[kismac] Re: patch to allow MAC spoofing on macs

  • From: Johnny Cache <johnycsh@xxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sun, 31 Oct 2004 16:24:45 -0600 (CST)

Thanks for the info mick. How did you i.d. the compex as a broadcom?
Do you have suggestions for a prsimGT compatible card? I wish i could find
one that was known to work and had a external antenna.
-jc


On Sun, 31 Oct 2004, Michael Rossberg wrote:

> hi,
>
> since the mac spoofing appears once every few months, let me just
> straighten out a few things. first there is no kernel patch which
> allows you mac spoofing with a wireless device. second there is no
> kernel patch which allows you mac spoofing with a wireless device. and
> so on. mac spoofing must take place in the cards firmware (so that auth
> frames etc will be spoofed too). therefore the wireless driver always
> needs to support that. the only way a kernel patch can do that is by
> modifying the airport driver while running. not a good idea.
> from what i know there are two drivers, which allow that to happen. the
> wireless driver from sf.net, with my patch, and the gtdriver. both can
> setup every not broadcast ethernet address. please make sure you know
> what that is. to use it with the gtdriver do a "ifconfig enX ether
> 00:01:02:03:04:05".
> the compex card sounds like it is broadcom (therefore not compatible).
>
> mick
>
>
> On 31. Oct 2004, at 22:30 Uhr, Johnny Cache wrote:
>
> > Probably not :( I havent verified this yet but this is the list of
> > hurdles
> > i think would be required to jump through:
> >
> > Bring up en1 with shadowmac disabled.
> > Associate with a user-controlled LAN with the same ESSID (maybe same
> > SSID?
> > doubt it matters)
> >
> > This is necessarry to convince the driver that is has connected to a
> > network. Once this is done you could -probably-
> >
> > tell shadowmac to spoof the en1 address with a MAC address of someone
> > already associated to the lan.
> > You couldn't just make one up of course, because unless the AP has
> > gotten the lowlevel 802.11 authentication stuff it will just ignore a
> > packet from a unknown mac.
> >
> > At this point, i -tihnk- it would work. :(
> >
> > The problem here is that you essentially have to mitm TWO  things,
> > -your- own wireless driver, and of course the AP.
> >
> > Did I mention i havent even had time to verify this works?
> >
> > Anyway all that nasty work sure makes micks PrismGT driver look a lot
> > more
> > useful than shadowmac for wireless things. One thing to note is that
> > shadowmac and PrismGT could probably work well together. from what I
> > understand the PrismGT driver has some range limits on mac addresses.
> > if
> > you really wanted to spoof someone else mac in particular you could
> > probably associate with PrismGT using one spoofed mac, and then turn on
> > shadowmac and set it to the one you really want. This avoids  having to
> > trick you're own driver..
> > Again unfortunately, that is all speculation. I dont have a card with a
> > GT chipset yet. Anyone out there got a suggestion? The best looking one
> > i could find (read only one which supports external antenna) is the
> > compex
> > wl54g. Anyone have success or failure iwth that?
> > -jc
> >
> >
> >
> >  On Sat, 30 Oct 2004, Thomas Hardly wrote:
> >
> >> Has anyone got this working under 10.3 with wireless en1 connections?
> >>
> >> I'm very interested in testing it out some more just wanted to see
> >> what kind of resuslts people have been having ?
> >>
> >> Cheers,
> >> Thomas Hardly
> >>
> >>
> >> --
> >>      ..o:   It's 12 o'clock - do you know where your data is?   :o...
> >> ----------------------------------------------------------------------
> >> ---------------------
> >> Hardening Your Macintosh - http://members.lycos.co.uk/hardapple/
> >> MacSecurity.org - http://www.macsecurity.org
> >>
> >> pgp key fingerprint: 0F02 99D5 1D23 E445 22C9 9C90 8F24 FDBA B618 33C4
> >>
> >
>

Other related posts: