MAC not changed back to Real MAC

[GoogleCodeExporter]

Do you have any idea what may have caused this bug?  Guesses are helpful!

MAC address was changed by wifite for anonymity. Never changed back to REAL 
MAC. 

I terminated the program during execution and in turn, my MAC address was never 
changed back to the real one.   

What operating system are you running? 

Backtrack 5 R2

What version of the wifite are you using?

R84

Please provide any additional information below.  A paste of the error is
very helpful!

I closed wifite while it was collecting IVs. Wifite changed the MAC to a client 
MAC for fakeauth. It appears to be random because I don't pick up the fake MAC 
on airodump. Then after failed fakeauth, wifite changes MAC back to a previous 
client MAC used in an earlier test. 

see screen shot

"_" is my AP
The MAC starting with "00:17:F9" is random. it is not a attributed to any 
device in my environment. 
The MAC starting with "28:EF:01" is a kindle fire that i used in a previo us 
crack attempt; an attempt i terminated during IV capture. 
The actual MAC address of my wireless card starts with "68:7f:74" and was 
reflected in the first test (sorry no SS)

I haven't read through all your code yet so I'm not sure how you store the REAL 
MAC but I have a suggestion: 
If the real MAC is just stored in a temp variable, write the real MAC to a 
temporary file (hidden possibly) that gets deleted after a full execution of 
the program. This way if the program is terminated prematurely, the temp file 
with the Real MAC will persist (unless manually deleted) until the next 
execution of wifite. Then on opening wifite, compare the file to the MAC that 
was found by wifite, if != change it back to the real MAC. 
If I have time later I will try and implement this and follow up with my 
results. 

Original issue reported on code.google.com by omi...@gmail.com on 20 Apr 2012 at 5:58

Attachments:

• wifite.png

[GoogleCodeExporter]

after a disconnect/reconnect of wireless adapter the MAC changed back to normal 
and i was able to duplicate the bug. luckily i'm using a USB stick and not an 
internal card :)

Original comment by omi...@gmail.com on 20 Apr 2012 at 6:09

[GoogleCodeExporter]

I took the liberty of modifying your code. I hope that is okay. 
Let me start by mentioning, I know JAVA. I have never written in python before 
so I just kinda looked at your code to figure out how to do what I needed. With 
that said, I may have done some or all of this wrong. All I know is that it 
works.

Changes:

Line #'s [808-809, 859-871]
I added a feature that will recover the ACTUAL MAC address if the program is 
terminated before it has the chance to change it back. 
All it does is write the Actual MAC address to a hidden file. After the program 
is finished running, the file is deleted along with the arp_replay files. If 
the program is terminated prematurely, the file will persist (unless manually 
deleted) until next run. At next run, WiFite will compare the MAC in the file 
to the MAC returned by getmac(). If the file exists and contains a MAC address, 
It will take the MAC in the FILE as THIS_MAC. If the file doesn't exist, it is 
created and THIS_MAC is written to it.

Line #'s [2290-2291] 
I added a call for DeAuth. It sends 5 DeAuth signals right before it starts to 
run the ARP Replay. In my testing, this allowed the ARP replay to capture an 
ARP packet and acquire IV's immediately. This is where I'm sure I did something 
wrong. It works, but I feel like there is probably a better way to do it. I 
didn't read all the code, you'll know it from top to bottom so if you like the 
changes I made you'll know exactly how and where to properly implement them.

I get the feeling that I might have changed something else, but I cant 
remember... so that is all. I hope you can use them and thanks for the work you 
do.  

The screen shots below are a before and after set of with and without the 
DeAuth call. Everything in my environment stayed exactly the same between these 
two trials. You'll see the first attempt times out and the second attempt 
cracks the key in a minute and fifteen seconds.

Original comment by omi...@gmail.com on 20 Apr 2012 at 11:57

Attachments:

• without_deauth.png
• with_deauth.png

[GoogleCodeExporter]

Wow, thanks for the code changes.  

I addressed your suggestion to deauth-before-sniffing in another issue.

MAC-changing was always a problem with the old wifite (version 1).  I tried to 
address this issue in v2 by avoiding macchanger and using ifconfig to change 
the MAC.  The changing is still iffy (script must be ran when interface is not 
in monitor mode), but I haven't had any problems with it.

You may want to try the new beta v2 (https://github.com/derv82/wifite/). If I 
implement the deauth-before-capture feature, it will be in v2 (on github) and 
not v1 (here on google code).

Once v2 is out of beta, I will post the update here on google code.

Original comment by der...@gmail.com on 26 Apr 2012 at 5:59

• Changed state: Accepted