# Is WiFi mac spoofing on FreeBSD dead?



## quakerdoomer (Sep 7, 2021)

I have an internal Atheros WiFi card and an external Realtek USB. Both of them allow mac address change and connect just fine on non-BSD OSes (Win/Lin). I can't connect to the access point if I spoof them under FreeBSD. Without changing the mac address they connect just fine.

I have tried adding hints in loader.conf and declaring the wlan address in rc.conf. Also did the whole dance of disabling, destroying wlan0, adding hints manually, recreating the adapter, unloading-reloading .ko files and much more. Is there a way to make this work or is mac spoofing a thing of the past for WiFi? Is it that only a few specific chipsets are supported now? I remember this working fine in earlier BSD releases (<11).

Has anyone managed to successfully change their WiFi mac address and connect to an access point using FreeBSD 12.1 and above? Please respond with your Wifi adapter/chipset info if possible. Thanks.


----------



## `Orum (Sep 7, 2021)

If I recall correctly, when I last did this on FreeBSD, I had issues changing the MAC address on my WiFi adapter.  Instead, I just changed the MAC address on the wired ethernet adapter, and then failover worked perfectly.  As for what hardware was being used, I'm pretty sure it was Realtek for wired ethernet and Intel for WiFi, but as for which model I can't remember as this was quite some time ago.


----------



## Deleted member 30996 (Sep 7, 2021)

Here's how to spoof your Ehter MAC without bringing down the interface to do it, as demonstrated in my other Tutorial:









						How to spoof your ether MAC on FreeBSD
					

This command will allow you to change your current ether MAC on your FreeBSD boxen without bringing down and back up the network interface. In this instance shown using the designated network interface of my machina and spoofed ether MAC as an example:  # ifconfig bge0 ether DE:AD:B0:0B:DE:AD...




					forums.freebsd.org
				




Just make sure your router allows the new MAC Internet access first.


----------



## quakerdoomer (Sep 7, 2021)

Trihexagonal said:


> Here's how to spoof your Ehter MAC without bringing down the interface to do it, as demonstrated in my other Tutorial:
> 
> 
> 
> ...


Trihexagonal, Please read before responding.


----------



## T-Daemon (Sep 8, 2021)

Works fine here on 12.2-RELEASE and 13.0-RELEASE with a Ralink 802.11 n (run(4)).

```
idVendor = 0x04e8  (Samsung Electronics)
idProduct = 0x2018 (SAMSUNG2 RT2870)
```


```
# dmesg
run0: MAC/BBP RT2872 (rev 0x0202), RF RT2850 (MIMO 2T2R), address e2:7b:c7:74:00:3f
```


```
# ifconfig wlan0 | grep ether
        ether e2:7b:c7:74:00:3f

(192.168.1.1 router address)

# ping -c2 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.983 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=5.668 ms
...

/etc/rc.conf

wlans_run0="wlan0"
create_args_wlan0="wlanaddr c6:8c:f5:86:c3:00"

# service netif restart wlan0

# ifconfig wlan0 | grep ether
        ether c6:8c:f5:86:c3:00

# ping -c2 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=1.321 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=8.868 ms
...
```


----------



## Deleted member 30996 (Sep 8, 2021)

quakerdoomer said:


> Trihexagonal, Please read before responding.


I did:


quakerdoomer said:


> Is there a way to make this work or is mac spoofing a thing of the past for WiFi? Is it that only a few specific chipsets are supported now? I remember this working fine in earlier BSD releases (<11).
> 
> Has anyone managed to successfully change their WiFi mac address and connect to an access point using FreeBSD 12.1 and above?


It is not a thing of the past as of my writing. Please check your watch to see if it's slow, too.


----------



## quakerdoomer (Sep 11, 2021)

Trihexagonal
If you really read my "entire" post then you would have understood what I am looking for and you wouldn't have spammed me with your response. Just to make it clear, the issue is NOT that the address isn't getting spoofed. * The issue is that the wi-fi adapter refuses to connect to the access point if the mac address is spoofed. *
Your post regarding changing the mac address without bringing it down on a *wired *adapter is as helpful as a raincoat on a sunny day. Please check your existence's quantum state assessed in case it has checked out of your Schrödinger litterbox.


T-Daemon
I can see the ether changed but the hwaddr doesn't change on my wlan0. If I do not spoof the mac the WiFi connects just fine. I am observing this on 2 separate laptops. What does your hwaddr display? Spoofed or original mac address? Alsdo does that make a difference when it comes to connecting to an access point?


----------



## T-Daemon (Sep 11, 2021)

quakerdoomer said:


> I can see the ether changed but the hwaddr doesn't change on my wlan0.


Does it supposed to change? If I'm not mistaken the hardware MAC address is hard coded on the device's network chip.



quakerdoomer said:


> If I do not spoof the mac the WiFi connects just fine. I am observing this on 2 separate laptops.


Has the access point some sort of MAC filtering enabled, allowing only registered MAC's, denying all others?



quakerdoomer said:


> What does your hwaddr display? Spoofed or original mac address?


It shows the original hardware MAC:

```
# ifconfig wlan0 link
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether e2:7b:c7:74:00:3f

# ifconfig wlan0 link random
# ifconfig wlan0 link
wlan0: flags=8c43<UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 7e:8b:0b:53:c4:c3
    hwaddr e2:7b:c7:74:00:3f
```



quakerdoomer said:


> Alsdo does that make a difference when it comes to connecting to an access point?


I don't have a only wireless access point harware, I'm running the 192.168.1.1 (ADSL modem) router in "Wireless router mode". It's acting as a AP and is routing a LAN without internet access.


----------



## quakerdoomer (Sep 11, 2021)

T-Daemon, Thanks for your reply. No there isn't any mac address filtering enabled and non-BSD OSes (Win/Lin) are allowing me to connect to the access point with spoofed addresses (as mentioned in the original post). Also older releases of BSD work well with spoofed wlan mac addresses. I have read about this bug on the FreeBSD mailing list as well. Anyways thanks. We really need external WiFi adapters whose physical address can be reprogrammed - like an EEPROM, or with some logic baked in to randomize the hwaddr every time the IC is powered on.


----------



## astyle (Sep 15, 2021)

Generally speaking, if the wi-fi card works under FreeBSD, as in you can get to the Internet, and ping google.com, you can easily use `/bin/ifconfig` and other utilities (including the driver) provided by FreeBSD to spoof the MAC. 

Reading through the thread, one possibility that comes to my mind would be a buggy driver for the card. OP mentions that MAC spoofing worked under older versions of FreeBSD - it may be worth a try to revert to an older version of the driver.

If OP wants an external wi-fi adapter whose MAC can be re-programmed - Good luck finding that. A faster way to do that would be to have an AP with DD-WRT flashed on it. Connect your machine to that AP via ethernet, and change the MAC on the AP, not the machine. Awkward and kludgy, I know, but accomplishes the same goal.


----------



## quakerdoomer (Sep 22, 2022)

Apologies for beating a dead horse but this issue still prevails.

I am using the default  iwlwifi wlandev on an internal wifi card and it connects fine if the mac address is not spoofed. If I spoof the mac then it says timed out under wpa_supplicant log and fails to connect to the access point. Linux and Windows have no issues spoofing the mac address. Can anyone using iwlwifi try to spoof the mac address and try to connect to any WiFi access point using FreeBSD v13.1 ?


----------



## Phishfry (Sep 22, 2022)

Why bother? Intel Wireless is inferior. You are beating a dead horse.
These are features only .00001% of people use.
You might have to use different hardware if you want to do something off the beaten path.
Thanks to Adrian Chadd we have one wireless driver that is better than the others.


```
wlans_ath0="wlan0"
create_args_wlan0="wlanaddr d4:be:d9:1c:1e:d4"
```


----------



## astyle (Sep 22, 2022)

Phishfry said:


> Why bother? Intel Wireless is inferior. You are beating a dead horse.
> These are features only .00001% of people use.
> You might have to use different hardware if you want to do something off the beaten path.
> Thanks to Adrian Chadd we have one wireless driver that is better than the others.
> ...


Uhhh... If you look at the laptop wiki for FreeBSD, Intel Wifi is the only one working reliably... other brands require a bit of tinkering to get going.


----------



## Phishfry (Sep 23, 2022)

Well I don't see anything on that wiki that alters my opinion.

Much like Ford versus Chevy or Coke versus Pepsi.
Everybody has a personal preference.

What is interesting is that I just figured out why my Wireless sucks so bad.
The module is only running on one channel.
I have disconnected an antenna connector to discover that MIMO does not work.

I have know this for a while but ignore my 802.11g single channel speeds.
It says 802.11N but the speed doesn't match that. Even right on top of the WAP.

vermaden blog post made do some soul searching








						FreeBSD Cope with WiFi Fuckup
					

I really wanted the name of this article does not sound dramatically but I was not able to invent any other title … none the less the wireless/WiFi topic can be problematic on the FreeBSD lan…




					vermaden.wordpress.com
				




In the hackernews feed a commenter mentioned OpenBSD had AC support.
Wowee, start to read about it and I get some good dope.



> Atheros also is a company that existed and made 802.11n cards. Single-band 802.11n works on them.


So even on OpenBSD Atheros is in single channel N mode.

Another relevant comment from OpenBSD's wifi guy:


> That said, OpenBSD does currently support 802.11ac and even 802.11ax (iwx) *hardware*, but only in 802.11a/b/g/n modes.


So not much better..


----------



## quakerdoomer (Oct 9, 2022)

Sorry to hear about the state of your card being unable to use all channels and features. Hope future releases sort this out.

Just wanted to update you all that I was grossly uninformed. All these years I have been trying to use with ifconfig "_ether xxxxxxxxxxxx_" like we do for wired adapters onto for wireless cards. *The correct parameter is "*_*wlanaddr xx:xx:xx:xx:xx:xx"*_ as you all knew (except for me). I tried this just now for the first time and it works. In my defense the _ether _parameter used to work earlier for older BSDs on older wi-fi cards. Apologies for the thread but now it is all good. Thanks again to everyone on this thread.


----------



## quakerdoomer (Oct 9, 2022)

Reference link: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=155902


----------



## astyle (Oct 10, 2022)

One of those gotchas that arise out of paying better attention to the manpages... it's really part of the deal when somebody is told to RTFM. One can read the manual all they want, and still not find the tidbit that makes a difference - until someone else points it out. I've been tripped up by that countless times, and learned to expect it.


----------

