Jump to content

Apple randomization algorithm


venu413
 Share

Recommended Posts

Does wifi pineapple captures random mac address or the real one of an Apple device. I need to capture real one. From tutorials I learned that, when a phone searches some "aaa" access point then wifi pineapple will act as the access point "aaa" for that particular device. So does it capture the real one? If it is so then does it acts as same for all the nearby devices.

Link to comment
Share on other sites

If the apple client associates with the pineapple (aka it becomes a client), then it will do so with the real MAC address. If you are running recon and just looking to see what's out there, you will more than likely get the random MAC addresses.

Link to comment
Share on other sites

Hmmm...unless the client is spoofing than the mac address should be the one hard coded to the system.

Not so with Apple. Newer Apple devices roll their MAC address every minute or so if they are not associated with an AP. It makes it a bit more difficult to track a phone based on just its MAC address. When it associates, it's true MAC is revealed.

This is not the hardest part about getting an unassociated Apple to connect with the pineapple. When most of these devices are in idle/sleep mode, they beacon out using these random MAC addresses, however they never beacon out any SSIDs for which they are searching. So you need to have the SSID it wants already in your PineAP pool or make sure to have Beacon Response activiated in PineAP.

In addition, if you do have the correct SSID in the pool, it will not connect to the pineapple or any AP until it awakes from sleep mode. In fact, it's been my experience that you will get no response what-so-ever from the device until it is awakened.

Finally, everything I've said so far goes out the window if the user manually changes the settings making it less or more secure. I am sometimes happily surprised when I'm able to grab a newer apple product. I suspect it's because the user played with the settings or awakened the device at some point during my activities.

  • Upvote 1
Link to comment
Share on other sites

Finally, everything I've said so far goes out the window if the user manually changes the settings making it less or more secure. I am sometimes happily surprised when I'm able to grab a newer apple product. I suspect it's because the user played with the settings or awakened the device at some point during my activities.

I had no Idea that the apples rolled that way. I have the new 6s, my mac is always the same via the nano gui but that's when I'm usually on it. When you say a user can manually change the settings. Which settings are you referring to?

Link to comment
Share on other sites

I had no Idea that the apples rolled that way. I have the new 6s, my mac is always the same via the nano gui but that's when I'm usually on it. When you say a user can manually change the settings. Which settings are you referring to?

I can't speak to newer Apple devices but just as an example my old iPod has a setting that says "Ask to Join Networks". With this enabled even if everything is in my favor per my previous post, the user has to take a specific action to join the Nano. If they are at work and all the sudden their phone asks them if they want to connected to the McDonalds access point, I doubt my day will be successful.

Link to comment
Share on other sites

Uhh. My androids have been accomplishing this same mechanism via PryFi and probably even a little more because that app rocks. It does work well. However this may be a great feature for Apple, right now; there is still a way to provide a signature. Easily so. It would involve triggering the device with the beacon response to reveal it's true mac. This can be done without a module already but the process can be refined with one. Since this is a trend likely to appear across operating systems pineapple devs should learn more of this concept in its infancy.

Link to comment
Share on other sites

If the apple client associates with the pineapple (aka it becomes a client), then it will do so with the real MAC address. If you are running recon and just looking to see what's out there, you will more than likely get the random MAC addresses.

Is there anyway to capture the real Mac address if the apple clients are not associated to Wifi Pineapple

Link to comment
Share on other sites

Is there anyway to capture the real Mac address if the apple clients are not associated to Wifi Pineapple

It depends on if the client is in idle/sleep mode or not. If it's in sleep mode, I have not been able to get any response from the client. If the client is not in sleep mode, then you can get the real MAC address if the client connects to the Pineapple. When an apple client is associated with an AP, it will use it's real MAC address.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...