rickmote icon indicating copy to clipboard operation
rickmote copied to clipboard
verified publisher icon BishopFox

Make the de-auth'ing less rude

Open altf4 opened this issue 11 years ago • 3 comments

Right now, the Rickmote de-auths every Wi-Fi network it sees. And it keeps de-auth'ing over and over. This was made so that we could be sure the attack would work. But it's probably really rude. Let's see if there's a way to pinpoint Chromecats more precisely and only de-auth those.

altf4 avatar Jul 16 '14 18:07 altf4

maybe we can find out if chromecasts have a particular MAC address, and filter, like in glasshole.sh

jedahan avatar Jul 19 '14 00:07 jedahan

That's a good suggestion. It would be helpful if it were the case that all Chromecasts belonged to a small set of enumerable MAC prefixes. It's not clear that this is the case in my research so far. I've gotten my hands on about 5 devices, and they had 3 different MAC prefixes.

It might help if anyone could volunteer what MAC prefix their Chromecast has. I'll add mine in just a bit.

Also, MAC filtering will only be a useful technique in the case where the Chromecast is in active use or is otherwise sending some packets. If it's silent, then there's not a whole lot of ways for the Rickmote to see that it even exists without de-auth'ing the whole network.

altf4 avatar Jul 22 '14 01:07 altf4

You should see my comment on issue #4, would definitely help with this issue.

jag34 avatar Sep 16 '14 17:09 jag34