Random MAC when bringing the network interfaces

From Telecomix Crypto Munitions Bureau

Jump to: navigation, search

This script has been working for me on Ubuntu 9.04. When "networking" is restarted - or started, such as when the system is - it attempts to change the MAC address of all interfaces. It currently does not have any error detection, but as I haven't had any problems with it, I haven't needed it either. Please visit our IRC channel if you are having problems with it.

Contents

[edit] /etc/init.d/networking

#!/bin/sh -e
### BEGIN INIT INFO
# Provides:          networking
# Required-Start:    mountkernfs ifupdown $local_fs
# Required-Stop:     ifupdown $local_fs
# Default-Start:     S
# Default-Stop:      0 6
# Short-Description: Raise network interfaces.
### END INIT INFO
## INSTALL:
# sudo cp networking.sh /etc/init.d/networking

PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"

[ -x /sbin/ifup ] || exit 0

. /lib/lsb/init-functions

# helper function to set the usplash timeout. https://launchpad.net/bugs/21617
usplash_timeout () {
	TIMEOUT=$1
	if [ -x /sbin/usplash_write ]; then
	    /sbin/usplash_write "TIMEOUT $TIMEOUT" || true
	fi
}

random_mac_for_interface(){
       interface=$1
       MACCC=`perl -e '@x=map(sprintf("%02x",$_), map(int(rand($_)), 00,255,255,255,255,255));print @x,"\n"'`
       log_action_begin_msg Setting MAC address $MACCC for interface $interface
       ifconfig $interface hw ether $MACCC 2>/dev/null || true
}

process_options() {
    [ -e /etc/network/options ] || return 0
    log_warning_msg "/etc/network/options still exists and it will be IGNORED! Read README.Debian of netbase."
}

check_network_file_systems() {
    [ -e /proc/mounts ] || return 0

    exec 9<&0 < /proc/mounts
    while read DEV MTPT FSTYPE REST; do
	case $DEV in
	/dev/nbd*|/dev/nd[a-z]*|/dev/etherd/e*)
	    log_warning_msg "not deconfiguring network interfaces: network devices still mounted."
	    exit 0
	    ;;
	esac
	case $FSTYPE in
	nfs|nfs4|smbfs|ncp|ncpfs|cifs|coda|ocfs2|gfs|pvfs|pvfs2|fuse.httpfs|fuse.curlftpfs)
	    log_warning_msg "not deconfiguring network interfaces: network file systems still mounted."
	    exit 0
	    ;;
	esac
    done
    exec 0<&9 9<&-
}

case "$1" in
start)
	process_options

	log_action_begin_msg "Configuring network interfaces"
	usplash_timeout 120
	for interface in `ifconfig -a -s | egrep -v "^(lo|Iface)" | cut -f 1 -d" "`; do
		random_mac_for_interface $interface
	done
	if [ "$VERBOSE" != no ]; then
	    if ifup -a; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	else
	    if ifup -a >/dev/null 2>&1; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	fi
	usplash_timeout 15
	;;

stop)
	check_network_file_systems

	log_action_begin_msg "Deconfiguring network interfaces"
	if [ "$VERBOSE" != no ]; then
	    if ifdown -a --exclude=lo; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	else
	    if ifdown -a --exclude=lo >/dev/null 2>/dev/null; then
		log_action_end_msg $?
	    else
		log_action_end_msg $?
	    fi
	fi
	;;

force-reload|restart)
	process_options

	log_action_begin_msg "Reconfiguring network interfaces"
	ifdown -a --exclude=lo || true
	for interface in `ifconfig -a -s | egrep -v "^(lo|Iface)" | cut -f 1 -d" "`; do
		random_mac_for_interface $interface
	done
	if ifup -a --exclude=lo; then
	    log_action_end_msg $?
	else
	    log_action_end_msg $?
	fi
	;;

*)
	echo "Usage: /etc/init.d/networking {start|stop|restart|force-reload}"
	exit 1
	;;
esac

exit 0

[edit] if-pre-up.d

This has not been tested, so if you try it, please remove this notice if it works. If it doesn't work, you could try to fix it or just remove the entire section if it's made of aids and fail.

Download this list of vendors and their MAC address prefixes and save somewhere: http://standards.ieee.org/regauth/oui/oui.txt

Create a file in /etc/network/if-pre-up.d/ with this content, and fix the path to oui.txt 

#!/bin/bash

ifconfig $IFACE hw ether $(grep -Eo '^[0-9A-F]{6}' /path/to/oui.txt | shuf -n 1)$(hexdump -n3 -e'3/1 "%02X"' /dev/urandom)

[edit] rc.multi

This has been tested on Arch.

Fetch macchanger 

pacman -S macchanger

Add this above the #Start Daemons loop 

macchanger -r eth0

Change eth0 to any interface you want to have spoofed

[edit] See also

http://www.alobbs.com/macchanger (macchanger sucks because it uses a pseudo-random number generator that is seeded with the current unix timestamp - if you call macchanger -r twice within the same second, it will assign the same MAC address to the two different NICs, causing all sorts of trouble. Also, it's easily replaced by the perl script above)

Retrieved from "http://cryptoanarchy.org/wiki/Random_MAC_when_bringing_the_network_interfaces"
Personal tools