Karma only working for late 2013 MacBookPro running Mavericks

[english_gent]

I had posted this before with a more obscure title so this is a re-post - I have closed the other thread as the answers didnt help.

Karma by its nature re-broadcasts unsecure 'copies' of SSID's stored in devices configurations when said device does a broadcast request. I can see these 're-broadcasted access points' on my MBP 2013 (running Mavericks) when I click the wireless networks icon as it lists a whole bunch that I know are not in range near me (ie Starbucks, Safeway, and also unprotected versions of my own home networks). This seems to work fine for this device with a very modern network card.

However, none of my other devices can see any of their stored SSID's rebroadcast on the network, and its these devices I would like to monitor via Karma and thus TCPDUMP.

(i) Hackintosh running same version of Mavericks as the MBP (with a TP-LINK TL-WDN4800 utilizing 802.11a/b/g/n)

(ii) Dell E6410 running Win7

(iii) Dell D610 running Win7

(iv) Sony PS3

(v) Sony PS Vita

(vi) Samsung Note 10.1 - this even tells me that its remembered networks are not in range !! One of them is the same as on my MBP (My sister's house) and it shows up as available by Karma on the MBP but out of range on this Android.

BTW all of these devices can see the SSID of the Pineapple itself as an open network and if I selected that SSID they all could associate with it and appear under the Karma log as an associated device.

So my question is - is this a bug in Karma that its not harvesting the probe requests and re-broadcasting them from all the above clients ? In the Karma log I can see Probe Requests from my MBP and so it connects to one of the 'unsecure broardcasts', but none of the other devices are shown in the Karma log as making probe requests. So if its not happening with all my other devices, how many 'other' devices is Karma not attracting.

If this is not a Karma problem is it that these devices are not making broadcast requests that are picked up on by the Pineapple, and if so why ?

Thanks for your attention to this question.

[Mr-Protocol]

It doesn't just broadcast SSID beacons, how could it possibly know them all? When your device sends out beacons to see what networks that are saved are in proximity, the pineapple will respond to those. It could be that your devices listed are not actively sending out a broadcast beacon to see what is around, rather waiting for the access point to send out a beacon. If there is a "Scan for wifi" option on those devices, try doing that to see if beacons start to show up for those devices.

[english_gent]

Thanks for the reply. I was only talking about SSID beacons that were remembered and therefore included on a broadcast request. Q: why would a device not send out broadcast beacons ? This seems to be happening on all my devices apart from the MBP.

Ok so I just cleared all the saved networks on my Galaxy Note 10.1 apart from one and then turned off and on the network card. It saw my home network as secured so I joined it and entered the password. At this time I looked back into the Karma Log tab and saw

KARMA: Probe Request from xx:02:xx:a9:37:7e for SSID 'RSS'. So now that I have this 'RSS' SSID remembered, I turned off the network on the tablet and turned it back on and again I saw a Probe request as above and I saw it joined my home RSS network in secured mode.

I tried the 'Scan for networks' icon and it showed the other saved network but it was definitely 'not in range' therefore not re-broadcast by Karma.

There is not any line in Karma log that says anything like this (what I get when my MBP connects to a re-broadcast SSID)

KARMA: Successful association of XX:e8:XX:30:ca:XX
KARMA: Checking SSID for start of association, pass through a1a51569

Hopefully this helps ....

[DrDinosaur]

During my testing, I was having many of the same problems as you.

[english_gent]

During my testing, I was having many of the same problems as you.

Can you elaborate on whether you are seeing the same behavior for certain devices, and if so which ones / op system are not having their broadcast requests beamed back from the Pineapple ? or maybe they arent broadcasting who knows...

[thesugarat]

english_gent,

I guess I've been assuming you know that Karma is "broken"... That is, it isn't broken so much as the companies that make WiFi products have patched around the vulnerability that Karma was taking advantage of. It has been discussed at length in this forum already. Were you aware of this?

[Xcellerator]

Yeah, Karma doesn't really work on anything newer than ~2012.. Theoretically it's possible to get it working again, and this has been hinted at by the Devs, but very little has actually been said.

Besides, Karma is by no means the main selling point of the Pineapple anymore, the project has expanded to be much more.

[english_gent]

Guys this is the first anyone has said to me on this - I would appreciate a link to a topic that details how for modern devices it doesn't work, except that my experience is that it also doesn't work on equipment prior to 2012 such as a Dell Latitude E6410 Circa 2010 running Win7 or even a Dell Latitude D600 Circa 2007 running Win7. It does work on my MBP 2013 but that may be because its MAC. Is it the Op system that has fixed things rather than the card manufacturers ?

Could someone please point me to the article that discusses what it is that is has 'broken' thanks (or what wireless companies have done to prevent Karma trapping you).

Cheers

Edited January 22, 2014 by english_gent

[awskier08]

I've only been able to capture a blackberry with my karma.

KARMA: Probe Request from 8c:84:01:5c:be:b9 for SSID 'CenturyLink0006'
KARMA: Probe Request from bc:b1:f3:be:81:dc for SSID 'ClearSPOT_95c18'
KARMA: Probe Request from 00:19:7e:84:e8:86 for SSID '.G..!Q.IF3o...W...X...t.x.....[.'
KARMA: Probe Request from 00:19:7e:84:e8:86 for SSID 'myqwest5284'
KARMA: ADD SSID
KARMA: Probe Request from 00:25:57:d3:63:bb for SSID 'Free Wifi'
KARMA: Successful association of 00:25:57:d3:63:bb
KARMA: Checking SSID for start of association, pass through tmobile
KARMA: Probe Request from 00:25:57:d3:63:bb for SSID '@Home'
KARMA: Probe Request from 00:25:57:d3:63:bb for SSID 'tmobile'
KARMA: Probe Request from a8:54:b2:64:f4:fc for SSID 'MAEZHOUSE'

[english_gent]

Gentlemen, have found some archives that mention that newer iPhones ands Samsung's don't do broadcast requests to get around Karma and also that Karma only responds to WEP networks not encrypted WPA-2 networks. I get WPA-2 encrypted networks 'broadcast' by the Pineapple but only picked up by a number of devices. Yesterday I had my Mavericks Hackintosh see one of the SSID's that the MacbookPro regularly sees but none of the others (and these two devices share a remembered SSID list through iCloud).

So the question of older / modern machine, encrypted / non encrypted is still mystifying me.

[Xcellerator]

It's not hardware based as the hardware itself can't change. As far as hardware is concerned (for WiFi anyway) is very simple physics and only works in the way they're built.

However, its all down to the software used to interface the hardware. Developers patch up their OS to avoid broadcasting requests while connected to a network. For this reason, you'll find devices fit into three categories.

1. Karma works as it always had (getting rare, usually old phones that people don't bother updating)

2. Karma works intermittently (only broadcasts requests when not connected, i.e searching for a known SSID)

3. Karma doesn't work at all

You should try sending out deauth packets to disconnect a client and then see if Karma works (meaning its in category 2)

[thesugarat]

Maybe you've seen this one, maybe you haven't.... Darren's response is at the top.

https://forums.hak5.org/index.php?/topic/30638-karma-not-working-on-mobile-devices/?hl=%2Bkarma+%2Bnot+%2Bworking

[awskier08]

Marketing 101, always tell a fib to entice customers to buy your product. :)

[barry99705]

Gentlemen, have found some archives that mention that newer iPhones ands Samsung's don't do broadcast requests to get around Karma and also that Karma only responds to WEP networks not encrypted WPA-2 networks. I get WPA-2 encrypted networks 'broadcast' by the Pineapple but only picked up by a number of devices. Yesterday I had my Mavericks Hackintosh see one of the SSID's that the MacbookPro regularly sees but none of the others (and these two devices share a remembered SSID list through iCloud).

So the question of older / modern machine, encrypted / non encrypted is still mystifying me.

Karma does NOTHING with encrypted networks.

[english_gent]

So how is this. I have 2 encrypted networks in my house (WPS-2 running from the same router). Both of them are being rebroadcast as 'unencrypted versions' when I turn on Karma for my MBP 2013 late model running Mavericks ??

[Lockon]

That's normal. It's only visible from the computer that's connected to the Mark V. If you scan for those unencrypted networks from any other device like your phone, it won't show up.

I have a feeling it has something to do with the ICS.

Edited January 23, 2014 by Lockon

[english_gent]

yes thats what I am experiencing, if I turn on Karma from another machine I can watch the available networks on my MBP change from two encrypted )regular) home networks to unencrypted 'honeypot' versions.

So my question still stands - what makes the MBP late 2013 send out probe-requests as its obviously well known on here that manufacturers have fixed this karma exploit in later models. What is it thats fixed, is the the OP system or the Wireless card ? Because this new model laptop obviously isn't .

[thesugarat]

DId you read the post I linked above? Darren flat out states that Macs have started to rely more heavily on probe requests, which to me indicates that Karma would be more effective. And as Xcellerator states it is software changes not hardware related.

[english_gent]

Ahh I missed that - sorry - thanks so much - makes a lot more sense now.