I dont understand.
The drone is still generating an access point, but locked onto one smartphone.
Now the scenario:
User connects to drone with smartphone, binds the drone to this one MAC address.
User shuts down smartphone and drone.
User goes outside connects battery to drone, powers up remote control (no smartphone)
Drone is creating an access point, while user is flying with the remote. (no smartphone)
Now: Is there an easy way to find out the smartphones MAC and hack into the drone? Remember, the smartphone is off and not broadcasting.
Or is the only way to set a Wifi to a specific MAC address, try to connect and when disconnected get another MAC and try again? Means brute forcing the MAC.