Actiontec MI424-WR Router Impersonation

NOYB

Impersonation of other routers is probably also possible with appropriate alterations.

Actiontec MI424-WR Router Impersonation

ISP: Verizon FiOS

Router Make: (Verizon) Actiontec

Router Model: MI242-WR

Router HW: Rev. C

Router FW: 4.0.16.1.56.0.10.11.6 (Verizon Provided)

ISP: Frontier FiOS

Router Make: (Frontier) Actiontec

Router Model: MI424-WR

Router HW: Rev. C

Router FW: 4.0.16.1.56.0.10.12.4.1 (Frontier Provided)

pfSense 2.0 RC3 (FreeBSD 8.1)

File:
/etc/inc/interfaces.inc

Notes:
Probably will survive reboot.
Probably will not survive an update.

dhcp-class-identifier (dhcp option 60) is not in FreeBSD 8.1 Manual (at least I could not find it there).

Replace These Option-125 Strings Portions With Your Actiontec Router WAN MAC Address:
ASCII: 00180160EB84
HEX:   30:30:31:38:30:31:36:30:45:42:38:34

Replace This:

/*
	$dhclientconf .= <<<eod<br>interface "{$wanif}" {
timeout 60;
retry 1;
select-timeout 0;
initial-interval 1;
	{$dhclientconf_hostname}
	script "/sbin/dhclient-script";
}

EOD;
/**/</eod<br> 

With This:

/* Get MAC as ascii string and strip out colon (:) delimiters. */
$dhcpclientconf_mac_ascii = str_replace(":", "", strtoupper(get_interface_mac($wanif)));

/* Convert MAC ascii string to HEX with colon (:) delimiters. */
$dhcpclientconf_mac_hex = "";
$delimiter = "";
for($i = 0; $i < strlen($dhcpclientconf_mac_ascii); $i++) {
	$dhcpclientconf_mac_hex .= $delimiter. bin2hex($dhcpclientconf_mac_ascii[$i]);
	$delimiter = ":";
}

	$dhclientconf .= <<<eod<br>interface "{$wanif}" {
timeout 60;
retry 1;
select-timeout 0;
initial-interval 1;

 send dhcp-class-identifier "Wireless Broadband Router";		# Option 60	## Hard Coded Class Identifier
 send dhcp-client-identifier "";					# Option 61  ## Blank to Prevent Send

 send host-name "Wireless_Broadband_Router";			# Option 12	## Hard Coded Host Name
#send host-name "{$wancfg['dhcphostname']}";			# Option 12	## Obtained From Web Configurator (WAN Hostname Setting)

 send domain-name "home";						# Option 15	## Hard Coded Domain Name

# V-I Vendor-specific Information					# Option 125	## Hard Coded MAC
#send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c00180160EB84\\x03\\x07MI424WR";
 send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:30:30:31:38:30:31:36:30:45:42:38:34:03:07:4d:49:34:32:34:57:52;

# V-I Vendor-specific Information					# Option 125	## Obtained From Web Configurator (WAN MAC Address Spoof Setting)
#send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c{$dhcpclientconf_mac_ascii}\\x03\\x07MI424WR";
#send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:{$dhcpclientconf_mac_hex}:03:07:4d:49:34:32:34:57:52;

# Parameter Request List						# Option 55	## Hard Coded Parameter Request List
 request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, time-servers, log-servers, default-ip-ttl, interface-mtu, vendor-encapsulated-options, dhcp-requested-address, dhcp-lease-time, dhcp-server-identifier, dhcp-parameter-request-list,   dhcp-class-identifier, dhcp-client-identifier, www-server, option-125;

 require subnet-mask, domain-name-servers, routers;		# These are required by the client

 script "/sbin/dhclient-script";
}

EOD;</eod<br> 

NOYB

Attached PHP include file will make it easier to apply and restore after updates.

As well as switch between multiple impersonation configurations of other routers.

Usage info is included in the file.

interfaces.Actiontec.MI424-WR.Impersonation.inc.txt