Feature #7078
Make it clear in MAC spoofing documentation that only the non-vendor bits are randomized?
0%
Description
Booting off of PGP-verified DVD.
I boot tails, and select default greeter options, except for setting password. Desktop comes up, and I open root terminal.
- ifconfig -a
<list of interfaces, with mac address on my wifi device and eth0 not changed>
I disable my radios and execute
macchanger -a wlan0
<shows that mac address had been previously unchanged, and changes mac address successfully>
I enable my radios with new wifi mac address.
I then am able to connect via Network Manager with no errors from that point.
This is a more serious bug then would be there without the mac changing feature. Becuase under this scenario, I believe my mac address has been changed, where before, I know it hasn’t been changed, and then can change it myself.
This wifi card is a mini-pci card.
Log infos:
root@amnesia:/var/log# lsmod
Module Size Used by
arc4 12536 2
iwldvm 126927 0
mac80211 441536 1 iwldvm
r8169 60070 0
iwlwifi 83704 1 iwldvm
cfg80211 390600 3 iwldvm,mac80211,iwlwifi
mii 12675 1 r8169
parport_pc 26300 0
ppdev 12686 0
lp 17074 0
parport 35749 3 parport_pc,ppdev,lp
nf_conntrack_ipv6 13605 2
nf_defrag_ipv6 29225 1 nf_conntrack_ipv6
ip6t_REJECT 12468 1
ip6table_filter 12540 1
ip6_tables 26024 1 ip6table_filter
ipt_REJECT 12465 3
xt_LOG 17170 2
xt_state 12503 4
xt_multiport 12518 2
xt_owner 12459 24
iptable_filter 12536 1
xt_tcpudp 12527 24
xt_REDIRECT 12558 2
iptable_nat 12646 1
nf_conntrack_ipv4 18499 3
nf_defrag_ipv4 12483 1 nf_conntrack_ipv4
nf_nat_ipv4 12912 1 iptable_nat
nf_nat 18054 3 xt_REDIRECT,iptable_nat,nf_nat_ipv4
nf_conntrack 71019 6 nf_conntrack_ipv6,xt_state,iptable_nat,nf_conntrack_ipv4,nf_nat_ipv4,nf_nat
ip_tables 21914 2 iptable_filter,iptable_nat
x_tables 23015 12 ip6t_REJECT,ip6table_filter,ip6_tables,ipt_REJECT,xt_LOG,xt_state,xt_multiport,xt_owner,iptable_filter,xt_tcpudp,xt_REDIRECT,ip_tables
fuse 78619 1
appletalk 31587 0
ipx 26923 0
p8022 12443 1 ipx
psnap 12589 2 appletalk,ipx
llc 12745 2 p8022,psnap
p8023 12436 1 ipx
rose 45510 0
netrom 36532 0
ax25 50580 2 rose,netrom
cpufreq_powersave 12454 0
dm_crypt 22291 0
dm_mod 80984 1 dm_crypt
intel_powerclamp 13063 0
coretemp 12854 0
kvm 367626 0
i915 636006 7
snd_hda_codec_hdmi 35722 1
snd_hda_codec_realtek 49710 1
snd_hda_intel 43768 1
crct10dif_pclmul 13387 0
thinkpad_acpi 64834 0
crc32_pclmul 12915 0
snd_hda_codec 146743 3 snd_hda_codec_hdmi,snd_hda_codec_realtek,snd_hda_intel
rfkill 18867 2 cfg80211,thinkpad_acpi
drm_kms_helper 35695 1 i915
snd_hwdep 13148 1 snd_hda_codec
crc32c_intel 21809 0
snd_pcm 80000 3 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec
drm 236372 3 i915,drm_kms_helper
snd_seq 48834 0
ghash_clmulni_intel 13021 0
snd_timer 26614 2 snd_pcm,snd_seq
snd_seq_device 13132 1 snd_seq
psmouse 82028 0
aesni_intel 50772 0
ablk_helper 12572 1 aesni_intel
cryptd 14516 3 ghash_clmulni_intel,aesni_intel,ablk_helper
lrw 12757 1 aesni_intel
i2c_algo_bit 12751 1 i915
acpi_cpufreq 17299 1
tpm_tis 17134 0
i2c_i801 16965 0
serio_raw 12849 0
tpm 18027 1 tpm_tis
snd 60869 12 snd_hda_codec_hdmi,snd_hda_codec_realtek,snd_hda_intel,thinkpad_acpi,snd_hda_codec,snd_hwdep,snd_pcm,snd_seq,snd_timer,snd_seq_device
gf128mul 12970 1 lrw
tpm_bios 17465 1 tpm
nvram 13034 1 thinkpad_acpi
i2c_core 24092 5 i915,drm_kms_helper,drm,i2c_algo_bit,i2c_i801
ac 12668 0
glue_helper 12695 1 aesni_intel
jmb38x_ms 17096 0
lpc_ich 20768 0
evdev 17445 11
video 17799 1 i915
soundcore 13026 1 snd
battery 13101 0
intel_ips 17420 0
wmi 17339 0
aes_x86_64 16719 1 aesni_intel
mfd_core 12601 1 lpc_ich
memstick 13696 1 jmb38x_ms
snd_page_alloc 13018 2 snd_hda_intel,snd_pcm
processor 28272 1 acpi_cpufreq
button 12944 1 i915
squashfs 35323 1
loop 26609 3
aufs 174407 3994
nls_utf8 12456 1
isofs 38970 1
sg 29971 0
sd_mod 44254 0
crc_t10dif 12431 1 sd_mod
sr_mod 21898 1
crct10dif_common 12356 2 crct10dif_pclmul,crc_t10dif
cdrom 39232 1 sr_mod
hid_roccat_lua 12556 0
hid_roccat_common 12460 1 hid_roccat_lua
usbhid 44439 0
hid 94034 2 hid_roccat_lua,usbhid
ahci 25096 1
libahci 27202 1 ahci
ehci_pci 12472 0
ehci_hcd 48414 1 ehci_pci
sdhci_pci 17939 0
sdhci 31053 1 sdhci_pci
mmc_core 89867 2 sdhci_pci,sdhci
libata 168945 2 ahci,libahci
scsi_mod 178700 4 sg,sd_mod,sr_mod,libata
thermal 17468 0
thermal_sys 27525 4 intel_powerclamp,video,processor,thermal
usbcore 154167 4 hid_roccat_common,usbhid,ehci_pci,ehci_hcd
usb_common 12440 1 usbcore
#lspci -v
03:00.0 Network controller: Intel Corporation Centrino Advanced-N 6200 (rev 35)
Subsystem: Intel Corporation Centrino Advanced-N 6200 2x2 AGN
Flags: bus master, fast devsel, latency 0, IRQ 43
Memory at f0600000 (64-bit, non-prefetchable) [size=8K]
Capabilities: [c8] Power Management version 3
Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [e0] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Device Serial Number
Kernel driver in use: iwlwifi
04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 03)
Subsystem: Lenovo Device 2131
Flags: bus master, fast devsel, latency 0, IRQ 44
I/O ports at 2000 [size=256]
Memory at f0a04000 (64-bit, prefetchable) [size=4K]
Memory at f0a00000 (64-bit, prefetchable) [size=16K]
[virtual] Expansion ROM at f0a20000 [disabled] [size=128K]
Capabilities: [40] Power Management version 3
Capabilities: [50] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [70] Express Endpoint, MSI 01
Capabilities: [ac] MSI-X: Enable- Count=4 Masked-
Capabilities: [cc] Vital Product Data
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Virtual Channel
Capabilities: [160] Device Serial Number
Kernel driver in use: r8169
/var/log/messages
Apr 12 22:25:57 localhost kernel: [ 33.123718] thinkpad_acpi: radio switch found; radios are enabled
…
pr 12 22:26:52 localhost kernel: [ 94.716753] Intel® Wireless WiFi driver for Linux, in-tree:
Apr 12 22:26:52 localhost kernel: [ 94.716758] Copyright© 2003-2013 Intel Corporation
Apr 12 22:26:52 localhost kernel: [ 94.716810] pcieport 0000:00:1c.1: driver skip pci_set_master, fix it!
Apr 12 22:26:52 localhost kernel: [ 94.716932] iwlwifi 0000:03:00.0: can’t disable ASPM; OS doesn’t have ASPM control
Apr 12 22:26:52 localhost kernel: [ 94.719064] r8169 Gigabit Ethernet driver 2.3LK-NAPI loaded
Apr 12 22:26:52 localhost kernel: [ 94.719078] r8169 0000:04:00.0: can’t disable ASPM; OS doesn’t have ASPM control
Apr 12 22:26:52 localhost kernel: [ 94.719084] pcieport 0000:00:1c.2: driver skip pci_set_master, fix it!
Apr 12 22:26:52 localhost kernel: [ 94.719851] r8169 0000:04:00.0 eth0: RTL8168d/8111d at 0xffffc9000065e000,
Apr 12 22:26:52 localhost kernel: [ 94.719855] r8169 0000:04:00.0 eth0: jumbo features [frames: 9200 bytes, tx checksumming: ko]
Apr 12 22:26:52 localhost kernel: [ 94.842580] iwlwifi 0000:03:00.0: firmware: direct-loading firmware iwlwifi-6000-4.ucode
Apr 12 22:26:52 localhost kernel: [ 94.842759] iwlwifi 0000:03:00.0: loaded firmware version 9.221.4.1 build 25532 op_mode iwldvm
Apr 12 22:26:53 localhost spoof-mac: Trying to spoof MAC address of NIC eth0…
Apr 12 22:26:54 localhost kernel: [ 96.266875] iwlwifi 0000:03:00.0: CONFIG_IWLWIFI_DEBUG disabled
Apr 12 22:26:54 localhost kernel: [ 96.266882] iwlwifi 0000:03:00.0: CONFIG_IWLWIFI_DEBUGFS disabled
Apr 12 22:26:54 localhost kernel: [ 96.266885] iwlwifi 0000:03:00.0: CONFIG_IWLWIFI_DEVICE_TRACING disabled
Apr 12 22:26:54 localhost kernel: [ 96.266888] iwlwifi 0000:03:00.0: Detected Intel® Centrino® Advanced-N 6200 AGN, REV=0x74
Apr 12 22:26:54 localhost kernel: [ 96.266953] iwlwifi 0000:03:00.0: L1 Enabled; Disabling L0S
Apr 12 22:26:54 localhost kernel: [ 96.282356] cfg80211: World regulatory domain updated:
Apr 12 22:26:54 localhost kernel: [ 96.282360] cfg80211: (start_freq - end_freq @ bandwidth), (max_antenna_gain, max_eirp)
Apr 12 22:26:54 localhost kernel: [ 96.282362] cfg80211: (2402000 KHz - 2472000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Apr 12 22:26:54 localhost kernel: [ 96.282363] cfg80211: (2457000 KHz - 2482000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
Apr 12 22:26:54 localhost kernel: [ 96.282364] cfg80211: (2474000 KHz - 2494000 KHz @ 20000 KHz), (300 mBi, 2000 mBm)
Apr 12 22:26:54 localhost kernel: [ 96.282366] cfg80211: (5170000 KHz - 5250000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Apr 12 22:26:54 localhost kernel: [ 96.282367] cfg80211: (5735000 KHz - 5835000 KHz @ 40000 KHz), (300 mBi, 2000 mBm)
Apr 12 22:26:54 localhost spoof-mac: Trying to spoof MAC address of NIC wlan0…
Apr 12 22:26:54 localhost spoof-mac: Successfully spoofed MAC address of NIC eth0
Apr 12 22:26:54 localhost spoof-mac: Successfully spoofed MAC address of NIC wlan0
Apr 12 22:26:55 localhost kernel: [ 97.842665] iwlwifi 0000:03:00.0: L1 Enabled; Disabling L0S
Apr 12 22:26:55 localhost kernel: [ 97.849177] iwlwifi 0000:03:00.0: Radio type=0x1-0x3-0x1
Apr 12 22:26:55 localhost tails-additional-software[4916]: Starting to install additional software…
Apr 12 22:26:55 localhost tails-additional-software[4916]: Warning: persistence is not mounted, exiting
Apr 12 22:26:55 localhost kernel: [ 98.059291] iwlwifi 0000:03:00.0: L1 Enabled; Disabling L0S
Apr 12 22:26:55 localhost kernel: [ 98.065790] iwlwifi 0000:03:00.0: Radio type=0x1-0x3-0x1
Apr 12 22:26:55 localhost kernel: [ 98.144020] IPv6: ADDRCONF (NETDEV_UP): wlan0: link is not ready
Apr 12 22:26:56 localhost kernel: [ 98.298492] r8169 0000:04:00.0: firmware: direct-loading firmware rtl_nic/rtl8168d-2.fw
Apr 12 22:26:56 localhost kernel: [ 98.354780] r8169 0000:04:00.0 eth0: link down
Apr 12 22:26:56 localhost kernel: [ 98.354809] IPv6: ADDRCONF (NETDEV_UP): eth0: link is not ready
Apr 12 22:27:08 localhost kernel: [ 110.384523] polkit-gnome-au[3843]: segfault at f6842b8d ip 00000000f70c9ad0 sp 00000000ffd560f0 error 4 in libc-2.11.3.so[f7057000+13e000]
Here I am disabling radio (bringing wlan0 down) to use macchanger, which successfully changed mac.>
Apr 12 22:27:49 localhost kernel: [ 151.674574] iwlwifi 0000:03:00.0: RF_KILL bit toggled to disable radio.
Apr 12 22:27:49 localhost kernel: [ 151.718610] iwlwifi 0000:03:00.0: Not sending command - RF KILL
Apr 12 22:27:55 localhost kernel: [ 158.091105] iwlwifi 0000:03:00.0: RF_KILL bit toggled to enable radio.
Apr 12 22:27:55 localhost kernel: [ 158.096309] iwlwifi 0000:03:00.0: L1 Enabled; Disabling L0S
Apr 12 22:27:55 localhost kernel: [ 158.102873] iwlwifi 0000:03:00.0: Radio type=0x1-0x3-0x1@
Subtasks
Related issues
| Related to Tails - Feature #7224: Link different design documentations from user documentation | Confirmed | 2014-05-12 | |
|
Related to Tails - |
Resolved | 2014-04-10 | |
|
Has duplicate Tails - |
Duplicate | 2018-01-21 | |
|
Has duplicate Tails - |
Duplicate | 2018-01-24 |
History
#1 Updated by molibdeedee2 2014-04-12 23:15:34
Don’t know what other info you might need. Maybe put some comments if you need more info, and I might be able to do some more testing.
#2 Updated by BitingBird 2014-04-12 23:23:16
- Category set to Hardware support
- Priority changed from High to Normal
- Type of work changed from Communicate to Code
You could use the “report a bug” button on Tails Desktop, it’s designed to provide all useful hardware informations.
#3 Updated by intrigeri 2014-04-13 01:17:01
- Subject changed from Thinkpad iwlwifi: Intel mac address not changing with no error message. to Thinkpad iwlwifi: MAC address not changing with no error message
- Category changed from Hardware support to Spoof MAC
#4 Updated by intrigeri 2014-04-13 01:31:08
- Assignee set to anonym
anonym, may you please have a look? See also the two other (private) bug reports we’ve received in this area, and that I’ve forwarded to you.
#5 Updated by anonym 2014-04-15 03:25:27
Thanks for the informative bug report, molibdeedee2!
molibdeedee2 wrote:
> I boot tails, and select default greeter options, except for setting password. Desktop comes up, and I open root terminal.
> # ifconfig -a
> <list of interfaces, with mac address on my wifi device and eth0 not changed>
Note that we only randomize the last six bytes of the MAC address. How carefully did you check the complete MAC address? Please take another look at this.
What approach did you take to obtain your real, permanent MAC address?
> I disable my radios and execute
> macchanger -a wlan0
> <shows that mac address had been previously unchanged, and changes mac address successfully>
So you mean that it lists the same address in both “Permanent MAC” and “Current MAC”?
Instead of the above command, please try sudo tails-spoof-mac wlan0 and check what happens with the MAC address. The output of sudo grep mac-spoof /var/log/message is will be helpful here, so please include it.
[…]
> This is a more serious bug then would be there without the mac changing feature. Becuase under this scenario, I believe my mac address has been changed, where before, I know it hasn’t been changed, and then can change it myself.
Agreed, that’s why we took a fail-safe approach as much as we reasonably could.
> Log infos:
[…]
> /var/log/messages
[…]
> Apr 12 22:26:53 localhost spoof-mac: Trying to spoof MAC address of NIC eth0…
[…]
> Apr 12 22:26:54 localhost spoof-mac: Trying to spoof MAC address of NIC wlan0…
> Apr 12 22:26:54 localhost spoof-mac: Successfully spoofed MAC address of NIC eth0
> Apr 12 22:26:54 localhost spoof-mac: Successfully spoofed MAC address of NIC wlan0
The only way the “success” can be reported is if the MAC address before we spoof is successfully obtained, and the MAC address after we spoof is successfully obtained, and they are both distinct. So this is quite surprising. This could imply that the method we use to obtain the MAC address (greping macchanger’s output) may be buggy, but I certainly do not see how (but we could simplify get_current_mac_of_nic() to just cat /sys/class/net/"${1}"/address).
I’ll wait on your answers to the above before I proceed on this front.
#6 Updated by molibdeedee2 2014-04-17 07:39:08
Unless there is something else…please close.
>Note that we only randomize the last six bytes of the MAC address. How carefully did you check the complete
>MAC address? Please take another look at this.
You are correct. I am used to using macchanger -r or -a. I expected a fully different mac. So therefore, I did not notice that the last 6 bytes are different (the last 3-hex pairs of the mac).
However this is not what I would have expected. Is there a reason you do not fully randomize the mac? In a small area, maybe only so many people connecting with an intel mac. I think you should fully randomize the mac.
Unless there are other similar reports…which also may indicate that users expect mac to be fully randomized, and/or the behavior is not properly documented. I am afraid you will see a steady stream of more of these kind of bug reports…which isn’t good either.
#7 Updated by molibdeedee2 2014-04-17 07:44:02
In other words, you may re-catagorize this bug as “documentation bug,” or “user-interface” type bug. A user probably is not going to read that entire design page…Could we have some other notifyd window come up with the old/new mac, and success for failure. I know we have a lot of windows coming up already, but as I just said, otherwise I fear you will get a lot more of these.
I think there is still a problem here. Please discuss.
#8 Updated by intrigeri 2014-04-17 08:09:55
- Tracker changed from Bug to Feature
- Subject changed from Thinkpad iwlwifi: MAC address not changing with no error message to Make it clear in MAC spoofing documentation that only the non-vendor bits are randomized?
- Status changed from New to Confirmed
- Type of work changed from Code to Discuss
- Starter changed from No to Yes
molibdeedee2 wrote:
> In other words, you may re-catagorize this bug as “documentation bug,”
Done. I guess we’ll discuss this at the next monthly meeting.
#9 Updated by anonym 2014-04-17 10:59:39
- Tracker changed from Feature to Bug
- Status changed from Confirmed to New
- Type of work changed from Discuss to Code
molibdeedee2 wrote:
> Is there a reason you do not fully randomize the mac? In a small area, maybe only so many people connecting with an intel mac. I think you should fully randomize the mac.
It’s a trade-off. For more, See Feature #7038#note-11 which soon will be amended in some form to the design document.
#10 Updated by intrigeri 2014-04-17 11:32:43
> Tracker changed from Feature to Bug
> Status changed from Confirmed to New
> Type of work changed from Discuss to Code
I don’t get what’s your intention here. I renamed the ticket so that
it’s about documenting the current state of things in the
end-user doc. What code do you feel is needed?
#11 Updated by anonym 2014-04-17 12:00:31
- Tracker changed from Bug to Feature
- Status changed from New to Confirmed
- Type of work changed from Code to Discuss
I have no idea why that happened; I just clicked on “Update” and wrote a my comment, nothing more.
#12 Updated by anonym 2014-05-08 20:54:07
- Status changed from Confirmed to Resolved
The MAC spoofing user doc page is already convoluted enough, and complicating it further by adding this information seems pointless as it’s unlikely to solve the real issue, i.e. preventing more of these type of bug reports.
#13 Updated by BitingBird 2014-05-08 21:06:08
- Status changed from Resolved to Rejected
I think that’s what you meant :)
#14 Updated by intrigeri 2014-05-08 21:27:03
> Status changed from Resolved to Rejected
> I think that’s what you meant :)
My 1.5 useless bits of über-meta-nitpicking, sorry in advance: if this
ticket had been a Documentation one, then yeah, it would have been
rejected without completing the task it covers. But it was a Discuss
one, so the task covered was making a decision, which was successfully
done. Anyway, sorry again :)
#15 Updated by BitingBird 2014-05-12 10:55:00
I had the question again on irc today. I’d like a link to the design documentation in the user doc, or an answer in the FAQ.
#16 Updated by BitingBird 2014-05-12 12:30:21
- related to Feature #7224: Link different design documentations from user documentation added
#17 Updated by emmapeel 2014-10-10 01:47:33
- related to
Feature #7054: Complete MAC spoofing design doc: explain why we only change non-vendor bits added
#18 Updated by intrigeri 2018-01-22 09:29:38
- has duplicate
Bug #15208: TAILS MAC Address Spoofing [Security Fix] added
#19 Updated by intrigeri 2018-01-24 13:30:25
- has duplicate
Bug #15237: EXPOSED MAC ADDRESS ON ALL INTERFACES (controversial development in TAILS) added