TraceLock is a defensive, passive RF telemetry platform for multi-domain wireless awareness. This public repository is a redacted overview that demonstrates detection engineering and evidence-grade logging without exposing sensitive methods or operational details.
- Passive signal observation across Wi-Fi, BLE, SDR, GPS, and ADS-B
- Evidence-grade logging with integrity checks and structured outputs
- Detection engineering focused on correlation, not active interference
- Wi-Fi (beacons, probe patterns, rogue AP indicators)
- BLE (advertisement density, device class patterns)
- SDR (wideband spectrum context)
- GPS (signal quality anomalies)
- ADS-B (aircraft proximity context)
flowchart LR
Sensors[Passive Sensors] --> Normalizer[Signal Normalizer]
Normalizer --> Correlator[Multi-Domain Correlation]
Correlator --> Evidence[(Evidence Store)]
Correlator --> Detections[Detection Rules]
Detections --> Reports[Reports + Exports]
sequenceDiagram
participant Capture
participant Normalize
participant Store
participant Report
Capture->>Normalize: Raw observations
Normalize->>Store: Structured logs + hashes
Store-->>Report: Summary + findings
- Baseline drift: density spikes, time-of-day anomalies, out-of-pattern device classes
- Rogue infrastructure: beacon mismatches, duplicate identifiers, unexpected SSID profiles
- Signal health: RF noise shifts, spectrum saturation events, GPS quality anomalies
- Proximity context: ADS-B activity correlated to local RF changes
Fields used in structured logs (values are redacted or synthetic in public artifacts):
| Field | Type | Purpose |
|---|---|---|
scan_id |
string | Unique run identifier |
window_utc |
string | Capture time range |
domain |
string | wifi, ble, sdr, gps, adsb |
observation_count |
number | Volume summary |
alert_count |
number | Detection count |
summary |
string | Human-readable finding |
severity |
string | low, medium, high |
action |
string | Recommended next step |
integrity |
object | Hashes + manifest pointer |
- Capture passive observations within authorized scope.
- Normalize and log with integrity metadata.
- Correlate signals across domains to reduce false positives.
- Produce a short, decision-ready report with recommended actions.
- Update baselines and document outcomes for auditability.
examples/trace-lock-scan-summary.jsonexamples/detection-report.mdexamples/sample-executive-brief.md
This public overview mirrors a private repo with automated workflows:
- CI: lint + smoke tests for core modules
- Gates: compile checks and basic entrypoint validation
- Hygiene: dependency install and runtime guards
- Defensive-only, passive observation
- No jamming, no interference, no device targeting
- No real device identifiers or addresses in public artifacts
- No MACs, SSIDs, GPS coordinates, or device IDs.
- No operational timelines tied to real locations.
- No implementation details that enable active interference.
This is a public-safe overview. Do not use as a production system. No sensitive data or operational details are included.