Can mobile device bluetooth mac address be changed??
I am asking this because one part of my system depends on this security. If it can be done, how hard is this to do and how one can do that.
I know that on linux you can change it pretty easily, but that is for PCs.
Device manufacturers will not allow changing of MAC address,
MAC address is controlled and allocated by IEEE since it has to be unique.
if you are a device manufacturer you can get a bunch of addresses and keep changing them on a single device. (so theoretically is it possible)
Changing MAC is possible by the lower level drivers and typically this capability is not exposed to applications.
"I am asking this because one part of my system depends on this security."
If you are basing MAC address of blue tooth as a security consideration you are going about this the wrong way.
This is the EXACT same as banks relying on just the hotsname "back.com" to verify that the user is connecting to correct website. This is why https and SSL was invented not only for encryption but also to verify that users are who they say they are.
IE you will need to implement some sort of trust chain in order for this to be secure not some random MAC address which is technically publicly viewable (with in range) and also spoofable as has been proven by PC application/drivers.
I've never heard of any tools on Windows that can do it, only Linux. I suggest you get a Live CD of Linux and follow this walkthrough:
http://www.siddharthabbineni.com/tech/hardware/change-bluetooth-device-mac-address.html
Related
As stated in the header, but to expand, i have been having connectivity issues and as paranoid as I can get i wanted to see if there was any foulplay as I was finding alot of strange, sporadic appearances of Wifi networks in my vicinity.
Prior to these networks appearing I had no connectivity issues. Regardless, to simplify and get to the point, I went to take a look at the attached devices on my router administration page to sus out any potential intruders.
I've just come up to see two mac address appearing on the list, however I am the only connected device. To Clarify I am connecting to a Wireless Extender:
This is where the issue is: The two Mac Addresses are ALMOST ALIKE save for a 1 digit variation. However what is interesting is that the Mac address that is not my NIC's original physical address is assigned to my IP and Vendor {MSI} while my original Mac address is listed as an unknown.
(I have attached the image of my devices page below to show this.)
Is there a possibility that I may be Mac Spoofed or am i being too worried. I am not familiar with protocols or measures used by routers as I am a home user. Perhaps the router needs to duplicate my mac address and amend it for internet connectivity?
I may have not explained my setup properly and will do so if requested.
I appreciate your help Stackoverflow and apologies for my newbie inquisitions.
Regards
Attached devices list
This question should be better to Security Stackexchange.
EDITED
It seems maybe is not a spoofed mac. Sometimes some devices have two mac addresses. Usually because of the dual 2GHz and 5GHz bands.
I am trying to identify computers with a unique code based on their machine. However, I can't find any way to do this. I've tried to use mac addresses, but you can only the server's mac address when you're using a linux server. I would use the clients ip address, but it can change if they're using a proxy or vpn, or even if they just unplug their router for a bit.
Can anyone recommend something that would be good for this?
Thanks.
There is no secure way to uniquely identify computers based on hardware, and why should you?
The better practice would be to use an artificial key.
If you want to identify a person - you give it an ID (passport, driving license...), do the same here:
Use the session (apache generates automatically a session ID), or generate a UUID (there are many ways to do this). Or if you need to go beyond - use ssh key pairs, save them somewhere on the PC.
Now to the problem:
1. A client could lie about his hardware, his mac address, VIN/PID, serial number of the SATA cable. You can (and must) never trust such info!
2. Clients hardware could change, and then?
I have tried using several commands as well as couple of examples using C/C++ but am still not able to find a flawless method that can differentiate between physical or virtual ethernet adapters. Physical means, on that available on your board or installed externally and virtual means created by virtualization apps such as VirtualBox/VMWare/Virtual PC or VPN etc.
Any pointers?
There is no flawless method. A virtual adapter can have any MAC address, including one that might have been assigned by a constructor to a physical device. And the other way around, given that one can change the MAC address of a physical adapter. You can only make an educated guess.
You might find it easier to detect if you are running virtualized at all, rather than look for specific information about the NICs. The virt-what(1) tool looks through aspects of the running system to guess if the system is virtualized or not. (The script isn't as smart as you think, but it does have a lot of small information gathering tools in one place.)
Someone intentionally trying to bypass a license check would probably not find it difficult to defeat this mechanism.
Maybe one can use mii-tool and check if it fails, which it does for virtual:
mii-tool vmbr2
SIOCGMIIPHY on 'vmbr2' failed: Operation not supported
mii-tool eno1
eno1: negotiated 1000baseT-FD flow-control, link ok
EDIT:
What is mii-tool: view, manipulate media-independent interface status
This utility checks or sets the status of a network interface's
Media Independent Interface (MII) unit. Most fast ethernet
adapters use an MII to autonegotiate link speed and duplex
setting.
https://www.man7.org/linux/man-pages/man8/mii-tool.8.html
We have a registered PC based application that needs a Dongle (hardware that gets plugged on the printer port) to start and execute. The vendor who provided us this application and Dongle, does not make or work with these dongles any more, since they are very old technology, and would not help us in this aspect.
So my question is --> is it possible to read the security code from this Dongle and store it in a file or something on the PC. We also do not have the source code of the application. Can we change the call in the application to read the security key from this file instead of trying to read it from the Dongle attached to the printer/parallel port.
Sorry for the vague question but we are very desperate to get help on this problem as out application has 16-bit code and it would not be supported by Windows 7 which is 64 bit. Thanks!!
The LPT security devices don't just contain information but usually include a processor and perform certain operations. Dongle emulators were developed when dongles where more widespread, but as they were based on reverse-engineering, they didn't work exactly right.
To answer your question, no, what you need is not possible. You need to start thinking about migration to another application. A temporary solution would be to have a copy of older OS running in virtual machine and to have your application run in this virtual machine. Such solution will work for another 5-10 years for sure, and I think it's enough for migration.
Need a basic direction in the following project.
There is a linux based controller doing some industrial control stuff.
The box is equipped with cellular modem and is capable to get online through cellular carrier. Cellular communication is used because controller is mostly installed where no cables or short range radio is available. Places where sun don't normally shine :)
The task is to allow internet clients to connect directly to the box for some basic control/monitoring stuff. The problem is connectivity - how clients will discover the box? - I'd like to have the box act as a server (if possible). Assuming that cellular carrier allows the box to get online doesn't necessarily mean that the box will get public IP so that anyone would be able to get connected. To my understanding the cellular network acts as a gateway from those who are working inside of it, and reaching someone in that network from outside isn't possible. Am I wrong? We are looking for a generic solution, not a solution around particular cellular provider. The controller is installed in different countries, we need to find the standard way to "webify" it.
The software (and hardware) in the box is ours, we can basically do anything, but I am looking for the right way to do it in order to avoid surprises with different providers later. BTW, the solution doesn't necessarily have to be technical, may be it's possible to buy a permanent IP's per box, or setup VPNs.. Which way should I dig to? What questions to ask?
Your ideas are welcome!
Your summary of the problem is basically correct. I've implemented several systems that do this, and the odds of success are good.
The way you tackle this will depend on the number of remote units you expect a single user to interact with. If each user will handle only one or two devices, it's plausible to implement the web server on the remote device. If each user handles many devices, consider centralising as much administration as possible. I've implemented this using Zenoss for data logging, and a custom control server.
If the web server sits on the remote device, you can either buy a SIM with a static IP, or use a proxy server. I recommend setting up a proxy server unless the number of devices is very small.
There are three options for SIMs:
Static IP with an address on the public Internet will be expensive, and negotiating the deal with each provider in each country will be irksome. No proxy server is required.
Private APN SIMs will give you the option of a static address, but in a private address range. Negotiation with the mobile network is still required, and you will require a proxy server to sit between the public Internet and the private address range,
Standard data SIMs will connect to the Internet through NAT. You can use these to host your service by opening a VPN connection (we used openvpn) to your server. You can now reach the devices directly by connecting to the same VPN, or through a proxy server.
If you use openvpn, here are some more tips:
Give each unit a public serial number, and a private key. Store these in the firmware of the unit, and in a central database. Put the public serial number on the outside of the unit. You can use an openvpn login script to ensure that a particular unit always appears at the correct IP address, which keeps the proxy configuration static.
You can control openvpn's bandwidth usage by adjusting its keepalive behaviour, and how often it renegotiates. Measure and tune this before a large deployment.
The NAT timeouts in the mobile networks are generally between 5 and 15 minutes. The device must send a packet to the server often enough to keep NAT alive.
Cheap SIM deals may be web only with limited ports.
Other tips:
GPRS modem firmware can (rarely) crash internally. If your hardware supports it, provide software with the ability to power cycle the modem.
Test your box in areas with poor coverage in your own country before you send out international shipments.
This is a typical problem with "mobile agent" appearing in different places or using different providers (in this case just one provider, but it's almost the same). Usually it's solved using some kind of home agent - a server that the mobile connects to and gives details about how to reach it or if it can't be reached directly then the home agent acts as a proxy.
Client always contact the home agent first and then if it is possible they contact the mobile or if it's not they use the server as a proxy.
In some cases dynamic dns might be sufficient in other you need real proxy/ façade.
There's a good book: Andrew S. Tanenbaum & Maarten van Steen :"Distributed Systems: Principles and Paradigms"
You can ask cellular provider to give you a SIM card with internet access and fixed IP address. Then you can host any server you like. Do not forget that you are dealing with limited bandwidth.