You are not logged in.
Pages: 1
Hi,
in Devuan 4 (that run as a Virtual Machine)
in the xfce GUI Network connection, under the tab Wi-Fi I can see Device: wlan0 (a MAC address )
with nmcli
...
wifi (the chipset name), a different MAC address
...
So I was wondering which one give the true "physical"/OEM MAC address
Thanks
Last edited by SpongeBOB (2024-09-20 10:13:32)
Linux noob, plz be kind
Offline
Hi SpongeBOB. Try cat /sys/class/net/wlan0/address
Although in my tests on Devuan, the above command gives a nonsense address if run in the first two seconds after booting. Does anyone know why? If I run this little script at boot:
#!/bin/sh
while true; do
cat /sys/class/net/wlan0/address >>/home/bruno/Deskop/log.txt
sleep 1
done
The first two lines in the log file show the unexpected 76:0c:d1:46:f7:89. Lines three onwards show the device's true mac address, which is 54:2a:a2:6a:xx:xx (redacted for privacy).
I've always wondered why wlan0's mac address in /sys/class/net/wlan0/address is only accurate approximately 2 seconds after boot. Does anyone have any idea?
Last edited by GNUser (2024-09-20 20:21:36)
Offline
Perhaps the MAC is changed by firmware? In that story the first would be hardware (PROM) MAC while the latter would be a firmware derivative. Guesswork.
Offline
Perhaps the MAC is changed by firmware?
Hi ralph.ronnquist. I'd love to get to the bottom of this if you can help me. I tried removing the firmware files to see what would happen. If I boot without the firmware, I get this (which is more or less what I expected):
$ cat /sys/class/net/wlan0/address
cat: /sys/class/net/wlan0/address: No such file or directory
What would be the best way to test your theory?
Last edited by GNUser (2024-09-20 23:28:20)
Offline
mmm then maybe it's the opposite way; that the firmware loads with some random default mac, and this eventually gets updated from the hardware. If so I suppose a binary scan of the firmware could possibly find that first mac...
Offline
This wireless card requires two firmware files. I cannot find that initial MAC address in either file.
$ xxd -p mt7662.bin | tr -d '\n' | grep 760cd146f789
[no hits]
$ xxd -p mt7662_rom_patch.bin | tr -d '\n' | grep 760cd146f789
[no hits]
Maybe I'm not looking the right way.
Offline
I suppose it could store it textually?
would be 37363a30633a64313a34363a66373a3839 in hex
EDIT: would be odd to do
Offline
Offline
I suppose it could store it textually?
would be 37363a30633a64313a34363a66373a3839 in hex
Good idea but no luck. I think we've excluded that the initial mac address is hardcoded in the firmware.
Hi pcalvert. That's a good thought, but not applicable to my setup. The settings you are referring to are wifi.scan-rand-mac-address and wifi.mac-address-randomization. I use MAC address filtering in my router, so definitely don't want my devices to connect using randomized MAC addresses. I can confirm that NetworkManager is not using any of these settings:
$ cd /etc/NetworkManager/
$ sudo grep -r 'mac-address' *
[no hits]
Plus, I dual boot Devuan and Tiny Core Linux. In the latter, MAC address of my wireless card is the same as what Devuan is showing me (i.e., 54:2a:a2:6a:xx:xx).
Ralph, I think your initial theory is sounds right: There must be a hardware MAC address, which the driver or firmware changes to what I think of as my "actual" MAC address. A small amount of time (~2 seconds) elapses between wlan0 being brought up and the driver/firmware changing the MAC address.
EDIT: Ralph, if you run my trivial script in reply #2 as a startup job, can you reproduce my observation that MAC address changes? (Although exactly what happens--and when--likely depends on the specific hardware, driver, and firmware.)
Last edited by GNUser (2024-09-21 03:38:08)
Offline
ethtool -P wlan0 might show something, probably the working address though.
Offline
In the good ole days MAC addresses are supposed to be unique and immutable, but unfortunately, these days MAC randomization is definitely a thing, and getting more and more widespread. More and more devices and peripherals these days come with randomization built-in, and some devices even offer user-customizable MAC addresses. Many modern cellphones automatically randomize their MACs upon connecting to a new WiFi network.
I've actually looked into firewall filtering by MAC before, for a fairly large public Wi-Fi network. My conclusion, unfortunately, is that these days it is essentially useless, because (1) it is broadcast in the clear, and (2) people can and do eavesdrop on your MAC addresses and spoof them. It's as easy as changing a system setting. Which means (3) filtering by MAC is basically worthless. Worse yet, (4) many devices actually stop working properly if you force them not to randomize their MACs. If they even let you turn it off in the first place. Some devices no longer even offer the option.
Given this state of affairs, it's hardly surprising that the firmware driver will automatically do MAC randomization upon startup. Long gone are the good ole days where you can count on MACs being a reliable device identifier.
Offline
Hello:
... gone are the good ole days where you can count on MACs being a reliable device identifier.
Been following this thread because it is of interest to me.
eg: I have wireless turned off in my fibre modem but was considering turning it on only for very specific purposes.
So ...
What is left if the only protection left seems to be WPA2?
Best,
A.
Offline
The command "sudo lshw" provides this information on my MacBook Pro:
============================================
*-network
description: Wireless interface
product: BCM4331 802.11a/b/g/n
vendor: Broadcom Inc. and subsidiaries
physical id: 0
bus info: pci@0000:03:00.0
logical name: wlp3s0b1
version: 02
serial: ce:90:b4:79:b7:53
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress bus_master cap_list ethernet physical wireless
configuration: broadcast=yes driver=b43 driverversion=6.1.0-25-rt-amd64 firmware=784.2 latency=0 link=no multicast=yes wireless=IEEE 802.11
resources: irq:17 memory:a0600000-a0603fff
============================================
Does this help?
Ad aspera ad astra
Offline
Pages: 1