Nyan Box · Volume 11
Nyan Box Volume 11 — Operational Posture
Regional RF rules, the jamming prohibition, the deauth gray zone, detection-tool ethics, data handling, the pre-engagement checklist
Contents
1. About this volume
Vol 11 is the operational-posture synthesis. The nyanBOX’s tool catalog spans a wide ethical/legal range — from camera detection (the most unambiguously-legitimate tool in tjscientist’s entire lineup) to jamming (illegal essentially everywhere). This volume draws the lines clearly so the device is used where it’s legitimate and not where it isn’t.
The structure: regional rules first (§ 2), then the genuinely-prohibited tools (§ 3-4), then the genuinely-defensible tools (§ 5), then data handling (§ 6), then the nyanBOX-specific education-loaner posture (§ 7), then the negative space (§ 8) and the checklist (§ 9).
Cross-reference: ../../../_shared/legal_ethics.md is the project-wide posture; this volume specializes it to the nyanBOX.
2. Regional RF rules — the 2.4 GHz band
The nyanBOX is a 2.4 GHz device. The good news: 2.4 GHz (2400-2483.5 MHz) is an unlicensed ISM band in essentially every jurisdiction — receiving there is universally legal, and transmitting low-power there is broadly permitted within rules.
2.1 The band + the rules
2.4 GHz ISM band — the regulatory picture
════════════════════════════════════════════
2400 ─────────────────────────────── 2483.5 MHz 2525
│ unlicensed ISM band │ edge │
│ (TX permitted, within rules) │ │
└───────────────────────────────┘ │
↑ │
NRF24 ch 0-83 NRF24 ch 84-125
(in-band) (ABOVE the ISM
band — TX here
may NOT be legal;
Vol 3 §9.1)
Receiving: legal everywhere across the whole range.
Transmitting: only within 2400-2483.5 MHz, within
the regional power + behavior rules below.2.2 Regional TX rules
| Region | Regulator | 2.4 GHz rule |
|---|---|---|
| US | FCC §15.247 | Unlicensed; +30 dBm EIRP max (the nyanBOX’s radios are far below this) |
| EU | ETSI EN 300 328 | +20 dBm max; duty-cycle / LBT requirements |
| UK | Ofcom | Aligned with EU framework |
| JP | ARIB STD-T66 | +20 dBm max; specific channel rules |
| Most jurisdictions | various | 2.4 GHz ISM is broadly unlicensed within power limits |
The nyanBOX’s radios are low-power — the ESP32 at ~+20 dBm, the bare NRF24 GTmini at ~0 dBm (Vol 3 § 2.2). Power-limit compliance is essentially automatic; the nyanBOX physically can’t exceed the limits. The legal exposure is not about power — it’s about behavior (§ 3-4).
2.3 The above-band caveat
NRF24 channels 84-125 sit above 2483.5 MHz — outside the ISM band (Vol 3 § 9.1). Receiving there is generally fine; transmitting there (jam, replay, sniff-with-TX) may not be legal. Keep NRF24 TX ≤ channel 83 unless you’ve verified the local rules.
3. The jamming prohibition + the deauth gray zone
3.1 Jamming — the hard line
╔═══════════════════════════════════════════════════╗
║ JAMMING IS ILLEGAL — essentially everywhere. ║
║ ║
║ US: FCC §333 — prohibition on willful ║
║ interference. Enforced. Fines + criminal. ║
║ EU / UK / JP / most jurisdictions: equivalent ║
║ statutes. Not a gray area. ║
║ ║
║ The nyanBOX HAS an NRF24 jam tool (Vol 5 §5). ║
║ That it exists does not make operating it legal. ║
╚═══════════════════════════════════════════════════╝The nyanBOX’s jam tool may legitimately be operated only:
- Inside a verified RF-shielded enclosure (Faraday cage / anechoic chamber, confirmed <1 µW leakage)
- Under explicit authorization in a controlled, specialized test (rare)
- As an inert demonstration — explained, the mechanism shown on a spectrum display, not transmitted — in an education context
For tjscientist: jam is a “understand the mechanism, essentially never transmit it” tool. The Vol 5 § 5.2 framing stands — and there’s a small mercy: the bare NRF24 at ~0 dBm is low-power, so even an accidental activation has a small blast radius. That’s not a license; it’s a reason the harm-if-mistaken is bounded.
3.2 Deauth — the gray zone
Wi-Fi deauthentication (Vol 4 § 2.3) is more nuanced than jamming:
| Scenario | Posture |
|---|---|
| Deauth on your own network, your own clients | Legal — it’s your network |
| Deauth in a controlled test with written authorization | Legal within the authorization’s scope |
| Deauth on a network you don’t own, without authorization | Illegal in most jurisdictions — it’s intentional interference + often unauthorized-access-adjacent |
| Deauth “just to see if it works” at a coffee shop / airport / venue | Illegal. Don’t. |
Deauth is “gray” only in the sense that there exist legal uses (your own network, authorized tests). Outside those, it’s as prohibited as jamming. The nyanBOX’s XP-gating of deauth (Vol 8 § 4) is, in this light, a sensible guard rail — but the legal line is the operator’s responsibility, not the firmware’s.
3.3 The principle
The interference principle
════════════════════════════
PASSIVE (receive only) → broadly legal everywhere
scan, sniff, RemoteID watch, camera detection,
spectrum survey
ACTIVE on YOUR OWN gear → legal
deauth your own AP, replay against your own device
ACTIVE on OTHERS' gear without authorization → ILLEGAL
deauth, jam, BLE spam, Mousejack inject against
anything you don't own or aren't authorized to test
The nyanBOX's BEST capabilities (the two unique
features, the triple-NRF24 sniff) are all PASSIVE —
which means the device's strongest use is also its
most legally-defensible use. That's a genuine
alignment worth noting.4. BLE spam + Mousejack inject — the active-tool line
Two more active tools that need the line drawn:
4.1 BLE spam
BLE advertisement spam (Vol 4 § 3.4) — the “device-pairing popup flood” family:
- Disruptive — it degrades the BLE environment for everyone in range
- Increasingly regulated — some jurisdictions treat it as harassment / interference
- The Marauder project deliberately omits the worst variants (cross-ref the [ESP32 Marauder deep dive Vol 6](../../ESP32%20Marauder%20Firmware/03-outputs/ESP32_Marauder_Firmware_Complete.html#vol06)) — a notable peer-community ethical stance
- Posture: own-device testing or authorized testing only. Spamming a public space is not a prank; it’s interference.
4.2 Mousejack keystroke injection
Mousejack inject (Vol 5 § 4) — injecting keystrokes into a wireless mouse/keyboard dongle:
- This is unauthorized access to a computer system — illegal essentially everywhere without authorization
- Not “interference” — it’s intrusion. A different and more serious legal category than jamming.
- Posture: only against hardware you own, or under explicit written penetration-testing authorization. There is no casual-use version of this tool.
4.3 Why the XP gating helps here (and where it stops helping)
The nyanBOX XP-gates these tools (Vol 8 § 4) — a learner can’t reach them without progressing through passive tools first. That’s a good design choice for the education context: it builds context before capability.
But the XP gate is a pedagogical guard, not a legal one. It stops a learner from accidentally reaching a disruptive tool. It does nothing to stop a deliberate misuse. The legal line is, always, the operator’s responsibility. For tjscientist — who can grind past the gate in an evening (Vol 8 § 4.4) — the gate is barely a speed bump; the legal discipline has to come from the operator, not the firmware.
5. Detection-tool ethics — RemoteID + cameras
The nyanBOX’s two unique features sit at the opposite end of the posture spectrum from jamming — they’re defensive, passive, and largely legitimate. But each has an ethical edge.
5.1 RemoteID detection ethics (recap from Vol 6 § 9)
| Aspect | Posture |
|---|---|
| Receiving RemoteID | Legal — the broadcast is intentionally public |
| Logging detected drones | Fine, with reasonable data handling (§ 6) |
| Using the operator-position field for situational awareness | Fine |
| Approaching / confronting a detected operator | Caution — that’s a human-interaction decision; de-escalation, not vigilantism |
| Interfering with a lawful drone (jamming it) | Illegal (§ 3.1) — detecting ≠ neutralizing |
The operator-position field is the ethical edge: RemoteID deliberately exposes where the pilot is. Detecting it is legal; acting on it is a judgment call that should default to “awareness, not confrontation.”
5.2 Hidden-camera detection ethics (recap from Vol 7 § 9)
| Aspect | Posture |
|---|---|
| Sweeping a space you occupy (hotel, Airbnb, your home/office) | Clearly fine — the most defensible tool in the lineup |
| Sweeping as an invited guest, host aware | Fine |
| Sweeping a space you don’t control, covertly | Gray — passive RX is generally legal, but context matters |
| Accessing a detected camera’s feed | Illegal — unauthorized access, regardless of how you found it |
| Disabling a detected camera by jamming | Illegal (§ 3.1) |
| Finding a real camera → response | Document; do NOT jam, do NOT access the feed; the appropriate responses (platform, venue, law enforcement, leave) are non-technical |
Camera detection is the nyanBOX tool where the intended use and the ethical use are the same thing — it’s a personal-privacy defensive capability. Use it freely for that.
5.3 The pattern
The detection tools are defensive and passive — and that makes them the nyanBOX’s ethical high ground. The whole device’s posture can be summarized: the passive/defensive tools are its best capabilities AND its most-defensible uses; the active/disruptive tools are the ones to handle with the discipline of §§ 3-4.
6. Data handling
The nyanBOX captures data — Wi-Fi scans (which include device MACs), BLE scans (device addresses), RemoteID logs (drone IDs + operator positions), camera-detection logs, NRF24 captures. Some of this is personal data.
6.1 What’s sensitive
| Data | Sensitivity | Why |
|---|---|---|
| Wi-Fi device MACs + probe SSIDs | Moderate | Probe SSIDs reveal a device’s location history |
| BLE device addresses + names | Moderate | Trackable; some reveal device owners |
| RemoteID operator positions | High | This is a specific person’s location |
| Camera-detection logs | Moderate | Reveals a space’s surveillance state |
| NRF24 captures | Varies | Could include keystroke data (Mousejack context) |
6.2 The handling discipline
Data handling — the nyanBOX-scaled version
════════════════════════════════════════════
1. CAPTURE ONLY WHAT YOU NEED
The nyanBOX's EEPROM-not-microSD limit (Vol 2 §7)
actually helps here — it's hard to accidentally
hoard data on-device. The host-side logger (Vol 9
§4) is where retention discipline applies.
2. PROTECT WHAT YOU PULL
Host-side logs (RemoteID watches, camera sweeps)
go to encrypted storage, not a plain folder.
3. RETAIN BRIEFLY
A camera sweep log, a RemoteID watch log — keep it
as long as the task needs, then delete. These
aren't archives.
4. THE OPERATOR-POSITION FIELD
RemoteID operator positions are real people's
locations. Don't aggregate them, don't build a
"pilots I've seen" database, don't share them.
Awareness in the moment, then let it go.
5. SCOPE
If you swept a space, the camera-detection result
is about THAT space. Don't repurpose it.6.3 The scale-appropriate note
The nyanBOX is a $220 education/personal device, not an enterprise capture platform. The data-handling discipline should be proportionate — this isn’t a chain-of-custody-grade engagement tool (that’s the PortaRF / HackRF tier). But “proportionate” doesn’t mean “none”: the RemoteID operator-position data in particular deserves real care.
7. The education-loaner posture
The nyanBOX’s distinctive use is handing it to someone else (Vol 10 § 7). That creates a posture question nothing else in the lineup has: what’s your responsibility when the device leaves your hands?
7.1 The loaner checklist
Before handing the nyanBOX to a learner
══════════════════════════════════════════
□ Set the device lock (Vol 2 §8.2) if it'll be
unsupervised at any point
□ Brief the legal lines FIRST — especially §3
(jamming illegal, deauth gray) and §4 (Mousejack
= intrusion). The XP gate scaffolds this, but a
verbal brief is the real safeguard.
□ Frame the session around the DEFENSIVE tools
(Vol 10 §7) — camera detection, RemoteID,
"what your devices leak" — build the ethical
foundation before the disruptive tools appear
□ Make clear: the XP gate unlocking a tool is NOT
the same as it being legal to use that tool
against arbitrary targets
□ Set the boundary: passive tools, own-device active
tools, supervised only for anything else7.2 The responsibility
If you lend the nyanBOX and the borrower misuses it, the borrower is legally responsible for their actions — but you, as the lender, have an ethical responsibility to have briefed them. The education-first design of the device is an asset here: it’s built to scaffold responsible use. Lean on that — but don’t substitute the firmware’s gating for an actual conversation about the legal lines.
8. When NOT to use the nyanBOX
| Scenario | Why not | What instead |
|---|---|---|
| Any jamming outside a shielded enclosure | Illegal (§ 3.1) | Don’t. Understand the mechanism; don’t transmit it. |
| Deauth / BLE spam / Mousejack against others’ gear | Illegal (§ 3-4) | Own gear or written authorization only |
| As the sole counter-surveillance tool | Misses 4 of 7 camera threat classes (Vol 10 §8) | Pair with optical + broadband + physical search |
| As a comprehensive drone-defense tool | Only sees compliant drones (Vol 6 §7) | No consumer tool fully solves this |
| As a chain-of-custody engagement capture platform | $220 education device; EEPROM storage | PortaRF / HackRF tier for that |
| 5 GHz / sub-GHz / RFID / SDR work | Wrong band / wrong tool entirely | The appropriate lineup tool (Vol 1 §9) |
| Crossing a border with disruptive-tool firmware prominent | Customs / legal-perception risk | Understand the local posture; the device is education-framed, which helps |
| When the owned Game Over + lineup already cover the need | The nyanBOX adds nothing here | Use what you own (Vol 1 §8 decision tree) |
9. Pre-engagement checklist
For any deliberate nyanBOX use beyond casual passive scanning:
┌─────────────────────────────────────────────────────┐
│ NYANBOX PRE-USE CHECKLIST │
├─────────────────────────────────────────────────────┤
│ LEGAL │
│ □ Am I only using PASSIVE tools? → broadly fine │
│ □ Any ACTIVE tool? → is the target MINE, or do I │
│ have WRITTEN authorization? If neither → STOP │
│ □ Jamming? → shielded enclosure only, or don't │
│ □ Region's 2.4 GHz rules understood │
│ □ NRF24 TX staying ≤ channel 83 (in-band) │
├─────────────────────────────────────────────────────┤
│ HARDWARE │
│ □ Firmware reasonably current (camera DB! Vol 7) │
│ □ Battery charged (or USB-C power available) │
│ □ Antennas spread for multi-radio work (Vol 2 §6.3)│
│ □ Host logger ready if a durable record is needed │
├─────────────────────────────────────────────────────┤
│ DATA │
│ □ Capturing only what the task needs │
│ □ Host-side logs → encrypted storage │
│ □ Retention plan (especially RemoteID operator │
│ positions — brief retention, no aggregation) │
├─────────────────────────────────────────────────────┤
│ IF LENDING IT (education loaner) │
│ □ Device lock set if unsupervised │
│ □ Legal lines briefed VERBALLY (not just XP gate) │
│ □ Session framed defensive-tools-first │
├─────────────────────────────────────────────────────┤
│ If any LEGAL box is unchecked → STOP. │
└─────────────────────────────────────────────────────┘10. Resources
Regulatory
- US FCC §15.247 (2.4 GHz ISM): https://www.law.cornell.edu/cfr/text/47/15.247
- US FCC §333 (the jamming prohibition): https://www.law.cornell.edu/uscode/text/47/333
- EU ETSI EN 300 328 (2.4 GHz): https://www.etsi.org/
- FCC consumer guidance on jammer prohibition: https://www.fcc.gov/general/jammer-enforcement
RemoteID + camera posture
- Vol 6 § 9 (RemoteID ethics) + Vol 7 § 9 (camera ethics) of this series
- FAA RemoteID: https://www.faa.gov/uas/getting_started/remote_id
Project-wide posture
- Hack Tools shared legal/ethics:
../../../_shared/legal_ethics.md - [ESP32 Marauder Firmware deep dive Vol 6](../../ESP32%20Marauder%20Firmware/03-outputs/ESP32_Marauder_Firmware_Complete.html#vol06) (the BLE-spam ethical-omission discussion):
End of Vol 11. Next: Vol 12 is the laminate-ready cheatsheet — quick-facts, the tool catalog at a glance, the channel map, the posture lines in one block, and the pre-use checklist.