Request: randomize within a single vendor

[jameskhamil]

Example, randomize MAC but make it always under Dell vendor

[halo]

Nice idea. It was actually on the roadmap but then I thought nobody needs this, so I dropped it 😯

I will think about how a GUI for this might look like.

[halo]

So, these are the use-cases I see for this feature:

1. You are on a corporate network where everybody uses a Dell laptop. You want to blend in, so you need Dell MAC prefixes.
2. An IT administrator asks for your MAC address to whitelist you for their WiFi. He sees that you have a Dell laptop, so he would be suspicious if you had a non-Dell prefix.
3. Using randomized prefixes, LinkLiar might assign vendors that are rare or odd (such as network switches or routers) and make your traffic look suspicous.

Did I miss any?

As for number 3, I'm trying to mitigate that by only using the most commonly known vendors. I keep an arbitrary list of popular names and then I download the complete prefix list and export all relevant prefixes into the LinkLiar core. So LinkLiar only uses these prefixes when randomizing the prefix. (Now that I think of it, this is something I should document in the README :)

As for scenario 1 and 2, I'm not sure how to best solve that in the most simple way possible.

If you look at the prefixes that Dell uses, you come up with a pretty long list:

0x00065b,0x000874,0x000bdb,0x000d56,0x000f1f,0x001143,0x00123f,0x001372,
0x001422,0x0015c5,0x0016f0,0x00188b,0x0019b9,0x001aa0,0x001c23,0x001d09,
0x001e4f,0x001ec9,0x002170,0x00219b,0x002219,0x0023ae,0x0024e8,0x002564,
0x0026b9,0x00c04f,0x107d1a,0x109836,0x141877,0x149ecf,0x14b31f,0x14feb5,
0x180373,0x1866da,0x18a99b,0x18dbf2,0x18fb7b,0x1c4024,0x20040f,0x204747,
0x246e96,0x24b6fd,0x28f10e,0x3417eb,0x34e6d7,0x405cfd,0x44a842,0x484d7e,
0x4c7625,0x509a4c,0x549f35,0x5c260a,0x5cf9dd,0x64006a,0x74867a,0x74e6e2,
0x782bcb,0x7845c4,0x801844,0x842b2b,0x847beb,0x848f69,0x90b11c,0x9840bb,
0x989096,0xa41f72,0xa44cc8,0xa4badb,0xb083fe,0xb4e10f,0xb82a72,0xb8ac6f,
0xb8ca3a,0xbc305b,0xc81f66,0xd0431e,xd067e5,0xd09466,0xd481d7,0xd4ae52,
0xd4bed9,0xd89ef3,0xe0d848,0xe0db55,0xe4f004,0xecf4bb,0xf01faf,xf04da2,
0xf48e38,0xf8b156,0xf8bc12,0xf8cab8,0xf8db88

• Would you ever want to narrow that list down?
• Would you want to only use one of them?
• Would you want to use all of them except one?
• How do you choose "IBM" from a list of vendors, if there is "IBM", "IBM Corp", "IBM Corporation", and "IBM Japan"? Because the official prefix list does not adhere to any conformity at all :)
• Do you only want to keep the prefix of your original hardware MAC address but keep the suffix random?

These are questions I'm considering when implementing a GUI for choosing a vendor prefix.

WiFiSpoof has a GUI like this, but I'm sure this can be simplified:

In the past, LinkLiar used to have a GUI like this, the randomization wheel was really funny and I might as well bring it back. When you spun that wheel, it would randomize the prefix, the suffix, or both, depending on your need.

So to sum up, could you elaborate a little more on your use-case? I'm trying to find out the scope of this feature that will be useful for most people, including beginners.

[veekas]

Interesting discussion, @halo. Although not currently needed, I would like the ability to choose a vendor, as well. Use case is most similar to the first one you listed. No need for customization, just a generic Apple/Google/Samsung.

[halo]

No need for customization, just a generic Apple/Google/Samsung.

Hi @veekas Thank you for your feedback. Could you be more specific?

• Apple and Google
• Apple or Google

What would the steps look like that you would take in order to achieve this? What do you mean by "no need for customization"? Would you specify one vendor or multiple? What would randomization mean in this context?

Thank you for your time.

[veekas]

Thanks for your response.

I listed those three vendors in particular as stand-ins for any short list of popular vendors that would be expected by an IT admin at work or a university. I'm not sure how you would determine which to include in that short list, though. For example, if a US-based workplace primarily uses company-issued Chromebooks and Google Pixel phones, a user would want to be able to specify Google as a vendor. I think specifying one vendor at a time would be fine, as choosing subsets of vendors could complicate the UI.

I am envisioning a dropdown, either in the main section or under Settings, that allows the user to define a MAC address by vendor.

To clarify the concept of randomization, I believe that a randomization wheel or GUI like that of WiFiSpoof seems like overkill for this use case.

[ghost]

Randomizing inside a vendor (or shortlist of vendors) would be truly great, I think.

Would you ever want to narrow that list down? - Definitely.
Would you want to only use one of them? - Quite possibly. Certainly good enough.
Would you want to use all of them except one? - No.
How do you choose "IBM" from a list of vendors, if there is "IBM", "IBM Corp", "IBM Corporation", and "IBM Japan"? Because the official prefix list does not adhere to any conformity at all :) - This complication isn't easy. Multi-select vendors then?
Do you only want to keep the prefix of your original hardware MAC address but keep the suffix random? - Interesting, but not entirely necessary.

The scenario might want to include a configuration where ones MAC address becomes a needle in a haystack of needles. When one gets a Cisco or Motorola or some non-ordinary MAC, it begins to appear pretty interesting and attracts attention.

Thank you for such a great app!

[halo]

Thank you for your valuable feedback!

I’m trying to wrap my head around the scope of this feature. I just want to make sure I properly meet the needs.

Feature description

• I would like to give the user the ability to choose a subset of prefixes.
• If an interface has the “Random” setting, that’s where this subset comes into play.
• When LinkLiar randomizes the MAC address, one of the user-defined prefixes is randomly chosen as prefix for the randomization.
• The suffix remains completely random.

I’m planning on giving the end-user three ways to specify one or more prefixes:

Option 1

• Do nothing at all. By default LinkLiar will choose one among the most prominent prefixes (this list I curate manually)
• The question is, which MAC address would that be?
• And how many would the ideal number of prefixes be?

Option 2

• Choose the name of one or more vendors. All prefixes of those chosen vendors are candidates when randomizing.
• The question here is, which vendors should that be?
• Wireshark tries valiantly to unify spelling differences into canonical vendor names (e.g. “IBM) See this list
• Do I want to make a difference between “IBM Corp” and “IBM Japan” or do I use Wiresharks sanitized list?
• Samsung has mobile phones but also TVs and maybe even PC network cards. Does it make sense to use any prefix of Samsung then? Because a TV would raise more suspicion than a PC network card.

Option 3

• The user may manually type in a prefix (e.g. “aa:bb:cc”).
• Repeat that process to add more prefixes to the custom prefix list used for randomizing. Prefixes can also be removed from that list.
• The question here is, how many will there usually be? like 10? Or 100? It makes a difference in how to design the interface.
• Secondly, does this need to work together with option 2 or not? In other words, is this a valid use case? “All prefixes from IBM and my manually defined prefixes aa:aa:aa and bb:bb:bb” Or can I force the user to choose either option 1 or option 2 or option 3. That would simplify things.

Thank your for helping me to triage this :)

[halo]

I just wanted to let you know that in the past 2 years, not a month goes by where I don't think of this issue. Because the solution is already in my head, I just could not prioritize this yet and implement it.

(If I would spare an hour or two per week, I would still have to allocate multiple weeks in a row to not forget how I started off :D So far, there has always been some more urgent project, but I don't give up hope that I will find the time for this in 2020).

[halo]

Ok, thanks for waiting... 3 years 😅

You can try out this feature in this pre-release:
https://github.com/halo/LinkLiar/releases/tag/3.0.0

[halo]

OK, I've released a follow-up version 3.0.1 with minor changes. I feel confident that I can release it officially this week. It appears to work fine.

I will close this issue for now. Thanks for all your support and patience.