XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows, alt.c   
   mp.os.windows-11   
   From: marianjones@helpfulpeople.com   
      
   Here's how to query Apple's insecure WPS database for hundreds of   
   BSSID:GPS location pairs, simply by feeding the database one BSSID.   
      
   0. python apple_bssid_locator.py 11:22:33:AA:BB:CC   
      only gives you a single BSSID:GPS pair accurate to 8 decimal places.   
   1. Edit apple_bssid_locator.py in the previous GitHub download package.   
         
   2. Note that query_bssid() has the following limitation built in:   
      apple_wloc.return_single_result = 1 (i.e., "yes")   
   3. Then in process_result(), the code loops through apple_wloc.wifi_devices   
      and extracts only those with a location field. It builds a dictionary of   
      {BSSID: (lat, lon)}.   
   4. In main(), unless you pass --all, it only prints the coordinates for   
      the one BSSID you asked about.   
   5. However, Apple's API actually returns a cluster of nearby APs   
      (hundreds of BSSIDs) when you don't restrict it from doing so.   
   6. To get *hundreds* of nearby BSSID:GPS pairs, simply change the   
      def query_bssid(bssid, output_file="results.txt") as shown below.   
   9. Now run the python script again:   
      python apple_bssid_locator.py 11:22:33:AA:BB:CC --all   
   10. You'll get *hundreds* of access point location pairs now!   
      
   def query_bssid(bssid, output_file="results.txt"):   
       apple_wloc = AppleWLoc_pb2.AppleWLoc()   
       wifi_device = apple_wloc.wifi_devices.add()   
       wifi_device.bssid = bssid   
       apple_wloc.unknown_value1 = 0   
       apple_wloc.return_single_result = 0   # request ALL results   
       serialized_apple_wloc = apple_wloc.SerializeToString()   
       length_serialized_apple_wloc = len(serialized_apple_wloc)   
      
       headers = {'User-Agent':'locationd/1753.17 CFNetwork/889.9 Darwin/17.2.0'}   
       data = b"\x00\x01\x00\x05"+b"en_US"+b"\x00\x13"+b"com.apple.   
   ocationd"+b"\x00\x0a"+b"8.1.12B411"+b"\x00\x00\x00\x01\x00\x00\x00" +   
   bytes((length_serialized_apple_wloc,)) + serialized_apple_wloc   
       r = requests.post('https://gs-loc.apple.com/clls/wloc', headers=headers,   
   data=data)   
      
       apple_wloc = AppleWLoc_pb2.AppleWLoc()   
       apple_wloc.ParseFromString(r.content[10:])   
      
       # Build dictionary of results   
       results = {}   
       with open(output_file, "w") as f:   
           for wifi_device in apple_wloc.wifi_devices:   
               if wifi_device.HasField('location'):   
                   lat = wifi_device.location.latitude * 1e-8   
                   lon = wifi_device.location.longitude * 1e-8   
                   mac = format_bssid(wifi_device.bssid)   
                   results[mac] = (lat, lon)   
                   f.write(f"{mac}\t{lat}\t{lon}\n")   
      
       print(f"Saved {len(results)} entries to {output_file}")   
       return results   
      
   Note that we can plot those ~400 entries on a map with Python's folium   
   library so you can visually explore the cluster instead of scrolling.   
   --   
   Apple "says" they care about your privacy; but their actions   
   show that they don't follow their own privacy policies.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)