Slashdot Mirror
Using MAC Address to Uniquely Identify Computers
An anonymous reader writes "One of Australia's gaming networks, GamesArena has recently imposed a third party program required to access their gaming servers. One of it's features is that it records your NIC's MAC address to identify your computer, and subsequently in future, ban you if you cheat/break the rules etc. The response from players is mixed. It is not open source software, nor is it optional to install. "Install it or find another server to play on". Question remains, is it going too far?"
Definitely not- unfortunately it won't work since MACs are changable.
Or just change it in your registry settings (windows only of course), similar options exist for *nix...
I D= 23256
http://www.ntfaq.com/Articles/Index.cfm?Article
Linksys routers (and otherS) allow you to "clone" the MAC address. Its very useful if your cable company has registered the MAC address of the NIC they gave you. Thus, with filtering software, any other NIC won't connect....unless you "clone" it :)
ifconfig eth0 hw ether xx:xx:xx:xx:xx:xx
There's really no need to change your MAC address.
They're violating the simple rule about never trusting the client. All you have to do is modify this third-party program to have it spit out a random MAC address each time and *poof* the system is worthless. You don't even have to change your MAC address. And since MAC addresses are only used at the Ethernet level, not at the [TCP|UDP]/IP level, it doesn't matter that the server thinks your MAC address is different than it is.
They've been trying this crap for years with cable modems. Until I got a router, I used to use two different machines, each with the same MAC address installed. Worked out great. It's easy to change, too. It's also let me on at friends' offices, where access is MAC controlled. We log on a machine, write down the address, shut it down, boot mine up, change the address, and log on.
Who does it stop? Honest people.
Who won't it stop? The same people hacking their games in the first place.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
ifconfig eth0 hw ether aa:dd:rr:ee:ss
Uh, no you won't. The only time MAC addresses make a difference is in ARP packets, and the only place MAC addresses make a difference is on your local LAN segment. The fact that two people in different cities have the same MAC address matters not a whit to the routers between them.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
here's how to change it for nt/2000
windows2000faq
-advanced tab in adapter properties
linux
eepro100 list
-ifconfig eth0 hwaddr ether 00:11:22:33:44:55
this is exactly why microsoft's registration process uses a lot more than just the mac address.
No, of course not. This is just a client side program that tries to grab your MAC address and send it along with handshaking data when the connection is established. The server can't actually see you MAC address in the data you send.
When you're dialed up it won't be able to find a MAC address. They could try and use something else unique, like your intel number on p3's and higher (sorry, forgot the actual name), or they could hash together a bunch of information from your bios and stuff.
There's no way it could get any information off the server you're dialed into. Hell, they may not even be running ethernet (MAC addresses are how ethernet addresses packets. It's not used by TCP/IP or UDP/IP)
But if you're on the same segment, then routing is not an issue.
As noted, the answer is trivial: generate random MAC addresses. They are 6 bytes long - plenty of room for everyone to tumble the address every day and still not collide.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
This is just as silly as gun control because it makes the assumption that you can pass "laws" that will stop people that, by their very definition, do not obey laws!
...cheat the protection.
Here, they're saying "we're going to introduce a software "lock" that will prevent you from cheating." Great. So the people who want to cheat in the game are going to (say it with me now)
Are the people who wrote this bit of client-side [*cough*] security really under the impression that MAC addresses are immutable? Perhaps they know damned well it isn't but was kinda hoping that nobody would tell their client? This has the earmark of an initiative by some dip in a suit who never bothered to consult a single knowledgable, technical person.
Whatever. It might take two days before a patch/spoofer is readily available for the habitual cheaters. All it has to do is spit out a fake MAC address when queried.
My
Limekiller
All the NICs I've looked store the MAC in a very obvious format in the chip, whithout any pesky checksums to fix up - I recently used this method to simplify swapping 2 PCs off one cable modem.
As the NIC controller chip can read from the eeprom, chances are it can also be made to write to it as well, so it's probably possible to write a program to change the MAC without any hardware twiddling - a read of the chip;s data sheet would probably show you how.
Many ethernet drivers with this capability have an option for just this. For example, if you have a 3c918, click "configure" under network properties in win2k for that adapter. Select the "advanced" tab. On the left, you'll have an option called "network address" that's normally set to "Not Present". Change it to a specified value, and type in "DEADBEEFBABE" or whatever MAC address you want.
Bingo.
Black holes are where the Matrix raised SIGFPE
I thought they the MAC address was burned in to the chips themselves
It is stored on a PROM on the card. And the driver reads it, and stores it in computer memory. Then you go into the driver settings and override it, assuming the driver allows that; it's up to the driver.
The NIC never sends its MAC out on its own. The MAC is incorporated into the packet by the driver. The driver can send whatever the hell it wants to for the MAC address.
In Windows the changeablility of the MAC address depends on your driver. On my Dell laptop it's as easy as going into the NIC's properties and changing the number. On my desktop here at work I don't see an obvious way to do it.
Under Linux I think it's just ifconfig with some options.
Microsoft machines will tell you their MAC when you do a NBTSTAT on them. At least one ISP I know of blocks NetBIOS traffic because of uncontrolled file sharing, but I don't know how common that is.
Personal firewall software should capture the request or block it too, so there are a few ways to thwart the method.
Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it... "Hey check out my website dedicated to your demise!"
As for changing your MAC, what if the third party program doesn't read the MAC from the network stack, but pulls it from the driver? i.e. using the same calls the Network stack uses to get it in the first place?
If there's one card on a network, and you add another, the question becomes "what are the odds that the two cards will pick the same number?" Since there's 48 bits of entropy(minus a small range for multicast addresses and broadcast), the odds are effectively 2^48.
This is big.
If there's many cards on a network, and you want to know how many total you can add before two of them will end up with the same card, the answer's far smaller -- 2^24, which is still pretty huge(it's a bit more than 16 million). It's a different problem because each time you add a new card, the card after has one more it can possibly match with. This is known as the birthday paradox, so named because this precise logic means that given 23 people in a room, there's a +50% chance that two people have the same birthday. Each new person is one more to match with.
In reality, this is a moot point: MAC address prefixes are assigned by manufacturer, and the manufacturer serializes their cards such that no two shipped devices should ever have the same MAC address. Sometimes there are screwups, but they're pretty rare as far as I know.
To debunk what a couple people are saying -- yes, MAC addresses as exposed to the network can be changed, but MAC addresses as detected by custom client software may be more tricky. Whatever the driver is exposing to the network, the card itself can't usually have its MAC address written over(i.e. once power is cycled, that card's returning to original shipped condition). I'm positive there are exceptions to this, but they're probably rare.
Actually, this gives me an interesting idea. You can probably remotely fingerprint the age of a computer based on the MAC address of its ethernet card...and if IPV6's MAC->IP shove goes through, you'll be able to do that reasonably remotely!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Was this an NE2000 clone by any chance?
Due to quirky differences between the NE1000 and NE2000 cards, it was possible for the card to present an incorrect MAC address which would be identical across all cards if either the driver wasn't written correctly or the specification badly cloned.
I saw this problem myself many years ago on a Banyan network. Updated card drivers resolved this.
Just so you know. There are loads of 3Com-cards that you can permanently change the mac address of. I have one with an address of 42:42:42:42:42:42, another one with 00:DE:AD:BE:EF:00.
You can change that together with the rest of the card settings with a program running in dos-mode (3c5x9cfg.exe, get it from 3com.com). It's saved in eeprom or something like that. Very nice cards :)
From the placement of the registry key to change the mac in windows... i imagine the driver reports the new mac address to all callers.
Need a Catering Connection
Not quite:
(my emphasis) From ripe-246 - http://www.ripe.net/ripe/docs/ipv6policy.html
I work tech support at a small liberal arts college, and we require all students to register their machines within three weeks of getting on campus. We then lock their ports to their MAC addresses. If you need to move or change your card you can re-register, usually the change goes through in a day. We did it to make it easier to detect and limit email worms. If we see it coming from some specified port we close it off and the flag passes to the techs. So far it's worked pretty well, often we get people coming to us complaining that "their Internet doesn't work," usually it's because they got Klez and we shut their port off. Decent alarm system, really.
No statement is true, not even this one.
Of course you still need the IP address, but that's a little easier to find. You could even do a little social engineering to get it...
No need for social engineering. Anytime you play a game with someone you create an internet connection, that means your machine has to know their IP address. On Win98 (and probably all MS OS's) just open a dos window and type NETSTAT to see the text version of their address (userID.AOL.COM), or NETSTAT -N to see the dotted IP address (123.45.67.89).
Lots of people hesitate to tell you their IP address, thinking it is some big secret. It's rather amusing to get into a game with them and say "Your IP address is 123.45.67.89, your ISP is RoadRunner, and you are in Southern California, right near the coast".
How do I do the last part, naming their location? Just type their IP address into visualroute. (Requires Java) One end of the line is fixed at the visualroute server, the line shows the physical location of every server along the route to the target. You can click the map to zoom in.
It is interesting to note that it is not uncommon for servers locations to be completely different from the country code in the address. For example www.indymedia.org.il (Isreal country code) is actually hosed in Chiago USA. Often it is simply more convient getting content hosted on major US server farms, but sometimes it could be relevant for legal reasons, or it could even be intentionally missleading.
P.S.
I used www.indymedia.org.il as an example because it's the only example I remember off hand. I recall that one becase indymedia is anti-isreal, and I suspect the Isreal country code may be intentionally missleading. The indymedia "news" sites are certainly independant, but in my oppinion extremely biased and unreliable. It is a good source for certain stories the "major media" may have neglected, but double check any information you get there. The writing often drops to the level of pure propaganda.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Q. How can I change my media access control (MAC) address under Windows NT 4.0?
c es\\Parameters.
A. Each network adapter card has a MAC address, which machines on local subnets use to talk to each other. MAC addresses are usually burned into the adapters during the manufacturing process. To overwrite a network adapter card's default MAC address, perform the following steps:
1. Start the registry editor (e.g., regedit.exe).
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
3. From the Edit menu, select New - String Value.
4. Type a name of NetworkAddress, and press Enter.
5. Double-click the new value, and enter the adapter's new MAC value.
6. Click OK.
7. Close the registry editor.
8. Reboot the machine.
This makes me very happy- One should be able to deliver their cutting remarks and wage psychiological warfare upon the weak with one liners like "Yeah thats what your mom did last night, cock jocky."
That is the essence of multiplayer gaming, and any attempt to deprive us of that should be fought bitterly.
Many of them based on id software's engines, there are many games nowadays that use CD keys to prevent piracy. One of the first was Half Life, and unfortunately Half Life sold very well and used too simple a key... so it is relatively easy to 'generate' a valid Half Life key.
However, Quake 3 and related games have a CD Key system as well, and their keys are much more cryptographically secure. They have a legal keyspace in the trillions, making it very difficult to generate valid keys.
The system works. You can crack the game to make the key unnecessary, but you cannot crack all the Internet servers you could connect to. So a warez monkey can only play the game in single player or on a LAN, not on random Internet servers.
"I will trust Google to 'do no evil' until the founders no longer run it." Hello Alphabet.