
Classic BTPSM=1 pre-authentication SDP flood. Works before pairing. Most universal Classic BT attack. Android 10+ only.
Pre-AuthRapid characteristic read/write loop on connected BLE device. Auto-reconnects on disconnect. Exhausts BLE stack resources.
BLEFake Apple AirPods and Samsung Galaxy Buds advertisement payloads. Triggers pop-ups on nearby iPhones and Galaxy devices.
Area-WideMultiple teachers see the same device at different signal strengths. The path-loss model converts RSSI to distance; inverse-square weighted centroid places the device on the map.
Path-loss model: d = 10^((-59 - rssi) / 25)
n=2.5 (indoor), txPower=-59 dBm
Weight per teacher: w = 1 / d²
Closer teacher → higher confidence
x = Σ(tX × w) / Σ(w)
Applied for both X and Y axes
σ = avgDist × 0.5
Drawn as a ring on the map canvas
Two sync channels — choose based on your network environment.
UDP multicast on 239.255.43.21:5555. All teacher phones must be on the same WiFi. Zero latency. No internet required. Manual position setup on room grid.
One teacher creates a session → 6-digit code → others join. GPS auto-positions all teachers on a 30×30m virtual room. Works across different WiFi networks.
Teacher A taps "Create Session". GPS fix taken. Code XK4-921 generated. Session node written to Firebase RTDB.
Teachers B & C enter the code. GPS positions pushed to sessions/XK4921/teachers/.
Each teacher's RSSI readings pushed to readings/{mac}/{teacherName}/ with GPS lat/lng.
Host GPS = origin (15,15). Delta: x = Δlng × 111320 × cos(lat). All teachers appear on the map.
Incoming readings from other teachers trigger re-computation. Device position updates on all phones simultaneously.
UI, state management (Provider pattern), BLE scanning, screen navigation.
All Classic BT and attack logic. MethodChannel + EventChannel bridge to Flutter. Coroutines for parallel attacks.
Realtime Database for Cloud sync. Firebase Auth for Google Sign-In. Sub-200ms latency.
High-accuracy GPS stream. ±2–5m accuracy indoors. Powers the automatic teacher positioning in Cloud mode.
ChangeNotifier pattern. ScanProvider, LocalizationProvider, SessionProvider, AuthProvider — clean separation.
Persists room dimensions, teacher name and position between sessions. Auto-restores on launch.
dart:io RawDatagramSocket. Group 239.255.43.21:5555. WifiManager.MulticastLock in Kotlin for reliability.
BLE scanning and connection. Works alongside the native Classic BT EventChannel without conflict.
A timed walkthrough of every major feature.
Open app, sign in with Google. Start BLE + Classic scan. Devices appear live with NEW banner, RSSI, device class icons, and suspicious flag.
Tap a device — show MAC address, Bluetooth class (headset = 🎧), RSSI strength, first-seen timestamp, and the suspicious auto-detection reasoning.
Tap ⚡ on a Classic BT device → select L2CAP mode → Start. Live attack log scrolls with PSM=1 connection attempts. Device becomes unresponsive.
Tap the BLE Spam FAB → nearby iPhones show "AirPods detected" pop-ups, Galaxy phones show pairing prompts. Demonstrate area-wide disruption.
Open Room Map. Three teachers at different corners. BLE earbud localizes between them with a colored dot, uncertainty circle, and RSSI per teacher.
Explain: L2Fuzz (L2CAP), CVE-2020-0022 (BlueFrag), KNOB attack (entropy reduction), BIAS (role switching), GATTacker (BLE MITM). Show it's grounded in published security research.
Export the session report to clipboard. Show located coordinates. The scan continues live in the background.