📊 Optimal Package Summary
| Category | Device | Budget | Timeline |
|---|
| SIGINT / RF | Portable SDR Scanner | IDR 1,500,000 | 1 week |
| WiFi Intel | Passive WiFi Probe Unit | IDR 800,000 | 3 days |
| IoT / RF | Universal RF Replay Device | IDR 500,000 | 3 days |
| OSINT | Phone Number Intelligence Box | IDR 1,200,000 | 1.5 weeks |
| OSINT | Social Media Account Mapper | IDR 500,000 | 1 week |
| AI Vision | Face Recognition Intelligence Unit | IDR 1,500,000 | 2 weeks |
| Covert | Realtime GPS Tracker × 3 units | IDR 1,800,000 | 1 week |
| Covert | Covert Audio Recorder × 3 units | IDR 1,200,000 | 3 days |
| Covert | LAN Network Tap (Passive MITM) | IDR 500,000 | 3 days |
| TOTAL | IDR 9,500,000 | 6–7 weeks |
📡
SIGINT / RF Intelligence Devices
3 devices
A portable unit for real-time radio frequency spectrum monitoring in field operations. Designed for operators who need to detect active communications at a target location. The unit is housed in a shock-resistant enclosure and runs entirely on internal battery — no internet connection required.
🔧 Hardware
RTL-SDR v3 + Raspberry Pi 4 (4GB RAM) + 7" touchscreen + 10,000mAh battery pack + telescopic antenna
💻 Software
GNU Radio, GQRX, SDR#, custom Python spectrum logger & automated alert system
⚙️ Core Functions
Real-time spectrum scan 500kHz–1.75GHz • Timestamped logging of active frequencies with optional GPS tagging • Automatic detection of new signals with audio alerts • Export logs to CSV/JSON for further analysis
🎯 Operational Use Cases
Monitoring radio communications at an area of operation • Detecting unauthorized or illegal transmitters • Pre-operation frequency mapping • Drone detection via control-link RF signature
ℹ️ Fully PASSIVE — listens only, emits no signal whatsoever. Legally deployable in authorized intelligence operations.
An advanced RF platform with full TX/RX capability using the HackRF One. Suited for deep analysis of target communications including weak-encryption demodulation, frequency hopping detection, and replay attacks against protocols that do not employ challenge-response authentication. Paired with a directional Yagi antenna for extended range.
🔧 Hardware
HackRF One clone + Laptop / Mini PC + 14dBi Yagi directional antenna + IP54 field case
💻 Software
GNU Radio, GQRX, Universal Radio Hacker (URH), custom Python decoders
⚙️ Core Functions
TX/RX coverage 1MHz–6GHz • Replay attack against unencrypted signals (remotes, alarms, etc.) • Modulation analysis: AM/FM/FSK/PSK/OOK • Frequency hopping pattern detection • Offline session recording and playback
🎯 Operational Use Cases
In-depth target communications analysis • Security testing of agency communication devices • Long-range interception of unencrypted signals • Reverse-engineering of proprietary IoT device protocols
⚠️ TX capability must only be used with a clear legal mandate from the authorizing agency.
A triangulation system for physically locating the source of a radio signal. Uses a 4-element antenna array processed simultaneously to compute a bearing. With two or more DF units deployed at different positions, the precise coordinates of a transmitter can be determined and overlaid on a map in real time.
🔧 Hardware
4× RTL-SDR + Raspberry Pi 4 + omnidirectional antenna array + GPS Neo-8M + 10" display + field enclosure
💻 Software
Kraken SDR software, custom bearing calculator (Python), offline GPS map overlay (Leaflet.js)
⚙️ Core Functions
Bearing calculation to signal sources within 5km • Simultaneous triangulation with 2+ units • Real-time bearing and estimated location on offline map • Bearing history log for transmitter movement pattern analysis
🎯 Operational Use Cases
Locating unauthorized or illegal radio transmitters • Tracking mobile transmitters • Counter-surveillance operations (locating hidden bugs/transmitters) • Hunting suspicious RF sources in sensitive areas
ℹ️ Optimal accuracy within 5km radius. Requires field calibration prior to deployment. Minimum 2 units needed for full triangulation.
📶
WiFi / Bluetooth Intelligence
3 devices
A compact unit that passively harvests WiFi probe requests broadcast by every nearby device. Every smartphone, laptop, and IoT device automatically transmits probe requests containing a list of previously connected SSIDs — this data enables device fingerprinting, presence tracking, and crowd intelligence without any active transmission.
🔧 Hardware
Raspberry Pi Zero 2W + Alfa AWUS036ACH + 10,000mAh battery + 64GB MicroSD + custom enclosure (power bank form factor)
💻 Software
Python/Scapy probe sniffer, SQLite database, Flask analytics dashboard, CSV export
⚙️ Core Functions
Capture probe requests without transmitting any packets • Log MAC + SSID history + timestamp + RSSI + vendor lookup • Estimate unique device count per hour • Detect MAC randomization patterns • Correlate target presence using known MAC addresses
🎯 Operational Use Cases
Confirming target presence at a specific location (if MAC is known) • Crowd intelligence at public venues • Profiling WiFi networks frequently visited by a target • Detecting target location routine patterns
ℹ️ Fully PASSIVE. Unit can be concealed as a standard power bank. Zero signal transmission.
An active platform that creates a rogue access point mimicking a legitimate target network. The unit sends deauthentication frames to disconnect targets from the real AP, then presents an identical SSID. Reconnecting targets can be redirected to a spoofed captive portal for credential capture, or subjected to full MITM traffic analysis.
🔧 Hardware
Raspberry Pi 4 + 2× Alfa AWUS036ACH + 20,000mAh battery + 9dBi high-gain antenna
💻 Software
Hostapd, dnsmasq, custom Flask captive portal, SSLstrip2, Bettercap, credential logger
⚙️ Core Functions
Deauth targets from legitimate AP • Host rogue AP with matching SSID and BSSID • Redirect all HTTP traffic to a cloned login portal • Capture plaintext credentials • MITM traffic analysis for unencrypted protocols
🎯 Operational Use Cases
Credential collection in operations with formal legal authorization • WiFi security assessment of client facilities • Security awareness testing for agency personnel • Capturing session cookies from internal apps lacking HTTPS
⚠️ WARNING: Deploy only with an explicit legal mandate. Unauthorized use violates applicable electronic crimes legislation.
A dedicated Bluetooth Classic and BLE scanner for detecting, identifying, and tracking nearby devices. BLE is used by hundreds of device categories — smartwatches, TWS earbuds, fitness trackers, asset beacons, laptops — all of which can be fingerprinted and tracked without pairing or any active interaction.
🔧 Hardware
Raspberry Pi 4 + Ubertooth One (Bluetooth sniffer) + 2.4GHz directional antenna
💻 Software
Ubertooth tools, BlueHydra, custom BLE advertisement parser (Python), device database lookup
⚙️ Core Functions
Passive BLE advertisement capture without pairing • Device fingerprinting via MAC + device name + service UUIDs + manufacturer data • RSSI-based proximity estimation (±1–3 meters) • Logging unique devices with presence timeline
🎯 Operational Use Cases
Target tracking via recognized BLE devices (earbuds, watch) • Detecting covert AirTag / BLE trackers in vehicles or objects • IoT device profiling at target premises • Correlating target presence via earphone or smartwatch RF signature
ℹ️ Modern iOS and Android use BLE MAC randomization. Advanced fingerprinting combines manufacturer data + service UUID for more reliable cross-session tracking.
🏠
IoT Assessment & RF Replay Tools
3 devices
A tool for monitoring and analyzing smart building device communications using Zigbee (2.4GHz) and Z-Wave (868/915MHz) protocols. An increasing number of commercial buildings, hotels, and premium residences in Indonesia rely on these protocols for smart locks, motion sensors, cameras, and automation systems — all of which can be analyzed and, in certain conditions, manipulated.
🔧 Hardware
CC2531 USB dongle (Zigbee sniffer) + CC1352P (dual-band Zigbee/Z-Wave) + Laptop
💻 Software
Zigbee2MQTT, Wireshark with Zigbee dissector, Z-Wave JS, custom packet analyzer
⚙️ Core Functions
Real-time Zigbee/Z-Wave traffic capture and decode • Command analysis (lock/unlock, on/off, sensor trigger) • Network device enumeration • Replay commands against devices without encryption
🎯 Operational Use Cases
Target building security assessment (smart locks, access control) • Zigbee alarm sensor analysis • Full smart home ecosystem mapping • Vulnerability probing prior to physical entry
ℹ️ Very low hardware cost. Zigbee mesh is widely deployed in mid-to-high-end buildings across Indonesia.
A cigarette-box-sized multipurpose device for capturing and replaying RF signals in the 315/433/868MHz range used by gate remotes, car alarms, older car key fobs, AC remotes, and hundreds of other consumer wireless products. Features an OLED display for real-time feedback and a built-in LiPo battery.
🔧 Hardware
CC1101 transceiver + ESP32 (controller) + 0.96" OLED display + 1,000mAh LiPo battery + custom PCB + 3D-printed case
💻 Software
Custom Arduino/ESP32 firmware: auto frequency scanner, raw capture, replay mode, OOK/ASK/FSK signal analyzer, fixed-code brute-forcer
⚙️ Core Functions
Automatic RF signal scan and capture • Demodulate OOK/ASK/FSK encoding • Store up to 100 signals in flash memory • One-button physical signal replay • Fixed-code brute-force (non-rolling-code targets)
🎯 Operational Use Cases
Physical access to gated areas in authorized operations • Access control system security assessment • Vehicle assessment (non-rolling-code keys) • Cloning alarm or sensor remotes without damaging source hardware
ℹ️ Cigarette-box form factor — easily concealed. Can be extended with Flipper Zero-style firmware for additional protocol support.
An appliance that automatically discovers all IP cameras on the target network, fingerprints make/model/firmware, then attempts default credentials and known CVE exploits. Output is a comprehensive report including successfully accessed camera feeds — with auto-captured screenshots as evidence.
🔧 Hardware
Raspberry Pi 4 / Mini PC + Ethernet adapter + dual-band WiFi adapter
💻 Software
Masscan, Nmap (RTSP/HTTP scanning), 500+ brand default credential database, Metasploit IP cam modules, ffmpeg auto-screenshot capture
⚙️ Core Functions
Network-wide IP camera discovery • Fingerprinting of make, model, and firmware version • Credential brute-force using 500+ brand default password database • CVE exploitation via Metasploit modules • Auto-screenshot of accessible feeds • HTML report with evidence
🎯 Operational Use Cases
Physical security assessment of target buildings • Mapping camera blind spots accessible without authorization • Evidence collection via CCTV feeds • Identifying undeclared cameras on target networks
ℹ️ Credential database covers 500+ popular camera brands in Indonesia (Hikvision, Dahua, Hanwha, Axis, CP-Plus, and more).
🔍
OSINT & Data Intelligence
3 devices
An OSINT appliance that accepts one or more phone numbers as input and automatically generates a complete target profile from dozens of open sources. A local web dashboard lets non-technical operators run queries directly from a browser — no coding knowledge required.
🔧 Hardware
Mini PC (Intel N100, 8GB RAM) or Raspberry Pi 4 + 256GB SSD + display or browser access over local network
💻 Software
Custom Python aggregator: Truecaller API, GetContact scrape, Telegram reverse lookup, breach DB search, social media cross-reference, Flask dashboard, PDF export
⚙️ Core Functions
Phone number → owner name, profile photo, all linked social accounts (IG/FB/TikTok/Telegram/WA), breach/leak history, alternative numbers, carrier registration location, contact network analysis • Batch processing: hundreds of numbers at once
🎯 Operational Use Cases
Rapid target identification from a field-obtained phone number • Mapping a target's communication network • Identity verification of informants or suspects • Building a complete pre-operation target profile
ℹ️ All queries use open-source APIs and scraping. Does not touch telecom operator infrastructure. Can operate fully offline after initial setup.
An automation tool for mapping all social media accounts linked to a single identity. Uses cross-platform correlation techniques to surface accounts using different handles but linkable via writing patterns, profile photos, post timing, and mutual connections. Output is an interactive relationship graph.
🔧 Hardware
Laptop / Mini PC (software-heavy, minimal hardware requirements)
💻 Software
Sherlock, Maigret, custom scrapers for IG/FB/TikTok/Telegram/X/LinkedIn, D3.js or Maltego CE graph visualization, NLP fingerprint matching
⚙️ Core Functions
Username/number/email → all active accounts across 50+ platforms • Cross-account connection analysis (mutual followers, co-tags) • Export interactive relationship graph for briefings • Scheduled monitoring with new-post alerts • Automated content archiving before deletion
🎯 Operational Use Cases
Complete digital footprint mapping of a target • Preparation for platform takedown requests (requires linked-account evidence) • Target online activity evidence gathering • Identifying anonymous accounts connected to a target
ℹ️ Relationship graph visualization simplifies presenting findings to non-technical leadership. Graphs can be exported as PNG or PDF.
A deep-learning-based face matching unit that compares faces from photos or video against a locally enrolled database. Supports real-time identification via live camera feed, offline photo analysis from OSINT sources, and field identity verification. All inference runs fully offline — no cloud connectivity required.
🔧 Hardware
Raspberry Pi 4 (8GB) / Mini PC + 8MP camera / 1080p USB cam + SSD for model & face database + 7" display
💻 Software
InsightFace (ArcFace model) / DeepFace, custom enrollment pipeline, SQLite face-vector database, Flask real-time dashboard, alert system
⚙️ Core Functions
Enroll face to local database from a single photo • Match faces from photos / video / live camera stream • Output: confidence score % + enrolled identity + detection timestamp • Auto-screenshot log of all detections • Bulk enrollment from OSINT photo folders
🎯 Operational Use Cases
Identifying individuals from OSINT photos or CCTV screenshots • Real-time field identity verification • Monitoring target presence at a specific point • Matching faces from video recordings against a suspect database
ℹ️ InsightFace ArcFace accuracy >99.4% on LFW benchmark. Field performance depends on source image quality. Runs fully offline — no data leaves the device.
🕵️
Covert Collection Devices
3 devices
An ultra-compact voice-activated audio recorder based on the ESP32-S3 with built-in Voice Activity Detection (VAD). Records only when sound exceeds a configurable threshold — saving storage and simplifying review. Form factor is fully flexible: can be disguised as a USB charger adapter, jacket button, or any everyday object.
🔧 Hardware
ESP32-S3 + INMP441 MEMS microphone (I2S) + MicroSD slot + 500mAh LiPo battery + custom 3D-printed enclosure
💻 Software
Custom ESP32 firmware: configurable VAD threshold, MP3/WAV encoder, per-session timestamping, optional WiFi silent upload when in range of a known AP
⚙️ Core Functions
Voice-activated recording for power and storage efficiency • Continuous mode for uninterrupted capture • Accurate timestamp per recording session • Audio quality: 16kHz/24-bit (sufficient for full speech intelligibility) • Optional silent WiFi upload to a server when in known AP range • LED status indicator concealed inside enclosure
🎯 Operational Use Cases
Recording meetings in authorized covert operations • Long-duration room monitoring • Conversation evidence documentation • Vehicle deployment powered from USB port
ℹ️ 48–72 hour battery life in VAD/triggered mode. Enclosure form factor is fully customizable per operation. Individual units producible within 1 day once PCB is available.
A compact GPS tracker with realtime 4G LTE transmission. Equipped with a strong neodymium magnet for rapid concealed attachment to vehicle undersides, IP67 waterproofing, and an aggressive sleep mode to maximize battery life. A web dashboard displays live tracking on a map with 30-day history and automatic geofence alerts.
🔧 Hardware
SIM7600 (4G LTE Cat-1) + GPS Neo-8M + ESP32 + 3,000mAh LiPo battery + IP67 waterproof case + N52 neodymium magnet
💻 Software
Custom ESP32 firmware: configurable MQTT reporting (10s–1hr intervals), geofence engine, auto-sleep when idle, OTA update • Web dashboard: Leaflet.js map, track history, geofence config, Telegram bot alerts
⚙️ Core Functions
Realtime GPS with 2–3m accuracy • Position reporting via MQTT/HTTPS to server or Telegram bot • Geofence alerts when target enters or exits defined areas • 30-day travel history with polyline visualization • Auto-sleep when vehicle is stationary (10× power saving) • Speed and heading logging
🎯 Operational Use Cases
Long-term vehicle surveillance of a target • Agency asset movement monitoring • Friendly team tracking in the field • GPS movement evidence for legal proceedings
ℹ️ 7–14 day battery life depending on reporting interval. IP67 rated. Final dimensions approx. 8×5×3 cm. A standard prepaid SIM is sufficient for data costs.
A very small inline device inserted between a LAN cable and the target endpoint. Completely transparent to the network — does not alter traffic, modify MAC addresses, or generate any packets of its own. Duplicates all passing traffic for silent analysis. Can run from Power over Ethernet or a compact internal battery, requiring no additional suspicious power sources.
🔧 Hardware
Raspberry Pi Zero 2W + 2× USB-to-Ethernet adapters (bridge mode) + 128GB MicroSD + compact 2,000mAh battery (optional PoE splitter)
💻 Software
Linux transparent bridge, background tcpdump, custom parser: HTTP/FTP/Telnet/POP3/SMTP/DNS credential extractor, file reconstruction engine, suspicious traffic auto-flagging
⚙️ Core Functions
100% inline passive packet capture — fully transparent • Auto-extract credentials from unencrypted protocols: HTTP basic auth, FTP login, Telnet sessions, POP3/SMTP email • Complete DNS query logging (maps all visited domains) • Reconstruct transferred files (FTP/HTTP) • Detect and flag suspicious traffic (C2, tunneling) • Auto-dump to MicroSD every hour
🎯 Operational Use Cases
Monitoring a target organization's internal network • Capturing credentials from legacy systems not using HTTPS/SFTP • DNS-based activity mapping • Network activity evidence gathering • Monitoring printers or IoT devices on the target network
ℹ️ Final device dimensions: ~6×4×2 cm. Can be installed behind a patch panel, inside a false outlet cover, or bundled in a cable run. Not detected by standard network scanners.