MAC Spoofing Shellscript and sed

[n01s3b0x]

I've been working on writing my first Unix shellscript. It's just a short script that will issue a random MAC address and assign it to my MacBook. I'm having trouble however with a section of the script involving the sed command.

The random address generator is this:

Code: Select all

openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

My goal is to send the output to a variable for use with:

Code: Select all

sudo ifconfig en1 lladdr

inserting the variable as the MAC address to be assigned.

However, I am having trouble outputting the result of the sed command into a variable. I've tried several different methods of command substitution, piping and variable declarations with no luck.

I don't really understand sed to begin with. I knew how to generate a random string 6 bytes long, I just did not know a way of parsing it in a MAC format. As I researched how to do this, I came across the sed command shown above. That is what actually had prompted me to try creating a script around it automating the generation and assigning of a random MAC address. I have tried for the past couple weeks to study sed and for one reason or another, comprehension of it eludes me. I have tried altering the command slightly to see what it does, but most of the time, it tells me that there is a bad flag in my command. That or I don't understand how the change I made corresponds with the result.

Anyone have any suggestions? Or am I just going about this all wrong? Any tips on making sense of sed?

[hackuin60s]

Code: Select all

MAC_VAR=`openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'`
echo $MAC_VAR


works fine. What problem you are facing?

[FunctionCreep]

In order to understand sed you need to know how to formulate regexp's (regular expressions). The example you posted is not where you'd like to begin but let's break it down:

substitute whatever is in here : s/
create a sub regex that matches a string, 2 dots mean 2 character BESIDES a newline (/n): \( ..\)
close subexpression: /
replace what the 1st subexpression matched: \1
delimit it/seperate it with: :
replace all global matches of the regexp: /g
close first substitution regex: ;

second substitution regexp starts: s/
match/find end of string: .$
close regexp: /

To sum up: s/\(..\)/\1:/g; s/.$// =

Find and replace 2 characters that are not a newline and delimit them with : do that for all 6 (that you piped from openssl). Find and match the end of the string so we know what to output.

This gives you a string in the form of 6x2 characters (bytes) seperated by a colon AA:AA:AA:AA:AA:AA . What do you know, looks like a MAC address.

Lesson of the day, when you see a one-liner NEVER assume you know what it does, because the devil is in the details.

[n01s3b0x]

works fine. What problem you are facing?

After a little troubleshooting, I managed to discover that it does work. After I finished the script, I inserted a few things check to see what was going on. I have it print the current MAC address, I then run the openssl and sed, outputting it to a variable, I echo the result. Then I run the ifconfig command inserting the variable as the new MAC address to be used. After this command, I echo the current MAC address to check to see if they match. The problem I'm running into is that the openssl | sed result does not always get set as the new MAC address.

Here's what the whole thing looks like:

Code: Select all

ifconfig en1 | grep ether;
airport -z; sleep 10;
MAC=`openssl rand 6 | xxd -p | sed 's/\(..\)/\1:/g; s/.$//'`;
sudo ifconfig en1 lladdr $MAC; sleep 5;
ifconfig en1 down;
ifconfig en1 up;
echo Output from openssl  = $MAC;
ifconfig en1 | grep ether;


This is the current version I have. It works about 10% of the time. The sleep commands were an experiment to see if the problem had to do with giving the interface time to dissociate, deactivate and reactivate. It hasn't seemed to help much. Below is a typical result of the script:

It will work

Code: Select all

ether 0e:fd:b3:04:53:b0
Output from openssl = 2e:ae:ef:55:ed:9d
   ether 2e:ae:ef:55:ed:9d

....and then it won't

Code: Select all

ether 2e:ae:ef:55:ed:9d
Output from openssl = 2b:4a:bf:60:94:32
   ether 2e:ae:ef:55:ed:9d

At first I thought it was because I may have been supplying invalid MAC addresses, but I have manually changed it to and from things like 00:01:02:03:04:05. And for some reason I have run into problems where it won't let me change it to the same address manually either; even though I've used the address before or if I even try manually reverting to my original MAC address.That's my current problem.

And thanks for the sed lesson, FunctionCreep. That was a big help. Lesson learned about those one-liners.

[hackuin60s]

Not 100% sure.

As of your code,
You are disassociating/disconnection all wifi connections.
But, you are not putting down your network interface "down" before changing your MAC address.

Try that. (put down your network interface first and change the MAC address).

-Hackuin

[n01s3b0x]

Not 100% sure.

As of your code,
You are disassociating/disconnection all wifi connections.
But, you are not putting down your network interface "down" before changing your MAC address.

Try that. (put down your network interface first and change the MAC address).

-Hackuin

In order to change the MAC address, the interface has to be dissociated, but it also has to be on.
If not you get this

Code: Select all

ifconfig: ioctl (SIOCAIFADDR): Device power is off

I am dissociating.

Code: Select all

airport -z

Is the dissociation command.

At the end I run the

Code: Select all

ifconfig down
ifconfig up

When it comes back up, it automatically connects to remembered networks.
I thought it might have been a dissociating problem which is why I put in the sleep. But it doesn't matter if I give it 2 seconds, 5, 10, or 30. It still works about 10% of the time.

I thought about inserting a loop telling it to keep running the first part of the script until the two variables match and then proceed with restarting the interface. But I would rather figure out why it's not working.

[hackuin60s]

Never tired, at macbook.

But, usually in Linux, we put down the interface, before changing the MAC Address.