EvilZone

Hacking and Security => Hacking and Security => : imation September 23, 2013, 01:20:59 PM

: IOS Dependant WIFI Hotspot?
: imation September 23, 2013, 01:20:59 PM
So, i was doing a Wifi discovery for a client with Kismet.. a few normal home routers were being picked up but there was one that confused me.
 
"Free Public WIFI"... For some reason this could only be picked up by IOS devices..
 
KISMET couldnt see it?
 
My Iphone could..
 
Now how the fuck does that work?
 
 
: Re: IOS Dependant WIFI Hotspot?
: Stackprotector September 23, 2013, 01:27:16 PM
: imation  September 23, 2013, 01:20:59 PM
So, i was doing a Wifi discovery for a client with Kismet.. a few normal home routers were being picked up but there was one that confused me.
 
"Free Public WIFI"... For some reason this could only be picked up by IOS devices..
 
KISMET couldnt see it?
 
My Iphone could..
 
Now how the fuck does that work?
 
 
Maybe it was a 5Ghz network?
: Re: IOS Dependant WIFI Hotspot?
: imation September 23, 2013, 01:47:14 PM
i thought this too, so i scanned with my HTC one, on the 5ghz range just incase.. Still nothing, although the HTC One managed to pick up some other networks that KISMET didnt.. Time for a new Alpha card i think
 
 
: Re: IOS Dependant WIFI Hotspot?
: proxx September 23, 2013, 03:08:09 PM
There might be limitations to the channels allowed.
In some countries channels 1 to 11 are allowed and anything above is not.
Channel 14 is off limits in most countries.
Since you know how to use kismet and stuff Iam probably not telling you anything you didnt know.
Its indeed possible you card doesnt support some channels or higher frequency in general.
Or your driver might limit you.
http://en.wikipedia.org/wiki/List_of_WLAN_channels (http://en.wikipedia.org/wiki/List_of_WLAN_channels)

: Re: IOS Dependant WIFI Hotspot?
: RedBullAddicted September 23, 2013, 03:39:19 PM
Limit a network to only iOS devices? Guess there are some ways to do it. The most simple one would be to create a mac filter for the apple vendor specific codes (http://www.cavebear.com/archive/cavebear/Ethernet/vendor.html). You could check that by simply spoofing your pc wlan adapter mac address to the one of your iphone and have a look if you can see the network now. Another way would be to have some kind of os fingerprinting service running on the Access Point. I know those aerohive boxes have something similar to that. Tbh I have no clue how to spoof that at the moment. Would need to do some research :)

Cheers,
RBA
: Re: IOS Dependant WIFI Hotspot?
: proxx September 23, 2013, 03:53:47 PM
: RedBullAddicted  September 23, 2013, 03:39:19 PM
I know those aerohive boxes have something similar to that. Tbh I have no clue how to spoof that at the moment. Would need to do some research :)

Thats kinda interesting.
But I dont think OS fingerprinting is possible even before discovery.
That would mean rewriting half the 802.11 standard (not that that would hurt :D)
Or am I really missing something here ?

Nor do I think your MAC filtering theory holds up , the AP sends broadcasts out to whoever is listening.
It doesnt give a damn who hears those nor can it decide who's receiving them or not.
This would again require revising the protocol itself.
Even hidden SSID's send out broadcast packets.
When attempting to connect an AP could indeed not allow it based on MAC.
That would not mean it being invisible to that specific hardware address.




: Re: IOS Dependant WIFI Hotspot?
: Snayler September 23, 2013, 04:58:28 PM
: proxx  September 23, 2013, 03:53:47 PM
Nor do I think your MAC filtering theory holds up , the AP sends broadcasts out to whoever is listening.
It doesnt give a damn who hears those nor can it decide who's receiving them or not.
This would again require revising the protocol itself.
Even hidden SSID's send out broadcast packets.
When attempting to connect an AP could indeed not allow it based on MAC.
That would not mean it being invisible to that specific hardware address.
Agreed. The most plausible explanation would be channel restrictions. In my country I can use 13 channels, but my Alfa is from another country that only supports 11 channels. In order for my Alfa to access 13 channels, I have to issue a "iw reg set <country_code>" command.

For example, if you want to access all 14 channels (Japan):
:
iw reg set JP
: Re: IOS Dependant WIFI Hotspot?
: RedBullAddicted September 23, 2013, 05:16:47 PM
uups.. proxx you are absolutely right. Guess I should read/think more before I write.. lol. Guess I just should avoid answering stuff while I am at work and do like 5 other things at the same time :)
: Re: IOS Dependant WIFI Hotspot?
: imation September 23, 2013, 05:19:36 PM
: proxx  September 23, 2013, 03:53:47 PM
Nor do I think your MAC filtering theory holds up , the AP sends broadcasts out to whoever is listening.
It doesnt give a damn who hears those nor can it decide who's receiving them or not.
This would again require revising the protocol itself.
Even hidden SSID's send out broadcast packets.
When attempting to connect an AP could indeed not allow it based on MAC.
That would not mean it being invisible to that specific hardware address.

Agreed!

Think i will grab another  Alpha and see what i can do.

ill have a look at the channels but iirc the "Free Public Wifi" Hotspot was on chan 6..

Really Strange.

Interesting chat,
: Re: IOS Dependant WIFI Hotspot?
: Kulverstukas September 23, 2013, 06:10:01 PM
I'd like to know the answer to this as it is too interesting.
: Re: IOS Dependant WIFI Hotspot?
: Darkvision September 24, 2013, 01:37:46 AM
could maybe be that you dont have appletalk protocol installed/enabled? Also if your card doesnt support a standard and that standard is being used you wouldnt see it(ie if its a b card, and no b computers are on the network you wont see traffic). Only things i can think of if its on channel 6.
: Re: IOS Dependant WIFI Hotspot?
: Snayler September 24, 2013, 03:50:32 AM
: Darkvision  September 24, 2013, 01:37:46 AM
could maybe be that you dont have appletalk protocol installed/enabled? Also if your card doesnt support a standard and that standard is being used you wouldnt see it(ie if its a b card, and no b computers are on the network you wont see traffic). Only things i can think of if its on channel 6.
That's right, I forgot about that. Although most AP's support multiple standards (a, b, g, n), it is possible to set it to only speak using one of them. This would effectively make it only appear on some devices, but not a specific device type.
: Re: IOS Dependant WIFI Hotspot?
: RedBullAddicted September 24, 2013, 06:59:16 AM
Darkvision, Snayler: I think thats what Factionwars wanted to say too :)

Band2.4 GHz5 GHz
ChannelThree (3) non-overlapping channels23 non-overlapping channels
Standard Wireless-B, G, and N Wireless-A, N, and AC
Network Range Wider Range Shorter Range
Interference Higher Lower

: Re: IOS Dependant WIFI Hotspot?
: imation September 24, 2013, 09:34:33 AM
This is the thing, i cannot see how this can be done, so it MUST be a Hardware issue im obviously having.

There is NO WAY to select what devices pick up the signal..

New card on its way!

: Re: IOS Dependant WIFI Hotspot?
: proxx September 24, 2013, 09:50:56 AM
: Darkvision  September 24, 2013, 01:37:46 AM
could maybe be that you dont have appletalk protocol installed/enabled? Also if your card doesnt support a standard and that standard is being used you wouldnt see it(ie if its a b card, and no b computers are on the network you wont see traffic). Only things i can think of if its on channel 6.
AirPort is the name given to a series of Apple products using the (Wi-Fi (http://en.wikipedia.org/wiki/Wi-Fi)) protocols (http://en.wikipedia.org/wiki/Protocol_%28computing%29) (802.11b (http://en.wikipedia.org/wiki/IEEE_802.11b-1999), 802.11g (http://en.wikipedia.org/wiki/IEEE_802.11g-2003) and 802.11n (http://en.wikipedia.org/wiki/IEEE_802.11n-2009)).
^Wikipedia
So still the same basic protocol applies, thus discovery methods remain same.
: Re: IOS Dependant WIFI Hotspot?
: Snayler September 24, 2013, 03:29:12 PM
: RedBullAddicted  September 24, 2013, 06:59:16 AM
Darkvision, Snayler: I think thats what Factionwars wanted to say too :)
No, he was just talking about different bands. You can have two AP's using the 2.4Ghz band (one in B mode and one in G mode) and if your adapter only supports B mode you will not see the AP functioning in G mode.