欺骗后如何检测原始MAC地址?

时间:2012-03-03 12:42:05

标签: c# windows networking uniqueidentifier spoofing

我们使用以下代码检索Windows PC的活动MAC地址。

private static string macId()
{
    return identifier("Win32_NetworkAdapterConfiguration", "MACAddress", "IPEnabled");
}

private static string identifier(string wmiClass, string wmiProperty, string wmiMustBeTrue)
{
    string result = "";
    System.Management.ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    System.Management.ManagementObjectCollection moc = mc.GetInstances();
    foreach (System.Management.ManagementObject mo in moc)
    {
        if (mo[wmiMustBeTrue].ToString() == "True")
        {
            //Only get the first one
            if (result == "")
            {
                try
                {
                    result = mo[wmiProperty].ToString();
                    break;
                }
                catch
                {
                }
            }
        }
    }
    return result;
}
//Return a hardware identifier
private static string identifier(string wmiClass, string wmiProperty)
{
    string result = "";
    System.Management.ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    System.Management.ManagementObjectCollection moc = mc.GetInstances();
    foreach (System.Management.ManagementObject mo in moc)
    {
        //Only get the first one
        if (result == "")
        {
            try
            {
                result = mo[wmiProperty].ToString();
                break;
            }
            catch
            {
            }
        }
    }
    return result;
}

检索MAC地址工作正常。问题是当MAC地址被欺骗时它会返回欺骗的MAC地址。我们想要以某种方式检索原始MAC地址,该MAC地址是唯一的并且在工厂分配。有没有办法这样做?

4 个答案:

答案 0 :(得分:21)

我希望提供另一种选择。我不知道它是否真的能回答“一种独特识别任何计算机的方法” 但是,此方法查询System.Management中的Win32_BIOS类并返回一个很有可能是唯一的字符串。 (等待被拒绝!!)

/// <summary>
/// BIOS IDentifier
/// </summary>
/// <returns></returns>
public static string BIOS_ID()
{
    return    GetFirstIdentifier("Win32_BIOS", "Manufacturer")
            + GetFirstIdentifier("Win32_BIOS", "SMBIOSBIOSVersion")
            + GetFirstIdentifier("Win32_BIOS", "IdentificationCode")
            + GetFirstIdentifier("Win32_BIOS", "SerialNumber")
            + GetFirstIdentifier("Win32_BIOS", "ReleaseDate")
            + GetFirstIdentifier("Win32_BIOS", "Version");
}

/// <summary>
/// ManagementClass used to read the first specific properties
/// </summary>
/// <param name="wmiClass">Object Class to query</param>
/// <param name="wmiProperty">Property to get info</param>
/// <returns></returns>
private static string GetFirstIdentifier(string wmiClass, string wmiProperty)
{
    string result = string.Empty;
    ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    ManagementObjectCollection moc = mc.GetInstances();
    foreach (ManagementObject mo in moc)
    {
        //Only get the first one
        if (string.IsNullOrEmpty(result))
        {
            try
            {
                if (mo[wmiProperty] != null) result = mo[wmiProperty].ToString();
                break;
            }
            catch
            {
            }
        }
    }
    return result.Trim();
}

答案 1 :(得分:8)

可以有两种选择。

  1. 您可以使用之前提供的代码段获取MAC地址,并检查该MAC地址是否属于任何NIC(网络接口卡)。如果它不属于一个,则MAC地址显然是欺骗性的。以下是使用MAC地址找到NIC的代码

    using System.Net.Sockets;
using System.Net;
using System.Net.NetworkInformation;

string localNicMac = "00:00:00:11:22:33".Replace(":", "-"); // Parse doesn't like colons

var mac = PhysicalAddress.Parse(localNicMac);
var localNic =
NetworkInterface.GetAllNetworkInterfaces()
    .Where(nic => nic.GetPhysicalAddress().Equals(mac)) // Must use .Equals, not ==
    .SingleOrDefault();
if (localNic == null)
{
    throw new ArgumentException("Local NIC with the specified MAC could not be found.");
}

var ips =
    localNic.GetIPProperties().UnicastAddresses
    .Select(x => x.Address);

  2. 直接获取网卡地址。

    a. NWIF = dotnetClass "System.Net.NetworkInformation.NetworkInterface"  
b. the_Mac_array = NWIF.GetAllNetworkInterfaces() -- this is an array of all the Networks  
c. the_PhysicalAddress_Array = #()  
d. for net in the_Mac_array where (net.NetworkInterfaceType.toString()) == "Ethernet" do append   the_PhysicalAddress_Array ((net.GetPhysicalAddress()).toString())  
e. print the_PhysicalAddress_Array

    3. ((我在这里找到http://snipplr.com/view/23006/))

答案 2 :(得分:7)

我不得不写一些类似的东西,因为我使用了许多硬件参数来“激活”我的软件。

看看DeviceIoControl&amp; OID_802_3_PERMANENT_ADDRESS。 它有很多互操作代码(我的处理类是大约200行),但它保证了我的硬件代码。

一些代码片段可以帮助您前进,

private const uint IOCTL_NDIS_QUERY_GLOBAL_STATS = 0x170002;

[DllImport("Kernel32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern bool DeviceIoControl(
        SafeFileHandle hDevice,
        uint dwIoControlCode,
        ref int InBuffer,
        int nInBufferSize,
        byte[] OutBuffer,
        int nOutBufferSize,
        out int pBytesReturned,
        IntPtr lpOverlapped);

[DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
internal static extern SafeFileHandle CreateFile(
    string lpFileName,
    EFileAccess dwDesiredAccess,
    EFileShare dwShareMode,
    IntPtr lpSecurityAttributes,
    ECreationDisposition dwCreationDisposition,
    EFileAttributes dwFlagsAndAttributes,
    IntPtr hTemplateFile);

[Flags]
internal enum EFileAccess : uint
{
    Delete = 0x10000,
    ReadControl = 0x20000,
    WriteDAC = 0x40000,
    WriteOwner = 0x80000,
    Synchronize = 0x100000,

    StandardRightsRequired = 0xF0000,
    StandardRightsRead = ReadControl,
    StandardRightsWrite = ReadControl,
    StandardRightsExecute = ReadControl,
    StandardRightsAll = 0x1F0000,
    SpecificRightsAll = 0xFFFF,

    AccessSystemSecurity = 0x1000000,       // AccessSystemAcl access type

    MaximumAllowed = 0x2000000,         // MaximumAllowed access type

    GenericRead = 0x80000000,
    GenericWrite = 0x40000000,
    GenericExecute = 0x20000000,
    GenericAll = 0x10000000
}

// Open a file handle to the interface
using (SafeFileHandle handle = FileInterop.CreateFile(deviceName,
    FileInterop.EFileAccess.GenericRead | FileInterop.EFileAccess.GenericWrite,
    0, IntPtr.Zero, FileInterop.ECreationDisposition.OpenExisting,
    0, IntPtr.Zero))
{
    int bytesReturned;
    // Set the OID to query the permanent address
    // http://msdn.microsoft.com/en-us/library/windows/hardware/ff569074(v=vs.85).aspx
    int OID_802_3_PERMANENT_ADDRESS = 0x01010101;

    // Array to capture the mac address
    var address = new byte[6];
    if (DeviceIoControl(handle, IOCTL_NDIS_QUERY_GLOBAL_STATS,
        ref OID_802_3_PERMANENT_ADDRESS, sizeof(uint),
        address, 6, out bytesReturned, IntPtr.Zero))
    {
        // Attempt to parse the MAC address into a string
        // any exceptions will be passed onto the caller
        return BitConverter.ToString(address, 0, 6);
    }
}

答案 3 :(得分:1)

好吧,我不会把所有的钱都押在NetworkInterface类列出NetworkInterfaces的顺序上。 我的主板有2个适配器,每次重启时命令似乎都会切换。

所以这里有一个建议,对我有用(顺便说一下:积分可能是另一个很棒的stackoverflow贡献者,ty):

    public static string GetMACAddress()
    {
        NetworkInterface[] nics = NetworkInterface.GetAllNetworkInterfaces();
        //for each j you can get the MAC 
        PhysicalAddress address = nics[0].GetPhysicalAddress();
        byte[] bytes = address.GetAddressBytes();

        string macAddress = "";

        for (int i = 0; i < bytes.Length; i++)
        {
            // Format the physical address in hexadecimal. 
            macAddress += bytes[i].ToString("X2");
            // Insert a hyphen after each byte, unless we are at the end of the address. 
            if (i != bytes.Length - 1)
            {
                macAddress += "-";
            }
        }

        return macAddress;
    }
相关问题
最新问题