Re: changing mac addresses of clients in vmware

[Kostya Kortchinsky <kostya.kortchinsky () renater fr>]

Hi,

There is an easy way to do that by patching the MAC generation routine 
and MAC verification routine. Here they are :

Version 4.5.0 build-7174

* Linux - adresse MAC (générée)

vmware-vmx : génération
.text:080B1EAD 66 C7 45 CC 00 00                 mov     [ebp+var_34], 0
.text:080B1EB3 C6 45 C8 00                       mov     byte ptr 
[ebp+var_38], 0
.text:080B1EB7 C6 45 C9 0C                       mov     byte ptr 
[ebp+var_38+1], 0Ch
.text:080B1EBB C6 45 CA 29                       mov     byte ptr 
[ebp+var_38+2], 29h
.text:080B1EBF 89 04 24                          mov 
[esp+58h+var_58], eax
.text:080B1EC2 E8 29 74 FB FF                    call    sub_80692F0

vmware-vmx : vérification
.text:080B20C8                   loc_80B20C8: 
 ; CODE XREF: sub_80B1F80+112j
.text:080B20C8 80 3B 00                          cmp     byte ptr [ebx], 0
.text:080B20CB 75 06                             jnz     short loc_80B20D3
.text:080B20CD 80 7B 01 0C                       cmp     byte ptr 
[ebx+1], 0Ch
.text:080B20D1 74 10                             jz      short loc_80B20E3
.text:080B20D3
.text:080B20D3                   loc_80B20D3: 
 ; CODE XREF: sub_80B1F80+14Bj
.text:080B20D3 
   ; sub_80B1F80+167j
.text:080B20D3 89 7C 24 04                       mov 
[esp+28h+var_24], edi
.text:080B20D7 C7 04 24 40 8F 25+                mov 
[esp+28h+var_28], offset a@@@Msg_mac_b_0 ; 
"@&!*@*@(msg.mac.badAddressOUI)%s is not"...
.text:080B20DE E9 0B FF FF FF                    jmp     loc_80B1FEE
.text:080B20E3                   ; 
---------------------------------------------------------------------------
.text:080B20E3
.text:080B20E3                   loc_80B20E3: 
 ; CODE XREF: sub_80B1F80+151j
.text:080B20E3 80 7B 02 29                       cmp     byte ptr 
[ebx+2], 29h
.text:080B20E7 75 EA                             jnz     short loc_80B20D3
.text:080B20E9 E9 15 FF FF FF                    jmp     loc_80B2003

Changing the 0Ch and 29h to fit one's needs works perfectly, and 
generated addresses will fall in the good range of MAC addresses. If you 
use vmware-natd, then you'll have to enable the AllowAnyOUI option.

Only modify the binary if you know what your are doing.

Regards,

Kostya Kortchinsky
CERT RENATER
French Honeynet Project

Joe Hickory wrote:

> hi list, 
> i am trying to set up a virtual honeynet within vmware. can i change the mac
> address 
> for the clients to other than 00:50:56:XX:XX:XX ? i changed the mac entry in
>
> client.vmx to static and tried an other mac address. i just want to set the
> addresses 
> to sth. like 00:60:94:XX:XX:XX which is AMD PCNET PCI. i dont want to get my
> guests 
> nics fingerprinted as a vmware nic. 
>  
> anyone has a hint for me 
> tia 
> joe