Actiontec MI424-WR Router Impersonation
-
Impersonation of other routers is probably also possible with appropriate alterations.
Actiontec MI424-WR Router Impersonation
ISP: Verizon FiOS
Router Make: (Verizon) Actiontec
Router Model: MI242-WR
Router HW: Rev. C
Router FW: 4.0.16.1.56.0.10.11.6 (Verizon Provided)
ISP: Frontier FiOS
Router Make: (Frontier) Actiontec
Router Model: MI424-WR
Router HW: Rev. C
Router FW: 4.0.16.1.56.0.10.12.4.1 (Frontier Provided)
pfSense 2.0 RC3 (FreeBSD 8.1)
File:
/etc/inc/interfaces.incNotes:
Probably will survive reboot.
Probably will not survive an update.dhcp-class-identifier (dhcp option 60) is not in FreeBSD 8.1 Manual (at least I could not find it there).
Replace These Option-125 Strings Portions With Your Actiontec Router WAN MAC Address:
ASCII: 00180160EB84
HEX: 30:30:31:38:30:31:36:30:45:42:38:34Replace This:
/* $dhclientconf .= <<<eod<br>interface "{$wanif}" { timeout 60; retry 1; select-timeout 0; initial-interval 1; {$dhclientconf_hostname} script "/sbin/dhclient-script"; } EOD; /**/</eod<br>With This:
/* Get MAC as ascii string and strip out colon (:) delimiters. */ $dhcpclientconf_mac_ascii = str_replace(":", "", strtoupper(get_interface_mac($wanif))); /* Convert MAC ascii string to HEX with colon (:) delimiters. */ $dhcpclientconf_mac_hex = ""; $delimiter = ""; for($i = 0; $i < strlen($dhcpclientconf_mac_ascii); $i++) { $dhcpclientconf_mac_hex .= $delimiter. bin2hex($dhcpclientconf_mac_ascii[$i]); $delimiter = ":"; } $dhclientconf .= <<<eod<br>interface "{$wanif}" { timeout 60; retry 1; select-timeout 0; initial-interval 1; send dhcp-class-identifier "Wireless Broadband Router"; # Option 60 ## Hard Coded Class Identifier send dhcp-client-identifier ""; # Option 61 ## Blank to Prevent Send send host-name "Wireless_Broadband_Router"; # Option 12 ## Hard Coded Host Name #send host-name "{$wancfg['dhcphostname']}"; # Option 12 ## Obtained From Web Configurator (WAN Hostname Setting) send domain-name "home"; # Option 15 ## Hard Coded Domain Name # V-I Vendor-specific Information # Option 125 ## Hard Coded MAC #send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c00180160EB84\\x03\\x07MI424WR"; send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:30:30:31:38:30:31:36:30:45:42:38:34:03:07:4d:49:34:32:34:57:52; # V-I Vendor-specific Information # Option 125 ## Obtained From Web Configurator (WAN MAC Address Spoof Setting) #send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c{$dhcpclientconf_mac_ascii}\\x03\\x07MI424WR"; #send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:{$dhcpclientconf_mac_hex}:03:07:4d:49:34:32:34:57:52; # Parameter Request List # Option 55 ## Hard Coded Parameter Request List request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, time-servers, log-servers, default-ip-ttl, interface-mtu, vendor-encapsulated-options, dhcp-requested-address, dhcp-lease-time, dhcp-server-identifier, dhcp-parameter-request-list, dhcp-class-identifier, dhcp-client-identifier, www-server, option-125; require subnet-mask, domain-name-servers, routers; # These are required by the client script "/sbin/dhclient-script"; } EOD;</eod<br>
-
Attached PHP include file will make it easier to apply and restore after updates.
As well as switch between multiple impersonation configurations of other routers.
Usage info is included in the file.