Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Actiontec MI424-WR Router Impersonation

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 1 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NOYB
      last edited by

      Impersonation of other routers is probably also possible with appropriate alterations.

      Actiontec MI424-WR Router Impersonation

      ISP: Verizon FiOS

      Router Make: (Verizon) Actiontec

      Router Model: MI242-WR

      Router HW: Rev. C

      Router FW: 4.0.16.1.56.0.10.11.6 (Verizon Provided)

      ISP: Frontier FiOS

      Router Make: (Frontier) Actiontec

      Router Model: MI424-WR

      Router HW: Rev. C

      Router FW: 4.0.16.1.56.0.10.12.4.1 (Frontier Provided)

      pfSense 2.0 RC3 (FreeBSD 8.1)

      File:
      /etc/inc/interfaces.inc

      Notes:
      Probably will survive reboot.
      Probably will not survive an update.

      dhcp-class-identifier (dhcp option 60) is not in FreeBSD 8.1 Manual (at least I could not find it there).

      Replace These Option-125 Strings Portions With Your Actiontec Router WAN MAC Address:
      ASCII: 00180160EB84
      HEX:   30:30:31:38:30:31:36:30:45:42:38:34

      Replace This:

      
      /*
      	$dhclientconf .= <<<eod<br>interface "{$wanif}" {
      timeout 60;
      retry 1;
      select-timeout 0;
      initial-interval 1;
      	{$dhclientconf_hostname}
      	script "/sbin/dhclient-script";
      }
      
      EOD;
      /**/</eod<br> 
      

      With This:

      
      /* Get MAC as ascii string and strip out colon (:) delimiters. */
      $dhcpclientconf_mac_ascii = str_replace(":", "", strtoupper(get_interface_mac($wanif)));
      
      /* Convert MAC ascii string to HEX with colon (:) delimiters. */
      $dhcpclientconf_mac_hex = "";
      $delimiter = "";
      for($i = 0; $i < strlen($dhcpclientconf_mac_ascii); $i++) {
      	$dhcpclientconf_mac_hex .= $delimiter. bin2hex($dhcpclientconf_mac_ascii[$i]);
      	$delimiter = ":";
      }
      
      	$dhclientconf .= <<<eod<br>interface "{$wanif}" {
      timeout 60;
      retry 1;
      select-timeout 0;
      initial-interval 1;
      
       send dhcp-class-identifier "Wireless Broadband Router";		# Option 60	## Hard Coded Class Identifier
       send dhcp-client-identifier "";					# Option 61  ## Blank to Prevent Send
      
       send host-name "Wireless_Broadband_Router";			# Option 12	## Hard Coded Host Name
      #send host-name "{$wancfg['dhcphostname']}";			# Option 12	## Obtained From Web Configurator (WAN Hostname Setting)
      
       send domain-name "home";						# Option 15	## Hard Coded Domain Name
      
      # V-I Vendor-specific Information					# Option 125	## Hard Coded MAC
      #send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c00180160EB84\\x03\\x07MI424WR";
       send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:30:30:31:38:30:31:36:30:45:42:38:34:03:07:4d:49:34:32:34:57:52;
      
      # V-I Vendor-specific Information					# Option 125	## Obtained From Web Configurator (WAN MAC Address Spoof Setting)
      #send option-125 "\\x00\\x00\\x0d\\xe9\\x1f\\x01\\x06000FB3\\x02\\x0c{$dhcpclientconf_mac_ascii}\\x03\\x07MI424WR";
      #send option-125 00:00:0d:e9:1f:01:06:30:30:30:46:42:33:02:0c:{$dhcpclientconf_mac_hex}:03:07:4d:49:34:32:34:57:52;
      
      # Parameter Request List						# Option 55	## Hard Coded Parameter Request List
       request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, time-servers, log-servers, default-ip-ttl, interface-mtu, vendor-encapsulated-options, dhcp-requested-address, dhcp-lease-time, dhcp-server-identifier, dhcp-parameter-request-list,   dhcp-class-identifier, dhcp-client-identifier, www-server, option-125;
      
       require subnet-mask, domain-name-servers, routers;		# These are required by the client
      
       script "/sbin/dhclient-script";
      }
      
      EOD;</eod<br> 
      
      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        Attached PHP include file will make it easier to apply and restore after updates.

        As well as switch between multiple impersonation configurations of other routers.

        Usage info is included in the file.

        interfaces.Actiontec.MI424-WR.Impersonation.inc.txt

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.