[kismac] Re: patch to allow MAC spoofing on macs

  • From: Johnny Cache <johnycsh@xxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sun, 31 Oct 2004 15:30:27 -0600 (CST)

Probably not :( I havent verified this yet but this is the list of hurdles
i think would be required to jump through:

Bring up en1 with shadowmac disabled.
Associate with a user-controlled LAN with the same ESSID (maybe same SSID?
doubt it matters)

This is necessarry to convince the driver that is has connected to a
network. Once this is done you could -probably-

tell shadowmac to spoof the en1 address with a MAC address of someone
already associated to the lan.
You couldn't just make one up of course, because unless the AP has
gotten the lowlevel 802.11 authentication stuff it will just ignore a
packet from a unknown mac.

At this point, i -tihnk- it would work. :(

The problem here is that you essentially have to mitm TWO  things,
-your- own wireless driver, and of course the AP.

Did I mention i havent even had time to verify this works?

Anyway all that nasty work sure makes micks PrismGT driver look a lot more
useful than shadowmac for wireless things. One thing to note is that
shadowmac and PrismGT could probably work well together. from what I
understand the PrismGT driver has some range limits on mac addresses. if
you really wanted to spoof someone else mac in particular you could
probably associate with PrismGT using one spoofed mac, and then turn on
shadowmac and set it to the one you really want. This avoids  having to
trick you're own driver..
Again unfortunately, that is all speculation. I dont have a card with a
GT chipset yet. Anyone out there got a suggestion? The best looking one
i could find (read only one which supports external antenna) is the compex
wl54g. Anyone have success or failure iwth that?
-jc



 On Sat, 30 Oct 2004, Thomas Hardly wrote:

> Has anyone got this working under 10.3 with wireless en1 connections?
>
> I'm very interested in testing it out some more just wanted to see
> what kind of resuslts people have been having ?
>
> Cheers,
> Thomas Hardly
>
>
> --
>      ..o:   It's 12 o'clock - do you know where your data is?   :o...
> -------------------------------------------------------------------------------------------
> Hardening Your Macintosh - http://members.lycos.co.uk/hardapple/
> MacSecurity.org - http://www.macsecurity.org
>
> pgp key fingerprint: 0F02 99D5 1D23 E445 22C9 9C90 8F24 FDBA B618 33C4
>

Other related posts: