Difference between revisions of "MAC address spoofing"

From ArchWiki
Jump to: navigation, search
m (systemd-networkd: Translated some words in the code)
(revert translations - this is the English page, see Help:i18n)
Line 8: Line 8:
 
[[ru:MAC address spoofing]]
 
[[ru:MAC address spoofing]]
 
[[zh-hans:MAC address spoofing]]
 
[[zh-hans:MAC address spoofing]]
这篇文章文章将会介绍几个修改 MAC 地址的方法。
+
This article gives several methods to spoof a Media Access Control (MAC) address.
  
== 手动更改 ==
+
== Manually ==
  
有两种方法可以修改 MAC 地址:[[Pacman (简体中文)#安装软件包|安装]]并配置 {{Pkg|iproute2}} {{Pkg|macchanger}}。下面来说明一下这两种方法。
+
There are two methods for spoofing a MAC address: [[installing]] and configuring either {{Pkg|iproute2}} or {{Pkg|macchanger}}. Both of them are outlined below.
  
 
=== iproute2 ===
 
=== iproute2 ===
  
首先,你可以用下面的命令来检查当前的 MAC 地址
+
First, you can check your current MAC address with the command:
  
 
  # ip link show ''interface''
 
  # ip link show ''interface''
  
{{ic|''interface''}} 是你的 [[Network configuration (简体中文)#网络接口|网卡]] 的名字
+
where {{ic|''interface''}} is the name of your [[network interface]].
  
我们现在要关注的是跟在“link/ether”后面的那一串带冒号的十六进制字节。它看起来可能是这样:
+
The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:
  
 
  link/ether 00:1d:98:5a:d1:3a
 
  link/ether 00:1d:98:5a:d1:3a
  
修改MAC地址的第一步是禁用网卡,它可以通过下面的命令来完成:
+
The first step to spoofing the MAC address is to bring the network interface down. It can be accomplished with the command:
  
 
  # ip link set dev ''interface'' down
 
  # ip link set dev ''interface'' down
  
接下来,我们要开始修改我们的 MAC 地址。只要每个字节都是十六进制值就可以,但有的网络运营商可能会拒绝为不正确的 MAC 分配 IP 地址。所以,除非你是你连接的网络的管理员,否则你应该使用真实的 MAC 地址前缀(一般是前三个字节),剩下三个字节可以随便设置(只要是十六进制值)。如果想了解更多内容,请访问 [[Wikipedia:Organizationally unique identifier]].
+
Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with any of known vendors. Therefore, unless you control the network(s) you are connecting to, use MAC prefix of any real vendor (basically, the first three bytes), and use random values for next three bytes. For more information please read [[Wikipedia:Organizationally unique identifier]].
  
要更改 MAC 地址,我们要运行这个命令:
+
To change the MAC, we need to run the command:
  
 
  # ip link set dev ''interface'' address ''XX:XX:XX:XX:XX:XX''
 
  # ip link set dev ''interface'' address ''XX:XX:XX:XX:XX:XX''
  
这6位 {{ic|''XX:XX:XX:XX:XX:XX''}} 就是你要设置的 MAC 地址。
+
Where any 6-byte value will suffice for {{ic|''XX:XX:XX:XX:XX:XX''}}.
  
最后一步是重新启用网卡,输入这行命令:
+
The final step is to bring the network interface back up. This can be accomplished by running the command:
  
 
  # ip link set dev ''interface'' up
 
  # ip link set dev ''interface'' up
  
如果你想验证你的 MAC 地址是否成功修改,只需要再次运行 {{ic|ip link show ''interface''}} ,然后检查“link/ether”后面的值。如果成功修改,“link/ether”后面应该跟着你刚刚设置的 MAC 地址。
+
If you want to verify that your MAC has been spoofed, simply run {{ic|ip link show ''interface''}} again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.
  
 
=== macchanger ===
 
=== macchanger ===
  
另一个方法是通过 {{Pkg|macchanger}} (a.k.a., the GNU MAC Changer)。它有一些方便的功能,比如改变 MAC 地址以匹配某个运营商,或者完全随机化地址。
+
Another method uses {{Pkg|macchanger}} (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.
  
[[Official repositories (简体中文)|官方仓库]]里[[Pacman (简体中文)#安装软件包|安装]] 这个包 {{Pkg|macchanger}} .
+
[[pacman#Installing specific packages|Install]] the package {{Pkg|macchanger}} from the [[official repositories]].
  
由于更改 MAC 地址基于网卡,我们需要用 [[Network configuration (简体中文)#网络接口|网卡名]] 来替换每行命令中的 {{ic|''interface''}}
+
The spoofing is done on per-interface basis, specify [[network interface]] name as {{ic|''interface''}} in each of the following commands.
  
用这行命令我们可以将 MAC 地址完全随机化:
+
The MAC address can be spoofed with a fully random address:
  
 
  # macchanger -r ''interface''
 
  # macchanger -r ''interface''
  
要随机化当前 MAC 地址的后三位字节 (这样运营商会认为这个 MAC 地址是注册过的 MAC 地址,就可以避免被断网的风险),你可以运行这个命令
+
To randomize only device-specific bytes of current MAC address (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:
  
 
  # macchanger -e ''interface''
 
  # macchanger -e ''interface''
  
要把 MAC 地址改成指定的值,请运行:
+
To change the MAC address to a specific value, you would run:
  
 
  # macchanger --mac=''XX:XX:XX:XX:XX:XX'' ''interface''
 
  # macchanger --mac=''XX:XX:XX:XX:XX:XX'' ''interface''
  
{{ic|''XX:XX:XX:XX:XX:XX''}} 改成你想要的 MAC 地址。
+
Where {{ic|''XX:XX:XX:XX:XX:XX''}} is the MAC you wish to change to.
  
最后,如果想把 MAC 地址恢复成出厂值,运行这个:
+
Finally, to return the MAC address to its original, permanent hardware value:
  
 
  # macchanger -p ''interface''
 
  # macchanger -p ''interface''
  
{{注意|在更改 MAC 地址的时候,设备将无法使用(无论是以任何方式连接,或是试图启用这个设备)}}
+
{{Note|A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.}}
  
== 自动更改 ==
+
== Automatically ==
  
 
=== systemd-networkd ===
 
=== systemd-networkd ===
  
[[systemd-networkd]] 支持通过 [[systemd-networkd#link files|link files]] 设置 MAC 地址(细节请查看 {{man|5|systemd.link}}.
+
[[systemd-networkd]] supports MAC address spoofing via [[systemd-networkd#link files|link files]] (see {{man|5|systemd.link}} for details).
  
要设置一个静态 MAC 地址,修改这个文件为:
+
To set a static spoofed MAC address:
  
 
{{hc|/etc/systemd/network/00-default.link|2=
 
{{hc|/etc/systemd/network/00-default.link|2=
 
[Match]
 
[Match]
MACAddress=''原始 MAC 地址''
+
MACAddress=''original MAC''
  
 
[Link]
 
[Link]
MACAddress=''目标 MAC 地址''
+
MACAddress=''spoofed MAC''
 
NamePolicy=kernel database onboard slot path
 
NamePolicy=kernel database onboard slot path
 
}}
 
}}
  
如要在每次启动时随机化 MAC 地址,把 {{ic|1=MACAddress=''spoofed MAC''}} 改成 {{ic|1=MACAddressPolicy=random}}
+
To randomize the MAC address on every boot, set {{ic|1=MACAddressPolicy=random}} instead of {{ic|1=MACAddress=''spoofed MAC''}}.
  
 
=== systemd-udevd ===
 
=== systemd-udevd ===
  
[[udev (简体中文)]] 允许你创建 [[udev (简体中文)#udev 规则|udev 规则]] 来更改 MAC 地址。使用 {{ic|address}} 参数来用原始 MAC 地址来匹配设备,然后用 ''ip'' 命令来更改 MAC 地址:
+
[[Udev]] allows you to perform MAC address spoofing by creating the [[Udev#Writing udev rules|udev rule]]. Use {{ic|address}} attribute to match the correct device by its original MAC address and change it using the ''ip'' command:
  
 
{{hc|/etc/udev/rules.d/75-mac-spoof.rules|2=
 
{{hc|/etc/udev/rules.d/75-mac-spoof.rules|2=
Line 99: Line 99:
 
}}
 
}}
  
其中,{{ic|XX:XX:XX:XX:XX:XX}} 是原始 MAC 地址,{{ic|YY:YY:YY:YY:YY:YY}} 是目标 MAC 地址
+
where {{ic|XX:XX:XX:XX:XX:XX}} is the original MAC address and {{ic|YY:YY:YY:YY:YY:YY}} is the new one.
  
=== systemd 单元 ===
+
=== systemd unit ===
  
==== 创建单元 ====
+
==== Creating unit ====
  
下面写了两个用 [[Systemd (简体中文)]] 来在启动时更改 MAC 地址的例子,其中一个用 ''ip'' 来设置静态 MAC,另一个用 ''macchanger'' 来设置随机 MAC。systemd 的 {{ic|network-pre.target}} 可以确保 MAC 地址在网络管理器如 [[netctl (简体中文)]][[NetworkManager (简体中文)]][[systemd-networkd]] [[dhcpcd (简体中文)]] 启动之前就已经更改好。
+
Below you find two examples of [[systemd]] units to change a MAC address at boot, one sets a static MAC using ''ip'' and one uses ''macchanger'' to assign a random MAC address. The systemd {{ic|network-pre.target}} is used to ensure the MAC is changed before a network manager like [[Netctl]] or [[NetworkManager]], [[systemd-networkd]] or [[dhcpcd]] service starts.
  
 
===== iproute2 =====
 
===== iproute2 =====
  
设置静态 MAC 地址的 [[Systemd (简体中文)]] 单元:
+
[[systemd]] unit setting a predefined MAC address:
  
 
{{hc|/etc/systemd/system/macspoof@.service|<nowiki>
 
{{hc|/etc/systemd/system/macspoof@.service|<nowiki>
Line 130: Line 130:
 
===== macchanger =====
 
===== macchanger =====
  
设置随机 MAC 地址的 [[Systemd (简体中文)]] 单元,同时保留原始的运营商字节。确保[[Pacman (简体中文)#安装软件包|安装]]了 {{Pkg|macchanger}}:
+
[[systemd]] unit setting a random address while preserving the original NIC vendor bytes. Ensure that {{Pkg|macchanger}} is [[Pacman#Installing specific packages|installed]]:
  
 
{{hc|/etc/systemd/system/macspoof@.service|<nowiki>
 
{{hc|/etc/systemd/system/macspoof@.service|<nowiki>
Line 148: Line 148:
 
</nowiki>}}
 
</nowiki>}}
  
或者用 {{ic|-r}} 选项来使 MAC 地址完全随机化,参见 [[#macchanger]]
+
A full random address can be set using the {{ic|-r}} option, see [[#macchanger]].
  
==== 启用服务 ====
+
==== Enabling service ====
  
将所需的网络接口 (如:{{ic|eth0}}) 附加到服务名称后面,然后[[Systemd_(简体中文)#使用单元|启用]]服务 ({{ic|macspoof@eth0.service}}).
+
Append the desired network interface to the service name (e.g. {{ic|eth0}}) and [[enable]] the service (e.g. {{ic|macspoof@eth0.service}}).
  
重启,或者按照适当的顺序重启依赖的服务。如果你是局域网管理员,请通过路由器检查其中的静态或 DHCP 地址表,验证 MAC 是否已成功修改。
+
Reboot, or stop and start the prerequisite and requisite services in the proper order. If you are in control of your network, verify that the spoofed MAC has been picked up by your router by examining the static, or DHCP address tables within the router.
  
=== netctl 接口 ===
+
=== netctl interfaces ===
  
你可以使用 [[Netctl#Using_hooks|netctl hook]] 来在每次启动或重启网卡的时候运行特定命令。把 {{ic|''interface''}} 替换为你的[[Network configuration (简体中文)#网络接口|网络接口]]:  
+
You can use a [[Netctl#Using_hooks|netctl hook]] to run a command each time a netctl profile is re-/started for a specific network interface. Replace {{ic|''interface''}} accordingly:  
  
 
{{hc|/etc/netctl/interfaces/''interface''|2=
 
{{hc|/etc/netctl/interfaces/''interface''|2=
Line 164: Line 164:
 
/usr/bin/macchanger -r ''interface''}}
 
/usr/bin/macchanger -r ''interface''}}
  
使脚本可执行:
+
Make the script executable:
 
 
 
  chmod +x /etc/netctl/interfaces/''interface''
 
  chmod +x /etc/netctl/interfaces/''interface''
  
来源: [https://blog.akendo.eu/archlinuxrandom-mac-address-for-new-wireless-connections/  akendo.eu]
+
Source: [https://blog.akendo.eu/archlinuxrandom-mac-address-for-new-wireless-connections/  akendo.eu]
  
 
=== NetworkManager ===
 
=== NetworkManager ===
  
参见 [[NetworkManager#Configuring MAC Address Randomization]].
+
See [[NetworkManager#Configuring MAC Address Randomization]].
  
== 故障排除 ==
+
== Troubleshooting ==
  
=== 连接到 DHCPv4 网络失败 ===
+
=== Connection to DHCPv4 network fails ===
  
如果您无法连接到 DHCPv4网络,而且您使用的是 NetworkManager 默认的 dhcpcd,你可能需要 [[Dhcpcd_(简体中文)#客户端 ID|修改 dhcpd 配置]] 来续租。
+
If you cannot connect to a DHCPv4 network and you are using dhcpcd, which is the default for NetworkManager, you might need to [[Dhcpcd#Client ID|modify the dhcpcd configuration]] to obtain a lease.
  
== 另见 ==
+
== See also ==
  
 
* [[Wikipedia:MAC spoofing]]
 
* [[Wikipedia:MAC spoofing]]
 
* [https://github.com/alobbs/macchanger Macchanger GitHub page]   
 
* [https://github.com/alobbs/macchanger Macchanger GitHub page]   
* [http://www.debianadmin.com/change-your-network-card-mac-media-access-control-address.html DebianAdmin 上的文章] with more ''macchanger'' options
+
* [http://www.debianadmin.com/change-your-network-card-mac-media-access-control-address.html Article on DebianAdmin] with more ''macchanger'' options

Revision as of 06:36, 11 May 2018

This article gives several methods to spoof a Media Access Control (MAC) address.

Manually

There are two methods for spoofing a MAC address: installing and configuring either iproute2 or macchanger. Both of them are outlined below.

iproute2

First, you can check your current MAC address with the command:

# ip link show interface

where interface is the name of your network interface.

The section that interests us at the moment is the one that has "link/ether" followed by a 6-byte number. It will probably look something like this:

link/ether 00:1d:98:5a:d1:3a

The first step to spoofing the MAC address is to bring the network interface down. It can be accomplished with the command:

# ip link set dev interface down

Next, we actually spoof our MAC. Any hexadecimal value will do, but some networks may be configured to refuse to assign IP addresses to a client whose MAC does not match up with any of known vendors. Therefore, unless you control the network(s) you are connecting to, use MAC prefix of any real vendor (basically, the first three bytes), and use random values for next three bytes. For more information please read Wikipedia:Organizationally unique identifier.

To change the MAC, we need to run the command:

# ip link set dev interface address XX:XX:XX:XX:XX:XX

Where any 6-byte value will suffice for XX:XX:XX:XX:XX:XX.

The final step is to bring the network interface back up. This can be accomplished by running the command:

# ip link set dev interface up

If you want to verify that your MAC has been spoofed, simply run ip link show interface again and check the value for 'link/ether'. If it worked, 'link/ether' should be whatever address you decided to change it to.

macchanger

Another method uses macchanger (a.k.a., the GNU MAC Changer). It provides a variety of features such as changing the address to match a certain vendor or completely randomizing it.

Install the package macchanger from the official repositories.

The spoofing is done on per-interface basis, specify network interface name as interface in each of the following commands.

The MAC address can be spoofed with a fully random address:

# macchanger -r interface

To randomize only device-specific bytes of current MAC address (that is, so that if the MAC address was checked it would still register as being from the same vendor), you would run the command:

# macchanger -e interface

To change the MAC address to a specific value, you would run:

# macchanger --mac=XX:XX:XX:XX:XX:XX interface

Where XX:XX:XX:XX:XX:XX is the MAC you wish to change to.

Finally, to return the MAC address to its original, permanent hardware value:

# macchanger -p interface
Note: A device cannot be in use (connected in any way or with its interface up) while the MAC address is being changed.

Automatically

systemd-networkd

systemd-networkd supports MAC address spoofing via link files (see systemd.link(5) for details).

To set a static spoofed MAC address:

/etc/systemd/network/00-default.link
[Match]
MACAddress=original MAC

[Link]
MACAddress=spoofed MAC
NamePolicy=kernel database onboard slot path

To randomize the MAC address on every boot, set MACAddressPolicy=random instead of MACAddress=spoofed MAC.

systemd-udevd

Udev allows you to perform MAC address spoofing by creating the udev rule. Use address attribute to match the correct device by its original MAC address and change it using the ip command:

/etc/udev/rules.d/75-mac-spoof.rules
ACTION=="add", SUBSYSTEM=="net", ATTR{address}=="XX:XX:XX:XX:XX:XX", RUN+="/usr/bin/ip link set dev %k address YY:YY:YY:YY:YY:YY"

where XX:XX:XX:XX:XX:XX is the original MAC address and YY:YY:YY:YY:YY:YY is the new one.

systemd unit

Creating unit

Below you find two examples of systemd units to change a MAC address at boot, one sets a static MAC using ip and one uses macchanger to assign a random MAC address. The systemd network-pre.target is used to ensure the MAC is changed before a network manager like Netctl or NetworkManager, systemd-networkd or dhcpcd service starts.

iproute2

systemd unit setting a predefined MAC address:

/etc/systemd/system/macspoof@.service
[Unit]
Description=MAC Address Change %I
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device

[Service]
Type=oneshot
ExecStart=/usr/bin/ip link set dev %i address 36:aa:88:c8:75:3a
ExecStart=/usr/bin/ip link set dev %i up

[Install]
WantedBy=multi-user.target
macchanger

systemd unit setting a random address while preserving the original NIC vendor bytes. Ensure that macchanger is installed:

/etc/systemd/system/macspoof@.service
[Unit]
Description=macchanger on %I
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device

[Service]
ExecStart=/usr/bin/macchanger -e %I
Type=oneshot

[Install]
WantedBy=multi-user.target

A full random address can be set using the -r option, see #macchanger.

Enabling service

Append the desired network interface to the service name (e.g. eth0) and enable the service (e.g. macspoof@eth0.service).

Reboot, or stop and start the prerequisite and requisite services in the proper order. If you are in control of your network, verify that the spoofed MAC has been picked up by your router by examining the static, or DHCP address tables within the router.

netctl interfaces

You can use a netctl hook to run a command each time a netctl profile is re-/started for a specific network interface. Replace interface accordingly:

/etc/netctl/interfaces/interface
#!/usr/bin/env sh
/usr/bin/macchanger -r interface

Make the script executable:

chmod +x /etc/netctl/interfaces/interface

Source: akendo.eu

NetworkManager

See NetworkManager#Configuring MAC Address Randomization.

Troubleshooting

Connection to DHCPv4 network fails

If you cannot connect to a DHCPv4 network and you are using dhcpcd, which is the default for NetworkManager, you might need to modify the dhcpcd configuration to obtain a lease.

See also