Any ways to change the MAC address permanently?

kaola_linux · 2009-01-11 14:57:26

Are there?:)

theringmaster · 2009-01-11 15:02:11

get a new computer, because the mac address is built into hardware. It identifies the hardware you could say.

Anamn3sis · 2009-01-11 15:17:47

macchanger can spoof the mac, you could write a shell script the executes at bootup to change the MAC.

dw · 2009-01-11 16:22:40

hi, i have a file called change_mac with the following content in /etc/rc.d and start in on boot by placing change_mac in the daemons-array in rc.conf. you just need to adjust XX:XX:XX:XX:XX:XX by the mac-address you want to have and change the device of course. this script basically just calls macchanger als already suggested.

#!/bin/bash

start()
{
    echo "Changing MAC ..."
    /usr/bin/macchanger --mac=XX:XX:XX:XX:XX:XX ethX
}

stop()
{
    echo "Macchanger stops"

}

case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 *)
 echo "Use $0 [start] to change the MAC!"
 ;;
esac
exit 0

hope this helps,
bernhard

Last edited by dw (2009-01-11 16:23:12)

initbox · 2009-01-11 17:21:33

ifconfig eth0 hw ether 00:01:02:03:04:05

I guess it won't be permanent

moljac024 · 2009-01-11 23:25:10

initbox wrote:

ifconfig eth0 hw ether 00:01:02:03:04:05
I guess it won't be permanent

But if it is stared on system startup, what doesn't make it permanent ?

Xyne · 2009-01-11 23:40:09

initbox wrote:

ifconfig eth0 hw ether 00:01:02:03:04:05

Is there any way for another computer to get the real mac address or determine that this is fake once this has been set?

RedShift · 2009-01-12 01:11:48

Xyne wrote:

initbox wrote:
ifconfig eth0 hw ether 00:01:02:03:04:05
Is there any way for another computer to get the real mac address or determine that this is fake once this has been set?

No.

xaiviax · 2009-01-12 01:28:49

Xyne wrote:

initbox wrote:
ifconfig eth0 hw ether 00:01:02:03:04:05
Is there any way for another computer to get the real mac address or determine that this is fake once this has been set?

No, mac address's were not developed for security purposes. However, for the truly paranoid, all major manufacturers follow their own numbering system, so it could be determined that a made up mac address was not a "real" one.

Xyne · 2009-01-12 01:38:47

I tried to find it by searching, but failed... how can I reset the true mac address without rebooting (or just get the true mac address)?

*edit*

xaiviax wrote:

No, mac address's were not developed for security purposes. However, for the truly paranoid, all major manufacturers follow their own numbering system, so it could be determined that a made up mac address was not a "real" one.

That wasn't a completely paranoid question. I also immediately thought of using nmap to get mac addresses in order to bypass mac filters on networks (I always though spoofing mac addresses was harder than this).

Btw, do you know a way to hide the network card vendor?

*edit 2*
What's the best way to change the mac address at boot before the network goes up on Arch? A line in /etc/rc.local?

Last edited by Xyne (2009-01-12 01:53:04)

xaiviax · 2009-01-12 02:36:46

Xyne wrote:

how can I reset the true mac address without rebooting (or just get the true mac address)?

ifconfig gives the mac address (hardware address). Once changed, I don't know of a way to see what it was.

Xyne wrote:

Btw, do you know a way to hide the network card vendor?

http://www.erg.abdn.ac.uk/users/gorry/c … codes.html

Xyne · 2009-01-12 02:44:43

Thanks for the replies, xaiviax.

kaola_linux · 2009-01-12 02:53:23

Wow! This has evolved since my last post...

I do change my MAC address with this command:

ifconfig wlan0 down hw ether  xx:xx:xx:xx:xx:xx 
ifconfig wlan0 up

Just the same as what has posted...This temporarily changes my MAC and resets to default after reboot...But I can just enter my default MAC again without the needs of restarting and its fine...

I have macchanger and kismet...I'm confused what to use on the "source:" part of my "kismet.conf"...I'm using an atheros b/g...I need some help...:)

Thanks...

Last edited by kaola_linux (2009-01-12 02:57:13)

xaiviax · 2009-01-12 03:23:10

kaola_linux wrote:

I have macchanger and kismet...I'm confused what to use on the "source:" part of my "kismet.conf"...I'm using an atheros b/g...I need some help...:)
Thanks...

I use : source=iwl3945,wlan0,wlan0 so substitute accordingly to your system

kaola_linux · 2009-01-12 03:26:29

Here is what I got by issuing lspci on my wireless device:

03:00.0 Ethernet controller: Atheros Communications Inc. AR242x 802.11abg Wireless PCI Express Adapter (rev 01)

How do I determine it?:)

archlinuxsagi · 2009-01-12 03:32:28

kaola_linux wrote:

How do I determine it?:)

ifconfig | grep HWaddr

To know your mac address change..

kaola_linux · 2009-01-12 03:45:08

No, I mean to determine on what should be used on the "source:" part of "kismet.conf" But thanks that's informative...:)

Last edited by kaola_linux (2009-01-12 03:51:56)

archlinuxsagi · 2009-01-12 04:02:53

You can also use the following

sudo macchanger -A wlan0

basically you can see macchanger options
through

macchanger --help

xaiviax · 2009-01-12 05:22:54

kaola_linux wrote:

No, I mean to determine on what should be used on the "source:" part of "kismet.conf" But thanks that's informative...:)

lsmod

RedShift · 2009-01-12 18:04:09

Xyne wrote:

I tried to find it by searching, but failed... how can I reset the true mac address without rebooting (or just get the true mac address)?
*edit*
xaiviax wrote:
No, mac address's were not developed for security purposes. However, for the truly paranoid, all major manufacturers follow their own numbering system, so it could be determined that a made up mac address was not a "real" one.
That wasn't a completely paranoid question. I also immediately thought of using nmap to get mac addresses in order to bypass mac filters on networks (I always though spoofing mac addresses was harder than this).
Btw, do you know a way to hide the network card vendor?

*edit 2*
What's the best way to change the mac address at boot before the network goes up on Arch? A line in /etc/rc.local?

Do something like:

eth0mac="eth0 hw ether 00:01:02:03..."
eth0="eth0 192.168.0.1 netmask 255.255.255.0"
INTERFACES=(eth0mac eth0)

Xyne · 2009-01-12 18:18:25

I've rebooted and my "fake" mac address is still listed by ifconfig. I don't remember changing any files and grepping for the new address in /etc/* and ~/* yields nothing.

I'll try setting it to something else and see what happens.

cylonmath · 2009-01-13 08:14:11

There is no macchanger package in AUR right
The current macchanger cant be compiled as makepkg -s as it doesnt have a PKGBuilt file inside that tarball...

RedShift · 2009-01-13 08:19:49

cylonmath wrote:

There is no macchanger package in AUR right
The current macchanger cant be compiled as makepkg -s as it doesnt have a PKGBuilt file inside that tarball...

Why would you need that macchanger script anyway? It's just a wrapper for a single ifconfig command, and you can perfectly change an interface's NIC via rc.conf.

kludge · 2009-01-14 02:15:09

when i was still using netcfg2, i was doing the following to get a randomized, manufacturer-valid mac address every time i connected an access point:

in each network profile:

PRE_UP='. $SUBR_DIR/spoof.subr; ifconfig $INTERFACE down; ifconfig $INTERFACE hw ether $(generate_random_mac)'

the 'ifconfig $INTERFACE down' is necessary for my card, annoying belkin-made rtl8185 pcmcia card.

/usr/lib/network/spoof.subr:

#!/bin/bash

SPOOF_DIR=$SUBR_DIR"spoof/"
SPOOF_VEND_FILE="stefan-maclist.txt"

generate_random_mac() {

        echo $(${SPOOF_DIR}/fakeap.pl --vendors ${SPOOF_DIR}${SPOOF_VEND_FILE})

}

the following is extracted from Black Alchemy Weapons Lab's fakeap.pl

/usr/lib/network/spoof.pl

#!/usr/bin/perl

use strict;
use warnings;
use Getopt::Long;
use Time::HiRes;

use vars
  qw( $vendors_opt $wep_opt );

my @vendors = ( "00:00:0C:", "00:00:CE:", "00:00:EF:" );

# load_vendors
#
# args: none
# rets: none
# 
# Loads vendor mac prefix file into @vendors

sub load_vendors {
    @vendors = ();
    open( my $FH, "<$vendors_opt" ) or die "Could not open $vendors_opt: $!\n";
    while ( my $line = <$FH> ) {
        chomp $line;
        $line =~ /^(\w\w:\w\w:\w\w)/;
        push @vendors, "$1:";
    }
    close $FH;

    return;
}

# gen_mac
# 
# args: none
# rets: none
#
# Returns a random MAC address with first three octets from @vendors
# last three random.

sub gen_mac {

    return sprintf(
        "%s%02X:%02X:%02X",
        $vendors[ int( rand $#vendors ) ],
        int( rand 256 ),
        int( rand 256 ),
        int( rand 256 )
    );

}

################################################################
# 
# Main
# 

GetOptions(
    "vendors=s"   => \$vendors_opt
);

load_vendors() if $vendors_opt;

my $mac = gen_mac();

print( $mac );

i know of two sources for a list of valid manufacturer mac address triples. stefan-maclist.txt comes with fakeap.pl. a much more comprehensive list is the file 'manuf' in the root directory of the wireshark source, but it needs some editing before it will work with the fakeap.pl code snippet.

one thing this doesn't do is avoid using your actual mac address.

Last edited by kludge (2009-01-14 02:16:54)

ammon · 2009-01-15 23:28:25

Just started to use this script, simple and ?effective?.

#!/bin/bash

MAC=`dd if=/dev/urandom bs=3 count=1 status=noxfer 2>/dev/null | od -t x1 | sed -e "s/^0* //;s/ /:/g;q"`

ifconfig wlan0 down hw ether 00:13:$MAC
ifconfig wlan0 up

00:13 is ?vendor? ID, I think. And I cant change that.

I'm trying to exec this at startup... tried xinitrc, it wont work, X cant start.
Anyone got idea?

P.S.
ifconfig says that MAC has changed, but look at this.

MAC (00:13:E8:D3:B6:93)

This is the output from aireplay-ng.
That what it says is old MAC.
Why ifconfig and aireplay-ng have diffirent outputs? Should not aireplay also read faked MAC?

Last edited by ammon (2009-01-16 01:39:02)

Arch Linux

#1 2009-01-11 14:57:26

Any ways to change the MAC address permanently?

#2 2009-01-11 15:02:11

Re: Any ways to change the MAC address permanently?

#3 2009-01-11 15:17:47

Re: Any ways to change the MAC address permanently?

#4 2009-01-11 16:22:40

Re: Any ways to change the MAC address permanently?

#5 2009-01-11 17:21:33

Re: Any ways to change the MAC address permanently?

#6 2009-01-11 23:25:10

Re: Any ways to change the MAC address permanently?

#7 2009-01-11 23:40:09

Re: Any ways to change the MAC address permanently?

#8 2009-01-12 01:11:48

Re: Any ways to change the MAC address permanently?

#9 2009-01-12 01:28:49

Re: Any ways to change the MAC address permanently?

#10 2009-01-12 01:38:47

Re: Any ways to change the MAC address permanently?

#11 2009-01-12 02:36:46

Re: Any ways to change the MAC address permanently?

#12 2009-01-12 02:44:43

Re: Any ways to change the MAC address permanently?

#13 2009-01-12 02:53:23

Re: Any ways to change the MAC address permanently?

#14 2009-01-12 03:23:10

Re: Any ways to change the MAC address permanently?

#15 2009-01-12 03:26:29

Re: Any ways to change the MAC address permanently?

#16 2009-01-12 03:32:28

Re: Any ways to change the MAC address permanently?

#17 2009-01-12 03:45:08

Re: Any ways to change the MAC address permanently?

#18 2009-01-12 04:02:53

Re: Any ways to change the MAC address permanently?

#19 2009-01-12 05:22:54

Re: Any ways to change the MAC address permanently?

#20 2009-01-12 18:04:09

Re: Any ways to change the MAC address permanently?

#21 2009-01-12 18:18:25

Re: Any ways to change the MAC address permanently?

#22 2009-01-13 08:14:11

Re: Any ways to change the MAC address permanently?

#23 2009-01-13 08:19:49

Re: Any ways to change the MAC address permanently?

#24 2009-01-14 02:15:09

Re: Any ways to change the MAC address permanently?

#25 2009-01-15 23:28:25

Re: Any ways to change the MAC address permanently?

Board footer