Does Puppy have a spoofing of hardware address for WiFi?
Does Puppy have a spoofing of hardware address for WiFi?
I think my question is already obvious. or Not???
Re: does Puppy have a Spoofing of hardware address for WiFi
I'm not sure if this does what you want or not:purple379 wrote:I think my question is already obvious. or Not???
Code: Select all
rewrite_mac_address () {
cat /etc/NETWORKING 2>/dev/null | grep -q -i 'yes' || return
INTERFACES=/etc/network-wizard/network/interfaces
TMPFILE=/tmp/$(basename $0)_conf.tmp
for ONEETHINTERFACE in $ETHINTERFACES ; do #190217
HWADDRESS=$(LANG=C ifconfig $ONEETHINTERFACE | head -n 1 | tr -s ' ' | cut -d' ' -f5) #190217
[ "$HWADDRESS" != "" ] || return
rm -f "$TMPFILE"
IFCONFIG=$(ifconfig)
CONFS=$(find "$INTERFACES" -follow -type f -name '*.conf' -printf "%P ")
if [ "$CONFS" != "" ]; then
for F in $CONFS; do
echo "$IFCONFIG"|grep -q "$(basename $F .conf)" && continue
[ ! -f "$TMPFILE" ] && \
grep -q '^[[:blank:]]*STATIC_IP=.*yes' "$INTERFACES/$F" && \
cp "$INTERFACES/$F" "$TMPFILE"
#rm -f "$INTERFACES/$F"
done
fi
[ -f "$TMPFILE" ] && \
mv -f "$TMPFILE" "$INTERFACES/$HWADDRESS.conf" || \
echo "IS_WIRELESS=''" > "$INTERFACES/$HWADDRESS.conf"
done #190217
}
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
@purple379
TazPuppy generates random mac address as well as machine id on every boot by default. But it can be disabled on Application Menu>Settings>Network Privacy Settings
http://www.murga-linux.com/puppy/viewtopic.php?t=113255
TazPuppy generates random mac address as well as machine id on every boot by default. But it can be disabled on Application Menu>Settings>Network Privacy Settings
http://www.murga-linux.com/puppy/viewtopic.php?t=113255
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Hi mistfire, you must have updated that recently with your latest release.mistfire wrote:@purple379
TazPuppy generates random mac address as well as machine id on every boot by default. But it can be disabled on Application Menu>Settings>Network Privacy Settings
http://www.murga-linux.com/puppy/viewtopic.php?t=113255
TazPuppy latest release that option is located on
Applications-->System-->Network Privacy Settings
Calls the /usr/bin/network-privacy.sh
Good idea to be able to do that. In todays online world more privacy and security is always welcome.
That is a nice option to have and should be implemented on every puppy linux version as default
I wonder if that option would be difficult to include in all puppy versions?
.
A kernel with KASLR built in, i.e. kernel .config
make menuconfig
Processor type and features
>> Build a relocatable kernel
>> Randomize the address of the kernel image (KASLR)
...
which in .config are ...
CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
.. is yet another reasonable security measure. At bootup it should report KASLR having been applied.
zcat /proc/config.gz | grep RANDOMIZE_BASE will show if that's already built into your current kernel
make menuconfig
Processor type and features
>> Build a relocatable kernel
>> Randomize the address of the kernel image (KASLR)
...
which in .config are ...
CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
.. is yet another reasonable security measure. At bootup it should report KASLR having been applied.
zcat /proc/config.gz | grep RANDOMIZE_BASE will show if that's already built into your current kernel
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
You could use something like
Which sets wlan0 mac to a random generated 6 hex byte mac like value, and sets the hostname to a random numeric. I have no hostname value in /etc/hosts so I don't have to change that, but for some that would also have to be changed.
Has to be run before ifconfig wlan0 up (or take it down beforehand (ifconfig wlan0 down) and start it up again afterwards (ifconfig wlan0 up)).
When doing that in initramfs then there's no bashism (POSIX/ash).
I don't bother with something like
cat /proc/sys/kernel/random/uuid | sed -e "s#-##g" > /etc/machine-id
... as I have no /etc/machine-id present, nor do I have dbus (so no /var/lib/dbus/machine-id). It's my understanding that if no machine-id has already been established (/etc/machine-id), then if required a random one is generated. As I don't save changes however such a generated on demand machine-id wouldn't persist across reboots anyway.
A problem with the above however is that mac's aren't just 6 random hex bytes, the first three hex bytes reflect a particular manufacturers, so randomly generation of 6 hex bytes can often generate invalid mac's. The attached file, which is a actual .gz file (so gzip -d .. decompress it first, and then chmod +x .. it to make it executable) randomly picks a 3 hex byte manufacturer value and appends a random 3 hex byte value to that to produce a random mac value
Code: Select all
printf '%02X:%02X:%02X:%02X:%02X:%02X\n' \
`expr $RANDOM % 256` \
`expr $RANDOM % 256` \
`expr $RANDOM % 256` \
`expr $RANDOM % 256` \
`expr $RANDOM % 256` \
`expr $RANDOM % 256` >/etc/hostname
hostname `cat /etc/hostname`
ifconfig wlan0 hw ether `hostname`
hostname $RANDOM
hostname >/etc/hostname
Has to be run before ifconfig wlan0 up (or take it down beforehand (ifconfig wlan0 down) and start it up again afterwards (ifconfig wlan0 up)).
When doing that in initramfs then there's no bashism (POSIX/ash).
I don't bother with something like
cat /proc/sys/kernel/random/uuid | sed -e "s#-##g" > /etc/machine-id
... as I have no /etc/machine-id present, nor do I have dbus (so no /var/lib/dbus/machine-id). It's my understanding that if no machine-id has already been established (/etc/machine-id), then if required a random one is generated. As I don't save changes however such a generated on demand machine-id wouldn't persist across reboots anyway.
A problem with the above however is that mac's aren't just 6 random hex bytes, the first three hex bytes reflect a particular manufacturers, so randomly generation of 6 hex bytes can often generate invalid mac's. The attached file, which is a actual .gz file (so gzip -d .. decompress it first, and then chmod +x .. it to make it executable) randomly picks a 3 hex byte manufacturer value and appends a random 3 hex byte value to that to produce a random mac value
- Attachments
-
- random-mac.gz
- Actual gzip compressed script
- (243.7 KiB) Downloaded 105 times
Last edited by rufwoof on Sat 07 Dec 2019, 11:29, edited 1 time in total.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
That gave me problems a while back, rufwoof. I accidentally used a /etc/hosts file with some 22000 posts copied from another puppy in a dpup-stretch-7.5, and lots of things did not work, because things were default set up with references to a fixed numeric in the hostname.
I did not try the simple trick to run without a numerical extension, though.
I did not try the simple trick to run without a numerical extension, though.
True freedom is a live Puppy on a multisession CD/DVD.
A benefit of randomising your mac is that as mac's are sent clear text then anywhere you go and access wifi/net can record that mac, which can be associated to a particular individual/device. The IEEE group recommends random mac addresses for wifi security
Some programs/services might not work, for instance if you purchase 24 hour wifi access from the hotel you're staying in, then that may be associated to your actual mac.
If you have your router set up to filter mac's, maintain a table of only certain mac's that are permitted to connect, then the random mac won't permit you to connect, you'd have to disable that mac filtering - which opens up any mac potentially be able to connect. If a cracker knows your mac and knows (or cracks) the ssid/password, then mac filtering will be irrelevant as they can just spoof the mac. Each of mac, ssid and password can be relatively easily obtained by crackers such that mac filtering is of little real benefit against a earnest cracker (and is one reason why you should use hard wired devices to manage your router, not permit administration via wifi (or worse, open/anywhere access to your router admin)).
Disadvantages include loss of direct association. For instance you may have a fixed LAN IP to which service ports are directed (port forwarded). With a random mac that association wont occur, you'll be allocated a variable LAN IP address (perhaps 192.168.1.55 instead of a fixed 192.168.1.5 .. or whatever)."Because of the uniqueness of the identifier and the fact that they're not encrypted, you can easily make a connection between the identifier and the user," said Juan Carlos Zuniga, principal engineer at InterDigital and chair of the IEEE 802 Privacy Executive Committee Study Group.
Today, many people carry at least one mobile device with them where ever they go, and the identifiers are sent out in the clear, whenever a device connects to a wireless network, or tries to.
"So you can identify the walking path, where they work, where their live, what their like income is, what their age range is, in a scarily easy way,"
Some programs/services might not work, for instance if you purchase 24 hour wifi access from the hotel you're staying in, then that may be associated to your actual mac.
If you have your router set up to filter mac's, maintain a table of only certain mac's that are permitted to connect, then the random mac won't permit you to connect, you'd have to disable that mac filtering - which opens up any mac potentially be able to connect. If a cracker knows your mac and knows (or cracks) the ssid/password, then mac filtering will be irrelevant as they can just spoof the mac. Each of mac, ssid and password can be relatively easily obtained by crackers such that mac filtering is of little real benefit against a earnest cracker (and is one reason why you should use hard wired devices to manage your router, not permit administration via wifi (or worse, open/anywhere access to your router admin)).
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]
Here is a standalone random-mac-generator and applicator which depends on yad.
- Attachments
-
- xscreenshot-20200102T145622.png
- (13.75 KiB) Downloaded 74 times
-
- RandomMac.sfs.gz
- (240 KiB) Downloaded 76 times
Last edited by stemsee on Thu 02 Jan 2020, 15:04, edited 1 time in total.
stemsee, does your random-mac-generator need a specific version of YAD? And how about my VPN, where tun0 is an option? I just ran the script in my tahr64 with yad v.0.27.0, and had to deactivate the VPN and restart it to re-access the net. No mac-address was visible in eth0 or tun0 after making a choice in the interface chooser window.
I correct myself (both braincells work very slow today), from IP-info, I see that the mac address for tun0 is different from eth0, so does that mean I don't need your random-mac-generator when I run through a VPN?
If I run the command ip link show the tun0 give this result:
I correct myself (both braincells work very slow today), from IP-info, I see that the mac address for tun0 is different from eth0, so does that mean I don't need your random-mac-generator when I run through a VPN?
If I run the command ip link show the tun0 give this result:
Code: Select all
tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 100
link/none
Last edited by tallboy on Sun 08 Dec 2019, 02:29, edited 1 time in total.
VPNs run at different layers. An IP layer VPN (layer 3) shouldn't be affected by the mac address but a lower layer vpn (i.e. layer 2) might be affected by the mac address.tallboy wrote:stemsee, does your random-mac-generator need a specific version of YAD? And how about my VPN, where tun0 is an option? I just ran the script in my tahr64 with yad v.0.27.0, and had to deactivate the VPN and restart it to re-access the net. No mac-address was visible in eth0 or tun0 after making a choice in the interface chooser window.
BTW, if a VPN tunnel device has a mac address, I'm not sure what the privacy advantage would be of changing the mac address of the tunnel device.
Last edited by s243a on Sun 08 Dec 2019, 02:30, edited 1 time in total.
I see that you are using a PPTP (point to point tunneling protocol VPN). The following page suggests this is a layer 2 protocol:tallboy wrote:s243a, I added text to my post as you wrote.
https://networkengineering.stackexchang ... osi-layer2
this would explain why the mac address might affect this protocol. The script should be modified so that it doesn't change the mac address of a tunnel device.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
If you google this, the answer that you will get is that the mac address isn't transfered over the internet via PPTP (but don't trust these answers):tallboy wrote:s243a, see pm
https://community.spiceworks.com/topic/post/2105771You can't pass a MAC address through a routed VPN like pptp, traffic is proxied through the server in a routed fashion. You'd need a bridged VPN to make use of the MAC.
https://networkengineering.stackexchange.com/a/39942The router will have a route set (or default gateway) and it will forward the packet through that route. At this point the L2 frame will be stripped,
The second link above actually notes some exceptions to the above two quotes. The thing to realize is that:
http://www.internet-computer-security.c ... /PPTP.htmlPPP (Point to point protocol) is used by PPTP to provide the encryption and authentication on data packets. The main use of PPTP is to provide a tunnel for PPP, as PPP is none routable over the internet. PPTP is a tunneling protocol that was developed by various vendor companies including Microsoft and AS Robotics.
but you can actually forward arp requests over PPP. See:
Code: Select all
pppd
route add default ppp0
#
# Tunnel device configuration
ifconfig tunl0 192.168.1.1 up
route add -host 192.168.1.12 gw $remotegw tunl0
#
# Proxy ARP for the remote host
arp -s 192.168.1.12 xx:xx:xx:xx:xx:xx pub
The point here is that in most cases hiding the mac address probably doesn't provide much privacy advantages, unless:
1. you are using wifi
2. some untrusted person or process has access to arp information on your network. You don't need root privlages to read the arp table
3. you are forwaring mac infomation over the internet (i.e. layer 2 bridging like arp proxying).
If you want to know more about why item#1 can be a privacy risk then see the following video:
Snowden says don't use Wifi, I explain why
383,888 views•Premiered Sep 28, 2019
https://youtu.be/KXEe2kqiYIM
Should you be worried? Probably not, unless you have some kind of stalker, and unless you are a person of interest the intelligence agencies probably aren't stocking you. Do I know this? No. The extent of the "Mass" in "Mass surveillance" is classified.
BTW. the author of the above youtube video is on minds:
https://www.minds.com/naomibrockwell/
It is worth checking out alternative platforms due to the ever growing amount of censorship on social media.
Find me on [url=https://www.minds.com/ns_tidder]minds[/url] and on [url=https://www.pearltrees.com/s243a/puppy-linux/id12399810]pearltrees[/url].
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Hi stemsee,stemsee wrote:Here is a standalone random-mac-generator and applicator which depends on yad.
Thanks for sharing, just reporting back after trying this in precise 5.7.1 and bionic 18.04 & bionic 19.03 - all 32-bit
In precise 5.7.1 it changes mac address and shows new mac address in the "New Mac" window but does not show original mac address in "Previous Mac" window. Also will not change back to original mac address.
---
In both bionic versions it does not change mac address but shows original mac address in "Previous Mac" window.
In bionic32 when trying changing mac address the program returns a partial mac address in the "New Mac" window.
Example of partial new mac address in bionic
Code: Select all
;F3:8A:EB
hi perdido
Thanks for your report. I have chnged the code a bit.For example I was using iw to get the mac address, now it uses ifconfig, which is good for all interfaces not just wireless. This update also reguires both files (mac prefixes list and randommac.sh) to be in /usr/sbin.
I tested only on buster64 and fatdog64. I will try testing more widely before posting.
stemsee
Thanks for your report. I have chnged the code a bit.For example I was using iw to get the mac address, now it uses ifconfig, which is good for all interfaces not just wireless. This update also reguires both files (mac prefixes list and randommac.sh) to be in /usr/sbin.
I tested only on buster64 and fatdog64. I will try testing more widely before posting.
stemsee
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
I forgot to mention I was using wireless network only.stemsee wrote:hi perdido
Thanks for your report. I have chnged the code a bit.For example I was using iw to get the mac address, now it uses ifconfig, which is good for all interfaces not just wireless. This update also reguires both files (mac prefixes list and randommac.sh) to be in /usr/sbin.
I tested only on buster64 and fatdog64. I will try testing more widely before posting.
stemsee
.
- perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Hi stemsee,stemsee wrote:hi perdido
Thanks for your report. I have chnged the code a bit.For example I was using iw to get the mac address, now it uses ifconfig, which is good for all interfaces not just wireless. This update also reguires both files (mac prefixes list and randommac.sh) to be in /usr/sbin.
I tested only on buster64 and fatdog64. I will try testing more widely before posting.
stemsee
I found that your original script works with upupbb-32 I just tried it the wrong way.
Thanks for this very cool utility
Edit- The following ways the script will run correctly and change mac address in upupbb-32
1. Mouse click directly on the script
2. Open a terminal window in directory containing script using ROX and run script
3. Put script in a directory and drag that directory to desktop and open directory with Rox and mouse click script.
The script does not run currectly from the menu
The script does not run correctly from a sym-link
The script does not run correctly from .desktop file.
The script does not run correctly from /root/.config/autostart/
The script does not run correctly from /root/Startup/
*Note that the script always runs but does not change mac address when it does not run correctly.
.