[Pry-Fi] Randomized MAC addresses during scans
It's not really the same thing as the Pry-Fi app
- these patches provide much less functionality, but are also less troublesome - but I'm using the title anyway for association points.
These patches are meant to:
- Randomize your device's MAC address when scanning (but not connected)
- Prevent your device from leaking your entire SSID list periodically
(The app thread has a few examples about what and why, if you have no clue why we want this)
Not all devices support changing the MAC address based on this code. Known devices that do
work are for example the Nexus 5 and Galaxy S4, and known devices that don't
work are for example the Nexus 7 2013 and anything Sony. I did not notice any issues on the devices I tested on that didn't support this, though.
Relevant commits (also contain relevant information):
These patches do not enable anything by default, you still need to set the Java bool config_pryfi
in the right overlay, and add CONFIG_PRYFI := 1
to the right .mk
I would advise setting CONFIG_PRYFI_LOGGING to 1 as well, so you can check logcat to see if Pry-Fi mode is actually active - its reasonably chatty.
Testing behavior requires Wireshark (or equivalent) and a Wi-Fi chip you can switch to monitor mode (this excludes most Windows computers - I used a MacBook running OS X for this).
If you have all that setup, you can grab all relevant packets by setting the filter expression to "wlan.sa contains xx:yy" where xx and yy and are the second and third parts of your device's MAC address. Not the first, because that one differs between normal and P2P mode, and not the last three, because we randomize those by default.
Once you have that set up ...
Testing for PNO
If your device does not have PNO enabled in the first place (check the config_wifi_background_scan_support
bool) you can skip this part. Or you can simply disable it and be done with that - enabling it does slightly improve battery life, though.
Basically you want to know if PNO leaks the SSID list (I've not found a device yet with PNO that doesn't
do this, but I do not see a technical reason why they must
Make sure your device is clean-ish so it occasionally goes to sleep. I test this on completely wiped devices myself.
Make sure your device knows several networks but that it's not connecting to any. You could for example use a second Android device to create a hotspot, connect to it with the test device, create another hotspot, connect to that with test device, etc. Do not add a network with the + button, as these will be leaked regardless.
Make sure you have Wireshark running with the right filter expression and monitoring, then unplug your device (it may not be powered!), turn off the device's screen, and leave it there for 30 minutes.
Now you can examine the Wireshark logs. You should see only SSID=Broadcast entries, and SSID=<network> entires for networks that it knows and are actually available (like your home Wi-Fi, but not
the hotspot entries you created earlier that are no longer active).
If you see your entire list of network names come by, then PNO on this device is leaky and should definitely be disabled.
Testing for MAC changes
If you have Wireshark set up this is very easy. Make sure you note your original MAC address.
Then make sure your device is not connected to any Wi-Fi networks, and use the Wi-Fi setting's menu's Scan
Check the Wireshark logs for what MAC address the device is using. If it stays the same as your original MAC address, then MAC address changing is not currently supported on your device.
If you've confirmed that the MAC address does
change, leave the device alone for a while (once unpowered and once powered) and check the Wireshark logs to see if your original MAC address ever appeared, or if it's currently using randomized addresses.
As last step, try connecting to an access point like your home Wi-Fi, and confirm the device has switched back to your original MAC address.
For bonus points, track what happens when using Wi-Fi Direct, WPS, and other Wi-Fi features. I have not checked this extensively yet, we may need further fixes.
Not really planning on expanding this much or keeping track of which devices do and don't work. Release was a tad rushed (so is this awful post) so my last test-cases may have broken some earlier ones. Regardless, this patch will require a number of users/maintainers to actively test on their devices and see what's what - that's way beyond what I can do on my own.