ESP32 Marauder + GPS Build

A custom Marauder build with GY-GPS6MV2, ST7789 display, FreeRTOS task pinning, and geotagged pcap output. Built for the field, not the desk.

The ESP32 Marauder firmware turns a $10 microcontroller into a credible Wi-Fi and BLE reconnaissance tool. The stock builds are great if you're scanning at a desk. They're worse if you want to walk around with one and have everything geotagged. I added a GPS module, did some firmware surgery, and ended up with something I actually use in the field.

ESP32

WROOM · 240 MHZ

GPS

GY-GPS6MV2 · u-blox

CAPTURE LOG

2.4G

WIFI · BLE · ZIGBEE

What's actually on the board

MCU	ESP32-WROOM-32 · 240 MHz dual-core · 520 KB SRAM
Display	1.9" TFT ST7789 · SPI · 320×170
GPS	GY-GPS6MV2 (u-blox NEO-6M) · UART · 9600 baud
SD card	SPI · pcap export + log files
Power	18650 cell · TP4056 charge IC
Antenna	U.FL connector for external 2.4GHz

The GPS hack

The Marauder firmware has a NMEA parser stub but no real GPS feature in the stock build. Wiring up the GY-GPS6MV2 was straightforward — UART2 on pins 16/17. The firmware change was less so. The packet capture loop runs hot. Reading from the GPS UART inside the same loop introduced jitter that dropped frames. I moved GPS reads to the second core via FreeRTOS task pinning.

// pin GPS reader to core 0, leave radio loop on core 1
xTaskCreatePinnedToCore(
    gps_task,           // task fn
    "gps",              // name
    4096,               // stack
    NULL, 1,            // param, prio
    &gps_handle,
    0                   // CORE 0
);

With GPS on core 0 and packet capture on core 1, frame drop went from 18% to under 2% even at full BLE scan rate. The lat/lon gets stamped into the pcap header per packet via a custom comment block.

Display tweaks

The stock UI uses a different display. Porting to the ST7789 was mostly font and orientation fixes plus rewriting the touch input layer for a five-button breakout I ended up using. I also added a status row at the top that shows GPS lock state, satellites, battery, and current task — because the most useful diagnostic when nothing's working in the field is "do I even have a GPS fix yet."

use it legally

I run this against my own networks and BLE devices, in my own lab. The legal lines are clear: monitoring radio you don't own is fine in most jurisdictions, but injecting deauth or any active attack is not. The Marauder ships with active features for a reason — they exist for testing your own infrastructure.

Wardriving output

Output is a CSV log on the SD card with columns for SSID, BSSID, channel, RSSI, encryption, lat, lon, timestamp. Drop it into WiGLE-compatible format and you can visualise the walk afterwards. I mostly use it to map signal coverage of my own access points and check for rogue APs spoofing my SSIDs in the area.

The thing that made it useful wasn't the firmware mods, it was the discipline of writing every reading to disk with a timestamp. Live displays are theatre — the log is the actual deliverable.

What I'd do differently

Drop the TFT for a smaller OLED. The display draws more current than the radio half the time, and I rarely look at it during a walk — I review the log later. An e-ink would be even better for the high-level status row.

ESP32 Marauder, GPS-Modded for Real Wardriving