Skinny Posted December 17, 2015 Share Posted December 17, 2015 Hi All, I have a question regarding the pineapple but a bit of background would probably be helpful. On a daily basis my job is to hunt down and remove unauthorized WiFi devices people accidentally bring into a very large building. My management has decided they don't want any outside WiFi devices and have put money into technical solutions. I have an enterprise solution that can put me to within 20 meters of the target device. This system will provide me with the MAC address of the offending WiFi device. Once I am in the area, I have a WiFi sniffer that will give me a MAC address readout with it's associated RSSI. Before the pineapple I would wait for the device to broadcast every 30 seconds to 20 minutes depending the device's broadcast frequency. Tracking could take hours. The pineapple really changed the game. When the device connects to the pineapple the hunting time drops fantastically. In the best of scenarios the WiFi device pushes out a steady stream of RF breadcrumbs to the pineapple that allow me to track it down. Here's the problem. There are many devices I've come across that the pineapple cannot ensnare. At last check my pineapple is blasting about 400 different SSIDs to attract attention but the fish aren't biting. Anyway, here's my question. Is there anything I can do to get these devices (mostly phones) to just respond. I have the MAC address. I know I am within range. Is there anything I can do, pineapple or not, to just get these devices to just chirp. I'm not at all interested in connecting. I just need a steady, repeatable response to assist with tracking. I know this may be a bit of an odd application but any ideas would be greatly appreciated. Thanks for any help you can provide. Skinny Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted December 19, 2015 Share Posted December 19, 2015 I wonder if the phones are waiting for the correct SSID to broadcast before making more traffic. Do you have an idea as to what the phones are or if that is the case? Here is a github I plan on doing more of, just starting out with it: https://github.com/Mr-Protocol/DerbyCon_WarWalking In time I'll have a lot more SSIDs. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted December 20, 2015 Share Posted December 20, 2015 They could be turning off wifi when they get to work. Have you tried scanning for bluetooth? Quote Link to comment Share on other sites More sharing options...
Skinny Posted January 4, 2016 Author Share Posted January 4, 2016 Thanks for the responses. Finally getting back to this after the holidays. Usually what will happen is I will actually see the phones sending out a broadcast, so I know the they are not turning off wifi. I know when a phone is in the area and I even know its MAC address. From time to time the pineapple will work, but it is not often. I'd say I can grab an unassociated client 20% of the time. When I do get the phone to associate, I can locate the phone quickly, otherwise I have to wait around for another broadcast packet and very slowly close in on it. One thing to note is that almost every phone I've found has been in an idle state. Most people don't realize they have brought the device in with them. I'm starting to suspect that some devices will send a broadcast packet but will not respond when the device is in an idle state (ie Turned on but not direct use). I do not know if this assumption is true. However, I'm still curious if there is some way to craft a transmission to these idle devices and forces them to talk back. Even if the response is "Shut up and go away. I'm not talking to you," that would completely change the game for me. I have no desire for the devices to associate in the first place, I just need to get them to be chatty. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.