RightToPrivacy
/
wipri
4
1
Fork 1
Code Issues 4 Pull Requests Projects Releases Wiki Activity
wipri/wipri

545 lines
22 KiB
Bash
Raw Blame History

#!/bin/bash
#
# wipri: WiFi/LAN Privacy Metadata Spoof/unique continual randomization options (device mimic/disinfo enhancement)
# MAC/device/WiFi TX randomizer + SSID/WiFi network randomization
#
# Run wipri -H for help/examples (as well as tips below)
#
#--------------------------------------------
#
# SUPPORT:
#
# Support Options Listed Here: https://buymeacoffee.com/politictech (+ public blog + more)
# CashApp: https://cash.app/$HumanRightsTech
# https://www.buymeacoffee.com/politictech/posts public blog posts, help to a coffee (if you like))
#
#---------------------------------------------
#
# SEE README.md FOR ADDITIONAL INFORMATION/LINKS
#
# WiPri MAC changer by default only uses valid OUI
# lists (why: invalid OUI's make your MAC more trackable)
# [You can also put your own .OUI lists together]
#
# Works out of box on most Linux (including most Pinephone/Linux phones)
# WiPri relies on built in Linux standards like ip to change mac address
#
# Issue: wipri -H
# for examples printout and descriptions;
#
# Unlike other mac changing, WiPri has unique function to ensures no leak on (static) -p, -m, -i modes
# as another backup to prevent mac leaks (setting mac again when change detected from flag/choice).
# ***WARNING: do not attempt to run conflicting commands on same device at same time as devices carry a single mac at a time
#
# Ethical REDTEAM/Human Rights purposes;
# Helping you lose those pesky advertising trackers/WiFi Beacon related;
# (Privacy: Declared a Universal Human Right under UN Dec Human Rights)
#
# NOTE: disables ipv6 by default for multiple reasons: ipv6 address
# can derive MAC address; to disable feature change turnipv6 variable to "off"
# [permanent disabling of ipv6 will need sys modification]
#
# Tip #1: -a enables 3 changes to happen simultaneously to mimic new
# devices: changes random MAC addresses/hostnames/txpower signal strengths,
# at varied, randomized continually changing (yet simultaneous) time periods;
#
# TIP #2: static flags recommended for home/work so as not flood home router w/new macs
# (ie: -p, -i, -m)
#
# TIP #3: continuously changing both times/mac addr flags for travel privacy/movement
# (ie: -r, -P, -a) (also -w flag to watch for disconnects and turn wifi off if not around saved net)
#
# TIP #4: If using -A for randomized SSID (hostapd), select a static mac randomization for simultaneous change to mimic new wifi network
#
# *If you try experimental txpower options be sure to keep 'hightx'
# variable low enough to do so within your countries regulations*
#
#---------------------------------------------------------------------
# PLEASE FILE ISSUE ON REPOSITORY BELOW: OR LEAVE USAGE PROBLEM COMMENT ON VIDEO/BLOG
#
#
# DOWNLOADS/SCRIPTS/CODE:
# Anonymous Code Host Tor .onion (Main): http://gg6zxtreajiijztyy5g6bt5o6l3qu32nrg7eulyemlhxwwl6enk6ghad.onion/RightToPrivacy/WiPri
# Gitlab: https://gitlab.com/Aresesi - Repository (backup)
# Github: https://github.com/righttoprivacy - Repository (backup)
#
#
# SOCIAL MEDIA:
# https://www.fosstodon.org/@RTP - Follow on Mastodon
# https://twitter.com/tvprivacy - Follow on Twitter
#
#
# VIDEO CHANNELS:
#
# ODYSEE: https://odysee.com/@RTP
# PEERTUBE: https://tube.tchncs.de/video-channels/privacy__tech_tips
# https://www.youtube.com/channel/UChVCEXzi39_YEpUQhqmEFrQ - videos on Linux/tech
# BITCHUTE: https://www.bitchute.com/yourprivacytv
#
# e-mail: <righttoprivacy[at]tutanota.com> (private (ethical) consulting available upon request)
# Free answers to questions in video/blog comments (maybe your question can help others!) :)
#
# BLOG:
#
# https://www.buymeacoffee.com/politictech/posts - Main Blog Posts/Extras (Public)
# https://politictech.wordpress.com - Backup Blog
#---------------------------------------------------------------------
# Text Colors
export BLUE='\033[1;94m'
export GREEN='\033[1;92m'
export RED='\033[1;91m'
export ENDCOLOR='\033[1;00m'
cat << "EOF"
@@ @@
@@ @@ ,@@ @.
&@ @@ @@ @& @@ @
@@ @@ @@ @@ @@ @@
@( @@ @@ [WiPri 1.2]@@ @@ @@
@@ @@ @ *@ @@ @@
@@ @@ .--.' @@ @@
@@ . |0_0 |' @@ @@
@@ |:_/ |' & @@
// \ \'
(| | )'
/'\_ _/'\\'
\___)=(___/'
██╗ ██╗██╗██████╗ ██████╗ ██╗
██║ ██║██║██╔══██╗██╔══██╗██║
██║ █╗ ██║██║██████╔╝██████╔╝██║
██║███╗██║██║██╔═══╝ ██╔══██╗██║
╚███╔███╔╝██║██║ ██║ ██║██║
╚══╝╚══╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚═╝
EOF
echo -e "[ $WHITE MAC/Hostname/TX Randomizer $ENDCOLOR ] $BLUE LAN/WiFi Device Privacy$ENDCOLOR"
echo ""
echo -e "$BLUE concept/code: $ENDCOLOR $RED righttoprivacy@tutanota.com $ENDCOLOR"
echo ""
echo -e "${WHITE} ----------------------------------------------------------- ${ENDCOLOR}"
echo -e "$BLUE Detected Devices: $ENDCOLOR"
nmcli dev status|awk '{print $1;}'| grep -v 'lo'| grep -v 'p2p' || echo "$RED nmcli not found:$ENDCOLOR $BLUEdon't worry, it was optional.$ENDCOLOR"
echo -e "$BLUE Usage: $ENDCOLOR"
echo "wipri -d [device][any combination of below flags here]"
echo "-w [turn off wifi radio when not connected for 2min] (can be used with other flags)"
echo "-a [anonymous/ghost mode: continuously change MAC/hostname/signal strength at"
echo " continuously changing [coordinated/simultaneous] times/addresses to mimic new devices"
echo "-p [static smartphone mimic] Set single static Samsung/Apple MAC identity"
echo "-P [changing smartphone mimics] continously changing Samsung/Apple at rand times/mac addr"
echo "-r [randomizes mac continually changing times/addresses]"
echo "-m [Static MAC (Your Choice) Here]"
echo "-i [rand (valid) MAC identity]"
echo "-h [rand hostname]"
echo "-R [restore to original hostname]"
echo "-s [random signals]"
echo "-S [continual changing random signal strengths, continually changing random time periods]"
echo "-A [generic randomized WiFi SSID (AP)]"
echo "-H help"
echo -e "${BLUE} To see multiple examples/descriptions see:${ENDCOLOR} ${WHITE} wifi -H ${ENDCOLOR}"
echo ""
# VARIABLES
checktime=".5" # seconds between mac addr checks: lower = more frequent checks
hightime="600" # Make this number higher if you want randomization times longer
lowtime="300" # Make this number lower to lower min time randomized
rando=$((RANDOM%$hightime+$lowtime)) # Create Random time
kernmit="on" # Turn on to mitigate kernel (warning: passes changes to kernel) - it's optional
oui_file='/etc/wipri/final.OUI' # Valid OUI list required for verifiable MAC addresses
phoui_file='/etc/wipri/phone.OUI' # phone OUI file
# WiPri mitigation kern
if [ $kernmit == "on" ]; then
#sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1 >/dev/null
#sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1 >/dev/null
#sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1 >/dev/null
sudo sysctl -w net.ipv4.tcp_timestamps=0 >/dev/null
sudo sysctl -w net.ipv4.icmp_echo_ignore_all=1 >/dev/null
fi
# Hostname randomization - generic yet random hostname chosen
# Feel free to edit these arrays: keep in mind defaults are named strategically for a random yet generic base
echo -e "${BLUE}Checking For Saved Hostname File...${ENDCOLOR}"
if [ -f /etc/wipri/hostname.saved ]; then
echo -e "${GREEN}Hostname File Exists.${ENDCOLOR}"
else
echo $HOSTNAME > /etc/wipri/hostname.saved
echo "Original Hostname Saved. Use -R to restore"
fi
function hostn {
array[0]="localhost"
array[1]="laptop"
array[2]="computer"
array[3]="DESKTOP"
array[4]="Owner-iPhone"
array[5]="PC"
array[6]="Toshiba"
array[7]="WORKGROUP"
array[8]="macbook"
array[9]="mac"
array[10]="phone"
groupnum=$[ $RANDOM % 11 ]
hostbase=${array[$groupnum]}
hostnamectl set-hostname $hostbase
### Below commented out for now - reverted back to more generic as this was 2yr ago (better blending in)
# if [ $hostbase == "localhost" ]; then
# hostnamectl set-hostname localhost
# echo -e "$BLUE hostname is $RED'localhost'$ENDCOLOR, $BLUE a fine generic Linux hostname. $ENDCOLOR"
# elif [ $hostbase == "My-iPhone" ]; then
# randhostname="My-iPhone"
# hostnamectl set-hostname My-iPhone
# /bin/echo -e "$BLUE Hostname (logged by router/network) is now $ENDCOLOR $RED My-iPhone $ENDCOLOR"
# elif [ $hostbase != "localhost" ]; then
# randhostname="$hostbase-$RANDOM"
# hostnamectl set-hostname $randhostname
# /bin/echo -e "$BLUE Hostname (logged by router/network) is now $ENDCOLOR$RED$randhostname $ENDCOLOR"
# fi
dhclient -r $netdev
dhclient $netdev
}
# MAC randomization/setting
function macrand {
hexchar="abcdef0123456789"
beg=$(shuf -n 1 $oui_file) # $oui_file contains important info to generate valid random macs: ma>
end=$( for i in {1..6} ; do echo -n ${hexchar:$(( $RANDOM % 16 )):1} ; done | sed -e 's/\(..\)/:\1/g' )
mac=$beg$end
/bin/echo -e "$BLUE Changing MAC to:${ENDCOLOR} $RED$mac$ENDCOLOR"
ip link set dev $netdev down;ip link set dev $netdev address $mac;ip link set dev $netdev up;
echo ""
}
# MAC randomization (phone version- temp version)
function phmacrand {
hexchar="abcdef0123456789"
beg=$(shuf -n 1 $phoui_file) # $phoui_file contains important info to generate valid random phone macs
end=$( for i in {1..6} ; do echo -n ${hexchar:$(( $RANDOM % 16 )):1} ; done | sed -e 's/\(..\)/:\1/g' )
mac=$beg$end
/bin/echo -e "$BLUE Changing MAC to:${ENDCOLOR} $RED$mac$ENDCOLOR"
ip link set dev $netdev down;ip link set dev $netdev address $mac;ip link set dev $netdev up;
echo ""
}
# Signal TX strength randomization to confuse location trackers by signal strength (experimental)
function signaljumper() {
hightx=30 # WARNING: stay w/in bounds of tx regulations for your country
lowtx=3 # lower number for txpower variations
echo -e "$BLUE signal variation (experimental): $RED ON $ENDCOLOR"
randtx=$((RANDOM%$hightx+$lowtx))
sleep 1
iwconfig $netdev txpower $randtx
echo -e "$BLUE setting $netdev tx power: $RED $randtx"
}
# checks current mac address to be sure firmware didn't change it/crash/set back mac;
# when device is detected to have wrong mac, immediately set back to our valid OUI random addr
function maccheck() {
while :
do
curmac=$(cat /sys/class/net/$netdev/address)
sleep .25
if [ "$curmac" != "$mac" ]; then
echo "Sys MAC addr chang detected. Fixing!"
ip link set dev $netdev down;ip link set dev $netdev address $mac;ip link set dev $netdev up;
fi
sleep $checktime
done
}
# w flag to mitigate wifi probe SSID leaks (seemed necessary - set it and forget it) ;)
# This can be used in wipri command, or installed as wipri boot service
# feel free to mix up different flags to run things how you like (don't forget the -d flag to set dev)
### NOTICE: if you use this w flag, be aware it turns wifi radio off if you aren't connected for 3min - simply re-enable it if needed
function watchdev() {
echo -e "${BLUE} Checking $netdev To Protect Against WiFi Saved SSID Probe Req Leaks${ENDCOLOR}\n"
while :
do
sleep 400 # time period to wait between checks
dstatus=$(cat /sys/class/net/$netdev/operstate)
if [ "$dstatus" != "up" ]; then
echo -e "${GREEN}$netdev${ENDCOLOR} ${RED}NOT UP...${ENDCOLOR}\n" && sleep .5
echo -e "${BLUE}Turning WiFi Radio $netdev ${RED}OFF${ENDCOLOR} to prevent WiFi Probe Req SSID leaks${ENDCOLOR}\n" && sleep .5
nmcli radio wifi off || echo -e "${RED}ERR FAILED TO TURN OFF RADIO${ENDCOLOR}\n" && continue
echo -e "${GREEN}SUCCESSFULLY TURNED WIFI RADIO${ENDCOLOR} ${RED}OFF${ENDCOLOR}"
fi
done
}
########## Begin access point stuff - experimental (for my own amusement at this time)
# Base name for network changes
# *These are common in US: feel free to edit to match your area*
namebase1="NETGEAR"
namebase2="FiOS"
namebase3="HOME"
namebase4="xfinitywifi"
# If setting nc (netcat) notify set "off" disregard below
ncnotify="off" # Turn on or off netcat name change notification
ncport="60821" # port to send name changes
ncprotocol="tcp" # netcat protocol [udp/tcp]
ncserver="192.168.42.38" # netcat server to notify each name change (static ip/name)
# **NOTE** edit these as needed to match your needs/system
hostapdconf='/etc/hostapd/hostapd.conf' # location for hostapd.conf file
netdev="wlan0" # Edit this to match your hostapd wifi device [-d flag should set this ]
netname() {
array[0]="$namebase1"
array[1]="$namebase2"
array[2]="$namebase3"
array[3]="$namebase4"
groupnum=$[ $RANDOM % 4 ]
randname=${array[$groupnum]}
echo "base is: $randname"
chars=$(cat /dev/random | tr -dc 'A-Z0-9' | fold -w 5 | head -n 1)
# Randomizing (Comcast = default: change $namebase3 to match your area)
if [ $randname == "$namebase3" ]; then
randname=$randname-$chars
# Randomizing (FiOS is default: change $namebase2 value to match your area)
elif [ $randname == "$namebase2" ]; then
randname=$randname-$chars
# Randomizing (NETGEAR default: change $namebase1 value mods this)
elif [ $randname == "$namebase1" ]; then
randname=$randname$RANDOM #| fold -w 10
# Common US name (change $namebase4 variable value above to change)
elif [ $randname == "$namebase4" ]; then
randname="$namebase4"
#/bin/echo -e "$BLUE Your new computer hostname (logged by router/network) is now \e[1;31m$randhostname"
else
randname="Guest"
fi
echo "SSID Name:"
echo "$randname"
}
# Notify server of new name changes [Work in progress- set the $ncnotify variable above to 'yes' or 'no' to turn off]
notify() {
if [ $ncnotify == "off" ]; then
echo -n $randname >>/dev/$ncprotocol/$ncserver/$ncport
fi
}
########## End access point stuff
# flags
while getopts ":d:wapPrm:ihRsAH" arg; do
case $arg in
# Device setting [-d devicename] [REQUIRED: with all MAC related functions]
d)
netdev=${OPTARG}
echo -e "device is $RED $netdev $ENDCOLOR"
export netdev
;;
# watches device and if disconnected long enough, bring down to prev identifier leaks
# as mactrack python script demonstrated, saved SSID's and more can leak if not using this flag
# and these can be used to track saved wifi locations (mactrack script links to wigle lookups for demo)
w)
watchdev &
;;
# Anonymous/private mode: continually changing MAC/hostname/signal strength
# coordinating all 3 options to happen simultaneously scheduled at
# continually changing randomized time periods
a)
echo -e "$BLUE WiPri Anonymous mode starting... $ENDCOLOR"
echo -e "$BLUE [Coordinated MAC/Hostnames/Txpower] - at continually changing times/addresses] $ENDCOLOR"
echo -e "$BLUE [randomized MAC addresses + hostnames + signal strength in unison help confuse trackers]"
echo ""
/bin/echo -e "$BLUE ghosting MAC/device name $ENDCOLOR: $BLUE random times at random addresses '(MAC address in privacy mode)'"
while :
do
unset rando;unset mac;unset randtx
rando=$((RANDOM%$hightime+$lowtime))
sleep .5
macrand ; hostn; signaljumper
# maccheck - to be worked out later
echo ""
/bin/echo -e "$BLUE next changes [New Device]: random times/MAC addresses/signal in: $RED $rando $ENDCOLOR$BLUE sec $ENDCOLOR"
sleep $rando
# killall -9 maccheck
done
;;
# static phone mac mimic: generate/set single valid OUI (Apple/Android) based mac and hold it
p)
echo -e "${BLUE} new static random cellphone MAC identity (retained/checked to prevent leaks) ${ENDCOLOR}"
phmacrand
maccheck
;;
# cellphone continuous mimics (Samsung/Apple mac addresses- continually changing times/random mac addresses)
P)
while :
do
rando=$((RANDOM%$hightime+$lowtime))
phmacrand
# maccheck TBC
echo -e "$RED randomizing MAC addresses at continually changing times/iPhone / Android addresses $ENDCOLOR"
/bin/echo -e "$BLUE Changing MAC to: $RED$mac$ENDCOLOR"
/bin/echo -e "$BLUE next changes: random times, random addresses in: $RED $rando$BLUE sec$ENDCOLOR"
sleep $rando
# killall -9 maccheck
done
;;
# Continually randomizing MAC address mode [changing times/addresses- all brands]
r)
echo -e "$RED randomizing MAC address at continually changing times/addresses $ENDCOLOR"
while :
do
rando=$((RANDOM%$hightime+$lowtime))
macrand
# maccheck # TBC
/bin/echo -e "$BLUE Changing MAC to: $RED$mac$ENDCOLOR"
/bin/echo -e "$BLUE next changes: random times, random addresses in: $RED $rando$BLUE sec$ENDCOLOR"
sleep $rando
# killall -9 maccheck
done
;;
# Set your own static MAC choice with -m
m)
echo -e "$BLUE setting static: $RED ${OPTARG} $ENDCOLOR"
mac=${OPTARG}
ip link set dev $netdev down;ip link set dev $netdev address $mac;ip link set dev $netdev up;
maccheck
;;
# New MAC identity option [-i] single randomized MAC address to be held as long as wipri running
i)
echo -e "$BLUE new static random valid MAC identity ($RED HELD: $BLUE checked/retained to prevent leaks) $ENDCOLOR"
macrand
maccheck
;;
# Randomized hostname option -h [generic/common base w/randomized extension to blend in]
h)
hostn
;;
# Restore your previous MAC address [must have first used -h to save address]
R)
if [ ! -f /etc/wipri/hostname.saved ]; then
echo -e "$RED ERROR! Previously saved hostname does NOT exist!" >> /dev/stderr
sleep .5
echo ""
else
ORG_HOSTNAME=$(</etc/wipri/hostname.saved)
hostnamectl set-hostname $ORG_HOSTNAME
dhclient -r $netdev
dhclient $netdev
echo -e " $GREEN*$BLUE Hostname restored to $ORG_HOSTNAME\n"
sleep .5
rm /etc/wipri/hostname.saved
fi
;;
# Randomized signal at randomized changing times (NOTE: experimental proof of concept)
# continually changes signal radius for trackers adding confusion depending on layout
# can (depending on environment/trackers) simulate movement [EXPERIMENTAL]
# DISCLAIMER: be sure not to exceed any local regulations for tx
s)
while :
do
signaljumper
sleep $rando
done
;;
# Randomize WiFi Network Name (SSID)
# (If interested, see netcat notification closer to top of wipri)
# Set additional flags if you would like to set simultaneous random mac
### SSID randomization is super experimental/"just for fun", and offers netcat notification
### It's not meant to be convenient. It's one option for testing and not all hostapd accesspoints
### May be compatible with your system.
A)
netname
sed -i "3s/.*/ssid=$randname/" $hostapdconf
# TIP: include a wipri static mac flag to simultaneously change :)
# wipri -d $netdev -i & # uncomment this if you don't want to have to run flags for mac
systemctl restart hostapd
echo ' '
/bin/echo -e "$BLUE WiFi Network SSID changed to: $RED $randname $ENDCOLOR"
# Notify remote server of new name change via Netcat [set $ncnotify variable for on/off: default off]
notify
;;
# Examples/Help
H)
sleep .75
echo ""
echo -e "$WHITE WiPri uses whichever flags you choose to use. $ENDCOLOR"
echo -e "$RED [Careful not to combine flags that conflict with one another] $ENDCOLOR"
echo -e "$WHITE To use for seperate devices, run more than once instance $ENDCOLOR"
echo -e "$WHITE [I changed format to make integrating into scripts/programs/boot more efficient] $ENDCOLOR"
echo "" && sleep .2
echo -e "$WHITE Example #1:$ENDCOLOR wipri -d wlan0 -r -h on -s"
echo -e "$BLUE [Above] randomize wlan0 at continuously changing times/MAC addresses; randomize hostname; location randomization $ENDCOLOR"
echo -e "$BLUE -r mode is ideal for fluid situations- when travelling it can help protect identity; $ENDCOLOR"
echo -e "$WHITE Example #2:$ENDCOLOR wipri -d wlan1 -m 00:00:00:00:00:00 -h off -s off"
echo -e "$BLUE [Above] sets wlan1 MAC of your choice (static); hostname change [off]; signal changes [off]"
echo "" && sleep .2
echo -e "$WHITE Example #3:$ENDCOLOR wipri -d wlan0 -i -h -s"
echo -e "$BLUE [Above] sets wlan0 static random MAC identity; hostname changes; signal changes [on]"
echo "" && sleep .2
echo -e "$WHITE Example #4:$ENDCOLOR wipri -d wlan1mon -M"
echo -e "$BLUE [Above] sets wlan1mon to new random MAC identity (static/single MAC) hostname/signal changes both [OFF]"
echo "" && sleep .2
echo -e "$WHITE Example #5:$ENDCOLOR wipri -R"
echo -e "$BLUE [Above] sets/reverts back to original hostname: $RED NOTE: MUST HAVE USED -h PREVIOUSLY $ENDCOLOR"
echo "" && sleep .2
echo -e "$WHITE Example #6:$ENDCOLOR wipri -d wlan0 -a"
echo -e "$BLUE [Above] continuously changing: randomized [wlan0] MAC addresses + hostnames $ENDCOLOR"
echo -e "$BLUE + signal randomization, each changing at the same time, continually; $ENDCOLOR"
echo "" && sleep .2
echo -e "$WHITE Example #7:${ENDCOLOR} wipri -d wlan0 -P -s"
echo -e "$BLUE [Above] sets wlan0 continuously changing times/smartphone MAC identities; -s adds txpower changes [on]"
echo "" && sleep .2
echo -e "$WHITE Example #8:${ENDCOLOR} wipri -d wlan0 -p"
echo -e "$BLUE [Above] sets wlan0 to single random smartphone MAC identity"
echo "" && sleep .2
echo -e "$WHITE Example #9:${ENDCOLOR} wipri -d wlan0 -A"
echo -e "$BLUE [Above] sets wlan0 hostapd WiFi Access Point to randomized SSID (Network Name)${ENDCOLOR}"
echo "" && sleep .2
echo -e "${WHITE} Example #10:${ENDCOLOR} wipri -d wlan0 -w -p"
echo -e "${BLUE} [Above] sets wlan0 dev to both monitor for disconnects (turning wifi off then); until that time: static Apple/Android${ENDCOLOR}"
echo "" && sleep .2
echo -e "$WHITE For more details:$ENDCOLOR $RED README.md$ENDCOLOR"
;;
esac
done
Reference in New Issue View Git Blame Copy Permalink