[kismac] Re: patch to allow MAC spoofing on macs

  • From: Michael Rossberg <mick@xxxxxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sun, 31 Oct 2004 22:59:30 +0100


since the mac spoofing appears once every few months, let me just straighten out a few things. first there is no kernel patch which allows you mac spoofing with a wireless device. second there is no kernel patch which allows you mac spoofing with a wireless device. and so on. mac spoofing must take place in the cards firmware (so that auth frames etc will be spoofed too). therefore the wireless driver always needs to support that. the only way a kernel patch can do that is by modifying the airport driver while running. not a good idea.
from what i know there are two drivers, which allow that to happen. the wireless driver from sf.net, with my patch, and the gtdriver. both can setup every not broadcast ethernet address. please make sure you know what that is. to use it with the gtdriver do a "ifconfig enX ether 00:01:02:03:04:05".
the compex card sounds like it is broadcom (therefore not compatible).


On 31. Oct 2004, at 22:30 Uhr, Johnny Cache wrote:

Probably not :( I havent verified this yet but this is the list of hurdles
i think would be required to jump through:

Bring up en1 with shadowmac disabled.
Associate with a user-controlled LAN with the same ESSID (maybe same SSID?
doubt it matters)

This is necessarry to convince the driver that is has connected to a
network. Once this is done you could -probably-

tell shadowmac to spoof the en1 address with a MAC address of someone
already associated to the lan.
You couldn't just make one up of course, because unless the AP has
gotten the lowlevel 802.11 authentication stuff it will just ignore a
packet from a unknown mac.

At this point, i -tihnk- it would work. :(

The problem here is that you essentially have to mitm TWO  things,
-your- own wireless driver, and of course the AP.

Did I mention i havent even had time to verify this works?

Anyway all that nasty work sure makes micks PrismGT driver look a lot more
useful than shadowmac for wireless things. One thing to note is that
shadowmac and PrismGT could probably work well together. from what I
understand the PrismGT driver has some range limits on mac addresses. if
you really wanted to spoof someone else mac in particular you could
probably associate with PrismGT using one spoofed mac, and then turn on
shadowmac and set it to the one you really want. This avoids having to
trick you're own driver..
Again unfortunately, that is all speculation. I dont have a card with a
GT chipset yet. Anyone out there got a suggestion? The best looking one
i could find (read only one which supports external antenna) is the compex
wl54g. Anyone have success or failure iwth that?

 On Sat, 30 Oct 2004, Thomas Hardly wrote:

Has anyone got this working under 10.3 with wireless en1 connections?

I'm very interested in testing it out some more just wanted to see
what kind of resuslts people have been having ?

Thomas Hardly

..o: It's 12 o'clock - do you know where your data is? :o...
---------------------------------------------------------------------- ---------------------
Hardening Your Macintosh - http://members.lycos.co.uk/hardapple/
MacSecurity.org - http://www.macsecurity.org

pgp key fingerprint: 0F02 99D5 1D23 E445 22C9 9C90 8F24 FDBA B618 33C4

Other related posts: