Table of Contents

Shortnote

The following differential patch against the Avination viewer will generate a random string of 32 hexa-decimal characters that are totally unrelated to the user's MAC address. The same patch may function for Singularity and is meant to dodge MAC-based bans (for example, the iptables network MAC ban we documented for OpenSim). The method involved adding a method that generates 32 character long hex strings and replacing the hashed_mac in the source-code with the output of that function.

The effect is that every time the viewer is used to connect to either Second Life or OpenSim it will generate a new hash making the user's actual machine difficult to track. On OSX this is a better idea than changing the MAC address every time on boot.

Example Generated Connection Data

These examples were created by listening on a LAN address using: 

nc -l 9000

and then attempting to connect to that address using the loginURI http://192.168.2.9:9000 to connect to the machine and port where netcat is listening.

The REST XML string sent by the viewer indicates that the MAC address now changes every time we connect.

First Connect

<name>mac</name>
<value>
  <string>ac20f57371d7cc1f40241c408fe424f6</string>
</value>

Second Connect

<name>mac</name>
<value>
  <string>bd673d26df0fbca557547395d71d77fa</string>
</value>

Code

mac_obfuscate.patch
--- 0.3.2.2.original/indra/newview/lluserauth.cpp	2012-03-15 23:30:36.000000000 +0200
+++ 0.3.2.2/indra/newview/lluserauth.cpp	2013-02-24 23:34:00.000000000 +0200
@@ -67,6 +67,17 @@
 #error("Unknown platform defined!")
 #endif
 
+char* wasRandom32Hex(void) {
+  static const char am[] = "0123456789abcdef";
+  char* s = (char*) malloc(33);
+  srand(time(NULL));
+  int i;
+  for (i=0; i<32; ++i) {
+    s[i] = am[rand()%(sizeof(am)-1)];
+  }
+  s[i] = '\0';
+  return s;
+}
 
 LLUserAuth::LLUserAuth() :
 	mTransaction(NULL),
@@ -134,7 +145,7 @@
 	XMLRPC_VectorAppendString(params, "channel", LL_CHANNEL, 0);
 	XMLRPC_VectorAppendString(params, "platform", PLATFORM_STRING, 0);
 
-	XMLRPC_VectorAppendString(params, "mac", hashed_mac.c_str(), 0);
+	XMLRPC_VectorAppendString(params, "mac", wasRandom32Hex(), 0);
 	// A bit of security through obscurity: id0 is volume_serial
 
 	XMLRPC_VectorAppendString(params, "id0", hashed_volume_serial.c_str(), 0);
@@ -222,7 +233,7 @@
 	XMLRPC_VectorAppendString(params, "channel", LL_CHANNEL, 0);
 	XMLRPC_VectorAppendString(params, "platform", PLATFORM_STRING, 0);
 
-	XMLRPC_VectorAppendString(params, "mac", hashed_mac.c_str(), 0);
+	XMLRPC_VectorAppendString(params, "mac", wasRandom32Hex(), 0);
 	// A bit of security through obscurity: id0 is volume_serial
 	// ^^^^^^^^^^^^^^^^^^^^
 	// you fucking idiot - charbl