How to spoof an ethernet MAC address of the wired ethernet interface coming with MacBookPro and Leopard 10.5.6?

六月ゝ 毕业季﹏ 提交于 2020-01-25 13:02:50

问题


With OSX 10.5. it's no longer possible to spoof MAC addresses of your wired interface (e.g. en0) with "ifconfig en0 laddr/ether XX:YY:...."

a/ why is that?

b/ how is it notwithstanding done by e.g. VMware "vmnet-xxx" deamons?

c/ does anyone know wether the Apple Developer package contains detailed and useful information regarding the mach kernel device interfaces? e.g. device driver example code, and the like?

Thank you very much

Grusz


回答1:


A: This may be a change for security reasons in the work place (this is just pure speculation, and may or may not be true), as it seems to be a driver issue (this was possible in Tiger, I know from experience). It is still possible to this on the wireless interface en1. Even if the physical interface did not support it, the device could be put into "monitor" mode and have the MAC address matching take place higher up in the IP chain. We shall have to wait and see what Apple does about this.

B: Those daemons put your wired network into "monitor" mode, basically what this does is tell your network card that you want everything that is being sent to you to be handled by the OS, so it turns off filtering that is done on the network card (if it supports it) which would normally discard things that were not destined for itself (its MAC address), and then it does it all in software, using the standard filtering hooks provided by the OS it can listen to any incoming packets and grab those off the wire that are destined to the fake MAC address that VMWare has set.

Explained in laymen terms: Lets say you are sitting at an airport and are waiting for an announcement that you can board your plane, you passively listen but ignore everything that does not contain your flight number. Now someone else comes along and asks you to also listen for their flight number, now you have to actively listen since you can't just filter on one flight number.

C: Yes, amongst other things you will find code examples and reference manuals. They are also all available online and you may find the code for most device drivers online as well if they were developed by Apple. The documentation is fairly good however I have noticed that in certain areas it has been lacking and made it fairly difficult for me to figure out what I needed to do to get something done. Developer.apple.com's Conceptual Network Device Driver. The source code for Darwin is also available at http://www.opensource.apple.com/darwinsource/, there you can find most device drivers for Mac OS X as long as Apple is allowed to release them as Open Source (Yukon2 driver is not included)




回答2:


what worked for me was this, boot into a linux distro, change mac address there so that you have a working internet connection, reboot into mac os x(tried with 10.5.5), the mac stays spoofed from linux - with my pc, it worked even over system restarts/shutdowns

to be more specific, i tried this with ubuntu 8.04(i believe), to change mac address there:

sudo ifconfig eth0 down

sudo ifconfig eth0 hw ether 000102020405

sudo ifconfig eth0 up

of course you need to replace the 000102020405 with the real MAC you want to use, beware, with other distros, even different versions of ubuntu, the MAC spoofing procedure might differ slightly(you need to restart the connection etc..) - the magic of this trick is in the fact it actually might work off a live distro, so you don't need to install anything, but i never tried this

good luck




回答3:


I have the MacBookPro Retina late 2013 running OSX 10.9 and I can do it!

The first thing I tried is what has previously worked for me on linux:

sudo -s
ifconfig en0 down
ifconfig en0 lladdr aa:bb:cc:dd:ee:ff
ifconfig en0 up

However, this on my machine results in an ioctl error (power is off)

So after much experimentation I figured that you must change the mac address while the interface is up, but while it is not being used by the Airport utility. This is easier said than done! I put these commands together and fiddled the delays until my mac changed successfully - this is what worked for me:

ifconfig en0 down; sleep 0.5; ifconfig en0 up; sleep 2;\
ifconfig en0 lladdr aa:bb:cc:dd:ee:ff; ifconfig en0

You may have to change your delays so you catch it before Airport kicks in. Hope this helps!

Edit: You may have success by booting linux as "nofu" said, but it's a hassle to set up dual boot on the MacBookPro, so let me know if this "sleep method" works for you, the delay and for what version of OSX.



来源:https://stackoverflow.com/questions/601846/how-to-spoof-an-ethernet-mac-address-of-the-wired-ethernet-interface-coming-with

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!