How to reveal the MAC address of a Sony Ericsson W715?

Is there a way to tell or to reveal the MAC address of a Sony Ericsson W715 mobile phone? I need to know the MAC address of the phone in order to use the Wi-Fi. I have looked through the settings in all relevant places and have not found any mention of a MAC or a "physical" address anywhere.

Aren't MAC addresses supposed to be printed on every Ethernet and Wi-Fi device?

Update:

I have now managed to connect the phone over Wi-Fi. After connecting the phone this is what I see in the router logs.

Dec 21 00:04:49      debug    UDHCPD sending ACK to 192.168.0.109
Dec 21 00:04:49      info     UDHCPD sending OFFER of 192.168.0.109
Dec 21 00:04:47      debug    UDHCPD sendOffer : find a free IP

The date and time is wrong (it almost never shows the right date and time). But as you can see no MAC address is listed here. This is from a D-Link DIR-825.

I normally have MAC filtering enabled. That's why I needed the MAC of the phone to add it in the exception list.

wireless-networking

Samir

Posted 2013-01-06T14:39:44.167

Reputation: 17 919

Can you ping te phone from another device? E.g. a laptop? From a cmd window used ping 192.168.0.109, and then type arp -a. The first command will send a packet to the phone. For this the laptop needs to know the MAC and it will do an ARP request. The phone will answer that by sending its MAC in an ARP answer. The next command arp -a will show all currenly MAC values known on the windows laptop. – Hennes – 2013-01-06T16:14:42.033

Answers

There is at least one way:

Turn on Wireless and try to connect, then check the logs on the Wireless Access Point.

If your w.a.p. has MAC filtering turned on then you might need to turn this off before you do this. There is no need to turn it back on afterwards since it provides no significant protection.

The original idea behind MAC filtering is to only listen to some allowed network cards. However everybody can fake this without effort. And they are transmitted through the air without encryption.

^{Edit: Answer to the comment in a place where I can use some formatting:}

Compare MAC filtering to a public location where a receptionist hands out access card to anyone with the right employee number or name. The employee numbers (MAC addresses) are called out and everybody can heat them.

You:  “Hi reception. I am Joe, I want access.”
Reception: “Joe? No, you are not on my list. Access denied.”

Real employee: “Hi. Reception. I am Jane. I want access”
Reception: “Hi Jane! You are on my list. Here, Enjoy!.”

You wait 5 minutes until Jane leaves. Then you walk back into the room and shout:
You: “Hi. Reception. I am Jane. I want access”     (Note, the name is faked here)
Reception: “Hi Jane! You are on the list. Here, Enjoy!.”

And you got access.

Way in the past you had to do some tricks to change your network cards MAC and this would have been a very mild barrier. However these days the option to manually set the MAC value seems to be build into just about every network card driver. It no longer is effective.

WPS background information.

To connect with a wired computer you need physical access to the network jack. With wireless everybody could connect, even some disgruntled ex-employee in a car next to your building. (or a neighbour to cheap to get his own network and leeching of your bandwidth, slowing your access down).

Some 'protections' where used to counter this, starting in 1999 with with an encryption method called Wired Equivalent Protection (W.E.P.). The calculations for WEP had to be light enough to work on cheap hardware without slowing it down, yet hard enough that it could not be cracked within minutes.

That was true for the 1999 era hardware. Over time computers grow more powerful, and these days it takes more seconds to listen in on someone's WEP encrypted traffic and to crack WEP.

In 2003 this was replaced by Wi-Fi_Protected_Access (WPA) and in 2006-ish by WPA-2.

Both protocols use stronger encryption. Using WPA2 in combination with a good passphrase is still secure enough.

If you use a weak passphrase/password that people can guess, then things are obviously vulnerable to that.

The downside is that using a long and complex password might be hard to remember.

Tp 'help' with this Wi-Fi Protected Setup (WPS) got introduced.

WPS allows you to send a 'pin' code (instead of a password) to the wireless access point. The wireless access point is then supposed to verify if the pin code is valid; if it is it should send all information needed to connect (including the long/difficult WPA passphrase).

This is all very 'helpful' and 'user friendly', but you replace the hopefully long and complex password with a 8 digit pincode. In therory abuse is prevented by allowing only limited WPS authenthacations over time. E.g. Max. 3 per minute.

With 8 digit you have 10 ⁸ (100 000 000, 100 million) different combinations. If you try 3 per minute (or 180 per hour, or 4320 per day, 1577880 per year) it would take 63.38 years to check all possible conbinations. That seems safe enough. WPS was shipped and required in all devices in order for certification.

However the protocol has a fatal flaw.

The pin code is not checked against all 8 digits. Instead two groups of four are sent. If the first group is not valid than an error is returned. This makes finding the right pin a lot easier.

E.g. check 0000 -> fail.
I now know that all 8 digit numbers starting with 0000 are not correct. So I do not need to check 00000000 though 00009999.

This means I need to check up to a mere 1000 keys until I find the first four digits.

Once I got these I can check the next 4. One of those is a checksum and can be calculated. So I only need to check 100 more.

And since on average I will find the key halfway though the search I now need to check about 550 keys. (500 for the first digits, 50 for the rest).

550 keys at a rate of 3 per minute takes about 3 hours. Not quite the trivial few seconds for WEP, but a long way from the 63 years safety.

And since all of this is done differently from 'normal' access point operations I do not trust that special rules (such as putting a device on a MAC filter) will be follow.

Hennes

Posted 2013-01-06T14:39:44.167

Reputation: 60 739

Thanks! My WAP is my D-Link DIR-825 router. It doesn't show any MAC address in the logs as you can see in the update above. Yes, I normally use MAC filtering. I had to turn it off for this to work. I was hoping I wouldn't have to, because this router software is very buggy so I don't like messing with it. What was the original idea behind MAC filtering if it doesn't really add anything to the security? What is it's weakness? – Samir – 2013-01-06T15:23:51.343

Added the answer to the post since I could not fit it in this comment. – Hennes – 2013-01-06T16:00:39.667

So MAC filtering is essentially not effective because it has become has become an easy task these days to change the MAC address, so anyone could say they have a given MAC address? And the MAC address can be captured because it is announced without encryption? – Samir – 2013-01-08T22:08:46.580

Yes. And the way Ethernet is designed it is not possible to encrypt the MAC. Which makes it as useful for security as a 'personnel only' sign on an unlocked door. – Hennes – 2013-01-08T22:18:37.990

You can allow mobile phone access to WIFI using WPS method. There should be a little switch called WPS.

Check "Add Wireless Device with WPS Wizard" in manual

Garfield Carneiro

Posted 2013-01-06T14:39:44.167

Reputation: 1

This assumes WPS (Wifi Protected Setup)is not disabled. Which it should be since it has a flaw and can be cracked in minutes. (The flaw is that it reports correct/or wrong on the first half of the WPS digits, reducing the need to brute force WPS numbers from 7 digits (Up to 10^7 guesses need) to only 10^4 (1000) guesses needed. – Hennes – 2013-01-06T16:04:35.790

@Hennes Does this mean that WPS overrides the MAC filtering settings? In other words, even a computer whose MAC address is not listed in the Allow list can access the WLAN if one uses the WPS button to connect? – Samir – 2013-01-09T15:10:36.083

That depends on the implementation. I will add some WPS background to my post. – Hennes – 2013-01-09T20:06:32.583

If you can manage to get a wireless network card into monitor mode in a linux distribution of your choice, you can look at raw 802.11 traffic in a packet sniffer such as wireshark while generating probes from that device (attempts to connect to that access point) or if you use the aircrack-ng suite you can use airodump-ng to view which MAC's are trying or successfully associated with their respective access points. If you were unsure you can use websites like http://www.coffer.com/mac_find/ to attempt to resolve a MAC address to a manufacturer, but that's only if you know who manufactures the card on your device, which you would have to research.

Bryan

Posted 2013-01-06T14:39:44.167

Reputation: 710

I have found an even easier solution to the problem. There is actually a menu option where you can see the MAC address. But it is not described in the manual.

Menu
Settings
Communication
Wi-Fi
Options softkey

Then there should be an option titled Advanced or similar. When you chose this option you should be able to see the MAC address, although you may need to press on some additional menu option to view these details. I don't know exactly as I am recalling these steps from memory, I don't have the phone here with me to check it. But it has to be there, just keep looking.

Like I said, I was looking through the manual, and I even did a text search in the PDF manual just in case I missed something. For some reason this option is not described in the manual. They don't tell you at all how to set up a Wi-Fi connection manually and where to put in the details.

It's strange to me that they don't print the MAC address on the label in the battery compartment. I think they should, and if I am not mistaken they have to according to either IEEE or FCC.

Samir

Posted 2013-01-06T14:39:44.167

Reputation: 17 919