MAC address / hostid spoofing
with ifconfig and LD_PRELOAD

Each networking / ethernet device comes with a MAC address, which is a serial number for that device, sometimes referred to as the hostid.

Sometimes you have software that expects a specific MAC address on your computer. For example, some license managers require a specific MAC address or hostid on your first networking card. Unfortunately if you don't have control over what order the networking cards boot up in, then this may change from boot to boot. (Update: I've found that you can solve this issue by setting rules in /etc/udev, though I immediately ran into another reason for spoofing, so YMMV) If this happens, the license manager may not allow you to run software that you have legitimately paid for.

One way to get around this is by "spoofing" the MAC address.

There are a number of techniques for this:

  1. Some systems will let ifconfig change the MAC address of a NIC:

    # (As root)
    sudo ifconfig eth0 hw ether 01:02:03:04:05:06

  2. Use LD_PRELOAD to alter the behavior of ioctl. Here is some source that does exactly that:

    Just do a make and follow the instructions to test it out. For example, to check if it worked: (after building the library)

    % export LD_PRELOAD=`pwd`/
    % export MAC_ADDRESS=01:02:03:04:05:06
    % hostid
    % ifconfig
  3. Use ptrace with PTRACE_SYSCALL to alter the behavior of ioctl. (For example if it is statically linked). I've started some code to do this.
  4. Some systems (such as Solaris) can change behavior of system calls by putting a kernel module in kernel/sys.
  5. Solaris also has a procfs interface (is this the same as kernel/sys?). Here is an example that changes time() which could be easily modified to change ioctl.
  6. If the software you are using is dynamically linked but prevents LD_PRELOAD (setuid software, for example), you could build a new libc and start the software in a chroot().

Thanks to wdybai, pramode and this Bugtraq archive for many of the initial sources and ideas.