Updates on DHCP signatures (fingerprints) and signatures-related discussions

Text archives Help

Re: [fingerbank-signatures] HTC Android Fingerprint Issue

Chronological Thread 
  • From: Eric Kollmann < >
  • To: Olivier Bilodeau < >
  • Cc: ,
  • Subject: Re: [fingerbank-signatures] HTC Android Fingerprint Issue
  • Date: Wed, 1 Feb 2012 08:26:08 -0700

This is an old thread now, but a new interesting blog entry:
Basically it seems to support what you were already seeing that different vendors are compiling android themselves, which I guess makes sense for different hardware and they are making some of their own changes.

On Wed, Jan 11, 2012 at 9:33 AM, Olivier Bilodeau < "> > wrote:
On 09/01/12 5:17 PM, Eric Kollmann wrote:
> Are there really any vendors that specifically modified the Android DHCP
> service to provide a specific fingerprint for their product (or actually
> request a something from DHCP that their specific device needs)?  I
> guess it is possible, but my guess is the reason people were seeing
> different fingerprints on HTC vs Nexus had more to do with the version
> of Andriod on the device at the time than on the vendor.
> I don't have access to enough Android based devices to prove that, but I
> don't see many (any?) vendors changing the Android DHCP code for this
> purpose.  Based on that, my guess is that it is more Android 2.0, 2.1,
> 2.2, 2.3, 3.0 etc devices you are seeing, not specific vendors.

Well, most of the initial fingerprints were tied to a MAC Vendor and I
compared several submissions before putting them in (as I had catching
up to do) and there were no obvious clashes. There seems to be a lot of
fragmentation in android.

I have 13 android fingerprints spread over various MAC Vendors and
User-Agents and there are not 13 Android releases yet.

When I have the User-Agent string, I can more reliably make the
difference and yes, there seems to be a lot of differentiation (at least
in the User-Agent).

1,33,3,6,28,51,58,59 is Android/3.2; asus Transformer TF101; 2.1.2
1,121,33,3,6,12,15,28,42,51,58,59,119 - Vizio Android Tablet

However, I realize now that categorizing them without enough information
as I did with the original ones causes a problem because we can't ever
go back unless someone challenges it like it just happens..

I have a simple DHCP dumping tool that would make this re-validation of
fingerprints easier that is almost ready too. Stay tuned.

Meanwhile I'm being more careful now.

>     It seems the dhcp fingerprint ("1,121,33,3,6,15,28,51,58,59,119")
>      which is
>     listed under HTC Android is also send by Google Nexus S(Samsung
>     Hardware) and
>     Samsung Galaxy.

Would it be possible to state which version of Android of each device?

>     Shouldn't this be moved to a generic Android category?

Yes, I'm doing this in the next update. I'll go back to re-validate the
ones that hit our lab SSID also.

Thanks guys for the correction / feedback!
Olivier Bilodeau
">  ::  +1.514.447.4918 *115  ::  www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence

  • Re: [fingerbank-signatures] HTC Android Fingerprint Issue, Eric Kollmann, 02/01/2012

Archive powered by MHonArc 2.6.18.

Top of page