New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addresses generated by macchanger --random can be detected (without any knowledge about vendors) #92

Open

camel-cdr opened this issue Dec 15, 2022 · 0 comments

camel-cdr commented Dec 15, 2022

macchanger --random uses the following to randomize the MAC address:

macchanger/src/mac.c

Lines 76 to 82 in f4f66e1

    
           	mac->byte[0] = (random()%255) & 0xFC; 
        
           	mac->byte[1] = random()%255; 
        
           	mac->byte[2] = random()%255; 
        
           case 3: 
        
           	mac->byte[3] = random()%255; 
        
           	mac->byte[4] = random()%255; 
        
           	mac->byte[5] = random()%255;

The PRNG is initialized with srandom and a random seed, but srandom only takes a 32-bit seed, which can be brute forced.

Proof of concept: https://gist.github.com/camel-cdr/6b299f538c896f723d9dfdf76c7e8ec8

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment