Jump to content
lucent0542

How to defeat ios9 wifi mac randomization?

Recommended Posts

Apple has fully implant wif mac randomization.How to reveal the real mac address with non-connect,before that I also can track wifi mac to make people counter

Share this post


Link to post
Share on other sites

Apple has fully implant wif mac randomization.How to reveal the real mac address with non-connect,before that I also can track wifi mac to make people counter

Good catch, I didn't know that.

This would make a good module, maybe I'll work on it. Or maybe it needs to be integrated with tracking (a feature I haven't looked at at all). Some ideas ...

  • Changing MAC is a fairly weak obfuscation technique, in this case the phone is still broadcasting (presumably) it's open WIFI desires
  • If you get it to connect then you can try to fingerprint the device, easiest is if it makes an HTTP request
  • So some signal analysis - I don't know what is available from the chipset but keep track of power output from the device - which may have a trend as it moves around and general interference
  • Upvote 1

Share this post


Link to post
Share on other sites

I would be very interested in this as well. A way to assess the likelihood that a randomized mac address is in fact the same target would be HUGE. Has there been any research into reverse engineering apples randomization technique? If not a full blown RE, perhaps a "Confidence Score" could be established based on number of similar SSID probes?

telot

Share this post


Link to post
Share on other sites

I am also very interested.

Has anyone tested iDevice with iOS9 on randomization MAC address ?

if yes, could you share your test results?

Share this post


Link to post
Share on other sites

I would be curious if the Pineapple could circumvent randomized MACs as well.  I understand that all randomization ends when connecting to an SSID or other device and at that point only real MAC addresses are used.  It's that factor that lead me to the Pineapple.  I also heard that the iPhone will only beacon for hidden devices.  This makes me think that a list of popular SSIDs like ATTWIFI or Starbucks, etc. being beaconed from the Pineapple to lure a phone to connect would be the best thing to test first.  Then you can know that all devices connecting to the pineapple would be real addresses.  My Pineapple arrives next week and that's the first test I'm doing.  Now, to come up with a list of broadly used SSID names like ATTWIFI or HHonors, etc.  Any suggestions would be appreciated.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...