PINE64
MAC Address/NIC Privacy Script [various options] - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: PinePhone Software (https://forum.pine64.org/forumdisplay.php?fid=121)
+---- Forum: Debian on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=139)
+---- Thread: MAC Address/NIC Privacy Script [various options] (/showthread.php?tid=11018)



MAC Address/NIC Privacy Script [various options] - RTP - 08-11-2020

Edited: added new smartphone mimic -p

A script I wrote (bash) called WiPri (WiFi Privacy: I use it on Mobian/Arch so wifi tracking beacons/public wifi do not track my phone movements and thought I would share with other Pinephone privacy interested users (since mac addresses generally stay static and easily trackable by default).

It works on default Mobian install (no extras needed) (Arch was easy to install a missing prerequisite bash command) and has various options for different types of MAC address/network device disinformation. The install.sh part gives you the option of installing as a command or optionally as a systemd service (systemd service starts at boot- by default the .service file sets a new unique, randomly generated (with valid OUI) mac address identity at each boot (valid OUI imho superior to false OUI as tracking many times weeds out nonvalid OUI mac addresses to track down true mac address leaks). 

Code:
Wipri -d wlan0 -i

If installed as systemd service the default is the above command (sets device wlan0 [change to match your device name if not wlan0] and -i sets a randomly generated new mac address identity to be held for remainder of command run (or if systemd by default the above changes the mac address identity at each boot and holds it until next power off)

Currently -i [new static random identity] by default checks current mac address every 20sec to ensure firmware doesn't reset mac address (on standard mac changers some cards try to leak/reset address). if the mac address changes during one of the regular checks it sets it back to the original chosen, randomly generated mac identity to be held.

Other commandline options:

Code:
wipri -d wlan0 -p

The above -p generates/sets a single random, valid MAC address either Apple or Samsung (to mimic smartphones the most common wifi devices in area). It holds that single randomly generated valid mac.

Code:
wipri -d wlan0 -P

The above -P flag is similar to -p but instead of holding a single Apple/Samsung mac address, it continuously changes mac addresses every so often (continuously randomized changing times), at continuously changing randomized mac addresses with Apple/Samsung OUI. Again, to blend in with smartphones

Code:
wipri -d wlan0 -r -h

The above sets wlan0 as device and continually randomizes mac address (again, valid OUI's) to be changed at continually changing randomized times, at continually changing randomized mac addresses. The -h flag generates a randomly generated hostname using a standard set of randomly chosen bases with a randomized extension. Example: PC-27423 or My-iPhone (will be adding Apple OUI list in near future to mimic iphones)

The above is nice for travelling ime (continually changing randomized addresses at randomized times make more difficult to do pattern analysis)

Code:
wipri -d wlan0 -m [mac address here]

The above lets you select any mac address of your choice and by default checks every 20sec to ensure firmware doesn't crash or reset it.

Code:
wipri -d wlan0 -r -s -h

The above -r flag like earlier changes the mac address to continually changing randomized mac addresses at continually changing randomized times. The -s is an experimental feature that makes the txpower signal change strengths (while staying connected) giving wifi tracker beacons changing signal strengths, giving the impression your device is moving and attempts to confuse trackers.. The -h again changes the hostname to a randomized address (hostname is another fingerprint on networks).

Code:
wipri -d wlan0 -a

The above changes mac address at continually changing randomized times while simultaneously changing hostname and txpower at randomized strengths at continually changing randomized times (to give impression of new devices: new hostname at same time as new txpower as same time as new mac address).

Video installing WiPri on Mobian/Pinephone:

https://youtu.be/1j-AtFtsqH4

If you want to check out latest: https://github.com/Aresesi/wipri

To make a copy of the files:

Code:
git clone https://gitlab.com/Aresesi/wipri

The install.sh does all the work (and asks if you want it as command or optional systemd boot service)

Hope someone finds it useful  Wink


RE: MAC Address/NIC Privacy Script [various options] - wibble - 08-13-2020

Any plans to put in an enhancement request for NetworkManager? It already has MAC randomisation as a per-SSID option, but not quite to this level.


RE: MAC Address/NIC Privacy Script [various options] - RTP - 08-17-2020

(08-13-2020, 11:05 AM)wibble Wrote: Any plans to put in an enhancement request for NetworkManager? It already has MAC randomisation as a per-SSID option, but not quite to this level.
 
I hadn't crossed my mind but thanks. It might be worth looking into Smile