How to reveal the MAC address of a Sony Ericsson W715?
Is there a way to tell or to reveal the MAC address of a Sony Ericsson W715 mobile phone? I need to know the MAC address of the phone in order to use the Wi-Fi. I have looked through the settings in all relevant places and have not found any mention of a MAC or a "physical" address anywhere.
Aren't MAC addresses supposed to be printed on every Ethernet and Wi-Fi device?
Update:
I have now managed to connect the phone over Wi-Fi. After connecting the phone this is what I see in the router logs.
Dec 21 00:04:49 debug UDHCPD sending ACK to 192.168.0.109
Dec 21 00:04:49 info UDHCPD sending OFFER of 192.168.0.109
Dec 21 00:04:47 debug UDHCPD sendOffer : find a free IP
The date and time is wrong (it almost never shows the right date and time). But as you can see no MAC address is listed here. This is from a D-Link DIR-825.
I normally have MAC filtering enabled. That's why I needed the MAC of the phone to add it in the exception list.
Solution 1:
There is at least one way:
Turn on Wireless and try to connect, then check the logs on the Wireless Access Point.
If your w.a.p. has MAC filtering turned on then you might need to turn this off before you do this. There is no need to turn it back on afterwards since it provides no significant protection.
The original idea behind MAC filtering is to only listen to some allowed network cards. However everybody can fake this without effort. And they are transmitted through the air without encryption.
Edit: Answer to the comment in a place where I can use some formatting:
Compare MAC filtering to a public location where a receptionist hands out access card to anyone with the right employee number or name. The employee numbers (MAC addresses) are called out and everybody can heat them.
You: “Hi reception. I am Joe, I want access.” Reception: “Joe? No, you are not on my list. Access denied.” Real employee: “Hi. Reception. I am Jane. I want access” Reception: “Hi Jane! You are on my list. Here, Enjoy!.” You wait 5 minutes until Jane leaves. Then you walk back into the room and shout: You: “Hi. Reception. I am Jane. I want access” (Note, the name is faked here) Reception: “Hi Jane! You are on the list. Here, Enjoy!.”
And you got access.
Way in the past you had to do some tricks to change your network cards MAC and this would have been a very mild barrier. However these days the option to manually set the MAC value seems to be build into just about every network card driver. It no longer is effective.
WPS background information.
To connect with a wired computer you need physical access to the network jack. With wireless everybody could connect, even some disgruntled ex-employee in a car next to your building. (or a neighbour to cheap to get his own network and leeching of your bandwidth, slowing your access down).
Some 'protections' where used to counter this, starting in 1999 with with an encryption method called Wired Equivalent Protection (W.E.P.). The calculations for WEP had to be light enough to work on cheap hardware without slowing it down, yet hard enough that it could not be cracked within minutes.
That was true for the 1999 era hardware. Over time computers grow more powerful, and these days it takes more seconds to listen in on someone's WEP encrypted traffic and to crack WEP.
In 2003 this was replaced by Wi-Fi_Protected_Access (WPA) and in 2006-ish by WPA-2.
Both protocols use stronger encryption. Using WPA2 in combination with a good passphrase is still secure enough.
If you use a weak passphrase/password that people can guess, then things are obviously vulnerable to that.
The downside is that using a long and complex password might be hard to remember.
Tp 'help' with this Wi-Fi Protected Setup (WPS) got introduced.
WPS allows you to send a 'pin' code (instead of a password) to the wireless access point. The wireless access point is then supposed to verify if the pin code is valid; if it is it should send all information needed to connect (including the long/difficult WPA passphrase).
This is all very 'helpful' and 'user friendly', but you replace the hopefully long and complex password with a 8 digit pincode. In therory abuse is prevented by allowing only limited WPS authenthacations over time. E.g. Max. 3 per minute.
With 8 digit you have 10 8 (100 000 000, 100 million) different combinations. If you try 3 per minute (or 180 per hour, or 4320 per day, 1577880 per year) it would take 63.38 years to check all possible conbinations. That seems safe enough. WPS was shipped and required in all devices in order for certification.
However the protocol has a fatal flaw.
The pin code is not checked against all 8 digits. Instead two groups of four are sent. If the first group is not valid than an error is returned. This makes finding the right pin a lot easier.
E.g.
check 0000 -> fail.
I now know that all 8 digit numbers starting with 0000 are not correct. So I do not need to check 00000000 though 00009999.
This means I need to check up to a mere 1000 keys until I find the first four digits.
Once I got these I can check the next 4. One of those is a checksum and can be calculated. So I only need to check 100 more.
And since on average I will find the key halfway though the search I now need to check about 550 keys. (500 for the first digits, 50 for the rest).
550 keys at a rate of 3 per minute takes about 3 hours. Not quite the trivial few seconds for WEP, but a long way from the 63 years safety.
And since all of this is done differently from 'normal' access point operations I do not trust that special rules (such as putting a device on a MAC filter) will be follow.