MAC Spoofing Shellscript and sed

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

MAC Spoofing Shellscript and sed

Post by n01s3b0x on Wed Feb 20, 2013 3:30 pm
([msg=73916]see MAC Spoofing Shellscript and sed[/msg])

I've been working on writing my first Unix shellscript. It's just a short script that will issue a random MAC address and assign it to my MacBook. I'm having trouble however with a section of the script involving the sed command.

The random address generator is this:

Code: Select all
openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'


My goal is to send the output to a variable for use with:

Code: Select all
sudo ifconfig en1 lladdr
inserting the variable as the MAC address to be assigned.

However, I am having trouble outputting the result of the sed command into a variable. I've tried several different methods of command substitution, piping and variable declarations with no luck.

I don't really understand sed to begin with. I knew how to generate a random string 6 bytes long, I just did not know a way of parsing it in a MAC format. As I researched how to do this, I came across the sed command shown above. That is what actually had prompted me to try creating a script around it automating the generation and assigning of a random MAC address. I have tried for the past couple weeks to study sed and for one reason or another, comprehension of it eludes me. I have tried altering the command slightly to see what it does, but most of the time, it tells me that there is a bad flag in my command. That or I don't understand how the change I made corresponds with the result.

Anyone have any suggestions? Or am I just going about this all wrong? Any tips on making sense of sed?
n01s3b0x
New User
New User
 
Posts: 3
Joined: Wed Feb 20, 2013 3:09 pm
Blog: View Blog (0)


Re: MAC Spoofing Shellscript and sed

Post by hackuin60s on Fri Mar 08, 2013 6:43 am
([msg=74404]see Re: MAC Spoofing Shellscript and sed[/msg])

Code: Select all
MAC_VAR=`openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'`
echo $MAC_VAR


works fine. What problem you are facing?
Certified: RHCSA, RHCE, CCNA.
Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
User avatar
hackuin60s
New User
New User
 
Posts: 15
Joined: Mon Apr 14, 2008 3:17 pm
Blog: View Blog (0)


Re: MAC Spoofing Shellscript and sed

Post by FunctionCreep on Fri Mar 08, 2013 4:29 pm
([msg=74407]see Re: MAC Spoofing Shellscript and sed[/msg])

In order to understand sed you need to know how to formulate regexp's (regular expressions). The example you posted is not where you'd like to begin but let's break it down:

substitute whatever is in here : s/
create a sub regex that matches a string, 2 dots mean 2 character BESIDES a newline (/n): \( ..\)
close subexpression: /
replace what the 1st subexpression matched: \1
delimit it/seperate it with: :
replace all global matches of the regexp: /g
close first substitution regex: ;

second substitution regexp starts: s/
match/find end of string: .$
close regexp: /

To sum up: s/\(..\)/\1:/g; s/.$// =

Find and replace 2 characters that are not a newline and delimit them with : do that for all 6 (that you piped from openssl). Find and match the end of the string so we know what to output.

This gives you a string in the form of 6x2 characters (bytes) seperated by a colon AA:AA:AA:AA:AA:AA . What do you know, looks like a MAC address.

Lesson of the day, when you see a one-liner NEVER assume you know what it does, because the devil is in the details.
"I hope for nothing. I fear nothing. I am free." ~ Nikos Kazantzakis
User avatar
FunctionCreep
Experienced User
Experienced User
 
Posts: 92
Joined: Tue May 18, 2010 6:19 pm
Blog: View Blog (0)


Re: MAC Spoofing Shellscript and sed

Post by n01s3b0x on Sun Mar 10, 2013 8:49 pm
([msg=74455]see Re: MAC Spoofing Shellscript and sed[/msg])

hackuin60s wrote:
works fine. What problem you are facing?


After a little troubleshooting, I managed to discover that it does work. After I finished the script, I inserted a few things check to see what was going on. I have it print the current MAC address, I then run the openssl and sed, outputting it to a variable, I echo the result. Then I run the ifconfig command inserting the variable as the new MAC address to be used. After this command, I echo the current MAC address to check to see if they match. The problem I'm running into is that the openssl | sed result does not always get set as the new MAC address.

Here's what the whole thing looks like:

Code: Select all
ifconfig en1 | grep ether;
airport -z; sleep 10;
MAC=`openssl rand 6 | xxd -p | sed 's/\(..\)/\1:/g; s/.$//'`;
sudo ifconfig en1 lladdr $MAC; sleep 5;
ifconfig en1 down;
ifconfig en1 up;
echo Output from openssl  = $MAC;
ifconfig en1 | grep ether;


This is the current version I have. It works about 10% of the time. The sleep commands were an experiment to see if the problem had to do with giving the interface time to dissociate, deactivate and reactivate. It hasn't seemed to help much. Below is a typical result of the script:

It will work
Code: Select all
ether 0e:fd:b3:04:53:b0
Output from openssl = 2e:ae:ef:55:ed:9d
   ether 2e:ae:ef:55:ed:9d


....and then it won't
Code: Select all
ether 2e:ae:ef:55:ed:9d
Output from openssl = 2b:4a:bf:60:94:32
   ether 2e:ae:ef:55:ed:9d


At first I thought it was because I may have been supplying invalid MAC addresses, but I have manually changed it to and from things like 00:01:02:03:04:05. And for some reason I have run into problems where it won't let me change it to the same address manually either; even though I've used the address before or if I even try manually reverting to my original MAC address.That's my current problem.

And thanks for the sed lesson, FunctionCreep. That was a big help. Lesson learned about those one-liners.
n01s3b0x
New User
New User
 
Posts: 3
Joined: Wed Feb 20, 2013 3:09 pm
Blog: View Blog (0)


Re: MAC Spoofing Shellscript and sed

Post by hackuin60s on Mon Mar 11, 2013 2:26 am
([msg=74457]see Re: MAC Spoofing Shellscript and sed[/msg])

Not 100% sure.

As of your code,
You are disassociating/disconnection all wifi connections.
But, you are not putting down your network interface "down" before changing your MAC address.

Try that. (put down your network interface first and change the MAC address).

-Hackuin
Certified: RHCSA, RHCE, CCNA.
Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
User avatar
hackuin60s
New User
New User
 
Posts: 15
Joined: Mon Apr 14, 2008 3:17 pm
Blog: View Blog (0)


Re: MAC Spoofing Shellscript and sed

Post by n01s3b0x on Mon Mar 11, 2013 12:23 pm
([msg=74460]see Re: MAC Spoofing Shellscript and sed[/msg])

hackuin60s wrote:Not 100% sure.

As of your code,
You are disassociating/disconnection all wifi connections.
But, you are not putting down your network interface "down" before changing your MAC address.

Try that. (put down your network interface first and change the MAC address).

-Hackuin


In order to change the MAC address, the interface has to be dissociated, but it also has to be on.
If not you get this
Code: Select all
ifconfig: ioctl (SIOCAIFADDR): Device power is off

I am dissociating.
Code: Select all
airport -z

Is the dissociation command.

At the end I run the
Code: Select all
ifconfig down
ifconfig up


When it comes back up, it automatically connects to remembered networks.
I thought it might have been a dissociating problem which is why I put in the sleep. But it doesn't matter if I give it 2 seconds, 5, 10, or 30. It still works about 10% of the time.

I thought about inserting a loop telling it to keep running the first part of the script until the two variables match and then proceed with restarting the interface. But I would rather figure out why it's not working.
n01s3b0x
New User
New User
 
Posts: 3
Joined: Wed Feb 20, 2013 3:09 pm
Blog: View Blog (0)


Re: MAC Spoofing Shellscript and sed

Post by hackuin60s on Tue Mar 12, 2013 5:56 am
([msg=74475]see Re: MAC Spoofing Shellscript and sed[/msg])

Never tired, at macbook.

But, usually in Linux, we put down the interface, before changing the MAC Address.
Certified: RHCSA, RHCE, CCNA.
Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
User avatar
hackuin60s
New User
New User
 
Posts: 15
Joined: Mon Apr 14, 2008 3:17 pm
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests