Spoofing Mac Address? - Android Software/Hacking General [Developers Only]

I have been trying to spoof my mac address on my phone. I am a pen tester so please don't lecture me on the ethics behind this because I know. It is very simple to do on linux, so I thought it would be possible on Android.
I installed busybox and terminal emulator and ran the su command. So far, i can run 'busybox ip link set eth0 address XX:XX:XX:XX:XX:XX' 'busybox ip link set eth0 broadcast XX:XX:XX:XX:XX:XX'. Everytime I do this, it changes the mac address, but breaks the wifi functionality. The only way to fix the wifi was to disable, then re-enable it, but that resets the wifi. I was wondering if we could colaborate on this and maybe get somewhere.

I have also seen this somewhere, but am not sure if it will work.
ip link set address NEWMAC dev eth0

Sorry for digging out this old thread, but I was trying the same and failing in the same way as you were.
The only difference is, I do not change the broadcast address, because imo this should remain on "all FF" (please tell me, why the broadcast should be set to the new MAC).
If I change it and fire up 'ip link show eth0', it shows the changed MAC.
The settings menu still shows the real MAC.
As in your case, the WiFi-connection (naturally) terminates (the router (access point) cannot know about the change). If I try to reconnect to the router, I get the error that my password is wrong. When checking the router's log, I see an entry about a failed connection attempt from the changed MAC address.
The only explanation I have is that the WPA2 encryption somehow incorporates the actual "real" MAC address so the encryption fails and as a consequence the connection is refused.
So-far, I haven't tried it without encryption.
Another question would be, what exactly is executed, when you activate WIFI on the phone? Which script?
I know that the network device (in my case "eth0") is created at this point.
If WIFI is down, no such device exists.
I would suspect some script that creates the interface, activates it and starts a demon that handles the connection stuff.
Maybe it would help to inject the spoof code after the interface was created, but before it is activated? So-far, I couldn't identify the correct script/command. Does anyone know?
Knowing the command that creates the network interfaces would also help when searching for the script.

Related

Wifi+DNS on XDA Mobile 6

I rarely post questions because most that I have had have been answered already and I can find what I need through searching.
However the amount of apparent confusion in the questions and answers on this subject has made it impossible to figure this out.
I cannot reliably connect via wifi on my Wizard running XDA Mobile 6.
Problem:
1. Wizard connects to Wifi, but does not correctly get DHCP.
Okay, a pda is pretty useless as a wifi device if it can't receive a dynamic address, but I set up a static IP (on the Wizard) to work with my router, and deferred diagnosing this until after I actually have wifi working at all.​2. Wizard cannot seem to choose a DNS server.
It apparently tries to use the GPRS dns server to resolve addresses, and can succeed, but this is slow. If I disable the phone it uses the DNS I entered (my wifi router). and works precisely as it should, resolving domain names almost instantly, just like the other wifi devices on my network. With the phone turned on the DNS address seems to be ignored​
Is there someone out there who can address this problem? Maybe I need a primer in the serpentine methods Windows Pocket PC uses to configure itself to connect to networks, because it certainly doesn't seem the least bit logical from this writer's perspective.
Thanks.
Le Zouave
Yes, I had the same issue with most 6.0 ROMs here. But TNT 6.0 ROM works without changing DNS manually. Haven't checked the root cause is ...... You might install TNT ROM to see whether it resolve your issue.
That's some kind of DHCP problem.
I don't have it with my cooked ROMs.
When DHCP is used to get an IP address, it also gets the DNS servers sent back in the same response packet. So if you disable DHCP (or it fails) you need to manually configure both it and the DNS addresses.
Exactly my point.
It's clear that the problem is a DHCP client failure. There are plenty of posts here saying things like, "try a different ROM" etc. The information I am looking for is how to fix it.
Uh, try a ROM that doesn't have the problem?
The ones I've run (including my own cooking) work fine.
oops- double post
I was sort of hoping for a registry key to edit or other setting...
DHCP is working, for example on Remote NDIS-host (activesync connection), so it seems likely that there might be another solution.
I will have a look at your ROM, Genesis3.,

WPA Enterprise Auth - confirmed working

WiFi on campus here uses WPA enterprise auth - good. I was shocked when I saw that the phone seemingly didn't support it. Network didn't even appear in the list, and Add Network only supports WPA Personal / WEP. How Apple of them. But WHY? It's wpa_supplicant behind the scenes.
I've been using campus wifi successfully for a few days now. It seems to integrate well enough - the wifi settings menu doesn't seem to break at all, the enterprise-authed network and status are listed correctly including the 'lock' icon, etc.
These instructions are slightly modified from being specific to the particular university (posted locally too, you see). If you can rub some braincells together, this can be adapted. The parts regarding a certificates file may or may not be needed in your setup, for example.
* Get a root shell
* cd /data/misc/wifi/
* cat wpa_supplicant.conf
* The existing supplicant config is displayed - copy and paste it into a text editor (the beginning bits are important, as are your existing networks)
* Paste in a working wpa_supplicant.conf section for your network at the end
* Fill in username and password in the new section. Replace the path for cacerts.pem with /data/misc/wifi/cacerts.pem
* Save the new config onto the SD card
* Save the cacerts.pem (same site) onto the SD card also
* On the handset: In the settings/storage menu, disable the SD card for USB storage (otherwise, can't access it from the shell)
* rm wpa_supplicant.conf
* cp would be used here normally, but it isn't in the stock image: dd if=/sdcard/wpa_supplicant.conf of=wpa_supplicant.conf
* chmod 666 wpa_supplicant.conf (Warning! Readable/Writable by EVERYONE! Use 664 such that only root can write it if you want, but this will possibly disallow changes by the settings app - if chown was available, ownership would be reverted back to wifi:wifi)
* dd if=/sdcard/cacerts.pem of=cacerts.pem
* chmod 444 cacerts.pem (needs to be readable by wifi user)
* The network should appear in the wifi menu and connect if you enable wifi. Reboot if not maybe?
Problems:
* Permissions are a bit wonky due to lack of chown. The process would be cleaner with busybox installed (possible with root), but this process is written to work on a stock RC29 handset.
* It will almost surely fail following an update. Try not to give up root before the WiFi UI is patched
* Maybe there's a reason that enterprise auth is absent from the settings UI
* WiFi settings page may or may not break. WiFi settings page may or may not undo your changes.
A quick troubleshooting tip: if you've dealt with wpa_supplicant before, note that wpa_cli is available to root. Helpful to diagnose any issues that crop up.
Enjoy.
How Apple of them. But WHY? It's wpa_supplicant behind the scenes
Click to expand...
Click to collapse
I suspect it's because the majority of consumers only access wifi networks secured through psk or mac-address. iirc my university used mac-address too. Not sure if that's changed by now. In any case, I wouldn't hold my breath for official support on the G1. Maybe on some future Android device with enterprise in mind.
Anyway, good tips and good first post. Welcome to the forum
busybox has chown
WPA2
Can I ask a question?
The SSID for your campus wifi is not broadcasted, correct? if this is true, then it won't show up and the only way to get access is to add it manually.
Now when you go to add it manually, did you try to change the type of security before you flipped out the keyboard? Just wondering since WPA2 is clearly seen if you have the keyboard in and if you have it out it looks like WPA2 isn't an option but if you try to move the security box with a swipe up with your finger, WPA2 will be shown. I haven't had a single problem attaching to my home or work network using WPA2 PSK since RC19 and beyond.
Yep, busybox has chown - which makes the whole thing cleaner and safer. My instructions were written originally with no assumptions as to previous modding, incl how to get telnet.
The wifi network here does broadcast, but is filtered out due to "unsupported" security. Add network lists wpa2 personal but not enterprise.
I modified my wpa_supplicant.conf file using your instructions and it worked!
Thanks!
Dave
vSymm said:
How Apple of them. But WHY? It's wpa_supplicant behind the scenes.
Click to expand...
Click to collapse
Because there's a substantial amount of UI work that needs to be done for WPA2-Enterprise compared with the relatively common WPA2-PSK.
My advice? If official support is something you'd like, go write it and submit a patch to the Android devs.
Not working
I can't get this to work. It says "failed to start wifi".
My non-enterprise wifi won't even work now. It connects but apps say network error.
I am trying to connect to my university's wifi that is "Secure 802.1X authentication and EAP-TTLS with PAP inner-authentication (anonymous)"
Can anyone give me an example config for this? It doesn't use a certificate.
Confirm that the permissions were set correctly on wpa_supplicant.conf
I'm sure you can find an example for that particular setup online somewhere.
happyface_0 said:
I can't get this to work. It says "failed to start wifi".
My non-enterprise wifi won't even work now. It connects but apps say network error.
I am trying to connect to my university's wifi that is "Secure 802.1X authentication and EAP-TTLS with PAP inner-authentication (anonymous)"
Can anyone give me an example config for this? It doesn't use a certificate.
Click to expand...
Click to collapse
try this:
adb shell
cd /data/misc/wifi
chown 1010:1010 wpa_supplicant.conf
Worked for me too, but the connection was really unstable. I've added the option bssid to wpa_supplicant.conf to prevent roaming. Now it works really well on my desk, but I haven´t tried the rest of the company.
need help connecting
I'm trying to connect to a campus network, I see the SSID detected (as following), and It tries to connect and aborts by itself.
my wpa_supplicant.conf shows this:
network={
ssid="Techwifi"
scan_ssid=1
key_mgmt=NONE
priority=2
}
hey guys,
will this also work with WPA2 and EAP/TTLS with PAP?
or do you know when this feature will be integrated?
thaks a lot
linulli said:
hey guys,
will this also work with WPA2 and EAP/TTLS with PAP?
or do you know when this feature will be integrated?
thaks a lot
Click to expand...
Click to collapse
Yes, I have it working.
Code:
network={
ssid="ssidname"
scan_ssid=1
key_mgmt=WPA-EAP
eap=TTLS
identity="user"
password="pass"
phase2="auth=PAP"
}
Note: It seems to drain my G1's battery pretty nicely and it starts to get hot after being connected for a bit. Also, my G1 added disabled=1 to the end of this network after the ADP1 v1.1 update, strange.
Thanks happyface_0,
so I will have a few minutes online.
Is there a way to alter your wpa_supplicant settings on an unrooted German G1 , or how can i downgrade and then alter the settings, does anyone know?
I'd love to know that too, i really want to use wifi at work.
Can we do anything to help you help us?
Maybe someone with a US RC33 can look if the WPA 2 Enterprise support finally made it into the gui of the G1 , then our problem would be solved ,
can´t find something on the net which says that WPA 2 Enterprise was part of the Internet .
So please can somebody look up his or her connection settings for wlan and tell us if WPA 2 Enterprise is available now?
Gedomania said:
Maybe someone with a US RC33 can look if the WPA 2 Enterprise support finally made it into the gui of the G1 , then our problem would be solved ,
can´t find something on the net which says that WPA 2 Enterprise was part of the Internet .
So please can somebody look up his or her connection settings for wlan and tell us if WPA 2 Enterprise is available now?
Click to expand...
Click to collapse
Neither WPA-Enterprise nor WPA-2 Enterprise are available yet without actually editing the wpa_supplicant configuration manually, even on RC33.
Hmm thats pretty sad, is it actually possible to write a program which can edit the Wpa_supplicant file so that we can manually insert the settings we need to get WPA 2 Enterprise working , even on phones without root?

[Q] Eduroam

Hi all, this is my first post and sorry for my english
I have a big problem with my galaxy sl, i can't use wifi connection (eduroam) in my uni (http://venus.unive.it/wifi/index.php?cmd=eduroam_android Venice)
I have followed the istruction of my uni, but wifi don't work
I have read http://forum.xda-developers.com/showthread.php?t=1477743, i have tryed all versions but the connection don't work
I use miui rom v2.3.23 (http://forum.xda-developers.com/showthread.php?t=1538234) with default kernel.
Do u have a solutions???
thanks to all
Hey there!! I also have eduroam in my University and I have never been able to connect it. Sorry then!!
Same problem here (with eduroam and another similar wifi network in my university).
Actually I was able to connect, but it worked few times. Usually after a full wipe my phone connects flawlessly to wifi, but after that connection, another full wipe is needed.
In my case, it seems that the phone is unable to get a valid IP, because using a fake IP, gateway etc (in wifi settings press the menu button and then go in advanced) it will immediately enstablish a connection (no internet connection of course). I tried to put valid infos once (I had with me my laptop connected and I copied all the infos from it, I only changed the last number in the IP) and it worked. That's why I think is an IP problem, but maybe it was luck .
Maybe doing a sort of "wifi config reset" solves the problem (at least in my case), but it means that everytime I should reconfigure it... I simply gave up and I use my 3G connection .
I found this weird workaround time ago, but I never tried it. I think it worths a try.
===
EDIT:
Strange, you use a different config. I thought all Eduroam networks would have used the same config. Here mine's:
SSID: eduroam
Security: 802.1x Enterprise
EAP method: TLS
CA certificate: "Not specified"
Client certicate: the downloaded certificate
i will try ur config next week but, my friend can use edoroam with a acer liquid (2.2 foryo) with config written in university site.
IMO there are a bugs in the kernel of galaxy sl because a lot of android phone can connected to eduroam
Up
I tried again after I saw this thread and I now I'm quite sure that my problem is an IP problem. I played a little with airplane mode/static IP in a random way (as suggested in the link I posted) and finally I enstablished a connection.
Usually, right before the connection, my phone asks the credential password. And that's weird.
Anyway I discovered something interesting. In our /system/build.prop we have:
Code:
...
wifi.interface=eth0
...
wifi.interface=tiwlan0
but
Code:
getprop wifi.interface
gives as result tiwlan0 and that's ok, this is our wifi interface.
But after that I went to see some other config files and I found that in our /system/etc/dhcpcd we have
Code:
interface eth0
I think this should be
Code:
interface tiwlan0
(I found reference to eth0 in /system/etc/wifi/wifi.conf too, but I don't what this file is used for).
I wanted to see if changing eth0 with tiwlan0 in /system/etc/dhcpcd/dhcpcd.conf and removing wifi.interface=eth0 from build.prop would have helped, but I had no time and now I'm on holiday.
If your problem is similar to mine, try to do that change, it won't break anything, I already did that and wifi works (at home of course, where I've never had a problem).
I have also eduroam in my university and i am using eduroam fixer and it is working perfectly. İt is in google play and free you can use it
Sent from my GT-I9003 using Tapatalk
Try this app: Transparent Proxy. Input your wifi proxy and port.
It may work...
I also have eduroam in my university and I've managed to make it work.
You just need to enter eduroam config and set it like this (I have my phone in spanish, so the names could be a little messed up ):
Code:
EAP method: TTLS
Phase 2 authentication: PAP
Identity: [I]"your university mail"[/I]
Password: [I]"your university mail password"[/I]
And leave everything else blank. Hope it works for you guys!!

Reverse WiFi Tether Script

Hello Hackers!
I know enough about shell scripts and networking that I was able to create a script that connects to a WiFi network from your remembered networks and enables NAT from hosts on the WiFi network to the 4G LTE data connection.
All you have to do after it's ready is either change the gateway on any PC on the network to the IP address of your phone or add a static route for a specific destination to route to your phone's IP address.
This script requires root access and a way to run shell scripts. I use the SManager app to run it, you just have to make sure it's set to run as root.
If you have a data connection other than 4G LTE then I expect it will most likely have a different interface, you will have to use OS Monitor to see which interface it uses then modify this script to use that interface.
There are a couple issues that I have with it. One is sometimes I have to run it a couple times before DHCP will work and the other issue is the WiFi seems to lag badly causing the internet to perform much slower than it should. Can someone have a look please?
If you make changes to the script then make sure you convert it to UNIX format or SH won't read it correctly. If you have Linux on your PC you can use the command "fromdos" to convert it.
I have attached a zip file with both the on and off scripts below. If anyone has more experience than I and would like to improve it then please let me know and I will include the improvements. :highfive:
Thank you!

prevent android being "smart" about wifi connectivity

when I connect to a captive wifi, I want to use the connection as is (maybe I want to login without telling google - since the builtin authenticator uses their gstatic domain, or maybe I want to probe the network as it is being redirected, or maybe I just want firefox to manage my password to the portal, etc)
but after I select "use wifi as is" on the android webview builtin auth screen, android starts to route all and every traffic to my 3g/4g data connection instead, until I disable and re-enable wifi.
it will only ever redirect traffic to wifi after it successfully got the correct 204 from gstatic.com
is there anyway to work around this?
I am on android6, but I think I has always been like that.
gcbxda said:
when I connect to a captive wifi, I want to use the connection as is (maybe I want to login without telling google - since the builtin authenticator uses their gstatic domain, or maybe I want to probe the network as it is being redirected, or maybe I just want firefox to manage my password to the portal, etc)
but after I select "use wifi as is" on the android webview builtin auth screen, android starts to route all and every traffic to my 3g/4g data connection instead, until I disable and re-enable wifi.
it will only ever redirect traffic to wifi after it successfully got the correct 204 from gstatic.com
is there anyway to work around this?
I am on android6, but I think I has always been like that.
Click to expand...
Click to collapse
Do you have any kind of Linux ide? Have you tried making a tunnel?
Or is that what your looking for. I'm not 100% sure what your looking for. If your trying to skip Hotspot authentication? Or anything like that Then a tunnel would work fine.
Sorry I can't be of much else help
If your phone is rooted or has a custom ROM (Which would obviously indicate that the phone is rooted), there is a solution that you can try using a terminal (Or ADB shell).
Issue the command: "settings put global captive_portal_detection_enabled 0" That should prevent captive portal detection and gstatic confirmation. This should work, I haven't tried it personally though.
Additionally, you can setup a captive server.
Issue the command: "settings put global captive_portal_server g.cn"
Restart your phone, and you should have access to the pages.
Basically, connecting as is, requires you to reach a site that does not require 204 confirmation and afterward other sites should be accessible. Let me know if this helps.
Josh Ross said:
If your phone is rooted or has a custom ROM (Which would obviously indicate that the phone is rooted), there is a solution that you can try using a terminal (Or ADB shell).
Issue the command: "settings put global captive_portal_detection_enabled 0" That should prevent captive portal detection and gstatic confirmation. This should work, I haven't tried it personally though.
Additionally, you can setup a captive server.
Issue the command: "settings put global captive_portal_server g.cn"
Restart your phone, and you should have access to the pages.
Basically, connecting as is, requires you to reach a site that does not require 204 confirmation and afterward other sites should be accessible. Let me know if this helps.
Click to expand...
Click to collapse
no root on the phone (damn blackberry priv) and no control of the portal.
this is so infuriating. This is trivial, banal even, on any device i control. Feel like a kid on training wheels every time i touch my phone.

Categories

Resources