MAC & IP address

Discussion in 'privacy technology' started by wod, Oct 4, 2010.

Thread Status:
Not open for further replies.
  1. caspian
    Offline

    caspian Registered Member

    Since the 60's?? Wow! I would have NEVER guessed that in a million years. And the cloud cover is an interesting thought too. I recently went on a trip and tried to use my Iphone to get directions via GPS and it would not work because of the rain.
  2. caspian
    Offline

    caspian Registered Member

  3. lotuseclat79
    Online

    lotuseclat79 Registered Member

    Hi caspian,

    Not exactly, as I understand the issue - please correct me if my reasoning is wrong and tell us why! If the router's mac address can be changed, then it will broadcast the spoofed mac address which is not changed in the hardware's firmware permanently. For that session, the mac address will remain spoofed until it is either re-spoofed, or comes back to nominal factory specs of the NIC card in the firmware, e.g. power reboot.

    That said, I suppose that the router's geolocation can still be compromised, but the plausible deniability against the factory specs should hold regarding the mac address that could be logged elsewhere remotely. Regarding the geolocation, since the author of that post (at the link) you referenced, used Javascript to probe the router's mac address - how that was done is a question without the code and whether the mac address was accessed in the router's memory or if there is a way to get the factory installed firmware version of the mac address using some other interface - I don't know without seeing the router's specifications, documentation, etc. and the Javascript code the author ran to get it.

    The flaw or weakness of all of the schemes I've seen is that when a mac address is spoofed, it is usually changed to the same value every time. The obvious scheme would be to use a random number generator to generate the last five components of the mac address, the first one being "00", otherwise, I seem to remember a comment from somewhere, that it won't work without that feature. When I get the time, I may work on some code to do just that - it should be straight forward.

    -- Tom
  4. lotuseclat79
    Online

    lotuseclat79 Registered Member

    I was able to put together a bash shell script that executes a small nawk program that generates a new mac address each time it is executed.

    Unfortunately, I am leaving on a weekend trip and will not be back until next week. I have yet to test the shell script, but the nawk program works very nicely!

    I'll post the shell script code (which has the nawk program embedded as a comment) after I get back from the weekend and have completed testing the shell script.

    -- Tom
  5. lotuseclat79
    Online

    lotuseclat79 Registered Member

    Here is the short version (no doc) of my bash shell script for Linux/Unix to change the mac address randomly with each execution. It embeds the genmacaddr nawk program (use nawk, gawk, or awk) which should be saved in a separate file. It also includes surrounding ifconfig commands around the four commands that respectively: disable eth0, compute new random mac address, set new macaddr, and enable eth0 - which can be commented or edited out after you assure yourself that it works. Or, you can just execute the nawk command multiple times after storing genmacaddr in its own file to assure yourself that a new mac address will be generated. It does not change the permanent mac address in the firmware, and only generates a spoofed random mac address which is broadcast. It is safe to delete the -x on the first line of the bash script which is only for debugging to see the commands that execute. Note: /bin/bash, and one of /usr/bin/nawk, /usr/bin/gawk, or /usr/bin/awk must be installed for this script to work in addition to the ifconfig command on Linux/Unix systems.

    Code:
    #!/bin/bash -x
    ############################genmacaddr nawk program#############################
    #BEGIN {
    #     n0 = "00"
    #     srand()
    #     n1 = sprintf("%02x", int(255 * rand()))
    #     n2 = sprintf("%02x", int(255 * rand()))
    #     n3 = sprintf("%02x", int(255 * rand()))
    #     n4 = sprintf("%02x", int(255 * rand()))
    #     n5 = sprintf("%02x", int(255 * rand()))
    #     print n0":"n1":"n2":"n3":"n4":"n5
    #}
    ################################################################################
    #
    ifconfig
    ifconfig eth0 down
    newmacaddr=`nawk -f genmacaddr -`
    ifconfig eth0 hw ether $newmacaddr
    ifconfig eth0 up
    ifconfig
    exit 0
    
    -- Tom

    P.S. Edited genmacaddr to reduce code to 18 lines when 1st and last ifconfig statements are deleted. Note: genmacaddr.sh is what I named the bash shell script you see. You have to delete the '#' comment character in the genmacaddr nawk program file on each line.
    Last edited: Oct 14, 2010
  6. wod
    Offline

    wod Registered Member

    thanks !
    by the way -do recommend the backtrack distribution ?have tried it by chance ?
  7. lotuseclat79
    Online

    lotuseclat79 Registered Member

    Haven't tried the Live CD yet. Have used some of the tools.

    -- Tom
  8. caspian
    Offline

    caspian Registered Member

  9. DasFox
    Offline

    DasFox Registered Member

    For Linux:

    * ifconfig eth0 down
    * ifconfig eth0 hw ether 11:11:11:11:11:ab
    * ifconfig eth0 up
  10. LockBox
    Offline

    LockBox Registered Member

    I've tried several over the years and this was easily one of the better of the bunch. However, I've been using "Mac Makeup" since 2003. It's still a killer simple program with a large database of adapter information to make it as realistic as possible. It's been awhile since an update - but it still just works.

    When used in combination with Nirsoft's MACAddressView v1.13 - MAC Address Lookup/Find Tool for Windows you've got the simple steps to idiot-proof MAC spoofing.

    1. Find manufacturer information for your adapters using Nirsoft program. Very simple.
    2. Go to that manufacturer in 'MAC Makeup' and let it select a MAC adapter address in their very own format - click 'change'. Your done!

    SMAC has now an almost cloned interface as MAC Makeup and can be used just as simply. The big difference: SMAC is $60 after evaluation if you want to keep all the good features. 'Mac Makeup' (the original) is still - free. They do the exact same thing. Don't get my wrong, as I said before, SMAC is one of the better of these MAC spoofers, but take a look at MAC Makeup.
  11. caspian
    Offline

    caspian Registered Member

    Oh wow this is great. Thanks for the tip!
  12. onigen
    Offline

    onigen Registered Member

    Hmm, my AV flagged it as a trojan.
    Then ran it through VirusTotal = 20/ 43 (46.5%).
  13. LockBox
    Offline

    LockBox Registered Member

    There's no malware. Those AV vendors who flag it as a trojan, flag many anti-forensic tools as malware.
  14. DasFox
    Offline

    DasFox Registered Member

    Thanks for posting this, but I'm even a Linux geek and I get some of what you are saying, so it would be nice to simply tell us how to run it and what...

    So do we just run the script just like it is shown below and that is it? Or do we need to do anything else?

    I don't get these two parts at all you mention;

    which should be saved in a separate file (What need to create a file?) - how?
    storing genmacaddr in its own file (Again need a file?) how?


    THANKS


    Code:
    #!/bin/bash
    ############################genmacaddr nawk program#############################
    BEGIN {
         n0 = "00"
         srand()
         n1 = sprintf("%02x", int(255 * rand()))
         n2 = sprintf("%02x", int(255 * rand()))
         n3 = sprintf("%02x", int(255 * rand()))
         n4 = sprintf("%02x", int(255 * rand()))
         n5 = sprintf("%02x", int(255 * rand()))
         print n0":"n1":"n2":"n3":"n4":"n5
    }
    ################################################################################
    #
    ifconfig
    ifconfig eth0 down
    newmacaddr=`nawk -f genmacaddr -`
    ifconfig eth0 hw ether $newmacaddr
    ifconfig eth0 up
    ifconfig
    exit 0
    
  15. lotuseclat79
    Online

    lotuseclat79 Registered Member

    Hi DASFox,

    What you have posted is with the commented portion as no longer comments which may not work if you execute that as a shell script. - i.e. mixed awk with shell script code in a shell script. The commented portion needs to be saved on its own in a separate file, named genmacaddr which is the awk file that gets called by nawk in the script overall, named genmacaddr.sh. The genmacaddr nawk program file is clearly delineated by comments in the script as posted. Save it in a file and strip out the comments (which are not shown in what you have posted - so that part is ok - it just is not a part of the script.

    -- Tom
Thread Status:
Not open for further replies.