Spoofing WiFi MAC address on N7100

Added by Dmitriy Dmitriev about 1 month ago

I'm not sure if I'm posting this in the right forum, since this article is more about privacy than security. However, it might be helpful to somebody. I also encountered some problem and would appreciate if you gave me some advice.

As we know, a device can be tracked by its MAC address, so the persistent MAC is a big privacy issue. I've been playing with WiFi trying to change MAC and discovered something interesting. I tried to change MAC by executing "ip link set <adapter> address <address>" on Replicant 6 and it failed. More specifically, MAC address gets changed, everything seems alright, but the adapter fails to connect to any network until the default MAC is restored by turning WiFi off and back on. However, I finally managed to change MAC and connect to a WiFi network. The trick is, you need to change MAC IMMEDIATELY after WiFi is turned on. I have no idea why, but when the adapter is up, you only have a second or so. If you don't do that in time, then connecting will fail.

Thus, what you need to do is:
1. Disable WiFi (if enabled) and then reenable it.
2. Wait until wlan0 is available. It usually takes a second or two. You can check it by running "ip link show wlan0". It will say "Device wlan0 does not exist" intil it's ready.
3. As soon as wlan0 is up, run "ip link set wlan0 address <address>".
That's it!

Here is a little bash script that automates the process (execute it as root):

svc wifi disable
svc wifi enable
while true; do
    status=$(ip link show wlan0)
    if [ ! "$status" = "" ]; then
        ip link set wlan0 address "$mac" 
    sleep 0.1

The problem is, it's not very comfortable to switch WiFi over the terminal every time. So I thought it would be great to spoof MAC automatically whenever the user turns WiFi on via the user interface. Please let me know if you have any information about what exactly happens in the backend when WiFi is toggled by tapping on/off switch in the UI and what particular code is responsible for this, so I can modify it.

Replies (3)

del - Added by Dmitriy Dmitriev about 1 month ago


RE: Spoofing WiFi MAC address on N7100 - Added by Daniel Kulesz about 1 month ago

Seems like such simple methods are not very effective due to existing implementation flaws. You might be interested in this article:

RE: Spoofing WiFi MAC address on N7100 - Added by Fil Lupin about 1 month ago

I didn't had time to read the paper suggested by Daniel (thanks for the reference by the way) but it reminds me macchanger on debian.

Whatever, on GNU/Linux-like OS, the good way to do this would be to put it in /etc/network/if-pre-up.d/ or /etc/network/if-up.d/).