Actiontec MI424-WR Router Impersonation

  • Impersonation of other routers is probably also possible with appropriate alterations.

    Actiontec MI424-WR Router Impersonation

    ISP: Verizon FiOS

    Router Make: (Verizon) Actiontec

    Router Model: MI242-WR

    Router HW: Rev. C

    Router FW: (Verizon Provided)

    ISP: Frontier FiOS

    Router Make: (Frontier) Actiontec

    Router Model: MI424-WR

    Router HW: Rev. C

    Router FW: (Frontier Provided)

    pfSense 2.0 RC3 (FreeBSD 8.1)


    Probably will survive reboot.
    Probably will not survive an update.

    dhcp-class-identifier (dhcp option 60) is not in FreeBSD 8.1 Manual (at least I could not find it there).

    Replace These Option-125 Strings Portions With Your Actiontec Router WAN MAC Address:
    ASCII: 00180160EB84
    HEX:   30:30:31:38:30:31:36:30:45:42:38:34

    Replace This:

    	$dhclientconf .= <<<eod<br>interface "{$wanif}" {
    timeout 60;
    retry 1;
    select-timeout 0;
    initial-interval 1;
    	script "/sbin/dhclient-script";

    With This:

    /* Get MAC as ascii string and strip out colon (:) delimiters. */
    $dhcpclientconf_mac_ascii = str_replace(":", "", strtoupper(get_interface_mac($wanif)));
    /* Convert MAC ascii string to HEX with colon (:) delimiters. */
    $dhcpclientconf_mac_hex = "";
    $delimiter = "";
    for($i = 0; $i < strlen($dhcpclientconf_mac_ascii); $i++) {
    	$dhcpclientconf_mac_hex .= $delimiter. bin2hex($dhcpclientconf_mac_ascii[$i]);
    	$delimiter = ":";
    	$dhclientconf .= <<<eod<br>interface "{$wanif}" {
    timeout 60;
    retry 1;
    select-timeout 0;
    initial-interval 1;
     send dhcp-class-identifier "Wireless Broadband Router";		# Option 60	## Hard Coded Class Identifier
     send dhcp-client-identifier "";					# Option 61  ## Blank to Prevent Send
     send host-name "Wireless_Broadband_Router";			# Option 12	## Hard Coded Host Name
    #send host-name "{$wancfg['dhcphostname']}";			# Option 12	## Obtained From Web Configurator (WAN Hostname Setting)
     send domain-name "home";						# Option 15	## Hard Coded Domain Name
    # V-I Vendor-specific Information					# Option 125	## Hard Coded MAC
    #send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c00180160EB84\\x03\\x07MI424WR";
     send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:30:30:31:38:30:31:36:30:45:42:38:34:03:07:4d:49:34:32:34:57:52;
    # V-I Vendor-specific Information					# Option 125	## Obtained From Web Configurator (WAN MAC Address Spoof Setting)
    #send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c{$dhcpclientconf_mac_ascii}\\x03\\x07MI424WR";
    #send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:{$dhcpclientconf_mac_hex}:03:07:4d:49:34:32:34:57:52;
    # Parameter Request List						# Option 55	## Hard Coded Parameter Request List
     request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, time-servers, log-servers, default-ip-ttl, interface-mtu, vendor-encapsulated-options, dhcp-requested-address, dhcp-lease-time, dhcp-server-identifier, dhcp-parameter-request-list,   dhcp-class-identifier, dhcp-client-identifier, www-server, option-125;
     require subnet-mask, domain-name-servers, routers;		# These are required by the client
     script "/sbin/dhclient-script";

  • Attached PHP include file will make it easier to apply and restore after updates.

    As well as switch between multiple impersonation configurations of other routers.

    Usage info is included in the file.

Log in to reply