Hi,
is there any method to spoof the wifi mac address on the Moto G?
I've tried a few apps but none worked.
Many thanks!
From the terminal:
ip link set wlan0 address < spoofed mac >
This would of course be the vanilla approach but it is not working (should have mentioned that in my original post) - at least not on my original kernel.
If you do "ip link set wlan0 address <whatever>" followed by "iplink show wlan0" the driver will happily report back the address you entered - but when you capture packets and look what is actually in there you'll find it still uses the old mac...
I have a tablet where this method works but only when you but it into flight-mode first. Unfortunately when I put the moto in flight-mode the wlan0 device dissapears and the above commands simply report an error.
Any other ideas?
I've made a little progress:
Under /persist there are two files: "WCNSS_qcom_wlan_factory_nv.bin.old" and ".bt_nv.bin".
WCNSS_qcom_wlan_factory_nv.bin from offset 7 contains the current mac-address, followed by 3 more copies each incremented by one.
.bt_nv.bin starts with 5 bytes I don't understand, followed by the first 4 bytes of the mac-address in reverse order.
Changing only WCNSS_qcom_wlan_factory_nv.bin does not work as (I believe) the content of this file is validated against .bt_nv.bin. If you don't change .bt_nv.bin accordingly your wifi does not work anymore.
What works however (I have successfully changed the first byte of my mac and I believe it should work for any of the first 4 bytes) is the following:
Change all four copies of the mac in WCNSS_qcom_wlan_factory_nv.bin AND change the bytes in .bt_nv.bin accordingly. Then reboot and the mac has changed.
So with this method the first 4 bytes of the mac are changeable.
Related
Hi guys. I have a rooted samsung galaxy ace and i want to change my mac address so i've tried the following command (but i got an error):
Code:
su
busybox ifconfig wlan0 down
busybox ifconfig wlan0 hw ether 00:11:22:33:44:55
ifconfig: SIOCSIFHWADDR: Operation not supported
Is there someone that knows how i can solve this problem? thnx in advance
I have a Moto XT300/Spice.
Enabling the wireless and not have it connect automatically to the configured network, had to forget the network, I was able to run:
Code:
su
busybox ifconfig eth0 hw ether 00:11:22:33:44:55
and it worked, confirmed with
Code:
busybox ifconfig eth0
though I wasn't able to connect to a WPA network anymore, complained that the key was wrong.
Disabling wireless and enabling once more got reset the mac but enabled me to connect again.
And yes, my wireless interface is eth0.
I was tinkering around on my android and found the section where wifi info is specified, including mac address. Did a quick google search and found the article:
http://androidforums.com/t-mobile-g1/3506-changing-spoofing-mac-address.html
Basically you must change the file /data/misc/wifi/nvram.txt, at the end of the file is the mac addr...
Apparently it is bad to reboot with different mac... who knows. I haven't tested it.
snakerdlk said:
I was tinkering around on my android and found the section where wifi info is specified, including mac address. Did a quick google search and found the article:
hxxp://androidforums.com/t-mobile-g1/3506-changing-spoofing-mac-address.html
Basically you must change the file /data/misc/wifi/nvram.txt, at the end of the file is the mac addr...
Apparently it is bad to reboot with different mac... who knows. I haven't tested it.
Click to expand...
Click to collapse
Ok, i will try that method although it seems strange that the ipconfig command doesn't work :-/
It is probably the fault of the driver that ifconfig wlan0 hw ether does not work.
I am using htc Desire.
I have tried this command line
Code:
ip link set eth0 address XX:XX:XX:XX:XX:XX
to change the mac which only works temporarily. After I disconnect and reconnect to the network, the mac resets to factory one
Also I tried this to copy nvram.txt from /data/misc/wifi/nvram.txt and add macaddr=XX:XX:XX:XX:XX:XX in the end , but I don't have such file there is only wpa_supplicant.conf in the wifi directory.
How can I change the mac address on HTC Desire running Android? I have rooted phone with superuser permission.
Hey all,
I'm trying to spoof my MAC address on the Galaxy Ace, though nothing seems to be working. [Details and attempts listed below]
Phone Details:
Samsung Galaxy Ace GT-S5830
OS: Stock Gingerbread 2.3.5
Rooted
Installed Software:
Superuser
ES File Explorer (with show hidden (. prefix) files turned on & up to root enabled, root R/W)
Busybox (Free)
Android Terminal Emulator
(all with Superuser permissions)
What I've tried:
First I cleared the phone's IP DCHP lease in the router.
In Terminal on the phone whist not connected to a network, but wifi turned on I:
su
ifconfig wlan0 down
ifconfig wlan0 hw ether 112233445566
ifconfig wlan0 up
iplink show wlan0
Click to expand...
Click to collapse
also tried
su
ifconfig wlan0 down
iplink set wlan0 address 11:22:33:44:55:66
-->At which point I get (even with busybox prefixed)
iplink: SIOCSIFHWADDR: Operation not supported
Click to expand...
Click to collapse
The first code I quoted gave me no errors and appeared to execute successfully, but iplink show wlan0, the router (once the phone had connected), and several other tools (to see if ANY could see the change) also displayed the phone's default MAC.
(I also tired: ifconfig wlan0 hw link 112233445566, offsetting the existing MAC by only 1, and prefixing commands with busybox - busybox ifconfig wlan0 hw ether 112233445566 -resulted in ifconfig: SIOCSIFHWADDR: Operation not supported)
Looking for /data/misc/wifi/nvram.txt. Can see /data/misc/wifi/nvram.info containing my MAC. Have edited this and tried joining network again, but no MAC change is showing. Have read it's a rather bad idea to restart the phone before changing the MAC in files back, [Why?] so am yet to do a restart to test the file change...
Various apk tools (preceded by clearing DHCP lease for phone's IP & proceeded by checking router & iplink show wlan0) including:
Wireless MAC Changer - Osama Abukmail
Mac Address Ghost - diewland
MAC Spoofer for HD2 - Ian Kim (as the description stated although for a HD2, there was a change it may work for other types [later found out mine doesn't use/have /system/etc/calibration])
(all with super permissions)
Does anyone know of, or have any other ideas that may work?
Is this possible with only Custom ROM's?
Much thanks in advance,
Blue
MAC address spoofing is a type of discussion that XDA does not allow. For that reason, thread closed.
This is for CyanogenMod and its derivates. Stock ROMs should be fine.
If you are inrested in editing your MAC address, there's a guide linked below. I don't know if stock ROMs will automcatically correct the MAC. In this case I think you have to edit /efs/imei/.nvmac.info (read more something about /efs before playing with it!)
Click to expand...
Click to collapse
The easiest way to do the calibration is:
Turn wifi ON and run
Code:
tiwlan_plts -n
This is the script called from a oneshot init service in my init.latona.rc if someone is interested. It will calibrate and correct the MAC automatically, even after a data wipe:
Code:
#!/system/bin/sh
if [ ! -f /data/misc/wifi/nvs_map.bin ]; then
insmod /system/lib/modules/tiwlan_drv.ko
/system/bin/tiwlan_loader -i /system/etc/wifi/tiwlan.ini -f /system/etc/wifi/firmware.bin
/system/bin/tiwlan_plts -n
rmmod tiwlan_drv
fi
____________________________________
Older method
Click to expand...
Click to collapse
UPDATE: I found an easy way to get the real MAC.
Download the apk attached or run the following commands:
Code:
su
mount -o remount,rw /system
ln -s /system/lib/modules/tiwlan_drv.ko /system/etc/wifi/tiwlan_drv.ko
#Make sure wifi is off
./mfgloader -l #Take the binary from a stock ROM
./mfgloader -u
rm /system/etc/wifi/tiwlan_drv.ko
mount -o remount,ro /system
After that your MAC address shoud begin with D0:C1:B1 and not 08:00:28.
To see your current MAC: System Settings > About phone > Status (turn wifi on)
Click to expand...
Click to collapse
____________________________________
This is the first post with some more informations about the calibration
Click to expand...
Click to collapse
While I was reading some logs, I noticed these lines
Code:
TIWLAN: 1089.979242: Starting to process NVS...
TIWLAN: 1089.983698: No Nvs, Setting default MAC address
TIWLAN: 1089.989007: pHwInit->uEEPROMCurLen: 1c
TIWLAN: 1089.993462: ERROR: If you are not calibating the device, you will soon get errors !!!
...
TIWLAN: 1094.726827: Station ID : 08-00-28-12-03-58
...
You can see that the device is not calibrated and that the default MAC address is assigned.
Each device should have a unique MAC address, two devices with the same MAC address in the same network will give problems.
________
UPDATE
I made two flashable files:
wlan_calibration.zip will only do the calibration
wlan_calibration_rand.zip will do the calibration and will randomize the last three octets of the address
Click to expand...
Click to collapse
If you still want to do it on your own, here the guide:
_______________
WLAN Calibration
Here the steps you need to follow (taken from: WLAN Calibration):
1) Turn wifi off
2) From ADB/terminal emulator run the following commands [1]:
Code:
$ su
# cd /data/misc/wifi
# insmod /system/lib/modules/tiwlan_drv.ko
# start wlan_loader
# ifconfig tiwlan0 up
# tiwlan_cu -b
/ w p 1 l 2 f 2
/ t b v 21
/ t b t 1 0 0 0 0 0 0 0
/ q
# rmmod tiwlan_drv
This will create this file: /data/misc/wifi/nvs_map.bin. If it's not there, you did something wrong.
After that you should not get the error while turning wifi ON.
________
MAC address fix
Even after the calibration, you'll still have the default MAC address (Station ID : 08-00-28-12-03-58). But no problem, you can 'easly' change it: Editing the MAC Address.
You need to get the newly created /data/misc/wifi/nvs_map.bin and edit it with an hex editor as described in the guide linked above.
I still don't know if the calibration will improve anything, but it surely won't hurt:
For optimal Wi-Fi performance it is mandatory to calibrate the Wi-Fi hardware
Click to expand...
Click to collapse
NOTE: nvs_map.bin is in /data, so if you do a factory reset you have to do this again.
___
[1]
ADB: System settings > Developers options (ON) > Root access > Apps and ADB
Wow...good solution buddy. I think u shouldpost this in development thread. People dont look much in general thread.
this should be added to the cm9/10 instalation .zip file
I did flash the zip file, ran the other commands thru terminal and see the file /data/misc/wifi/nvs_map.bin.
I don't understand the next step to be done.
I cannot open the bin file using hexeditor, I gave it root access.
And, in case i open it what mac address should i use? Is some address hard coded to each phone?
Hetalk said:
I did flash the zip file, ran the other commands thru terminal and see the file /data/misc/wifi/nvs_map.bin.
I don't understand the next step to be done.
I cannot open the bin file using hexeditor, I gave it root access.
And, in case i open it what mac address should i use? Is some address hard coded to each phone?
Click to expand...
Click to collapse
I don't know how MAC are assigned, I simply randomized the last part of the address (I kept the first part: 80:00:28).
Anyway I just uploaded a new zip file to make things even simpler. It will automatically randomize the last four three groups. If you want to use it, you need to delete /data/misc/wifi/nvs_map.bin first. EDIT: I changed the script, now you can do the calibration without removing the file.
Anyway I don't know what's wrong with your editor, I did it from my computer.
I tried using hex editor from play store.
I'll try the new zip tomorrow..
As I wrote in the OP, today I found the way to get the original MAC.
I don't know what is needed to make the commands work while in recovery (services needed etc...), so I made a dummy app (I simply adapted the code of an app I made few days ago to do a similar thing).
No fancy icon (it's the default one), no checks, ugly etc... It simply does the job (my Java knowledge is almost zero)
EDIT:
I almost forgot to say that the real MAC is in /efs/imei/.nvmac.info. It was the first place where I looked, but it's an hidden file an I didn't see at first.
bam....
Dear @loSconosciuto
I following this guide to solve the problem that actually I have in my phone with CM 11. In the Status menu, "non available" appears in my device WIFI mac. I following the guide step by step and I couldn't change it.
Could you help me?
carniman78 said:
Dear @loSconosciuto
I following this guide to solve the problem that actually I have in my phone with CM 11. In the Status menu, "non available" appears in my device WIFI mac. I following the guide step by step and I couldn't change it.
Could you help me?
Click to expand...
Click to collapse
This guide is for the kernel 2.6.35 which uses a completely different driver, it's quite an old thread. The calibration is done in a different way and I don't think that's the problem.
I'm not using CM11, so it's quite hard for me to know exactly what's wrong.
loSconosciuto said:
This guide is for the kernel 2.6.35 which uses a completely different driver, it's quite an old thread. The calibration is done in a different way and I don't think that's the problem.
I'm not using CM11, so it's quite hard for me to know exactly what's wrong.
Click to expand...
Click to collapse
Ok, sir. Thank you for your help.
Hi there
trying to fix Samsung s4 active i9295 wifi problem. at least got the MAC address showing (was 02:lots of zeroes) still unable to start wifi. is there anything else I should search for? tiwlan_drv.ko was not there so I downloaded it sepparately. do I need some more modules to be added? using stock 4 file engineering FW Android 5.0.1
Hi everybody,
<begin digression>
I'm a longtime reader of the forums, first time poster. I own a TF101 (SBK2+, rooted 9.2.1.27 stock). Considering that Asus is taking forever to officially tell us if they are pushing a Jelly Bean Update (waiting since November), I decided to take the plunge into flashing custom JB ROMs. The approach I took included using the razorclaw utility (when I rooted my tablet this past spring, apparently the .su file was incorrectly placed in the wrong subfolder of system, so the clockworkmod recovery couldn't see the rooted status). After using that, I flashed the clockworkmod recovery (3.2.1 I do believe). Before each attempt I would clear the dalvik cache, the regular cache, and restore to factory defaults. The custom JB ROMs I tried were the EOS ROMs (82,90), CM10 (v6,20120107-Nightly). Since I was having problems, I would always started at square one again with the razorclaw utility (and left the team rouge FX CWM as it was). After more trying (and not getting excepted results), trying to reinstall the stock Rom with team rouge resulted in an error code 7, forcing me to install TWRP-2.2 to flash the stock Rom. I ended up in a stuck boot screen with no recover, forcing an APX connection to NV_flash. Right now I back on the stock Rom.
</digression>
What I noticed was that in all the custom JB ROMs I tried, I couldn't connect to my router (currently using a hidden SSID with MAC filtering). Checking my routers log the MAC Address was altered (restoring to stock clears this problem).
Why is this MAC address problem consistent across all the ROMs I tried?
(note: I tired looking though the fourms for about 45 mins and couldn't find a posting about this, only one I could find were, 'how to change the MAC address/MAC spoofing')
Here's how to spoof (make sure the adapter is enabled) through ADB or terminal:
su
busybox ifconfig wlan0 ( to see the current mac address)
busybox ifconfig wlan0 hw ether 00:00:00:00:00:00
I'm not a dev so I can't answer your question about why the MAC is being forged, I'll leave that to the experts.
Edit: See this post.
trying terminal via superuser:
the terminal notes (after privileged EXEC mode level command: busybox ifconfig wlan0 hw ether XX:XX:XX:XX9:F4) that the MAC address is the D9:F4 while the the about tablet status notes it as XX:XX:XX:7C:60. Powercycling the wifi does not change the seen MAC address. As a side note, the 7C:60 MAC Address does remain constant
as a side note, it's kinda funny how the privileged EXEC mode level command uses ifconfig instead of ipconfig (took two cisco CCNA classes back in 2008 hence my usage of the Cisco IOS terms)
(flashed 10-20130107-Nightly-tf101 ROM, with [email protected] #1 Kernel Version)
You can try this I guess, worth a try. I read (but I can't find it now...) that you need to "disable" the card in command line, change the MAC, then enable it (but not through the android menu) for it to work on some devices. You could also submit a bug report to TeamEOS, they should fix it rather quickly.
About your note, ifconfig (interface config) is the BSD developed utility for managing network interfaces. Variations and other branches are available for other *nix OSes. In Linux it replaced the legacy "ip" command to manually configure interfaces. ipconfig (internet protocol config) on the other hand, is the Microsoft equivalent.
Edit again: See this
I'm going to try and systematicly go though each ROM and post screenshots with text annotations
Baseband information:
ASUS Eeepad Transformer TF101
Serial number starting with: C10KA (SBK2+)
Factory MAC address ending with: D9:F4
Home network security: Hidden SSID with MAC address filtering
Recovery program used: Team Win Recovery Project version 2.3.2.3
Process used to flash ROM images:
Wipe>Interntal Storage
Wipe>System
Wipe>Dalvik Cache
Wipe>Cache
Wipe>Factory Reset
Install>Using External SD>(ROM zip files)
For Nightly of Cyanogen Mod 10 from 2013-01-07 (md5: 32083ecd6e159b06168716f898ec405b)
possible reason to changing MAC problem?
This is not intended as a double post, but looking though the files, I think I may have found a possible problem;
I'm able to run 'Android Revolution HD-EeePad 3.6' with no problem. Comparing its wpa_supplicant entries
(wpa_supplicant and wpa_supplicant2) I noticed that the CM ROM's have wpa_supplicant and wpa_cli instead
is it possible that the EOS and CM ROM's are missing data provided in the wpa_supplicant files (or is the file missing by the way JellyBean handles wireless connections)?
attached are the files
(bump)
Trying some JB roms including jelly_tf_101, I'm still getting a different MAC address (04:46:65:bc:7c:60). Looking in the nvram, I could ot find this MAC address, instead a #macaddr=00:90:4c:c5:00:34 and a macaddr=XX:XX:XX:XX:d9:f4. I tried copying the nvram.txt file, modifing the the #macaddr line of code to the d9:f4, booting into recovery, replacing the nvram.txt and rebooting into system. No bloody change.
<rant>
I'm getting bloody irrated at the fact that what is supposed to be simple isn't doing jack. I've tried terminal to modify this stupid file. What the heck is going on that is forcing these ROM's to completely disregurad the orginal MAC address?
</rant>
I'd suggest asking their authors in the respective threads to get an answer for each rom. Some files are only used by binary firmware and these roms don't use that. Stuck in the same scenario with the left speaker fix.