ESP32 CYD firmware for detecting Bluetooth Low Energy devices that may compromise privacy or be used in targeted surveillance attacks.
BLEPTD is a portable BLE surveillance detection platform that runs on the ESP32-based "Cheap Yellow Display" (CYD). It detects and identifies:
- Tracking Devices - AirTags, Tile, SmartTags, Chipolo, Flipper Zero, etc.
- Smart Glasses - Meta Ray-Ban, Snap Spectacles, Echo Frames
- Medical Devices - CGMs, insulin pumps, pacemakers (for VIP security assessments)
- Wearables - Smartwatches, fitness trackers
- Audio Devices - Wireless earbuds, headphones
- Real-time BLE scanning with signature-based device identification
- 128-bit UUID detection for devices like Flipper Zero
- Interactive touchscreen UI for field operation
- Category filtering to focus on specific device types
- TX Simulation mode for testing and countermeasures
- Confusion mode to generate false positives
- Power save mode - screen auto-off after 5 min idle, wakes on new detection
- Serial command interface for automation and logging
- JSON output for integration with other tools
- ESP32 "Cheap Yellow Display" (CYD) 2.8"
- ESP32-WROOM-32 module
- 2.8" ILI9341 TFT LCD (320x240)
- XPT2046 resistive touchscreen
- MicroSD card slot
Available on AliExpress for ~$10-15 USD.
- PlatformIO (recommended) or Arduino IDE
- USB-C cable
- CH340 USB drivers (if not already installed)
# Clone the repository
git clone https://github.com/haxorthematrix/BLEPTD.git
cd BLEPTD
# Build and upload with PlatformIO
pio run -t upload
# Monitor serial output
pio device monitor- Install ESP32 board support via Board Manager
- Install TFT_eSPI library
- Copy
User_Setup.hfromlib/TFT_eSPI/to your TFT_eSPI library folder - Open
src/main.cpp, rename to.ino - Select "ESP32 Dev Module" board
- Upload
The device has four main screens accessible via the bottom navigation bar:
- SCAN - View detected devices with RSSI and category indicators
- FILTER - Enable/disable device categories
- TX - Transmit simulated BLE advertisements
- SETTINGS - Configure scan parameters, serial output, display
Connect at 115200 baud. Available commands:
HELP - Show command list
VERSION - Firmware version
STATUS - Current operational status
SCAN START - Begin BLE scanning
SCAN STOP - Stop scanning
SCAN CLEAR - Clear detected devices
SCAN LIST - List all detected devices
FILTER SET <category> <on|off>
JSON <on|off> - Toggle JSON output mode
POWERSAVE STATUS - Show power save status
POWERSAVE ON|OFF - Enable/disable power save
POWERSAVE TIMEOUT <sec> - Set idle timeout (10-3600s)
POWERSAVE WAKE - Wake screen immediately
Power save settings are stored in /config.txt on SPIFFS:
powersave_enabled=true
powersave_timeout_sec=300
Upload config with: pio run -t uploadfs
Human-readable:
[12345] DETECT AirTag (Registered) MAC=AA:BB:CC:DD:EE:FF RSSI=-42 CAT=TRACKER
[12456] DETECT Meta Ray-Ban MAC=11:22:33:44:55:66 RSSI=-58 CAT=GLASSES
JSON mode:
{"event":"detect","ts":12345,"device":"AirTag (Registered)","mac":"AA:BB:CC:DD:EE:FF","rssi":-42,"category":"TRACKER","company_id":"0x004C"}| Category | Color | Description |
|---|---|---|
| TRACKER | Red | Location tracking devices |
| GLASSES | Orange | Camera-equipped smart glasses |
| MEDICAL | Yellow | Medical/health devices |
| WEARABLE | Blue | Smartwatches, fitness bands |
| AUDIO | Magenta | Wireless earbuds/headphones |
BLEPTD identifies devices using multiple BLE advertisement fields:
- Company Identifier - 16-bit Bluetooth SIG assigned ID in manufacturer-specific data
- Payload Patterns - Signature byte sequences at specific offsets
- 16-bit Service UUIDs - Standard BLE service identifiers
- 128-bit Service UUIDs - Custom service identifiers (e.g., Flipper Zero)
- Device Name Matching - Case-insensitive pattern matching
This approach works even when devices use randomized MAC addresses.
Signatures can be added via serial command:
SIG ADD {"name":"Custom Device","category":"TRACKER","company_id":"0x1234","threat_level":3}
Or by editing src/detection/signatures.h and rebuilding.
This tool is intended for:
- Personal privacy protection
- Authorized security assessments
- Security research and education
- Penetration testing with written authorization
WARNING: Transmitting BLE advertisements that impersonate other devices may violate local regulations. Use TX/confusion features only in controlled environments with proper authorization.
Contributions welcome! Especially:
- New device signatures (open an issue with company ID and payload data)
- UI improvements
- Additional detection methods
- Documentation
- Inspired by CYD_ESP32-AirTag-Scanner
- Nearby Glasses for smart glasses detection research
- ESP32 Cheap Yellow Display community
MIT License - See LICENSE file.