Other things to look into

[acheong08]

https://gsp85-ssl.ls.apple.com/wifi_request

• Comes from com.apple.geod
• Sends MAC address and gets a fixed64 back. (Does 1804284399684943872 mean anything to anyone?)

[acheong08]

$ strings -a dyld_shared_cache_x86_64h | rg -i "gsp85-carry.ls.apple.com"

https://gsp85-carry.ls.apple.com/wifi_request_tile

Can't find wifi_request in any binaries but found something close in dyld_shared_cache_x86_64h. Need to figure out which of the many dylds contained is the one that gave that

[acheong08]

Some magic numbers:
167797871, 3982925012049145399, 6124895493240913920

They seem to be shared across requests for different BSSIDs. Might encode my location but it's not right (it's somehow in the middle of the sea). I'm guessing the first number is an offset somehow

[acheong08]

The first URL seems to send the BSSID of whatever network you're connected to along with metadata. Can reliably reproduce by joining new network.

[acheong08]

This is too fucking hard. They generate C code from their protobuf definitions without embedding the proto file itself and stripped all symbols from GeoServices

[acheong08]

Not even Apple knows what the fields mean

[acheong08]

Update on wifi_request endpoint. X-tilekey seems to be morton code encoded with a different index. More experimentation required but I need sleep

[acheong08]

It is indeed morton encoded.

(y-, x+)
Basically the further north, the more y decreases and the further east, the more x increases

[AK47-2020]

Hi, great tool. Is there a way to get the vendor name matching a MAC address, possibly as a display option?

[acheong08]

Yup. Just did. Note that the CLI is just for me to play around and experiment with things more easily. Don't expect it to be coherent.

[AK47-2020]

Thanks. How do I extract a list of MAC addresses from, say, a square area? Also, it would be good to have a dialog box to change default coordinates. Indeed, you can them manually.

[acheong08]

How do I extract a list of MAC addresses from, say, a square area?

I'm not sure I want to have that in the demo UI. You can do that with code by taking the GPS coordinates of 2 corners, encode them into tile coordinates (morton.Encode → morton.Unpack), and have 2 loops to go through each tile in the area, morton.Pack to tileKey, and use lib.GetTile to fetch the access points in that area. That only covers 1 network each so you'll need to then use the wloc api to fill it up with the MAC addresses from tiles as seeds.

Also, it would be good to have a dialog box to change defaut coordinates.

I'll add it as a CLI option.

[AK47-2020]

Thanks. I am not a go programmer, but I'll give it a try