Check for randomized MAC by flipping bit 02?

[wersimmon]

I'm not familiar with how bluetooth MACs are actually randomized in the real world, but some sources suggest that manufacturers use the "Local bit" that IEEE RFC 7042 defines to denote the difference between normal and randomized MACs. Specifically, that MACs have bit 02 as 0 when they are normal, and bit 02 as 1 when they are randomized, but the OUI is otherwise unchanged.

From the IEEE OUI database, I found the following OUIs listed for "Meta Platforms, Inc." and calculated their supposed randomized version:
48:05:60 -> 4A:05:60
CC:A1:74 -> CE:A1:74
C0:DD:8A -> C2:DD:8A
D0:B3:C2 -> D2:B3:C2
88:25:08 -> 8A:25:08
94:F9:29 -> 96:F9:29
D4:D6:59 -> D6:D6:59
78:C4:FA -> 7A:C4:FA
B4:17:A8 -> B6:17:A8
50:99:03 -> 52:99:03
80:F3:EF -> 82:F3:EF
84:57:F7 -> 86:57:F7

And the following OUIs for "Facebook Inc":
48:57:DD -> 4A:57:DD
A4:0E:2B -> A6:0E:2B

Maybe this helps the detection algorithm?

[NullPxl]

Interesting, thank you!

From checking my logs and what I remember seeing, it doesn't seem like BLE randomization preserves the OUI in the way you mentioned. The 2020 juniper networks article seems to talk about Wi-Fi, so maybe the randomization approach between BLE vs Wi-FI MAC addresses differ (they're from the same address namespace, but handled differently). I think both get fully randomized but when I take a look at Wi-Fi I'll check this.
Modern approach for BLE seems to be to use Resolvable Private Addresses (RPAs) which rotate randomly every 15 minutes. This seems to be the case for the pair of raybans I tested with. From my logs:

time, start of MAC
00:52, 64:BF
01:07, 54:5E

[NullPxl]

Also thanks for the link to the OUI database, I somehow didn't come across that and was using some random site