Enabling MAC randomization
-
@Vlad-Nirky said in Enabling MAC randomization:
@gpatel-fr
You could fix IPThe option does not seem to be available in the phone UI - I guess that it can be done with some command line trickery. This is not something that is commonly done in Wifi networks where devices are rarely servers.
-
@uxes said in Enabling MAC randomization:
Android, iOS, and macOS absolutely randomize their MAC addresses
there seem to be yet some level of configuration:
what is done by the trick I posted is mostly the highest level, non persistent randomization (except the 'new Mac address every few days'). The article suggests that this can be too strong for some internal 'enterprise' networks that have special requirements. So some level of configuration could be necessary, no size fits all. When adding options in the UI, it gets so much more complicated to program that you begin to understand why it was not done before for UT.
-
@gpatel-fr
Not so hard and usefull
you must know which yaml file is used for the wifi in /etc/netplan
as root cd /etc/netplan and cat yaml files.
nano 90-NM-5f1fe55a-2996-4485-b6b3-a75fe76edc62.yaml (ie)
Then in the wifi one
replacedhcp4: true with dhcp4: false addresses: - [your wanted IP]/24 (or less) routes: - to: default via: [your router IP] nameservers: addresses: [your DNS1, your DNS2]save it
and validate it by
netplan apply -
@Vlad-Nirky said in Enabling MAC randomization:
Not so hard and usefull
yes that's a possibility. Another could be to stop and disable the mount unit + restarting the phone when staying at home.
-
What we did:
To test
The
/run/is reset on every reboot so we first created/run/NetworkManager/conf.d/20-randomwifimacaddress.confwith[device] wifi.scan-rand-mac-address=yes [connection] wifi.cloned-mac-address=random- Restart NetworkManager:
systemctl restart NetworkManager
The observed effects:
- The MAC address was random everytime (as configured).
- The
wifi network scanning no longer worksin the config app.
Scanning from the command line does still work.nmcli radio wifi on && nmcli device wifi rescan && nmcli device wifi list && nmcli radio wifi off
I could really use some help on that one.
To make permanent
- Created
/userdata/system-data/etc/NetworkManager/conf.d/ - Copied the existing
/etc/NetworkManager/conf.d/default-wifi-powersave-on.confto/userdata/system-data/etc/NetworkManager/conf.d/. - Created
/userdata/system-data/tmp/ - Created the described
/userdata/system-data/etc/systemd/system/etc-NetworkManager-conf.d.mount
[Unit] Description=Mount unit for /etc/NetworkManager/conf.d DefaultDependencies=no Requires=system.slice dev-sda17.device -.mount Conflicts=umount.target Before=umount.target local-fs.target Before=network-pre.service Wants=network-pre.service [Mount] Where=/etc/NetworkManager/conf.d What=/userdata/system-data/etc/NetworkManager/conf.d Options=rw,relatime,upperdir=/userdata/system-data/etc/NetworkManager/conf.d,lowerdir=/etc/NetworkManager/conf.d,workdir=/userdata/system-data/tmp Type=overlay [Install] WantedBy=network.target- Created
/userdata/system-data/etc/NetworkManager/conf.d/20-randomwifimacaddress.confwith
[device] wifi.scan-rand-mac-address=yes [connection] wifi.cloned-mac-address=random- Ran commands
systemctl daemon-reloadsystemctl start etc-NetworkManager-conf.d.mount
- Verify it was correctly mounted and had the right files
- Ran commands
systemctl enable etc-NetworkManager-conf.d.mount
Summary so far
- MAC Randomization works
- Wifi network scanning in the config app no longer works (and it does work using nmcli). If we disable the scan mac randomization then the config app works again.
- Restart NetworkManager:
-
@nielsbasjes said in Enabling MAC randomization:
Wifi network scanning in the config app no longer works
if you mean that the other networks don't appear when disabling and enabling wifi in settings/wifi, I don't repro. I can still see them. I think it has happened to me even without randomisation, the problem is a bit random itself
-
@gpatel-fr Correct, the list in the config UI does not show any of the available networks. On the FP5 we have it seems to be directly related to the scan randomisation setting.
-
Since the grand total of devices in the test is 2 it's difficult to conclude anything.
Does it happen in any neighboroud ? I mean has it been only tested in an enterprise context with special enterprise wifi access point? which version of UT do you use ?
If the problem really interests you, you could enter the lxc android container (sudo lxc-attach --name android -- sh) and use logcat or take a look at the android wifi logs (/data/vendor/wifi/wlan_logs) while disabling/enabling the wifi in the Ui to see if any interesting error message does appear at this time.
-
said in Enabling MAC randomization:
the problem is a bit random itself
actually, it's a bit clearer now; when I enable wifi, I see the whole bunch of other wifi access points around my place; if I close settings and come back after some time (don't remember, maybe half an hour) and I open wifi settings again, I don't see anymore any other access points that the one I am connected to.
-
@gpatel-fr The tests I did were in a residential setting with the Wifi SSIDs of serveral neighbors showing up.
-
that's a bit annoying that the same change on the same hardware leads to 2 different results. There must be a reason but it's difficult to imagine it. As for the moment there is no one to step up to share a result in a different context and I'm definitely not about to buy a new phone to do a different test. I will wait for an idea to come to me
-
@gpatel-fr I wasn't clear. The SSIDs showed when wifi.scan-rand-mac-address was disabled and none (not even the current one) were shown when it was enabled.
-
@nielsbasjes said in Enabling MAC randomization:
none (not even the current one)
Now, even when I don't see the other access points, which is quite often when I swipe out the settings and come back in it, I always see my own access point with "Connected" in green. Like I said, I only see the other access points when first enabling Wifi (and it don't crash the phone, but that's another story).
I'm curious how it appears, could you share a screenshot please ?
