Finding MAC Address

At Thu, 24 May 2007 23:02:14 -0700, Ravi let his monkeys type:

Hey

any body knows how can i find my system mac address using php.

it's very urgent.....
thanks in advance

Ravindra.Y

I don't think that's possible directly from PHP.
PEAR has a MAC-address validator (Net-MAC), but that doesn't read out your
HWaddr, it just accepts strings.

On linux you could use exec() with a script wrapping the ifconfig command
and grep for HWadd, or use arp. Script probably needs to run suid

On windows you are looking for ipconfig (XP and up), but I think you need
some additional tool to succesfully spawn OS processes and return output.
The name pstools comes to mind. Not sure if that's correct

Why you would want/need to discover the *server's* MAC address
dynamically is beyond me though.

But I bet there are valid uses for it!
Sh.

Thanks i used ifconfig it is working fine.

At Thu, 24 May 2007 23:56:54 -0700, Ravi let his monkeys type:

Thanks i used ifconfig it is working fine.

Yw, could you tell what practical use this has ? Curious!
Sh.

Our project is a IPPBX system which we want to bind it to a particular
MAC address that will be the server .No other system can use the code..

Ravi wrote:

Our project is a IPPBX system which we want to bind it to a particular
MAC address that will be the server .No other system can use the code..

Hi Ravi,

I hope you know that the command
ifconfig hw ether XXX
sets a NICs MAC to XXX ;-)

Roy

I hope you know that the command
ifconfig hw ether XXX
sets a NICs MAC to XXX ;-)

Roy

I used ifconfig -a etch0 from that out put i have taken the mac.

At Fri, 25 May 2007 00:06:31 -0700, Ravi let his monkeys type:

Our project is a IPPBX system which we want to bind it to a particular
MAC address that will be the server .No other system can use the code..

Don't rely on MAC address to provide a foolproof authentication.
They can easily be changed, and anyone on a network can quite easily
discover the server's MAC address.

Sh

we will take the mac address from the customer and adding the system
date and time after encrypting it using Md5 keeping it some where else
in my code that to encrypted...

can u find out the logic
JGNvZGVsb2NrX2NvZGU9IklDUnZkWFFnUFdGeWNtRjVLQ2s3RF FvZ1pYaGxZeWdpYVdaamIyNW1hV2NnTFdFZ1pYUm9NQ0lzSkc5 MWRDazdJQTBLSUNSaGNuSWdQU0J6ZEhKeVpYWW9jM1J5ZEc5ck tITjBjbkpsZGlna2IzVjBXekJkS1N3bklDY3BLVHNOQ2lBa1pI UnBiV1VnUFNBaU1qVXdOVEl3TURjeE1UZ3dNRGMzTURRMElqc0 5DaUFrWm5BZ1BTQm1hV3hsS0NKTWFXTmxibU5sTG1SaGRDSXBP dz09IjsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIkAiLC JDQWciLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2Rl PXN0cl9yZXBsYWNlKCIhIiwgIlc1IiwgJGNvZGVsb2NrX2NvZG UpOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiKiIsICJD QWdJIiwgJGNvZGVsb2NrX2NvZGUpOyAkY29kZWxvY2tfY29kZT 1iYXNlNjRfZGVjb2RlKCRjb2RlbG9ja19jb2RlKTsgZXZhbCgk Y29kZWxvY2tfY29kZSk7IAo=

This is the actual code

On May 25, 5:24 am, Ravi <Ravindrayep...@gmail.comwrote:

can u find out the logic
JGNvZGVsb2NrX2NvZGU9IklDUnZkWFFnUFdGeWNtRjVLQ2s3RF FvZ1pYaGxZeWdpYVdaamIyNW1 hV2NnTFdFZ1pYUm9NQ0lzSkc5MWRDazdJQTBLSUNSaGNuSWdQU 0J6ZEhKeVpYWW9jM1J5ZEc5ck tITjBjbkpsZGlna2IzVjBXekJkS1N3bklDY3BLVHNOQ2lBa1pI UnBiV1VnUFNBaU1qVXdOVEl3T URjeE1UZ3dNRGMzTURRMElqc05DaUFrWm5BZ1BTQm1hV3hsS0N KTWFXTmxibU5sTG1SaGRDSXBP dz09IjsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIkAiLC JDQWciLCAkY29kZWxvY2tfY29 kZSk7ICRjb2RlbG9ja19jb2RlPXN0cl9yZXBsYWNlKCIhIiwgI lc1IiwgJGNvZGVsb2NrX2NvZG UpOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiKiIsICJD QWdJIiwgJGNvZGVsb2NrX2NvZ GUpOyAkY29kZWxvY2tfY29kZT1iYXNlNjRfZGVjb2RlKCRjb2R lbG9ja19jb2RlKTsgZXZhbCgk Y29kZWxvY2tfY29kZSk7IAo=

This is the actual code

Base64 encoding is not encryption. Your code is:

$codelock_code="$out =array();
exec("ifconfig -a eth0",$out);
$arr = strrev(strtok(strrev($out[0]),' '));
$dtime = "250520071180077044";
$fp = file("Licence.dat");";
$codelock_code=str_replace("@","CAg", $codelock_code);
$codelock_code=str_replace("!", "W5", $codelock_code);
$codelock_code=str_replace("*", "CAgI", $codelock_code);
$codelock_code=base64_decode($codelock_code);
eval($codelock_code);

You may want to reconsider your approach.

Ravi wrote:

we will take the mac address from the customer and adding the system
date and time after encrypting it using Md5 keeping it some where else
in my code that to encrypted...

can u find out the logic
JGNvZGVsb2NrX2NvZGU9IklDUnZkWFFnUFdGeWNtRjVLQ2s3RF FvZ1pYaGxZeWdpYVdaamIyNW1hV2NnTFdFZ1pYUm9NQ0lzSkc5 MWRDazdJQTBLSUNSaGNuSWdQU0J6ZEhKeVpYWW9jM1J5ZEc5ck tITjBjbkpsZGlna2IzVjBXekJkS1N3bklDY3BLVHNOQ2lBa1pI UnBiV1VnUFNBaU1qVXdOVEl3TURjeE1UZ3dNRGMzTURRMElqc0 5DaUFrWm5BZ1BTQm1hV3hsS0NKTWFXTmxibU5sTG1SaGRDSXBP dz09IjsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIkAiLC JDQWciLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2Rl PXN0cl9yZXBsYWNlKCIhIiwgIlc1IiwgJGNvZGVsb2NrX2NvZG UpOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiKiIsICJD QWdJIiwgJGNvZGVsb2NrX2NvZGUpOyAkY29kZWxvY2tfY29kZT 1iYXNlNjRfZGVjb2RlKCRjb2RlbG9ja19jb2RlKTsgZXZhbCgk Y29kZWxvY2tfY29kZSk7IAo=

This is the actual code

You miss the point. What happens if I set my mac address to be the
same? If your server is available to the internet, it's mac address is
available. And that means I can change it on my system.

Mac addresses are NOT useful for security.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

At Fri, 25 May 2007 02:24:46 -0700, Ravi let his monkeys type:

we will take the mac address from the customer and adding the system
date and time after encrypting it using Md5 keeping it some where else
in my code that to encrypted...

can u find out the logic
JGNvZGVsb2NrX2NvZGU9IklDUnZkWFFnUFdGeWNtRjVLQ2s3RF FvZ1pYaGxZeWdpYVdaamIyNW1hV2NnTFdFZ1pYUm9NQ0lzSkc5 MWRDazdJQTBLSUNSaGNuSWdQU0J6ZEhKeVpYWW9jM1J5ZEc5ck tITjBjbkpsZGlna2IzVjBXekJkS1N3bklDY3BLVHNOQ2lBa1pI UnBiV1VnUFNBaU1qVXdOVEl3TURjeE1UZ3dNRGMzTURRMElqc0 5DaUFrWm5BZ1BTQm1hV3hsS0NKTWFXTmxibU5sTG1SaGRDSXBP dz09IjsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIkAiLC JDQWciLCAkY29kZWxvY2tfY29kZSk7ICRjb2RlbG9ja19jb2Rl PXN0cl9yZXBsYWNlKCIhIiwgIlc1IiwgJGNvZGVsb2NrX2NvZG UpOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiKiIsICJD QWdJIiwgJGNvZGVsb2NrX2NvZGUpOyAkY29kZWxvY2tfY29kZT 1iYXNlNjRfZGVjb2RlKCRjb2RlbG9ja19jb2RlKTsgZXZhbCgk Y29kZWxvY2tfY29kZSk7IAo=

This is the actual code

You can make a contest out of this topic, but it won't get you further. I
think you are reinventing a broken wheel. A simple session based script
with a login and a decent password scheme beats your 'security' by miles.

Starting something based on wrong assumptions is called a mistake. All
people make mistakes.
Smart people learn from them and know when to abandon their original idea.
Stubbornly holding on to a flawed concept is no mistake, it's just plain
dumb.

Be smart, toss out the (time+MAC+whatevernon-random-stuff)-seeded
authentication gizmo and start afresh.

Sh.

On May 25, 4:32 pm, Matt <mbkauf...@gmail.comwrote:

On May 25, 5:24 am, Ravi <Ravindrayep...@gmail.comwrote:

can u find out the logic
JGNvZGVsb2NrX2NvZGU9IklDUnZkWFFnUFdGeWNtRjVLQ2s3RF FvZ1pYaGxZeWdpYVdaamIyNW1 hV2NnTFdFZ1pYUm9NQ0lzSkc5MWRDazdJQTBLSUNSaGNuSWdQU 0J6ZEhKeVpYWW9jM1J5ZEc5ck tITjBjbkpsZGlna2IzVjBXekJkS1N3bklDY3BLVHNOQ2lBa1pI UnBiV1VnUFNBaU1qVXdOVEl3T URjeE1UZ3dNRGMzTURRMElqc05DaUFrWm5BZ1BTQm1hV3hsS0N KTWFXTmxibU5sTG1SaGRDSXBP dz09IjsgJGNvZGVsb2NrX2NvZGU9c3RyX3JlcGxhY2UoIkAiLC JDQWciLCAkY29kZWxvY2tfY29 kZSk7ICRjb2RlbG9ja19jb2RlPXN0cl9yZXBsYWNlKCIhIiwgI lc1IiwgJGNvZGVsb2NrX2NvZG UpOyAkY29kZWxvY2tfY29kZT1zdHJfcmVwbGFjZSgiKiIsICJD QWdJIiwgJGNvZGVsb2NrX2NvZ GUpOyAkY29kZWxvY2tfY29kZT1iYXNlNjRfZGVjb2RlKCRjb2R lbG9ja19jb2RlKTsgZXZhbCgk Y29kZWxvY2tfY29kZSk7IAo=

This is the actual code

Base64 encoding is not encryption. Your code is:

$codelock_code="$out =array();
exec("ifconfig -a eth0",$out);
$arr = strrev(strtok(strrev($out[0]),' '));
$dtime = "250520071180077044";
$fp = file("Licence.dat");";
$codelock_code=str_replace("@","CAg", $codelock_code);
$codelock_code=str_replace("!", "W5", $codelock_code);
$codelock_code=str_replace("*", "CAgI", $codelock_code);
$codelock_code=base64_decode($codelock_code);
eval($codelock_code);

You may want to reconsider your approach.

You r right but
How u decrypted that??? base64_decode is not working. Can you tell me
how can i fix it to a particular system.

On May 25, 9:45 am, Ravi <Ravindrayep...@gmail.comwrote:

You r right but
How u decrypted that??? base64_decode is not working. Can you tell me
how can i fix it to a particular system.

Again, it wasn't encrypted. Base64 is an encoding, NOT encryption.
base64_decode() will reverse it. Attempting to encrypt your code in
order to keep your methods secret is almost sure to fail without a
very solid background in cryptography.

IMO, the entire approach is flawed, as others have noted. Check out
the other posts and heed their advice.

Ok people my assumption was wrong... Matt can u tell me how u decode
it because i tryied but base64_decode() function is showing nothing. i
used codelock software for this. But now i don't want to use it any
more i wnat to do it myself with a fresh logic...

any suggestion or help to do it....

Ravi

>Our project is a IPPBX system which we want to bind it to a particular

>MAC address that will be the server .

The term for this is Defective By Design. It probably violates a
Microsoft patent.

Oh, yes, you do know that many servers have multiple MAC addresses,
don't you?

>No other system can use the code..

It doesn't matter how much you encrypt the code: you have to include
the key to the code along with the code, assuming that the *AUTHORIZED*
server can actually use it (Letting the authorized server actually
use the code is probably a very bad idea). There's this outfit
called the AACS that tries to design copy-protection schemes for
HD-DVD. They failed, so they changed the key. The new key was
cracked very quickly, even before the DVDs with the new key got
released.

You really think you can do better? I'll give you a few hints:
- Don't distribute it.
- Don't even write it in the first place.
- Destroy all the copies of it.

>You miss the point. What happens if I set my mac address to be the

>same? If your server is available to the internet, it's mac address is
available. And that means I can change it on my system.

No, the MAC address of my server is available to machines on my
local LAN, and perhaps the first ISP router at their end of a DSL
line or cable modem. It is *NOT* available to most machines on the
internet. The MAC address *your* computer sees for most every
machine on the internet is likely to be the closest router of your
ISP, or that of a router in your home. If you have a dialup modem
line, you might not see a MAC address at all.

However, it probably doesn't matter. In order for the code to check
the MAC address to be run on the server, it has to be in unencrypted
form on the server. So whatever encryption you use, you also have
to include the key.

>Mac addresses are NOT useful for security.

Definitely agree here. You can easily change your MAC address to be
anything you want.

On May 26, 2:59 am, Ravi <Ravindrayep...@gmail.comwrote:

Ok people my assumption was wrong... Matt can u tell me how u decode
it because i tryied but base64_decode() function is showing nothing. i
used codelock software for this. But now i don't want to use it any
more i wnat to do it myself with a fresh logic...

any suggestion or help to do it....

Ravi

You can decode it with any base64 decoder. Try the one at
http://www.opinionatedgeek.com/dotne.../Base64Decode/ for
example.

I can't stress enough how much you should listen to what the other
posters are saying. The problem isn't the *software* that you are
using to obfuscate your code. The problem is that this is not a good
design for securing an application. Code obfuscation is only a way to
make it harder for people to figure out your code, but it won't stop a
talented hacker. It might not even stop a novice hacker. In fact, it
will probably encourage them to explore your code further.

So, don't try to obfuscate, hide or encrypt the code for security
purposes. Rather, use established security mechanisms that properly
authenticate users or systems. Mechanisms such as passwords and
certificates, when used properly, are wonderful means to accomplish
this.