Slashdot Mirror
Using MAC Address to Uniquely Identify Computers
An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?"
Definitely not- unfortunately it won't work since MACs are changable.
Or just change it in your registry settings (windows only of course), similar options exist for *nix...
I D= 23256
http://www.ntfaq.com/Articles/Index.cfm?Article
Linksys routers (and otherS) allow you to "clone" the MAC address. Its very useful if your cable company has registered the MAC address of the NIC they gave you. Thus, with filtering software, any other NIC won't connect....unless you "clone" it :)
ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
There's really no need to change your MAC address.
They're violating the simple rule about never trusting the client. All you have to do is modify this third-party program to have it spit out a random MAC address each time and *poof* the system is worthless. You don't even have to change your MAC address. And since MAC addresses are only used at the Ethernet level, not at the [TCP|UDP]/IP level, it doesn't matter that the server thinks your MAC address is different than it is.
They've been trying this crap for years with cable modems. Until I got a router, I used to use two different machines, each with the same MAC address installed. Worked out great. It's easy to change, too. It's also let me on at friends' offices, where access is MAC controlled. We log on a machine, write down the address, shut it down, boot mine up, change the address, and log on.
Who does it stop? Honest people.
Who won't it stop? The same people hacking their games in the first place.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
ifconfig eth0 hw ether aa:dd:rr:ee:ss
Uh, no you won't. The only time MAC addresses make a difference is in ARP packets, and the only place MAC addresses make a difference is on your local LAN segment. The fact that two people in different cities have the same MAC address matters not a whit to the routers between them.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
here's how to change it for nt/2000
windows2000faq
-advanced tab in adapter properties
linux
eepro100 list
-ifconfig eth0 hwaddr ether 00:11:22:33:44:55
this is exactly why microsoft's registration process uses a lot more than just the mac address.
No, of course not. This is just a client side program that tries to grab your MAC address and send it along with handshaking data when the connection is established. The server can't actually see you MAC address in the data you send.
When you're dialed up it won't be able to find a MAC address. They could try and use something else unique, like your intel number on p3's and higher (sorry, forgot the actual name), or they could hash together a bunch of information from your bios and stuff.
There's no way it could get any information off the server you're dialed into. Hell, they may not even be running ethernet (MAC addresses are how ethernet addresses packets. It's not used by TCP/IP or UDP/IP)
But if you're on the same segment, then routing is not an issue.
As noted, the answer is trivial: generate random MAC addresses. They are 6 bytes long - plenty of room for everyone to tumble the address every day and still not collide.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
This might also help of you are stuck with a Windows system
This is just as silly as gun control because it makes the assumption that you can pass "laws" that will stop people that, by their very definition, do not obey laws!
...cheat the protection.
Here, they're saying "we're going to introduce a software "lock" that will prevent you from cheating." Great. So the people who want to cheat in the game are going to (say it with me now)
Are the people who wrote this bit of client-side [*cough*] security really under the impression that MAC addresses are immutable? Perhaps they know damned well it isn't but was kinda hoping that nobody would tell their client? This has the earmark of an initiative by some dip in a suit who never bothered to consult a single knowledgable, technical person.
Whatever. It might take two days before a patch/spoofer is readily available for the habitual cheaters. All it has to do is spit out a fake MAC address when queried.
My
Limekiller
All the NICs I've looked store the MAC in a very obvious format in the chip, whithout any pesky checksums to fix up - I recently used this method to simplify swapping 2 PCs off one cable modem.
As the NIC controller chip can read from the eeprom, chances are it can also be made to write to it as well, so it's probably possible to write a program to change the MAC without any hardware twiddling - a read of the chip;s data sheet would probably show you how.
It's actually because your cable modem router (unless it's connected directly by USB to your computer, it's not a modem -- it's a router, routing IP traffic over the cable xDSL link) has your old MAC address in the ARP cache, so it gets temporarily confused. Power-cycling clears out the cache. No magic tricks involved. ISPs simply can't know the MAC addresses on your network, unless they've hacked your router to give them some kind of inbound access to your network.
Excpet they wouldn't get the MAC address. Since it would go through at least one router, the headers would lose the MAC address. All they would have is the IP address. The router closest to the Cable Modem would be the only one that cares about the MAC addresses of it's subnet. Everyone else works on IP address.
Neither. The server will see the MAC address of its closest neighbour, which will be a router at the ISP. MAC addresses are layer 2 - not part of the IP protocol. Each time a packet is forwarded through an IP gateway, the MAC address changes.
I'd guess what this software (COGS) is doing is including the MAC address of your local machine (but which ethernet card if you have more than one?) in the application-level data (i.e. the TCP/UDP payload) it sends to the server. If it sends a MAC address which is on the server's ban list, you don't get to play.
As someone else pointed out, this is pretty braindamaged and obviously designed by someone lacking the first clue about security. It's very easy to spoof - either by changing the MAC address of your ethernet card, or by cracking the client-side part of COGS. Yeah, I know it's not open-source... so? Someone will crack it and cracked COGS clients will appear on Warez sites within days.
And I'm not totally clear on what happens if you don't have an ethernet card and connect with PPP over a serial connection, like analog or ISDN. PPP doesn't have MAC addresses.
Many ethernet drivers with this capability have an option for just this. For example, if you have a 3c918, click "configure" under network properties in win2k for that adapter. Select the "advanced" tab. On the left, you'll have an option called "network address" that's normally set to "Not Present". Change it to a specified value, and type in "DEADBEEFBABE" or whatever MAC address you want.
Bingo.
Black holes are where the Matrix raised SIGFPE
I thought they the MAC address was burned in to the chips themselves
It is stored on a PROM on the card. And the driver reads it, and stores it in computer memory. Then you go into the driver settings and override it, assuming the driver allows that; it's up to the driver.
The NIC never sends its MAC out on its own. The MAC is incorporated into the packet by the driver. The driver can send whatever the hell it wants to for the MAC address.
In Windows the changeablility of the MAC address depends on your driver. On my Dell laptop it's as easy as going into the NIC's properties and changing the number. On my desktop here at work I don't see an obvious way to do it.
Under Linux I think it's just ifconfig with some options.
Yes, they are going to put it in the payload, probably during the handshake. As for people who don't connect using an ethernet interface, they'll probably resort to using some sort of hash to generate a unique identifier for your system.
I guess they're relying on the fact that majority of people who do connect to them are broadband users. Hard core network gaming doesn't make much sense without broadband anyway
Microsoft machines will tell you their MAC when you do a NBTSTAT on them. At least one ISP I know of blocks NetBIOS traffic because of uncontrolled file sharing, but I don't know how common that is.
Personal firewall software should capture the request or block it too, so there are a few ways to thwart the method.
Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it... "Hey check out my website dedicated to your demise!"
As for changing your MAC, what if the third party program doesn't read the MAC from the network stack, but pulls it from the driver? i.e. using the same calls the Network stack uses to get it in the first place?
In linux you can change it with ifconfig. I used to do this in order to fool my ISP into thinking my linux box is my windows box back when ATT used to require the service be tied to a specific MAC Address (I do not think they do this anymore) I didnt feel like taking the nic out of my linux box so I just changed the MAC to that of the windows one.
I think it goes something like this
ifconfig eth0 hw ether AB:CD:EF:GH...
If there's one card on a network, and you add another, the question becomes "what are the odds that the two cards will pick the same number?" Since there's 48 bits of entropy(minus a small range for multicast addresses and broadcast), the odds are effectively 2^48.
This is big.
If there's many cards on a network, and you want to know how many total you can add before two of them will end up with the same card, the answer's far smaller -- 2^24, which is still pretty huge(it's a bit more than 16 million). It's a different problem because each time you add a new card, the card after has one more it can possibly match with. This is known as the birthday paradox, so named because this precise logic means that given 23 people in a room, there's a +50% chance that two people have the same birthday. Each new person is one more to match with.
In reality, this is a moot point: MAC address prefixes are assigned by manufacturer, and the manufacturer serializes their cards such that no two shipped devices should ever have the same MAC address. Sometimes there are screwups, but they're pretty rare as far as I know.
To debunk what a couple people are saying -- yes, MAC addresses as exposed to the network can be changed, but MAC addresses as detected by custom client software may be more tricky. Whatever the driver is exposing to the network, the card itself can't usually have its MAC address written over(i.e. once power is cycled, that card's returning to original shipped condition). I'm positive there are exceptions to this, but they're probably rare.
Actually, this gives me an interesting idea. You can probably remotely fingerprint the age of a computer based on the MAC address of its ethernet card...and if IPV6's MAC->IP shove goes through, you'll be able to do that reasonably remotely!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Was this an NE2000 clone by any chance?
Due to quirky differences between the NE1000 and NE2000 cards, it was possible for the card to present an incorrect MAC address which would be identical across all cards if either the driver wasn't written correctly or the specification badly cloned.
I saw this problem myself many years ago on a Banyan network. Updated card drivers resolved this.
You have a rather restricted view of the possible. You don't have to believe me of course but I wrote the software that was used to hunt down the problem in the field. And the problem was admitted by the manufacturer (I own several of their other NICs and they're fine of course).
Keep in mind that MACs aren't normally seen outside of their own segment. If you and I have the same NIC, it's not going to cause an issue since internetworking is done at the IP layer.
Thanks for the interesting tidbit. Yes, I believe it was an NE2000 clone. I wish I had known about this back then. However, once I found the problem, I went back to work and left it to the ISP to deal with.
Just so you know. There are loads of 3Com-cards that you can permanently change the mac address of. I have one with an address of 42:42:42:42:42:42, another one with 00:DE:AD:BE:EF:00.
You can change that together with the rest of the card settings with a program running in dos-mode (3c5x9cfg.exe, get it from 3com.com). It's saved in eeprom or something like that. Very nice cards :)
There are a few other problems with this software (it's called COGS) than just the fact that it can't really block dedicated cheaters. Sure, measures to block cheaters are fine, but this one went too far.
1. It's buggy as all hell, everytime I log on it downloads a new patch, and still doesn't always run properly. And this is after supposedly extensive testing.
2. It's unsecure, it transmits your username and password as get parameters for authentication.
3. Originally it was going to be released without Mac and Linux versions. (This has since been changed.)
4. It's basically trying to replace programs we already know and use. It has an in-built IRC client that automatically connects to the GameArena server (which we obviously already had), a server browser (we already had ServerQuery [serverquery.qgl.org] which is lightweight yet adequate, also GPLed) and even a web browser that opens the main GameArena site. All activities we had perfectly fine utilities for, yet someone has made a half-arsed effort to replace them.
Perhaps if it had been better executed we would have been a bit more accepting, but the amateur coding effort along with the draconian "use it or leave" policy has left a lot of gamers with a negative view of COGS.
Z
I have been accused of cheating at CounterStrike more than once, and have been banned from the KGB servers for killing clan members too often (I guess) - but I NEVER cheat. People get bent out of shape when you kill them too frequently, they assume that if you are much better than they are that you must be cheating. Good grief. Fortunately there are a large number of good alternative servers out there - for these guys, I hope they are careful before they ban someone for being ACCUSED of cheating.
KK4SFV
From the placement of the registry key to change the mac in windows... i imagine the driver reports the new mac address to all callers.
Need a Catering Connection
Not quite:
(my emphasis) From ripe-246 - http://www.ripe.net/ripe/docs/ipv6policy.html
I work tech support at a small liberal arts college, and we require all students to register their machines within three weeks of getting on campus. We then lock their ports to their MAC addresses. If you need to move or change your card you can re-register, usually the change goes through in a day. We did it to make it easier to detect and limit email worms. If we see it coming from some specified port we close it off and the flag passes to the techs. So far it's worked pretty well, often we get people coming to us complaining that "their Internet doesn't work," usually it's because they got Klez and we shut their port off. Decent alarm system, really.
No statement is true, not even this one.
Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it...
No need for social engineering. Anytime you play a game with someone you create an internet connection, that means your machine has to know their IP address. On Win98 (and probably all MS OS's) just open a dos window and type NETSTAT to see the text version of their address (userID.AOL.COM), or NETSTAT -N to see the dotted IP address (123.45.67.89).
Lots of people hesitate to tell you their IP address, thinking it is some big secret. It's rather amusing to get into a game with them and say "Your IP address is 123.45.67.89, your ISP is RoadRunner, and you are in Southern California, right near the coast".
How do I do the last part, naming their location? Just type their IP address into visualroute. (Requires Java) One end of the line is fixed at the visualroute server, the line shows the physical location of every server along the route to the target. You can click the map to zoom in.
It is interesting to note that it is not uncommon for servers locations to be completely different from the country code in the address. For example www.indymedia.org.il (Isreal country code) is actually hosed in Chiago USA. Often it is simply more convient getting content hosted on major US server farms, but sometimes it could be relevant for legal reasons, or it could even be intentionally missleading.
P.S.
I used www.indymedia.org.il as an example because it's the only example I remember off hand. I recall that one becase indymedia is anti-isreal, and I suspect the Isreal country code may be intentionally missleading. The indymedia "news" sites are certainly independant, but in my oppinion extremely biased and unreliable. It is a good source for certain stories the "major media" may have neglected, but double check any information you get there. The writing often drops to the level of pure propaganda.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
If you use a NIC it probably means you have Broadband, Some carriers require you to register your NIC, and I'm pretty sure most of these are in Australia, so it isn't a simple matter of just changine your MAC because if you change it your Broadband will go down.
Q. How can I change my media access control (MAC) address under Windows NT 4.0?
c es\\Parameters.
A. Each network adapter card has a MAC address, which machines on local subnets use to talk to each other. MAC addresses are usually burned into the adapters during the manufacturing process. To overwrite a network adapter card's default MAC address, perform the following steps:
1. Start the registry editor (e.g., regedit.exe).
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
3. From the Edit menu, select New - String Value.
4. Type a name of NetworkAddress, and press Enter.
5. Double-click the new value, and enter the adapter's new MAC value.
6. Click OK.
7. Close the registry editor.
8. Reboot the machine.
This makes me very happy- One should be able to deliver their cutting remarks and wage psychiological warfare upon the weak with one liners like "Yeah thats what your mom did last night, cock jocky."
That is the essence of multiplayer gaming, and any attempt to deprive us of that should be fought bitterly.
To make auto config possible, you need quite a big host part, at least 48 bits, the size of a ethernet MAC address. Probably they choose 64 bits to allow for larger MAC addresses.
You can read more about IPv6 and its address allocation policies here.
my isp did the same thing when i got my cable internet hooked up.. then it came time to buy router so my mom could have fast connection as well. luckily, Linksys (and probably many others) lets you change your router's mac address very, very easily. i assume the same thing could be done in this situation
Many of them based on id software's engines, there are many games nowadays that use CD keys to prevent piracy. One of the first was Half Life, and unfortunately Half Life sold very well and used too simple a key... so it is relatively easy to 'generate' a valid Half Life key.
However, Quake 3 and related games have a CD Key system as well, and their keys are much more cryptographically secure. They have a legal keyspace in the trillions, making it very difficult to generate valid keys.
The system works. You can crack the game to make the key unnecessary, but you cannot crack all the Internet servers you could connect to. So a warez monkey can only play the game in single player or on a LAN, not on random Internet servers.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.