DropCam on a Captive Portal

This article is better titled, "how to impersonate a MAC" or "how to spoof a MAC on a Mac."

So you're at a hotel and want to use the DropCam you brought along to keep an eye on the baby while you kick it in the next room.

Only issue is that the hotel makes you enter your room number and a password they've given you, in a captive portal.

What do you do?

Easy, since most wireless setups whitelist devices based on their hardware address (MAC) you can get your DropCam on the network by pretending to be the DropCam on your MacBook and logging in before you turn the DropCam on.

How do you do this?

  1. Find your MacBook's MAC address. E.g. ifconfig en1|grep ether|awk '{print $2}' This will return something like 00:11:33:33:77:00

  2. Record MacBook's mac address. Pens are overrated. Use vim.

  3. Find DropCam's serial. Hint, it's on the back. When you enter this value below, separate every two characters with a colon.

  4. Impersonate Dropcam E.g. sudo ifconfig en1 ether [dropcam serial goes here]

    You'll need to disable then re-enable your wifi after running the command above. Run ifconfig en1|grep ether|awk '{print $2}' after restarting your wifi and you should see the DropCam's serial if it worked.

  5. Login to Wifi.

  6. Un-impersonate the DropCam, again wifi restart is required. Put your MacBook's address in instead of my 1337 MAC address: sudo ifconfig en1 ether 00:11:33:33:77:00

  7. Plug DropCam into MacBook and configure.

To keep it easy in the future and so I don't forget the commands, I've added these aliases to my zsh (or bash) profile:

# mac settings
alias spoof='sudo ifconfig en1 ether'
alias unspoof='sudo ifconfig en1 ether 00:11:33:33:77:00'

and on a (rooted) Android Phone:

su
busybox iplink show wlan0
busybox ifconfig wlan0 hw ether XX:XX:XX:XX:XX:XX
busybox iplink show wlan0

no need to restart networking.

switch it back when you're done:

busybox ifconfig wlan0 hw ether XX:XX:XX:XX:XX:XX