linux bash script – generate new mac for interface in a snap – generate random mac number script

04.Nov.2019

Administration / Server, Debian, GNU-Linux, networking, Privacy / convenience vs surveillance / Orwell, Privacy Protection / Datenschutz / DSGVO / GDPR

about MAC address(es)

not every switch has an IP assigned (if it has no web management interface, it does not need to) but it will have a MAC address.

MAC address are per vendor and per device unique identifiers that are used on layer2 (Data Link Layer (src: Wikipedia)) of the network stack (switches and VLAN operate on this layer, switches need to know, what device are connected to what port in order to route the “frames” e.g. point to point transmission of data – no routing)

this is what makes NAT so great: a NAT router is the visible (publicly visible IP and MAC address) part of one’s network.

Behind the NAT can be a lot of devices (tablets, phones, laptops, servers…) but their MAC addresses is not exposed to the publicly visible internet (e.g. google can not tell if one is using a Dell Laptop or a Lenovo laptop… but it can tell what router and internet provider one is using)

“The leftmost 6 digits (24 bits) called a “prefix” is associated with the adapter manufacturer (M). Each vendor registers and obtains MAC prefixes as assigned by the IEEE.” (src)

Intel got a lot of registered MAC addresses

So has Apple

background story(s): MAC Address Randomization in WiFi

To prevent third parties from using the MAC address to track devices, Android, Linux, iOS, and Windows^[6] have implemented MAC address randomization.

In June 2014, Apple announced that future versions of their iOS platform would randomize MAC addresses for all WiFi connections.

The Linux kernel has supported MAC address randomization during network scans since March 2015,^[7] but drivers need to be updated to use this feature.^[8]

Windows has supported it since the release of Windows 10^[6] in July 2015.

(src: Wikipedia)

one use case for frequent mac address changes: public wifi hot spots that limit one to 30min of free internet per MAC seen address…

good news: Debian already does it

bad news: Debian now also tries to get an dhcp assigned IPv6 address per default… but why would one needs this in a LAN?

should be turned of by grub boot to kernel option.

bad news: Android not

at least not one’s device (Nexus 6P with LineageOS Android 8) run this search and get info about the status of this project

“Starting in Android 8.0, Android devices use randomized MAC addresses when probing for new networks while not currently associated with a network. In Android 9, you can enable a developer option (it’s disabled by default) to cause the device to use a randomized MAC address when connecting to a Wi-Fi network.

In Android 10, MAC randomization is enabled by default for client mode, SoftAp, and Wi-Fi Direct.

MAC randomization prevents listeners from using MAC addresses to build a history of device activity, thus increasing user privacy.

Additionally, MAC addresses are randomized as part of Wi-Fi Aware and Wi-Fi RTT operations.” (src)

on linux distros one does not need additional software, onborad linux tools are sufficient and can be scripted as follows:

# tested on
hostnamectl 
  Operating System: Debian GNU/Linux 9 (stretch)
            Kernel: Linux 4.9.0-11-amd64
      Architecture: x86-64

su; # become root
mkdir temp; # make new dir
cd temp; # enter dir
ifconfig -a > ifconfig_pre_reboot.txt; # save current mac of all interfaces
sync; shutdown -r now; # reboot
ifconfig -a > ifconfig_post_reboot.txt; # save current mac of all interfaces
# compare the two files, one's mac address should have changed
# then one knows, mac randomization is working
# means: one gets a new mac on every boot :)

generate random mac number:

there two versions:

/scripts/mac_random1.sh

wc -l /scripts/mac_random1.sh

41 lines

#!/bin/bash
RANGE=255
#set integer ceiling

number=$RANDOM
numbera=$RANDOM
numberb=$RANDOM
numberc=$RANDOM
numberd=$RANDOM
numbere=$RANDOM
numberf=$RANDOM
#generate random numbers

let "number %= $RANGE"
let "numbera %= $RANGE"
let "numberb %= $RANGE"
let "numberc %= $RANGE"
let "numberd %= $RANGE"
let "numbere %= $RANGE"
let "numberf %= $RANGE"
#ensure they are less than ceiling

# mac "stem"
# octets='00-60-2F'
# not necessary but requested by user: https://superuser.com/questions/218340/how-to-generate-a-valid-random-mac-address-with-bash-shell/218372

octeta=`echo "obase=16;$number" | bc`
octetb=`echo "obase=16;$numbera" | bc`
octetc=`echo "obase=16;$numberb" | bc`
octetd=`echo "obase=16;$numberc" | bc`
octete=`echo "obase=16;$numberd" | bc`
octetf=`echo "obase=16;$numberd" | bc`
#use a command line tool to change int to hex(bc is pretty standard)
#they're not really octets.  just sections.

macadd="${octeta}:${octetb}:${octetc}:${octetd}:${octete}:${octetf}"
#concatenate values and add dashes

echo $macadd
#echo result to screen
#note: does not generate a leading zero on single character sections.  easily remediedm but that's an exercise for you

/scripts/mac_random2.sh

wc -l /scripts/mac_random2.sh
only 9 lines! 🙂

#!/bin/bash
hexchars="0123456789ABCDEF"
mac=$( for i in {1..12} ; do echo -n ${hexchars:$(( $RANDOM % 16 )):1} ; done | sed -e 's/\(..\)/:\1/g' )
# with stem
# echo 00:60:2F$mac
# without stem
# remove first :
mac2="${mac:1}"
echo $mac2

/scripts/mac_new.sh

this script will use result from /scripts/mac_random2.sh

and asign it to the interface given

then use dhclient to get a new ip for this interface
(can not use old ip with new mac, won’t work, router get’s confused X-D)

# check what interfaces are there and what are their mac addresses
ifconfig -a

#!/bin/bash
echo "==== will generate new mac for interface "$1" given as argument to this script ====";
echo "interface: "$1;
echo "=== current mac: ==="
ifconfig wlp3s0
echo "=== generating new mac ==="
mac=$(/scripts/mac_random2.sh);
echo "new mac will be: "$mac;
echo "=== asigning new mac ==="
echo "(redo this step multiple times if it says: SIOCSIFHWADDR: Cannot assign requested address)";
ifconfig $1 down;
ifconfig $1 hw ether $mac;
ifconfig $1 up;
echo "=== get new dhcp ip for this interface ===";
echo "(because new mac with old ip not working)";
dhclient $1;

echo "=== will now monitor the interface ===";
sleep 3;
while true; do ifconfig -a $1; sleep 3; clear; done;

one can leave out the monitoring part, but it’s interesting to see if a new ip get’s asigned or a old one.