Author Topic: Android MAC randomization  (Read 5536 times)

0 Members and 1 Guest are viewing this topic.

Offline CodeGlitch

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
Android MAC randomization
« on: September 30, 2014, 02:07:53 pm »
Hi all - first time poster.

Has anyone played around with MAC randomization on Android?  The idea being that you can be easily tracked from your phone's WiFi capability (MAC codes are unique to your phone), so it would be cool if your phone spoofed a new MAC address everytime it encountered a WiFi hotspot.

Looking at the Play store, there's not much apart from : 
https://play.google.com/store/apps/details?id=eu.chainfire.pryfi
Glitching code since the 80's.

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: Android MAC randomization
« Reply #1 on: September 30, 2014, 03:22:42 pm »
I once tested this pry-fi app and at least  MAC spoofing feature worked fine when i scanned my phone with nmap. Didn't keep app installed though, so i never used it in purposes it was created for, according to the devoloper. If someone got intrested there's more about use of purposes in here -->  http://forum.xda-developers.com/showthread.php?t=2631512

Overall idea of the app is quit inventive. But i didn't really find it useful to me because i don't usually keep my phones wifi scanner on, i have tasker "script" running that puts my wifi scan on automatically when i'm near places where i use wifi.[emoji6] (not by using GPS) Also in networks i normally connect with my phone i have no use for mac spoofing.


Btw. post an introduction..
« Last Edit: September 30, 2014, 04:07:52 pm by gray-fox »

Offline CodeGlitch

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
Re: Android MAC randomization
« Reply #2 on: September 30, 2014, 10:10:54 pm »
Hi - that's a cool idea about the tasker script.  I think Cyanongen Mod (which I'm using on my phone) should have this sort of feature built-in.

I've added an intro here:

https://evilzone.org/members-introduction/greetings-16777/new/#new

Thanks
Glitching code since the 80's.

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: Android MAC randomization
« Reply #3 on: October 02, 2014, 03:02:43 pm »
If it were me, i would actually do a script that updates my MAC address everytime i change or loose wifi spots. Easy with the python SDK.
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Android MAC randomization
« Reply #4 on: October 02, 2014, 05:43:06 pm »
If it were me, i would actually do a script that updates my MAC address everytime i change or loose wifi spots. Easy with the python SDK.
Just use BASH should be couple lines.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: Android MAC randomization
« Reply #5 on: October 02, 2014, 07:36:18 pm »
Just use BASH should be couple lines.


I know there is more than one way to change MAC with BASH(macchanger, hwaddress, etc.), but how would you make that script work in android phone(without adb). Is there some way to do it that works with sh shell + busybox combination in android?

Edit: If we are even talking about android phones anymore. :D
« Last Edit: October 02, 2014, 07:48:32 pm by gray-fox »

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Android MAC randomization
« Reply #6 on: October 02, 2014, 08:05:53 pm »

I know there is more than one way to change MAC with BASH(macchanger, hwaddress, etc.), but how would you make that script work in android phone(without adb). Is there some way to do it that works with sh shell + busybox combination in android?

Edit: If we are even talking about android phones anymore. :D
Compile these programs for android.
~Factionwars

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: Android MAC randomization
« Reply #7 on: October 02, 2014, 08:36:13 pm »
Compile these programs for android.
Yes, that's ofc would be one way. I have to look into that. Not maybe about this mac changing but that would be great skill to learn anyway. And i just really was more of intrested that if proxx knew a bash way that is directly compatible with android's shell(+busybox). If so, simple "yes" answer would have been enough to me. Just got intrested, because when i tried quickly google this i found nothing that would have work directly.

Tho i have to admit this kind of got me intrested if i could make that mac spoofing work by my self, but i would probably use kenjoe41's tip with python + sdk. I'm trying to use few hours everyday for python learning anyway.
« Last Edit: October 02, 2014, 08:37:26 pm by gray-fox »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Android MAC randomization
« Reply #8 on: October 02, 2014, 08:48:34 pm »
Yes, that's ofc would be one way. I have to look into that. Not maybe about this mac changing but that would be great skill to learn anyway. And i just really was more of intrested that if proxx knew a bash way that is directly compatible with android's shell(+busybox). If so, simple "yes" answer would have been enough to me. Just got intrested, because when i tried quickly google this i found nothing that would have work directly.

Tho i have to admit this kind of got me intrested if i could make that mac spoofing work by my self, but i would probably use kenjoe41's tip with python + sdk. I'm trying to use few hours everyday for python learning anyway.

Thats kinda my problem with android, its open yet its not so open afterall.
These things are soo easy on a regular box , yet phones...
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: Android MAC randomization
« Reply #9 on: October 02, 2014, 09:19:46 pm »
Thats kinda my problem with android, its open yet its not so open afterall.
These things are soo easy on a regular box , yet phones...
I know what your saying. I sometimes write simple shell scripts with my phone on coffee breaks at work for fun and i like to test those scripts with my phone right a way. So many times i'm in the point where i think that damn this would be easy to do with regular box but i'm struggling to make it work in phone. Last time was when busybox's netcat was missing -z argument.

Tho it has also been a good thing because it has pushed me to learn to do things more than one way.[emoji4]

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: Android MAC randomization
« Reply #10 on: October 03, 2014, 07:24:12 pm »

I know there is more than one way to change MAC with BASH(macchanger, hwaddress, etc.), but how would you make that script work in android phone(without adb). Is there some way to do it that works with sh shell + busybox combination in android?

Edit: If we are even talking about android phones anymore. :D
http://forum.xda-developers.com/showthread.php?t=537827
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: Android MAC randomization
« Reply #11 on: October 03, 2014, 09:49:44 pm »
http://forum.xda-developers.com/showthread.php?t=537827
Yeah, i know i said it wrong. I should have said bash + tools available to use with it in regular linux box. That compiled  bash still depends on busybox's toolset. Tho i think you knew that and maybe got my point or maybe i just don't know how to say what i'm trying to said.

Anyway about this mac spoofing. I noticed that after all, this way kind of works directly in android.
Code: [Select]
busybox ifconfig wlan0 down
busybox ifconfig wlan0 hw ether 00:00:00:00:00:00
busybox ifconfig wlan0 up
When i earlier tried this i didn't notice to use "busybox" in front of ifconfig. I guess android's shell has ifconfig built in it and it's bit different from busybox one.
 
But like i said it only kind of works. When i run those and after that check:
Code: [Select]
ip link show wlan0
It shows that mac address has change to 00:00:00:00:00:00.  But after mac change wifi refuse to connect to  AP(there's no mac-filttering in router). Then i have to restart wifi scanner to make wifi work and that resets mac-address. But well, maybe i keep looking into this.

I also thought that maybe it's possible to directly modify ".macaddr" file located in /persistent/wifi/(using nexus 5) with hex editor or something but didn't have time to look into that yet.

Then i noticed that if you remove that .macaddr file(i had a backup) phone seems to generate new mac starting 00:xx:xx:xx:xx:xx and it generates new one every time when i reboot phone or re-start wifi scanner. This kind of seemed intresting. I afterwards googled this and it seems that some nexus 4's had bug that use to do this same thing.

Don't really know why i even started look into this..guess i just got intrested.

Probably some android(or /linux) guru would know how to make that first way(or many other ways) to work right a way, but maybe i will figured that out also.
« Last Edit: October 03, 2014, 10:02:21 pm by gray-fox »

Offline CodeGlitch

  • NULL
  • Posts: 4
  • Cookies: 1
    • View Profile
Re: Android MAC randomization
« Reply #12 on: October 04, 2014, 03:00:02 pm »
Damn you guys are good :)

When I get some time I want to look into this, so will post results if I get anywhere (I'm a C++ programmer mainly so don't mind getting my hands dirty with the ndk).
Glitching code since the 80's.

Offline gray-fox

  • Knight
  • **
  • Posts: 208
  • Cookies: 52
    • View Profile
Re: Android MAC randomization
« Reply #13 on: October 08, 2014, 06:56:12 am »
Yesterday i took another look at this mac changing and this time i tried it with my old galaxy s3 phone. So with googling and studying files in phone i found out that phone "loaded" mac address from /efs/wifi/.mac.info/ . At first i simply wrote new mac in file, but it automatically reload the original one. Then i start thinking if answer is in kernel, so i decided to try with different kernel and flashed googy kernel.
http://forum.xda-developers.com/galaxy-s3/orig-development/01-10-googy-kernel-2-6-sammy-jb-3-0-98-t2242325
After that i again wrote new address in /.mac.info(wifi off) and this time change was persistent, even after reboot.

Next i start thinking how to make change automatic with generated mac address. As quick test solution i used this shell script:
Code: [Select]
macad=$(dd if=/dev/urandom bs=1024 count=1 2&gt;/dev/null|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\).*$/00:\2:\3:\4:\5:\6/')

su -c "echo $macad &gt; /efs/wifi/.mac.info"
And i used tasker+sl4a apps to run script everytime i connect to wifi, even tho the effect kind of comes one connection behind i had new mac address every time wifi restarts.

I know this is quit strictly binded to certain phone+kernel, because i haven't tested this with other ones. So this ain't tutorial. But maybe this can provide some info if someone is intrested to do something like this with his android phone. Probably with galaxy s4/s5 this could be used quit directly. And for example with nexus 5 that is my current phone, this might be doable with "/persist/wifi/.macaddr" file.
Reason i didn't test this with nexus 5 is that i really don't have any use for mac changing at moment in my phone and i didn't want to take chanche of bricking it.:D

Edit:
There where still some new things that i wanted to add. Even it seems that nobody has taken any intrest in this.  :P

But anyway, as many of you know, first three parts of mac address(xx:xx:xx) is called Organizational Unique Identifier(OUI) and from OUI you can identify who manufactured or sold some device.
So once again i started to play with this mac changing on my s3 and instead of using random address i thought if i could make my Samsung device act as some other specific device.
So i found this site that has huge list of OUI's from different companies.  I used those and test changed my mac address few times and made my Samsung phone "look" like Apple, ZTE, Cisco and other devices. I used Fing network scanner app, that shows device manufacturer in scan, to test that change has worked and it did everytime.
I know this isn't any new knowledge for most of you here, but now that i tested this and it worked it was kind of cool.. in my opinion at least.:D
Maybe this even might be useful in some cases. For example if you connect to some wireless network  that you shouldn't be using or something and you know this network has multiple lenovo machines connected to it, then you could make your phone also look like lenovo machine by using one of their OUI. Then your phone's presence wouldn't be so easy noticed if someone scans the network or view logs.

Here is the website for those OUI addresses if someone is intrested:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf;hb=HEAD

« Last Edit: October 26, 2014, 05:41:52 pm by gray-fox »