📊 New Category Summary (Volume II)
| Category | Devices | Est. Budget |
|---|
| Counter-Surveillance | RF Bug Detector, NLJD, Spectrum Monitor | IDR 4,900,000 |
| RFID / NFC | Multi-Protocol Cloner, Badge Skimmer | IDR 2,100,000 |
| Digital Forensics | Mobile Triage, Disk Imager, Network Forensic Box | IDR 5,300,000 |
| Drone Intel | ISR Drone, Counter-Drone RF Detector | IDR 6,000,000 |
| Secure Comms | LoRa Mesh Radio, Faraday Bag, HW Security Key | IDR 950,000 |
🛡️
Counter-Surveillance & Bug Detection
3 devices
A handheld device for detecting audio bugs and hidden cameras in a room before sensitive meetings. Combines three detection methods: RF emission scanning, infrared lens reflection detection, and signal anomaly analysis. An essential pre-sweep tool for any counter-surveillance team before a high-stakes briefing or negotiation.
🔧 Hardware
ESP32 + TL-07H RF detector module (1MHz–6GHz) + IR sensor for lens detection + OLED display + buzzer + 2,000mAh LiPo battery
💻 Software
Custom firmware: RF threshold alerting, sweep mode, adjustable sensitivity, MicroSD logging
⚙️ Core Functions
RF sweep 1MHz–6GHz with active transmitter alerts • IR lens detection for non-WiFi hidden cameras (effective in low light) • Visual mode: per-frequency signal strength bar graph • Distinct audio alerts for RF vs. camera detections • Sensitivity adjustable to reduce false positives from legitimate devices
🎯 Operational Use Cases
Pre-meeting sweep of conference rooms • Bug detection in official vehicles • Counter-surveillance sweep before field operations • VIP hotel room inspection for senior officials or delegations
ℹ️ Passive camera detection (no WiFi/RF) requires low ambient light conditions. Combine with manual physical inspection for comprehensive coverage.
A low-cost implementation of professional NLJD — a device that transmits a microwave probe signal and detects harmonic responses from semiconductor junctions (transistors, ICs) even when the target device is completely powered off. This is the most reliable method for detecting dormant or sleeping electronic bugs. Commercial NLJD units cost hundreds of millions IDR; this build delivers the core functionality at a fraction of the price.
🔧 Hardware
HackRF One + custom directional probe antenna (horn) + Raspberry Pi 4 + low-noise amplifier (LNA) + shielded coax + portable display
💻 Software
GNU Radio: transmit 920MHz, receive & analyze 1840MHz (2nd harmonic) + 2760MHz (3rd harmonic), threshold detection, anomaly position mapping
⚙️ Core Functions
Transmit 920MHz probe signal at inspected surfaces • Detect harmonic emission at 1840MHz and 2760MHz (only semiconductors respond) • Stronger response from active components (ICs, transistors) vs. passive materials (walls, metal) • Sweep walls, furniture, decorative objects, power outlets • Log area map with flagged anomaly positions
🎯 Operational Use Cases
Deep inspection of VIP rooms, improvised SCIFs, or negotiation venues • Detection of sleeping or powered-off bugs (invisible to standard RF sweep) • Follow-up verification after a negative RF/IR initial sweep • Inspection of furniture or gifts received from unknown parties
⚠️ Requires calibration and operator experience to distinguish false positives (normal electrical components) from actual targets. Operator training recommended before operational deployment.
A permanently installed unit that provides 24/7 continuous RF monitoring of a sensitive room. It automatically learns the room's baseline RF spectrum in its first 24 hours, then issues real-time alerts if any new or anomalous signal appears — indicating a newly installed bug or the presence of a foreign device. No active operator required.
🔧 Hardware
RTL-SDR v3 + Raspberry Pi Zero 2W + indoor omnidirectional antenna + USB-powered (always-on)
💻 Software
Custom Python: FFT-averaged spectrum baseline learning (24hr), isolation forest anomaly detection (ML), Telegram bot alerts, web dashboard with 7-day history
⚙️ Core Functions
Learns unique RF baseline of the room over 24 hours • Real-time alert if a new or abnormal RF signal appears • Web dashboard with 7-day spectrum history • Telegram bot notification with annotated spectrum screenshot and timestamp • Daily automated status report: normal or anomaly detected
🎯 Operational Use Cases
Passive 24/7 protection of a senior official's workspace • Early detection of adversarial surveillance activity • Fully automated monitoring without a dedicated operator • Detecting newly placed devices when the room was left unattended
ℹ️ Install and forget — runs headless without a monitor. Alerts delivered via Telegram around the clock whenever an anomaly is detected.
💳
RFID / NFC / Physical Access
2 devices
A portable device for reading, analyzing, and cloning RFID/NFC access cards used in building access control, hotel key cards, and identity cards. Supports a wide range of protocols from legacy low-cost cards (EM4100) to semi-modern formats (MIFARE Classic) that remain extremely prevalent across Indonesian commercial buildings.
🔧 Hardware
PN532 NFC module + ACR122U USB reader + ESP32 controller + OLED display + 2,000mAh battery + blank RFID/NFC cards (125kHz + 13.56MHz)
💻 Software
libnfc, nfc-tools, Proxmark3-compatible scripts, custom clone writer firmware, MIFARE Classic nested attack tool
⚙️ Core Functions
Read and decode UID from EM4100, HID Prox 125kHz cards • Read MIFARE Classic (1K/4K), MIFARE Ultralight, NTAG21x • Crack MIFARE Classic sector keys via nested authentication attack • Write UID and sector data to blank cards • Card emulation via NFC-enabled Android (virtual card mode)
🎯 Operational Use Cases
Physical penetration testing of target building access • Cloning access cards during proximate operations • Access control security assessment for client facilities • Entry to restricted areas in physically authorized operations
⚠️ MIFARE Classic is still extremely widespread in Indonesian buildings. MIFARE DESFire AES requires more advanced techniques beyond this build's scope.
A concealed device that silently reads RFID/NFC cards when a target is in close proximity — without the target removing the card from their wallet or pocket. Designed to be hidden inside a bag, clipboard, or everyday object. Captured card data is automatically stored and retrieved wirelessly via Bluetooth to an operator's smartphone.
🔧 Hardware
Long-range RFID reader module (125kHz + 13.56MHz) + ESP32-BLE + 5,000mAh battery + custom flat booster antenna + concealed enclosure (clipboard / bag)
💻 Software
Custom firmware: auto-log all detected card UIDs, deduplication, timestamping, BLE GATT server for wireless export to smartphone — no USB cable needed
⚙️ Core Functions
Read 125kHz card UIDs (EM4100, HID Prox) at 5–30cm range • Read 13.56MHz card UIDs (MIFARE) at 5–15cm range • Auto-log all unique card UIDs (dedup) • Silent operation: no LEDs, sounds, or visual indicators • Wireless BLE data export — no physical cable connection required
🎯 Operational Use Cases
Harvesting access card UIDs during proximate social engineering operations • Access control reconnaissance before physical entry operations • Confirming card type used at a target facility
⚠️ Deploy only within a formal legal mandate. 125kHz read range is greater than 13.56MHz — performance depends on antenna design and target card type.
🔬
Digital Forensics Field Kit
3 devices
An appliance for rapid data acquisition from mobile devices obtained in the field. Extracts data without altering device state (forensically sound acquisition), primarily supporting Android via ADB. Output is compatible with standard forensic tools (Autopsy, Cellebrite-compatible image format) and includes an automated evidence report.
🔧 Hardware
Mini PC / RPi 4 + USB hub + full cable set (USB-C, Lightning, Micro-USB, USB-A) + 1TB external SSD + 13" portable display
💻 Software
ADB + adb-dump automation scripts, Android backup extractor, Frida-server for bypass, Autopsy forensic suite (local), ExifTool metadata analyzer
⚙️ Core Functions
Full Android backup via ADB (apps, chat history, photos, documents, contacts) • WhatsApp and Telegram database extraction (where not fully encrypted) • Call log, SMS, and browser history dump • Photo metadata analysis: embedded GPS location, timestamp, device model • SHA-256 hash per file for chain of custody • Auto-generated HTML report with artifact inventory
🎯 Operational Use Cases
Rapid triage of a suspect device obtained in the field before transport to lab • Digital evidence preservation before device shutdown or remote wipe • Reconstructing a suspect's activity timeline from device data • Extracting contact network for further analysis
ℹ️ Android with USB debugging enabled or unlocked bootloader is most accessible. Modern full-disk encryption (Android 10+) limits at-rest data access. iOS is highly restricted without jailbreak.
A forensic imaging tool for creating bit-for-bit identical copies of seized storage media (HDD, SSD, USB flash drives, MicroSD) without modifying the source. Hardware/software write blocking ensures zero writes to the original media during imaging — maintaining evidence integrity and chain of custody for legal proceedings.
🔧 Hardware
RPi 4 / Mini PC + USB 3.0 hub + hardware write blocker (FastBloc USB or equivalent) + 2TB NVMe SSD (image storage) + portable display
💻 Software
Guymager (forensic imager GUI), dcfldd with progress bar, automatic MD5 + SHA-256 hash verification, Sleuth Kit (file system preview), auto-generated acquisition report
⚙️ Core Functions
Disk imaging at up to 150MB/s (SSD-to-SSD) • E01/raw format output (compatible with Autopsy, FTK, Cellebrite) • Automatic MD5 + SHA-256 before and after imaging for integrity verification • File system preview without full mount (no atime modification) • Auto-generated PDF acquisition report: timestamp, operator, hashes, media size
🎯 Operational Use Cases
Forensic imaging of HDDs/SSDs from suspect computers • Evidential imaging of USB drives or MicroSD cards • Evidence preservation meeting court-admissible standards • Media duplication for parallel analysis without risk to originals
ℹ️ E01 format + SHA-256 hash is the international standard for digital evidence. Matching pre/post hashes proves integrity in court.
A full packet capture appliance for recording and analyzing all network traffic during an investigation window. Rapid field deployment: plug into a switch mirror port or inline between devices — capturing begins within minutes. A local web analysis interface allows investigators to query results immediately without external tools or internet connectivity.
🔧 Hardware
Mini PC (Intel N100, 8GB RAM) + 2× Gigabit Ethernet + 1TB NVMe SSD + cooling fan
💻 Software
Arkime (full packet capture + indexing), Zeek IDS/NSM (protocol parser), local Elasticsearch, Kibana dashboard, NetworkMiner (artifact extraction)
⚙️ Core Functions
Full 100/1000Mbps packet capture to disk with auto-indexing • Auto-parsing of protocols: HTTP, DNS, TLS metadata, SMTP, FTP, SMB, Kerberos • Automatic reconstruction of transferred files (images, documents, executables) • Alerts for connections to known malicious IPs/domains (local threat intel feed) • Interactive query via Arkime web UI — no command line required • Per-session PCAP export for further analysis
🎯 Operational Use Cases
Network incident investigation at target organization • Reconstructing suspect activity on an internal network • Identifying and evidencing data exfiltration • Post-compromise monitoring for persistence mechanisms • Malware C2 communication analysis from captured traffic
ℹ️ 1TB NVMe holds 8–24 hours of full 100Mbps traffic. Capacity expandable via USB 3.0 external SSD. Arkime web UI is highly intuitive for non-technical investigators.
🚁
Drone Intelligence & Counter-Drone
2 devices
A modified quadcopter configured for ISR missions: equipped with 4K visual camera and FLIR thermal camera, encrypted live FPV feed to ground station, and GPS waypoint autopilot. More operationally controllable and customizable than commercial DJI platforms — no telemetry to foreign cloud servers, fully sovereign operation.
🔧 Hardware
5–7 inch frame + Pixhawk 6C flight controller + 4K RunCam + FLIR Lepton 3.5 thermal camera + 1.2GHz 500mW VTX + FPV goggles + 6S 5,000mAh LiPo battery
💻 Software
ArduCopter (Pixhawk), Mission Planner (GPS waypoint automation), QGroundControl, custom local video relay (no cloud telemetry)
⚙️ Core Functions
Encrypted 4K live video feed to ground station, range up to 3km • GPS waypoint autopilot — no continuous manual control required • FLIR thermal camera: detects humans in darkness, smoke, or dense vegetation • Local MicroSD 4K storage for detailed post-flight analysis • No cloud telemetry — fully offline and operationally sovereign
🎯 Operational Use Cases
Area reconnaissance before ground team entry • Aerial target surveillance from a safe standoff distance • Thermal human detection in darkness or covered terrain (night ops) • Wide-area perimeter monitoring impossible to cover with ground teams
⚠️ 20–30 min flight time per battery. Flight above 150m AGL requires DGCA authorization. Recommended for operations with full agency clearance.
A passive RF-based system for detecting adversary drones by analyzing the RF signature of their control links and video feeds. Emits nothing — purely passive listening. Maintains a database of commercial drone RF signatures (DJI OcuSync, Lightbridge, FPV racing frequencies) for automatic identification and bearing estimation of the threat direction.
🔧 Hardware
2× RTL-SDR (dual band 2.4GHz + 5.8GHz) + Raspberry Pi 4 + dual-band directional antennas + GPS module (timestamp & geolocation) + display + battery
💻 Software
Custom Python: DJI/FPV/Autel RF signature database, real-time ML signal classifier, bearing estimator, local web alert dashboard, Telegram bot alerts
⚙️ Core Functions
Detect commercial drone control signals: DJI OcuSync 2/3, Lightbridge, Autel SkyLink, FPV 2.4/5.8GHz • Protocol identification and estimated drone type • Bearing estimation of the incoming control signal direction • Operator alert via dashboard + audio + Telegram bot • Full detection event log with timestamps for incident reports
🎯 Operational Use Cases
Protecting VIP areas, sensitive meetings, or critical venues from aerial surveillance drones • Detecting unauthorized drones in restricted or no-fly zones • Counter-intelligence: detecting adversarial aerial surveillance attempts
ℹ️ RF-based detection cannot intercept fully autonomous drones with no active control link. Optimal in open terrain. For comprehensive coverage, combine with acoustic sensors or micro-radar.
🔐
Secure Communications & Field Encryption
3 devices
An end-to-end encrypted text communications network based on LoRa radio, operating without any cellular infrastructure, WiFi, or internet. Designed for team coordination in dead zones, or situations where cellular communications are considered insecure or actively monitored. Each node automatically acts as a relay, extending network range as a mesh.
🔧 Hardware
ESP32 + LoRa SX1276 module (433MHz or 915MHz) + 1.3" OLED display + optional thumb keyboard + 3,000mAh LiPo battery + 5dBi fiberglass antenna
💻 Software
Meshtastic firmware (open source, AES-256 encrypted, battle-tested globally), custom channel config, silent mode (no LED), store-and-forward relay, optional GPS position sharing
⚙️ Core Functions
AES-256 end-to-end encrypted text between all nodes • 5–15km per hop in open terrain, extendable via relay nodes • Every node automatically relays for other nodes (mesh topology) • No SIM card, WiFi, or internet required • Optional GPS position sharing: all team members visible on shared map • 3–7 day battery life depending on message volume
🎯 Operational Use Cases
Team coordination in areas with no cellular signal • Secure communications when cellular phones are considered compromised or monitored • Emergency backup communications if cellular network is down or jammed • Real-time field team position tracking without internet
ℹ️ Meshtastic is battle-tested by tactical communities and emergency responders worldwide. AES-256 end-to-end encryption means even relay nodes cannot read message content.
A handmade Faraday bag that simultaneously blocks all RF signals: GSM/4G/5G, WiFi, Bluetooth, GPS, and NFC. Used to transport seized digital devices without risk of remote wipe, prevent GPS tracking of a target device, or protect sensitive equipment from RF-based attacks. Can be produced in multiple sizes to fit any device type.
🔧 Hardware
Faraday fabric (copper + nickel layer) from local electronics supplier + 1000D Cordura outer shell + conductive copper zipper + anti-static foam interior + conductive sealing strip
💻 Software
— (hardware only)
⚙️ Core Functions
Minimum -80dB attenuation across all bands: GSM 900/1800, LTE, 5G Sub-6, WiFi 2.4/5GHz, Bluetooth, GPS L1/L2, NFC • Fully blocks remote wipe commands to seized devices • Isolates active GPS tracking on a target device • Attenuation verified using RTL-SDR as QC tool • Available sizes: smartphone, tablet, laptop
🎯 Operational Use Cases
Securing seized devices against remote wipe before forensic acquisition • Transporting evidence devices without risk of remote modification • Isolating operationally sensitive devices from RF-based attacks • Protecting encryption tokens from NFC sniffing
ℹ️ Highly cost-effective to produce in bulk. Faraday fabric available by the meter from electronics component suppliers. Attenuation verified per unit with RTL-SDR for quality assurance.
An ESP32-S3-based hardware security token implementing FIDO2/WebAuthn and TOTP for phishing-resistant two-factor authentication. Protects operational accounts from credential theft even if passwords are compromised. Built in-house — more trustworthy than commercial tokens that may carry supply chain backdoors from foreign vendors.
🔧 Hardware
ESP32-S3 + USB-C connector (USB HID mode) + capacitive touch sensor (physical button) + RGB status LED + epoxy resin enclosure (USB drive form factor)
💻 Software
Custom firmware: FIDO2/CTAP2 compliant (USB HID), TOTP generator RFC 6238, ESP32 flash encryption (secure element emulation), anti-tamper detection, auto-wipe after 10 failed PIN attempts
⚙️ Core Functions
FIDO2 hardware token for phishing-resistant login (no SMS OTP vulnerable to SIM-swap) • 6-digit TOTP generator for all standard 2FA services (Google, Microsoft, etc.) • Pure USB HID — no wireless connection (cannot be sniffed or jammed) • Auto-wipe after 10 failed PIN attempts (brute-force protection) • Open-source firmware — fully auditable, no hidden backdoors
🎯 Operational Use Cases
Protecting agency operational accounts from phishing and SIM-swap attacks • Strong authentication for server, VPN, and critical platform access • Key management for operational communications encryption • Field personnel distribution at a fraction of commercial YubiKey costs
ℹ️ Costs a fraction of commercial YubiKey (~IDR 800,000+). Key advantage: fully auditable source code — no supply chain risk from foreign hardware vendors.