Is WiFi mac spoofing on FreeBSD dead?

quakerdoomer

Member

Reaction score: 2
Messages: 90

I have an internal Atheros WiFi card and an external Realtek USB. Both of them allow mac address change and connect just fine on non-BSD OSes (Win/Lin). I can't connect to the access point if I spoof them under FreeBSD. Without changing the mac address they connect just fine.

I have tried adding hints in loader.conf and declaring the wlan address in rc.conf. Also did the whole dance of disabling, destroying wlan0, adding hints manually, recreating the adapter, unloading-reloading .ko files and much more. Is there a way to make this work or is mac spoofing a thing of the past for WiFi? Is it that only a few specific chipsets are supported now? I remember this working fine in earlier BSD releases (<11).

Has anyone managed to successfully change their WiFi mac address and connect to an access point using FreeBSD 12.1 and above? Please respond with your Wifi adapter/chipset info if possible. Thanks.
 

`Orum

Well-Known Member

Reaction score: 50
Messages: 297

If I recall correctly, when I last did this on FreeBSD, I had issues changing the MAC address on my WiFi adapter. Instead, I just changed the MAC address on the wired ethernet adapter, and then failover worked perfectly. As for what hardware was being used, I'm pretty sure it was Realtek for wired ethernet and Intel for WiFi, but as for which model I can't remember as this was quite some time ago.
 

Trihexagonal

Son of Beastie

Reaction score: 2,325
Messages: 2,898

Here's how to spoof your Ehter MAC without bringing down the interface to do it, as demonstrated in my other Tutorial:


Just make sure your router allows the new MAC Internet access first.
 
OP
quakerdoomer

quakerdoomer

Member

Reaction score: 2
Messages: 90

Here's how to spoof your Ehter MAC without bringing down the interface to do it, as demonstrated in my other Tutorial:


Just make sure your router allows the new MAC Internet access first.
Trihexagonal, Please read before responding.
 

T-Daemon

Daemon

Reaction score: 829
Messages: 1,697

Works fine here on 12.2-RELEASE and 13.0-RELEASE with a Ralink 802.11 n (run(4)).
Code:
idVendor = 0x04e8  (Samsung Electronics)
idProduct = 0x2018 (SAMSUNG2 RT2870)
Code:
# dmesg
run0: MAC/BBP RT2872 (rev 0x0202), RF RT2850 (MIMO 2T2R), address e2:7b:c7:74:00:3f
Code:
# ifconfig wlan0 | grep ether
        ether e2:7b:c7:74:00:3f

(192.168.1.1 router address)

# ping -c2 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.983 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=5.668 ms
...

/etc/rc.conf

wlans_run0="wlan0"
create_args_wlan0="wlanaddr c6:8c:f5:86:c3:00"

# service netif restart wlan0

# ifconfig wlan0 | grep ether
        ether c6:8c:f5:86:c3:00

# ping -c2 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.321 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=8.868 ms
...
 

Trihexagonal

Son of Beastie

Reaction score: 2,325
Messages: 2,898

Trihexagonal, Please read before responding.
I did:
Is there a way to make this work or is mac spoofing a thing of the past for WiFi? Is it that only a few specific chipsets are supported now? I remember this working fine in earlier BSD releases (<11).

Has anyone managed to successfully change their WiFi mac address and connect to an access point using FreeBSD 12.1 and above?
It is not a thing of the past as of my writing. Please check your watch to see if it's slow, too.
 
OP
quakerdoomer

quakerdoomer

Member

Reaction score: 2
Messages: 90

Trihexagonal
If you really read my "entire" post then you would have understood what I am looking for and you wouldn't have spammed me with your response. Just to make it clear, the issue is NOT that the address isn't getting spoofed. The issue is that the wi-fi adapter refuses to connect to the access point if the mac address is spoofed.
Your post regarding changing the mac address without bringing it down on a wired adapter is as helpful as a raincoat on a sunny day. Please check your existence's quantum state assessed in case it has checked out of your Schrödinger litterbox.


T-Daemon
I can see the ether changed but the hwaddr doesn't change on my wlan0. If I do not spoof the mac the WiFi connects just fine. I am observing this on 2 separate laptops. What does your hwaddr display? Spoofed or original mac address? Alsdo does that make a difference when it comes to connecting to an access point?
 

T-Daemon

Daemon

Reaction score: 829
Messages: 1,697

I can see the ether changed but the hwaddr doesn't change on my wlan0.
Does it supposed to change? If I'm not mistaken the hardware MAC address is hard coded on the device's network chip.

If I do not spoof the mac the WiFi connects just fine. I am observing this on 2 separate laptops.
Has the access point some sort of MAC filtering enabled, allowing only registered MAC's, denying all others?

What does your hwaddr display? Spoofed or original mac address?
It shows the original hardware MAC:
Code:
# ifconfig wlan0 link
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether e2:7b:c7:74:00:3f

# ifconfig wlan0 link random
# ifconfig wlan0 link
wlan0: flags=8c43<UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 7e:8b:0b:53:c4:c3
    hwaddr e2:7b:c7:74:00:3f

Alsdo does that make a difference when it comes to connecting to an access point?
I don't have a only wireless access point harware, I'm running the 192.168.1.1 (ADSL modem) router in "Wireless router mode". It's acting as a AP and is routing a LAN without internet access.
 
OP
quakerdoomer

quakerdoomer

Member

Reaction score: 2
Messages: 90

T-Daemon, Thanks for your reply. No there isn't any mac address filtering enabled and non-BSD OSes (Win/Lin) are allowing me to connect to the access point with spoofed addresses (as mentioned in the original post). Also older releases of BSD work well with spoofed wlan mac addresses. I have read about this bug on the FreeBSD mailing list as well. Anyways thanks. We really need external WiFi adapters whose physical address can be reprogrammed - like an EEPROM, or with some logic baked in to randomize the hwaddr every time the IC is powered on.
 

astyle

Aspiring Daemon

Reaction score: 377
Messages: 860

Generally speaking, if the wi-fi card works under FreeBSD, as in you can get to the Internet, and ping google.com, you can easily use /bin/ifconfig and other utilities (including the driver) provided by FreeBSD to spoof the MAC.

Reading through the thread, one possibility that comes to my mind would be a buggy driver for the card. OP mentions that MAC spoofing worked under older versions of FreeBSD - it may be worth a try to revert to an older version of the driver.

If OP wants an external wi-fi adapter whose MAC can be re-programmed - Good luck finding that. A faster way to do that would be to have an AP with DD-WRT flashed on it. Connect your machine to that AP via ethernet, and change the MAC on the AP, not the machine. Awkward and kludgy, I know, but accomplishes the same goal.
 
Top