5,814,633 Members 53,257 Now Online
XDA Developers Android and Mobile Development Forum

Patched wpa_supplicant to scan for APs passively

Tip us?
 
steadyeddy
Old
(Last edited by steadyeddy; 16th March 2014 at 10:39 PM.)
#1  
Junior Member - OP
Thanks Meter 3
Posts: 3
Join Date: Mar 2014
Default Patched wpa_supplicant to scan for APs passively

I patched wpa_supplicant to do wildcard access point scans passively, because **** tracking. (Wildcard means you're not looking for a particular access point, especially not one with a hidden SSID.) Seems to work perfectly, except it takes a few seconds longer to list all the access points around you. And it's a very simple patch too.

Just apply inside all the ~/android/system/external/wpa_supplicant* folders and build. Then look at the air traffic before and after installing the new binary (and resetting Wifi) with this Wireshark filter expression: wlan.addr == ph:on:em:ac:ad:dr

https://gist.github.com/anonymous/9589807
Attached Files
File Type: patch wpa_supplicant.passive-wildcard.patch - [Click for QR Code] (424 Bytes, 121 views)
The Following 3 Users Say Thank You to steadyeddy For This Useful Post: [ Click to Expand ]
 
ryanbg
Old
#2  
Senior Member
Thanks Meter 907
Posts: 390
Join Date: Jan 2008
Location: Minnesota
Quote:
Originally Posted by steadyeddy View Post
I patched wpa_supplicant to do wildcard access point scans passively, because **** tracking. (Wildcard means you're not looking for a particular access point, especially not one with a hidden SSID.) Seems to work perfectly, except it takes a few seconds longer to list all the access points around you. And it's a very simple patch too.

Just apply inside all the ~/android/system/external/wpa_supplicant* folders and build. Then look at the air traffic before and after installing the new binary (and resetting Wifi) with this Wireshark filter expression: wlan.addr == phn:em:ac:ad:dr

https://gist.github.com/anonymous/9589807
Is this a true monitor mode (rfmon) patch? Either way, very nice work!
 
h4waii
Old
#3  
h4waii's Avatar
Senior Member
Thanks Meter 5
Posts: 607
Join Date: Nov 2007
Location: Toronto
Quote:
Originally Posted by ryanbg View Post
Is this a true monitor mode (rfmon) patch? Either way, very nice work!
No. It removes directed probes to stop leaking stored network SSIDs. This is not for on-device RFMON.
 
steadyeddy
Old
#4  
Junior Member - OP
Thanks Meter 3
Posts: 3
Join Date: Mar 2014
Quote:
Originally Posted by h4waii View Post
It removes directed probes to stop leaking stored network SSIDs.
Actually it's the opposite, probe requests looking for specific SSIDs still go through, but with or without this patch they only happen when your Android system remembers APs with a hidden SSID (check your wpa_supplicant.conf). And they need to happen, because it's the only way to connect to those APs. If you don't want to send out such probe requests, just don't connect to APs with hidden SSIDs, or at least "forget" them after you're done.

What the patch really does is remove nonspecific (=wildcard) probe requests. They do not leak SSIDs, but they do leak your device's current MAC address. (And more broadly, the radio characteristics of your device.)
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Google Play Store to Show Price Ranges for In-App Purchases

Google recently announced a change to Google Play Store policy that requires … more

XDA Xposed Tuesday: How to Shut Up Your Phone – XDA Developer TV

So many different applications want to send us notifications that … more

Add Some Power to First Generation Snapdragon CPUs

Some older devices still remain very popular. Phones like theHTC Desire, Sony Ericsson … more

Android M Mentions Spotted in Android Code Review

While we are still waiting for Android L to be officially released, the first mentions of … more