Introduction

Welcome to ZeroTrace AirLeak

ZeroTrace AirLeak is a passive Bluetooth Low Energy capture tool. It listens to every BLE advertisement in range and tells you what's broadcasting around you, names, models, vendors, paired-device states, privacy-leakage signals, and more.

A small ESP32-S3-based capture unit handles the radio work. You pair it with the ZeroTrace mobile app over Bluetooth and watch the live device list build as devices are heard. The unit ships pre-configured and pre-flashed, pair it, pick Monitor, see what's around you.

For depth on the app itself, see the ZeroTrace Mobile App docs.

What it does in one paragraph

The unit runs a continuous NimBLE observer scan and decodes each advertisement into a structured event: BLE device-seen, Apple Continuity, Find My / FMDN, Tile, Samsung SmartTag, Eddystone, Microsoft Swift Pair, Google Fast Pair, and vendor payloads. Every observation feeds a live device aggregator with a multi-signal classifier that boils all that down to what the device actually is, iPhone, AirPods Pro 2, Galaxy Watch 5, Samsung TV, AirTag, Tile, smart-home sensor, etc. The unit streams a coalesced, device-centric delta stream to the mobile app over a dedicated BLE capture characteristic, where it's presented in a fast, filterable, per-device-detail UI with privacy alerts.

Core capabilities

• Passive BLE capture, continuous 2.4 GHz BLE advertising-channel observer scan
• Active scan with friendly-name capture, requests scan responses so it captures device names that passive-only listening misses
• Many recognized device classes, Apple ecosystem fully decoded, plus Android phones, smart TVs, headphones, fitness trackers, item finders, IoT sensors, vehicles, smart locks, and more
• Privacy-leak detection, AirDrop discoverable, Find My separated, unwanted-tracker (UTP) signals, high combined leakage score, multi-hour followers
• Live device-centric stream, coalesced per-device deltas to the phone with sub-second latency
• Cross-MAC tracking, devices followed across MAC rotation where the advertisement is fingerprintable
• On-device health diagnostics, heap, uptime, scan-duty estimate, drop accounting
• Persistent settings, device name, LED behaviour, threat-indicator tuning all survive reboot

What you get out of the box

Each unit ships:

• Hand-assembled and tested
• Pre-flashed with the latest firmware
• Default settings tuned for typical environments
• External-antenna ready (WROOM-1U variant), 3 dBi dipole bundled in the box

Use cases

• Personal threat-surface audit, what does your phone broadcast about you? Your laptop? Your headphones?
• Room sweep, what trackers, watches, or unknown devices are in this space?
• Travel privacy, AirTag-following detection on the move
• Wardriving, geo-tagged BLE collection mapped in the app's Drive view
• Security research, passive BLE leakage characterization of consumer devices
• Vendor engineering, verify a product isn't leaking PII in its BLE advertisements