Jump to content

How to defeat ios9 wifi mac randomization?


Recommended Posts

Apple has fully implant wif mac randomization.How to reveal the real mac address with non-connect,before that I also can track wifi mac to make people counter

Good catch, I didn't know that.

This would make a good module, maybe I'll work on it. Or maybe it needs to be integrated with tracking (a feature I haven't looked at at all). Some ideas ...

  • Changing MAC is a fairly weak obfuscation technique, in this case the phone is still broadcasting (presumably) it's open WIFI desires
  • If you get it to connect then you can try to fingerprint the device, easiest is if it makes an HTTP request
  • So some signal analysis - I don't know what is available from the chipset but keep track of power output from the device - which may have a trend as it moves around and general interference
Link to comment
Share on other sites

I would be very interested in this as well. A way to assess the likelihood that a randomized mac address is in fact the same target would be HUGE. Has there been any research into reverse engineering apples randomization technique? If not a full blown RE, perhaps a "Confidence Score" could be established based on number of similar SSID probes?


Link to comment
Share on other sites

  • 3 weeks later...
  • 3 years later...

I would be curious if the Pineapple could circumvent randomized MACs as well.  I understand that all randomization ends when connecting to an SSID or other device and at that point only real MAC addresses are used.  It's that factor that lead me to the Pineapple.  I also heard that the iPhone will only beacon for hidden devices.  This makes me think that a list of popular SSIDs like ATTWIFI or Starbucks, etc. being beaconed from the Pineapple to lure a phone to connect would be the best thing to test first.  Then you can know that all devices connecting to the pineapple would be real addresses.  My Pineapple arrives next week and that's the first test I'm doing.  Now, to come up with a list of broadly used SSID names like ATTWIFI or HHonors, etc.  Any suggestions would be appreciated.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...