How to verify wifi password on iphone with objective-c.I use NetworkExtension/NEHotspotHelper to set wifi Password. So I want to verify the password,set the right password and ignore the wrong password.But I do not know how to figure it out.Is there any way I can try?
I don't think it's possible to do that. Because, first of all it is not possible to programmatically connect the device to a network(unless your device device is jailbroken and you have to use third party libraries). So it shouldn't have access to network security info also, especially for Wi-Fi password.
Related
I there a way in android to provide some SSID name and passwords, so the device will connect automatically when building AOSP?
So this way we can put aside a tedious job as entering wifi pass wach time I burn the ROM into device!
I haven't seen a way to do this, but I can think of a workaround.
You can call the code to save SSID from the Provision app, which is run only once during first boot.
Or add that code in the WifiService, somewhere in this method: http://androidxref.com/9.0.0_r3/xref/frameworks/opt/net/wifi/service/java/com/android/server/wifi/WifiServiceImpl.java#505
I've searched everywhere for the answer to this and have yet to find a definitive answer... Please help...
I have created an app that connects and bonds to a BLE device which requires a pin. The pin is pragmatically created and displayed to the user before the iOS bluetooth bonding dialog is triggered. So far, so good. If the user correctly enters the pin into the bonding dialog the phone and the BLE device are now bonded and everyone is happy.
Now the user closes the app and terminates the bluetooth connection.
When the app starts up again and the BLE device is discovered, is there any way to know that the bonding has already taken place? Basically, I don't want to re-display a pin to the user if the device has already bonded.
I'm currently saving the identifier of the BLE device and calling RetrievePeripheralsWithIdentifiers to see if the device has been connected before. This works but if the user goes to the bluetooth listing and selects "Forget this device", RetrievePeripheralsWithIdentifiers still returns ther peripheral. I've tried restarting the phone, uninstalling and reinstalling the app. Nothing seems to make iOS forget that at some point in the past, that identifier was connected...
Help!
iOS has no API whatsoever for pairing or bonding. iOS will only prompt a pairing dialog upon request from the other device or when it reads a characteristic that requires security. Your app won't even know that the pairing dialog is being shown, when pairing is complete, or when/if the current link is encrypted.
If the device is already bonded and the LTK that iOS has stored during a previous pairing process can be used (the slave also has it), then the link will automatically be encrypted and therefore no new pairing dialog will be shown.
The list about previously connected devices has nothing to do with bonded devices. It's just a list of previously known devices.
I think you are mixing up concepts a bit. Bonding essentially means "having the same Long Term Key".
So if you have two devices, and you want them to open up an encrypted connection, both devices simply check if they have a key associated with the corresponding device, and try to use this key to encrypt the messages.
This is why a device can't really check if the bond still exists. Each device can check if its own key still exists, but how would it know if the other device still has the key? As soon as one side has forgotten the key, the bond is lost.
I don't have much experience with iOS, but I assume their should be a function to get the stored Long Term Keys to check if there is an LTK associated with a Bluetooth address. Alternatively, it should be possible to
use external storage so that instead of the stack doing it for you, you can define a file where all keys are stored, and provide the stack with the key when needed. (At least, this works with other implementations.) In this case, you could directly look in the file to check if the devices have been bonded.
Note that entering the pin corresponds to the process of "pairing". The successful conduction of this procedure and the subsequent encryption of the connection does not prove that the devices are bonded. After disconnection, the pairing information is lost and the devices need to pair again - except if you have stored the key, which makes the pair a bond.
I faced a similar problem in my app, where if the user selected "Forget this device" from the settings then my app wouldn't know.
You can use retrieveConnectedPeripherals(withServices: [CBUUID]) to check if your device is connected to the OS. If yes then proceed with your other functions, else show PIN again(or whatever you want).
retrievePeripherals(withIdentifiers:) will return the device if it was connected to your OS previously.
I am doing this in my app. Hope this helps.
I'm writing a Today notification center widget which I want to show different information depending on whether or not the device has password lock enabled (basically I want to hide confidential information if the device is password locked). I looked around and couldn't find any good ways to do this. Has anyone been able to successfully do this?
I would not call this best practice, but it should be a workaround:
Try to access data in the keychain. If it works, the device is free, if not it's locked.
Disclaimer: There is a chance this will break in the future with changes around WatchKit. It's not documented yet, but chances are that the watch will be able to access the keychain although the device is locked.
You may be able to enable iOS Data Protection for your app and then use the applicationProtectedDataWillBecomeUnavailable and applicationProtectedDataDidBecomeAvailable methods of UIApplication to detect changes in the password lock setting.
Warning: these API's are not intended for this use, so there's always the risk that Apple will take issue with it and reject your app.
Only for iOS 8, you can use kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly protection level to find out whether or not the device is locked. This frame worked might help you out: https://github.com/liamnichols/UIDevice-PasscodeStatus
My goal is to block a device under some circumstances and for predefined devices.
I am aware of the LockDevice feature of MDM. I am also aware of the "enforce to set a passcode" feature of MDM.
But is there a way to lock a device with a predefined passcode? (i.e. the passcode is not set, and I want to enforce the user to enter my passcode to use his device)
EDIT: As people said here, MDM makes use of a predefined user's passcode.
It there a workaround for this? Or maybe some other way of achieving my initial goal?
Thanks!
There is no MDM command of configuration profile to do that. Password is always defined by an user.
We are developing an app for IOS.
Is there anyway I can check that the "identifierForVendor" that the device sends me in it's first connection to my server is actually valid?
If there isn't a way, how can I make sure someone is not just sending POSTS to my server and so making me create Device DB Objects that don't really exist?
The only secure way I have found is:
1- Make the App ask for a Device Token to APNs
2- Send it on it's first connection to my server.
3- Check with APNs Feedback Service
4- If token is ok, create the Device DB Object and continue from there.
Apple should let you know some Device-Vendor Id in a communication between Apple and your server every time someone downloads an app.
Thank you.
The simplest solution would be to append the "identifierForVendor" with something you can identify from your app. For example, if you append an alphanumeric string that looks like this: "A1B2C3D4E5F6G7" to be "A1B2C3D4E5F6G7-fromMyApp", then there is no way for someone to know what the custom appended string is, unless they have access to your code.
Of course there are more complex solutions, if you are genuinely concerned of people going so far as to monitor traffic from your app just to find the string.
Are you aware that registering for remote notifications prompts the user if they want to allow remote notifications for the app. If they choose no, there is no token generated.
Besides, they can sniff the token off the wire. Do you plan on tracking abuse and blocking users based on their token? Do you know that some actions cause a new token to be generated, such as resetting the device?
You can generate a unique ID (UUID) or use identifierForVendor, and store it in the user's key store and use that to track by device. It's still anonymous, and resetting the device resets this, but if you're tracking abusers, you can block them and they have to reset their device to try it again. This isn't much different from an APN token. It can still be sniffed, and they can still reset it. But at least the user doesn't have to say yes to allowing remote notifications.
If you're sending any kind of token, you should use HTTPS (SSL/TLS), not to protect the user from themselves (they can still sniff the token by doing their own man in the middle attack unless you are verifying the identify of the server), but this is to protect people from malicious users on the same network. You don't want to block some innocent user because they happened to use your app on a public network and inadvertently shared their token.
Of course, if we're talking a jail-broken device, all bets are off.