Jump to content


Photo
- - - - -

Spoofing MAC on Orinoco


  • Please log in to reply
20 replies to this topic

#1 dual

dual

    BinRev veteran

  • Agents of the Revolution
  • 1,196 posts
  • Gender:Male

Posted 06 July 2003 - 07:27 PM

bland and I have been working on spoofing the MAC address of an Orinoco Silver NIC. So far it breaks any network access, but monitor/promiscuous mode works fine. mut3 says the NIC may need a firmware downgrade, from the current 8.13 to 6.16. bland thinks he may need the latest pcmcia-cs. I have no idea (read: We've found nothing on Google). I've wrote this script, originally just to assign a random MAC for stealthy network access. Since that didn't work, I just made it change the MAC and set up monitor mode for Kismet (which is kinda pointless).

Does anyone know what is needed to spoof the MAC and not screw up regular network access? Again, this is an Orinoco silver running on debian. Btw, the program MAC Changer didn't work either.

#!/usr/bin/perl

# warmac.pl - by dual_parallel
# and bland_inquisitor on the hardware
#
# Sets up your Orinoco for wardriving with
# a random MAC address and monitor mode.
#
# Usage: # perl warmac.pl eth[X]
#
####################################################

system("clear");

if ($#ARGV < 0) {
	print "> Error - no interface specified\n\n";
	print "> Usage: # perl warmac.pl eth[X]\n\n";
	exit(-1);
}

$if = $ARGV[0];
$count = 0;

print "warmac.pl - Sets up random MAC and monitor mode\n";
print "            for Orninoco NICs\n";
print "----------------------------------------------------------------\n\n";

# Generate random MAC
while ($count < 6) {
	$rand = rand(255);
	if ($rand < 16) {
  $rand += 16;
  $hex = sprintf("%X", $rand);
	}
	else {
  $hex = sprintf("%X", $rand);
	}
	$mac[$count] = $hex;
	$count++;
}

print "New MAC address = @mac\n";

# Set up NIC
system("ifconfig $if down");
system("sleep 3");
system("ifconfig $if hw ether $mac[0]:$mac[1]:$mac[2]:$mac[3]:$mac[4]:$mac[5]");
system("ifconfig $if up");
system("sleep 3");
#system("ifconfig $if");
system("kismet_monitor -H");

print "\nSet up complete\n\n";


#2 kid_e

kid_e

    elite

  • Members
  • 100 posts

Posted 06 July 2003 - 09:03 PM

What are you using to make your wireless connection?

Something like, 'iwconfig eth1 mode Managed essid default' ?

I've played with this a little using a Gold card. Using ifconfig to initiate a hardwired connection using my internal nic with the attributes you list works. Setting the wireless port with ifconfig and then making the connection with iwconfig kills it for me.

#3 dual

dual

    BinRev veteran

  • Agents of the Revolution
  • 1,196 posts
  • Gender:Male

Posted 06 July 2003 - 10:43 PM

How have you been setting up the wi-fi connection in debian, bland?

I think it's time I ditch my Cisco card and set up the Orinoco again.

#4 bland_inquisitor

bland_inquisitor

    mod -o- the day

  • Agents of the Revolution
  • 729 posts

Posted 06 July 2003 - 10:51 PM

setting it up like kid_e except i use an ssid of "" to associate with any wap i come across

#5 kid_e

kid_e

    elite

  • Members
  • 100 posts

Posted 07 July 2003 - 08:05 PM

I've been playing around with this today. Maybe it was an update somewhere, but I am able to get a little further along.

ifconfig eth1 hw ether 01:02:03:04:05:CC up

iwconfig eth1 mode Managed essid myssid

dhcpcd eth1

This connects me to my WAP. The WAP even shows a DHCP lease to the new Mac, however, I can't ping a single thing.

#6 bland_inquisitor

bland_inquisitor

    mod -o- the day

  • Agents of the Revolution
  • 729 posts

Posted 07 July 2003 - 08:20 PM

w00t! thats still one step closer than i got..
lets keep on tryng

#7 GUEST_Guest_***

GUEST_Guest_***
  • Guests

Posted 08 July 2003 - 12:29 PM

If you connect to somebody's average Wifi network (lets assume windows based os's all around). Would something log your MAC if you connected to it from the outside? Does windows keep a track of what people connected to your network?

#8 StankDawg

StankDawg

    same old Dawg, no new tricks

  • Moderating Team
  • 8,073 posts
  • Country:
  • Gender:Male

Posted 08 July 2003 - 12:35 PM

If you connect to somebody's average Wifi network (lets assume windows based os's all around). Would something log your MAC if you connected to it from the outside? Does windows keep a track of what people connected to your network?

if they have logging turned on, then YES! They absolutely do have a log of your MAC address. The logs can be customized, but almost always they include the MAC address by deafult...thus the interest in "spoofing" the MAC address.

#9 kid_e

kid_e

    elite

  • Members
  • 100 posts

Posted 01 September 2003 - 04:43 PM

Hey Dual,

I didn't want you to think I had forgotten. Classes started last week and I needed to wrap up all of my side projects.

I've played with the Perl script a couple times. The first time I ran it I thought I had broken my card. It was a weird settings issue.

Anyway, I will play with it a little more before posting. Found a couple public networks I wanna try it on.

#10 semen

semen

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 304 posts
  • Location:Ontario

Posted 01 September 2003 - 08:00 PM

hey, if you need any help or something, or even win32 ports of this, i could do that. I've spoofed orinoco hwaddr through the registry on windows95. But, i'm really here, because i myself need patched orinoco drivers for my laptop. I have rh7.3 on a desktop, but there's no floppy. I'm running WRP (wireless router project) based on the LRP (linux router project) with wavemon 'n such, but doesn't support ap-list scanning. So, i need patched drivers, i'll throw dsniff on the laptop and i'll be able to wardrive hardcore, from my old 586 since i recently hosed my Windows 95 partition. So, if possible, do one of you wanna give me the compiled, patched orinoco drivers for a 2.4.20 kernel ? i'll need orinoco_cs.o orinoco.o hermes.o. thanks, much luv binrev & rfa.

#11 bland_inquisitor

bland_inquisitor

    mod -o- the day

  • Agents of the Revolution
  • 729 posts

Posted 01 September 2003 - 08:11 PM

wget http://ozlabs.org/pe...co-0.13e.tar.gz

wget http://airsnort.shmo....13e-patch.diff

download both of these to your home dir

<home@box> tar -zxf orinoco-0.13e.tar.gz
<home@box> patch -p0 < orinoco-0.13e-patch.diff


cd orinoco <tab>

make

su -

make install

#12 semen

semen

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 304 posts
  • Location:Ontario

Posted 01 September 2003 - 08:21 PM

no no no, i have no gcc on my box or anything. i just need to mount fd0 and then i'll just import them. If i had gcc gmake/nmake/pmake or anything, i'd make them myself. But i don't have the resources. so, that's why i need them all compiled.

#13 dual

dual

    BinRev veteran

  • Agents of the Revolution
  • 1,196 posts
  • Gender:Male

Posted 01 September 2003 - 11:24 PM

kid_e,

I've finished the script and it works great. You can get it at

http://www.oldskoolp...es/macninja.txt

and it has been linked at

http://www.wardriving.com/.

Let me know how it works and what distro(s) you've used it on. Thanks.

#14 semen

semen

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 304 posts
  • Location:Ontario

Posted 02 September 2003 - 07:16 PM

**SENSORED BY THE US GOVERNMENT OR THOSE TRYING TO BE*** give me those compiled drivers already. i'm itching to get wavemon working properly, and then some tcpdump after monitor mode is on. come on, upload them somebody, just rip them from your /lib and 'hookabrotha up'


Mental note: Next time you post please keep your composure.

#15 bland_inquisitor

bland_inquisitor

    mod -o- the day

  • Agents of the Revolution
  • 729 posts

Posted 02 September 2003 - 07:22 PM

come on jerks, give me those compiled drivers already.

dude... just don't

#16 Zapperlink

Zapperlink

    "I Hack, therefore, I am"

  • Agents of the Revolution
  • 951 posts
  • Country:
  • Gender:Not Telling

Posted 02 September 2003 - 07:46 PM

If you want someones help.. its not wise to call them a jerk.

#17 semen

semen

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 304 posts
  • Location:Ontario

Posted 03 September 2003 - 04:57 PM

tut tut, no need to always be so serious. you guys seem so helpful 'n all on rfa and binrev, but apart from zapper idling on Yahoo, this is the easiest way to contact you, all of you. and is there really a need to 'censore' my post ? like, wtf, seriously. if you weren't gonna help me out with some simple drivers, that no doubt most of you have, you could have just said no. taken, you probably won't give them up now, but whatever. i think you might have actually turned me off of binrev radio, i only listen to rfa cause dual has such a k-rad voice, oh and the h/p part, but yeah. so, take it how you want. JERKS.

#18 hacnslash

hacnslash

    Banisher of n00bs

  • Agents of the Revolution
  • 2,454 posts

Posted 03 September 2003 - 05:58 PM

dude, the post was censored because you acted like a fucknut, there was no smilie, no indication that you were kidding and voice tone does NOT transmit very well thru the internet, please make you post intentions clearer next time so there are no more such altercations.

#19 bland_inquisitor

bland_inquisitor

    mod -o- the day

  • Agents of the Revolution
  • 729 posts

Posted 03 September 2003 - 06:04 PM

here, they're patched with the shmoo patch to allow monitor mode

crybaby.tar.gz

#20 Admin

Admin

    The Big Dawg!

  • Admin
  • 62 posts

Posted 03 September 2003 - 10:25 PM

tut tut, no need to always be so serious. you guys seem so helpful 'n all on rfa and binrev, but apart from zapper idling on Yahoo, this is the easiest way to contact you, all of you. and is there really a need to 'censore' my post ? like, wtf, seriously. if you weren't gonna help me out with some simple drivers, that no doubt most of you have, you could have just said no. taken, you probably won't give them up now, but whatever. i think you might have actually turned me off of binrev radio, i only listen to rfa cause dual has such a k-rad voice, oh and the h/p part, but yeah. so, take it how you want. JERKS.

I just checked the admin logs and no one from DDP edited you post. Only one other person has the authority to change your post...

You did.




BinRev is hosted by the great people at Lunarpages!