📋 Feature Documentation

🏠 Dashboard

The home page provides a real-time overview of your device status and direct modem access.

System Stats

Displays key metrics at a glance:

Signal Strength - Cellular signal quality with dBm reading
Connected Clients - Number of devices on your hotspot
Data Usage - Total downloaded and uploaded bytes
Cell Tower - Current LAC/CID of connected tower
Uptime - Time since last boot (e.g., "1d 2h 30m")

AT Command Interface

Send raw AT commands directly to the modem. Examples:

Command	Description
`ATI`	Display modem information
`AT+CSQ`	Check signal strength
`AT+COPS?`	Current network operator
`AT+CREG?`	Network registration status
`AT+CGSN`	Get IMEI number
`AT+CIMI`	Get IMSI number

🌐 Network Analysis

View detailed network information and manage TTL settings.

Magic TTL Fix

Set a custom TTL (Time To Live) value for outgoing packets. This helps mask hotspot traffic from carriers that detect tethering.

💡 Tip: A TTL of 65 is commonly used to disguise hotspot traffic as direct phone traffic.

Interfaces

Shows all network interfaces with their IP addresses, similar to running ip addr.

Clients

Displays the ARP table showing all devices connected to your hotspot, including their MAC and IP addresses.

Connections

Active TCP/UDP connections through the device, showing source, destination, and connection state.

🔒 Privacy Tools

Protect your identity and block unwanted content.

MAC Spoofing

Change your device's MAC address to avoid tracking. Enter a new MAC in the format XX:XX:XX:XX:XX:XX.

⚠️ Note: This temporarily brings the WiFi interface down, which may disconnect clients briefly.

AdBlock

Enable DNS-level ad blocking by redirecting known ad domains to 0.0.0.0 via the hosts file. This affects all devices connected to the hotspot.

Currently blocks:

doubleclick.net

The hosts file can be extended by adding more domains to /data/hosts.

📱 SMS Manager

Send text messages using the hotspot's cellular modem.

Sending Messages

Enter a phone number (with country code for international) and your message. The firmware uses AT commands to queue the SMS.

Viewing Inbox

To view received messages, use the stock Orbic portal at:

http://192.168.1.1/common/shortmessage.html

💡 Reply Feature: When clicking reply from the inbox link, the phone number will be pre-filled in the send form.

🔧 Hacking Tools

Network reconnaissance and defense utilities.

📡 IMSI Catcher Detector

Enhanced cell info display with anomaly detection for fake cell towers (IMSI catchers / Stingrays).

Displays in styled info cards:

Operator - Carrier name with MCC/MNC codes
Signal Strength - Percentage, dBm, and CSQ with color coding
Network Type - LTE/GSM/WCDMA via AT+QNWINFO
Cell Tower - LAC and CID values
IMEI/IMSI - Device and SIM identifiers

Anomaly Detection

Automatic warnings for potential IMSI catcher activity:

⚠️ Unusually strong signal (> -50 dBm)
⚠️ 2G-only connection (common IMSI catcher tactic)

⚠️ Disclaimer: This is a basic detector. Professional IMSI catchers may not be detected.

🔍 Port Scanner

Scan a target IP address for open ports. Enter the target IP and a comma-separated list of ports to scan.

Example: 192.168.1.1 with ports 22,80,443,8080

Uses netcat under the hood for connection testing.

🛡️ Firewall Manager

Manage iptables rules through a simple interface.

Block IP - Add a DROP rule for incoming traffic from the specified IP
Unblock IP - Remove the DROP rule for the specified IP

Current INPUT chain rules are displayed below the forms.

📍 Pi GPS Tracker

GPS data comes exclusively from the Raspberry Pi companion device - no browser geolocation or cell tower lookups.

Pi-Only GPS

The GPS page now shows only data from the Pi companion:

✓ Green = GPS fix active (with source and coordinates)
⏳ Yellow = Waiting for Pi GPS...

💡 Setup: Run dagshell_companion.py on your Pi with a GPS USB dongle.

Auto-Refresh

The GPS status automatically refreshes every 5 seconds. No manual interaction needed.

GPS JSON API

Access GPS data programmatically via:

https://192.168.1.1:8443/?cmd=gps_json

Returns JSON: {"has_fix":1,"lat":"...","lon":"...","source":"Browser GPS"}

🥧 Pi Companion

The Raspberry Pi companion extends DagShell's wardriving capabilities with dedicated sensors.

Hardware

Raspberry Pi 3B+ or newer (Zero lacks USB power)
GPS USB Dongle - U-Blox7 recommended
Bluetooth Adapter - Built-in or USB (Kinovo BTD400)
WiFi Adapter - External USB for scanning (AC600)

Remote Control

Control Pi scanning from the Orbic web UI:

▶ Start BT Scan - Begin Bluetooth scanning on Pi
⏹ Stop BT Scan - Stop Bluetooth scanning
Status Display - Shows scanning/idle state

Data Collection

Data Type	Source	Output File
WiFi Networks	Pi wlan1 adapter	wardrive_*.csv
Bluetooth Devices	Pi BT adapter + OUI lookup	wardrive_bt_*.csv
GPS Coordinates	Pi USB GPS (ECEF auto-conversion)	(used for all logs)

OUI Manufacturer Lookup

Bluetooth devices are automatically looked up against the OUI Master Database:

Prefix-based API - Downloads only the needed prefix files on demand
Cached locally - Stored in /tmp/oui_cache/ for 30 days
Random/Private detection - Identifies locally administered MAC addresses

ECEF GPS Conversion

For u-blox GPS modules that output ECEF (Earth-Centered, Earth-Fixed) coordinates instead of standard lat/lon, the companion automatically converts to geodetic coordinates using WGS84.

Setup & Auto-Start

# On Raspberry Pi:
chmod +x setup.sh && ./setup.sh   # Installs deps + enables auto-start
sudo systemctl start dagshell-companion  # Start now (or reboot)

The setup script installs a systemd service that automatically starts the companion on boot.

# Service management:
sudo systemctl status dagshell-companion  # Check status
sudo journalctl -u dagshell-companion -f  # View logs
sudo systemctl disable dagshell-companion # Disable auto-start

💡 Tip: Connect Pi to Orbic via USB gadget mode for reliable connectivity.

Deauth Attacks

Launch WiFi deauth attacks from the Orbic Scan page using the Pi's external WiFi adapter:

💀 Deauth Once - Single deauth burst on selected networks
🔄 Continuous - Persistent deauth loop until stopped
⏹ Stop - Stop continuous attacks

⚠️ Required: External WiFi adapter (wlan1) that supports monitor mode.

📶 Wardriver

Scan and log WiFi networks in Wigle-compatible CSV format with GPS coordinates.

Automatic GPS Waiting

The wardrive loop will wait for a GPS fix before starting to scan. This ensures all logged networks have valid coordinates (no 0,0 entries).

💡 Tip: Keep a browser page open on your phone to provide continuous GPS updates to the device.

Single Scan

Performs a one-time WiFi scan using wlan1 and displays discovered networks with BSSID, SSID, RSSI, and encryption type.

Wardrive Loop

Starts continuous scanning in the background (every 5 seconds), logging new networks to a timestamped CSV file in /data/. Each scan uses the current GPS coordinates.

Browser-Based Wigle Upload

Upload wardrive files directly to Wigle.net from the Files page:

Click the Upload button next to any wardrive CSV
Your browser downloads the file and uploads to Wigle API
On success, the file is automatically deleted

💡 Setup: Configure your Wigle API Name and Token in Settings.

CSV Format

Logs are saved in Wigle-compatible format:

MAC,SSID,AuthMode,FirstSeen,Channel,RSSI,Lat,Lon,Alt,Accuracy,Type

📁 File Explorer

Browse, download, upload, and delete files from the device's /data/ directory.

Multi-Select Operations

Use checkboxes to select multiple files, then:

Delete Selected - Remove multiple files at once
Download Selected - Download multiple files sequentially

Quick actions: Select All / Select None buttons for convenience.

Download Files

Click the "📥" button to download any file from the device. File sizes are shown in KB/MB format.

Upload to Wigle

Wardrive CSV files have an "Upload" button that uploads directly to Wigle.net through your browser. The file is automatically deleted on successful upload.

Delete Files

Remove files using the "🗑️" button or select multiple and use batch delete.

💻 Web Terminal (SHELL)

Execute shell commands directly on the device through the web interface.

Enter any Linux command and see the output. Useful for:

Checking system status (ps aux, df -h)
Viewing logs (cat /var/log/messages)
Network diagnostics (ip addr, netstat)
Advanced troubleshooting

⚠️ Caution: This provides root shell access. Use carefully.

📞 USSD Executor

Send USSD codes to check account balance, activate plans, or access carrier services.

Enter a USSD code (e.g., *#06#, *100#) and submit.

Uses AT+CUSD command to communicate with the carrier network.

📊 Data Usage Monitor (USAGE)

Track cellular data usage per session with historical logging.

Current Session

Displays real-time data usage with styled cards:

Downloaded - Total bytes received (↓)
Uploaded - Total bytes sent (↑)
Total - Combined usage
Session Duration - Time since boot

Usage History

Save sessions to build a usage history over time:

💾 Save Session - Log current usage to history file
View historical data in a table with running totals
🗑️ Clear History - Reset all historical data

👥 Connected Clients (CLIENTS)

Track devices that connect to your hotspot.

Displays a list of clients with their MAC addresses, IP addresses, and connection times.

Client connections are logged to /data/client_log.txt for historical reference.

⚙️ Settings Persistence

Configure DagShell options that persist across reboots.

Saved Settings

Default TTL - Applied automatically on boot
Spoofed MAC - Applied automatically on boot
Wigle API Credentials - For automatic wardrive uploads
OpenCellID Token - For cell tower GPS lookups

Settings are stored in /data/dagshell_config and applied by the boot script.

⚙️ Technical Details

Architecture

DagShell is a single-threaded HTTPS server written in C. It listens on port 8443 and serves dynamically generated HTML pages.

Modem Communication

AT commands are sent through /dev/smd8 (shared memory device). The port is opened with retries to handle busy states.

Binary Size

The statically-linked ARM binary is approximately 200KB, allowing quick transfer over the network.

Component	Details
HTTPS Port	8443
Modem Port	/dev/smd8
Binary	/tmp/orbic_app
Threading	Single-threaded
Linking	Static (no libc dependency)