How to spoof MAC address? (Solved)

What works, and doesn't, for you. Be specific, and please include Puppy version.
Post Reply
Message
Author
User avatar
jh
Posts: 17
Joined: Tue 26 Jul 2005, 20:19

How to spoof MAC address? (Solved)

#1 Post by jh »

Where in the startup sequence would I add a line to a file to get Puppy to spoof/change my MAC address?

I want the change to occur at the right point in startup so that DNS services will work. Haven't found that correct spot yet.

User avatar
babbs
Posts: 397
Joined: Tue 10 May 2005, 06:35
Location: Tijuana, BCN, Mexico

#2 Post by babbs »

Its my understanding that the MAC address is encoded in the chipset for your network card. Under normal circumstances, there is no reason to need to change it. Is there a reason that you need to spoof another network card?

User avatar
jmarsden
Posts: 265
Joined: Sat 31 Dec 2005, 22:18
Location: California, USA

#3 Post by jmarsden »

babbs wrote:Its my understanding that the MAC address is encoded in the chipset for your network card. Under normal circumstances, there is no reason to need to change it. Is there a reason that you need to spoof another network card?
Some ISPs track what MAC address is connected to your DSL modem, and (trying to prevent hooking up multiple PCs?) will not "talk" to a second and different device at your location (at least not without a lengthy timeout period with no device connected, or even without calling them up and asking).

So, I suppose, if you had a DSL line from such a provider, but no router and no home network, and you wanted to manually switch the DSL line from a Windows PC to a separate PC running Puppy, it might be handy to set both machines to the same MAC address.

The way to do so temporarily in Puppy would be to use the ifconfig command with the hw ether option, like this:

Code: Select all

# ifconfig eth0 hw ether 00:E0:4C:78:65:BF
How to make that stick through reboots ... is a different question. I'll let someone else answer that part, because I've yet to investigate how Puppy stores and uses network config info myself!

Jonathan

User avatar
babbs
Posts: 397
Joined: Tue 10 May 2005, 06:35
Location: Tijuana, BCN, Mexico

#4 Post by babbs »

Thank you for clearing that up for me Jonathan. :)

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#5 Post by Flash »

Let us know if that actually works. It's my impression that the MAC address is transmitted by the modems at the hardware link level. The OS has no direct control over what the hardware sends when queried. If that's so then I don't see how you could spoof it through the OS.

User avatar
mayakovski
Posts: 124
Joined: Sun 20 Nov 2005, 00:42
Location: Comox, BC, CANADA

Re: how to change MAC address?

#6 Post by mayakovski »

jh wrote:Where in the startup sequence would I add a line to a file to get Puppy to spoof/change my MAC address?

I want the change to occur at the right point in startup so that DNS services will work. Haven't found that correct spot yet.
Here is the sequence to use.

1. Turn off computer.
2. Remove existing network card.
3. Install new network card.
4. Turn on computer.
5. Boot into Puppy with new MAC address.
Mayakovski
**********************
Puppy Linux | Barking Up The Right Tree

Compaq Armada 1580DMT | P150, 49MB RAM - 3.2 GB HD, Puppy 1.0.6
Compaq Deskpro EN | P3-733, 384 MB RAM - 80GB HD, Puppy 1.0.7

User avatar
jh
Posts: 17
Joined: Tue 26 Jul 2005, 20:19

#7 Post by jh »

The command that jmarsden gives successfully changes, or, more correctly, "spoofs" the MAC address.

And upon re-running the ethernet wizard, everything including DNS resolution works properly.

What I haven't figured out yet is what startup file to put the ifconfig command in -- so that I don't have to re-run the ethernet wizard after each boot to get DNS working.

User avatar
rarsa
Posts: 3053
Joined: Sun 29 May 2005, 20:30
Location: Kitchener, Ontario, Canada
Contact:

#8 Post by rarsa »

There are two different places:

The right one and the hacked one:

In the right one.
When you do a Manual setup on the Ethernet wizard, a file /etc/<interface>mode. e.g. /etc/eth0mode.

Puppy stores the network startup commands there.

Here you can put any custom network startup code, for example, I setup my wireless parameters there.

If you select DHCP on the Ethernet wizard, this file will only have the word "auto".

So as you want to do something custom, just modify the corresponding <interface>mode file and add the spoofing command as the first line, you can then do the ifconfig and dhclient commands.

The hacked one:
The script that does the network initialization and calls those <interface>mode files is

/etc/rc.d/rc.network

At the bottom you will see a loop that searches for interfaces and then bring them up based on the content of the <interface>mode file.

If you put the spoofing command before that loop you should be fine.

User avatar
jh
Posts: 17
Joined: Tue 26 Jul 2005, 20:19

#9 Post by jh »

Thanks for that info!

I used approach number two ("hacked") and put in jmarsden's command and things are working fine!

I'm running Puppy 1.0.7 and the change goes right above the following comment line in the rc.network file, thusly:

ifconfig eth0 hw ether 00:00:00:00:00:00
#Try to connect each ethernet interface found
Last edited by jh on Fri 20 Jan 2006, 14:39, edited 1 time in total.

User avatar
jmarsden
Posts: 265
Joined: Sat 31 Dec 2005, 22:18
Location: California, USA

#10 Post by jmarsden »

Flash wrote:Let us know if that actually works.
See http://en.wikipedia.org/wiki/MAC_addres ... _addresses for a little more info. It most definitely works. I've used it (or variations of it) in other Linux and *BSD machines occasionally, over a period of several years. And I tested that it worked in Puppy before posting by earlier msg in this thread.

If you need further convincing, then I suggest you read the sources for any modern NIC device driver :-) For example, download http://www.kernel.org/pub/linux/kernel/ ... .1.tar.bz2 and untar it, and then look at the driver for the Realtek 8139, at linux-2.6.15.1/drivers/net/8139too.c:

Code: Select all

# wget -q http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.15.1.tar.bz
# tar jxf linux-2.6.15.1.tar.bz linux-2.6.15.1/drivers/net/8139too.c
# grep -C2 MAC linux-2.6.15.1/drivers/net/8139too.c
/* Symbolic offsets to registers. */
enum RTL8139_registers {
        MAC0 = 0,               /* Ethernet hardware address. */
        MAR0 = 8,               /* Multicast filter. */
        TxStatus0 = 0x10,       /* Transmit status (Four 32bit registers). */
--
        /* unlock Config[01234] and BMCR register writes */
        RTL_W8_F (Cfg9346, Cfg9346_Unlock);
        /* Restore our idea of the MAC address. */
        RTL_W32_F (MAC0 + 0, cpu_to_le32 (*(u32 *) (dev->dev_addr + 0)));
        RTL_W32_F (MAC0 + 4, cpu_to_le32 (*(u32 *) (dev->dev_addr + 4)));

        /* Must enable Tx/Rx before setting transfer thresholds! */
# 
You can then note that dev_addr is the item in the struct used to keep the MAC address... grep for dev_addr and you'll find the code that reads the default MAC address for the card from its EEPROM. You don't need to understand every detail of this code (I don't!) to see that it is reading an address from the EEPROM and saving it in a kernel data structure, and then setting some device registers using those values. If necessary, you could then read the code for ifconfig and see how what it does when you pass it those parameters results in the device data structure MAC address values being changed, and so the new values being written to the NIC device registers when the device is next opened.

In the open source Linux world, if you really need to be sure whether something is true about the way Linux software works -- read the source code :-) In general, the combination of Google (for reading documentation, tutorials, definitions, HOWTOs, etc.) and the source code make a very powerful educational tool.

Note for jh: Spoofing, or changing? Wikipedia uses "changing". In my view, "spoofing" by its very definition carries connotations of deception and imitation, which would only be the case when the supplied MAC address belongs to an existing device on your network segment, and you are trying to "deceive" the rest of your network into believing that your device is that other device.

There are other uses for this ability to change MAC address, such as testing and debugging switches (Example: How big a MAC address cache does my switch have? And what happens when it sees more MAC addresses than it can cache? An interesting experiment... but please do not try it on a production network!). So I think that "changing" MAC addresses is more appropriate terminology than "spoofing", in the general case. For a (general, not networking-specific) definition of spoofing, see http://www.answers.com/topic/spoof .

Jonathan

User avatar
jh
Posts: 17
Joined: Tue 26 Jul 2005, 20:19

#11 Post by jh »

Jonathan,

I stand corrected about my use of the word spoof, though I offer the following in my defense:

I was using "spoof" in preference to the word "change" because I didn't want to imply that the MAC address of the ethernet card's EPROM was going to be changed.

As your code snippet shows, the change is in the kernel, and the card remains unaltered.

Rebooting with a different live-cd distro will show that the card's MAC address is indeed un-"changed".

"Spoofing", like "hacking", is one of those computer terms that is over-loaded with connotations -- and its interpretation depends on context and the listener's expectations.

Even the wikipedia article starts ambiguously about the terminology:

"Changing MAC addresses -- Although physical MAC addresses are permanent by design, several mechanisms allow modification, or "spoofing", of the MAC address that is reported by the operating system."

As with the word "hacking", there is no correct, single-word term that will satisfy everyone.

idiopup
Posts: 10
Joined: Thu 04 Apr 2013, 18:52

#12 Post by idiopup »

jh wrote:Thanks for that info!

I used approach number two ("hacked") and put in jmarsden's command and things are working fine!

I'm running Puppy 1.0.7 and the change goes right above the following comment line in the rc.network file, thusly:

ifconfig eth0 hw ether 00:00:00:00:00:00
#Try to connect each ethernet interface found

This thread is quite old, but I'm trying to do the same thing now in 2013. I found the rc.network file and have put the appropriate call to macchanger in it, but after boot the wireless MAC is still the factory MAC. If I call the script from the shell it scrambles it just fine, it just doesn't do it on boot.

Is there a better way to do this?

Thanks!
Idiopup

idiopup
Posts: 10
Joined: Thu 04 Apr 2013, 18:52

#13 Post by idiopup »

idiopup wrote:
jh wrote:Thanks for that info!

I used approach number two ("hacked") and put in jmarsden's command and things are working fine!

I'm running Puppy 1.0.7 and the change goes right above the following comment line in the rc.network file, thusly:

ifconfig eth0 hw ether 00:00:00:00:00:00
#Try to connect each ethernet interface found

This thread is quite old, but I'm trying to do the same thing now in 2013. I found the rc.network file and have put the appropriate call to macchanger in it, but after boot the wireless MAC is still the factory MAC. If I call the script from the shell it scrambles it just fine, it just doesn't do it on boot.

Is there a better way to do this?

Thanks!
Idiopup
got this working by putting commands in rc.local ...

solved!

Post Reply