halo / LinkLiar

:link: Link-Layer MAC spoofing GUI for macOS
http://halo.github.io/LinkLiar
MIT License
1.23k stars 84 forks source link

For USB/Thunderbolt Ethernet, it will likely not prevent a leak? #36

Closed x-glitch-z closed 4 years ago

x-glitch-z commented 4 years ago

Hi, I'm just checking with you about this comment from back in 2017. https://github.com/halo/LinkLiar/issues/21#issuecomment-308448668 Do this still being the case for USB/Thunderbolt Ethernet? Do you have any tips in how to minimize this leak?

halo commented 4 years ago

Hi! Thank you for your question.

Yes, the leak still happens. WiFi has the same problem, but only once (as the spoofing persists even when you turn off WiFi, unlike plugging out an ethernet adapter).

Spontaneously, I know of no way to prevent macOS from talking over any interface as soon as it is activated, so that you'd have time to change the MAC address.

For Ethernet adapters, I suppose you could plug in the adapter but without the LAN cable. If you succeed in changing the MAC address in that situation, you're good to go and can plug in the cable into the adapter.

As for the first-time-WiFi-spoof, put your Mac in a Faraday cage, turn on WiFi, wait for the spoofing to take effect, then remove the cage :)

I'd also like to mention that this is a general problem and not related to LinkLiar, so I'd encourage you to ask your question on apple.stackexchange.com or maybe security.stackexchange.com. If you're precise in your wording you may get help (there are many questions about MAC addresses, but as far as I can tell none this specific.).

I'll close this issue for now. Feel free to post more comments and maybe let me know how it went :)