(09-24-2019, 11:19 PM)slawson Wrote:
Does the client store and publish the PMKID, or just the AP? In other words, can I gather PMKIDs from a nearby client that has been previously connected to various APs?
Essentially you can obtain the PMKID from either the AP (clientless) or the client just like a 4-way handshake. Both will yield the same results. You cannot gather additional APs PMKIDs from a client from which it is not connected to.
Quick edit: So a client which is visible and connected to an AP which you do not have a signal too can still yield you the PMKID even with the AP NOT IN RANGE of your device.