Question regarding the show where Darren hacked an AR.Drone using a DJI + Pineapple

[r0tati0n]

Some time ago there was a hak5 show where Darren used a DJI drone to hack an AR.Drone Shannon was flying.

The DJI captured the MAC Address of Shannons smartphone, telneted into the drone and did a reset.

I have an AR.Drone too, but modified. I can fly with a remote control (Spektrum DX6i) without smartphone or WLAN.

If the drone is bound to one smartphones MAC address is it still possible to hack into the drone without knowing the smartphones MAC?

One way to do this to guess the MAC address. This takes time.

Is the smartphones MAC address broadcasted if the drone is flown with the remote and not by smartphone and WLAN?

[m40295]

I am a bit confused

Does your ardrone still put out a wifi ap can you use a mobile or strict radio control

[r0tati0n]

I dont understand.

The drone is still generating an access point, but locked onto one smartphone.

Now the scenario:

User connects to drone with smartphone, binds the drone to this one MAC address.

User shuts down smartphone and drone.

User goes outside connects battery to drone, powers up remote control (no smartphone)

Drone is creating an access point, while user is flying with the remote. (no smartphone)

Now: Is there an easy way to find out the smartphones MAC and hack into the drone? Remember, the smartphone is off and not broadcasting.

Or is the only way to set a Wifi to a specific MAC address, try to connect and when disconnected get another MAC and try again? Means brute forcing the MAC.