MAC addresses and the Normerell conspiracy

Some companies try to generate random MAC addresses on uboot without even having an official oui address space. Then most of the times they find the entropy is very low.

Usually a board device ID can be used in those cases (the flash or eeprom serial number). And in the worst cases some companies (specially Chinese ones, I found several) use MAC address-es belonging to Normerell, a French company that went backrupt and didn’t give back their address space.


echo 00:00:11:`od /dev/urandom -w3 -tx1 -An | head -n 1 | sed -e 's/ //' -e 's/ /:/g'`

http://www.usinenouvelle.com/article/informatiquela-pme-normande-veut-livrer-les-micro-ordinateurs-de-la-posteadd-x-normerel-parie-sur-les-micros-a-valeur-ajouteesur-un-creneau-de-marche-dispute-add-x-normerel-tire-son-epingle-du-jeu.N70890

http://www.telecompaper.com/news/addx-normerel-goes-into-liquidation–84923

The official MAC address ranges can be looked at here:

http://standards-oui.ieee.org/oui.txt

What most people seem to forget (or don’t know) is that you can use perfectly legal private MAC address ranges and even U-boot comes with a simple generator for them.

https://en.wikipedia.org/wiki/MAC_address

“Universally administered and locally administered addresses are distinguished by setting the second-least-significant bit of the most significant byte of the address. This bit is also referred to as the U/L bit, short for Universal/Local, which identifies how the address is administered. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-00 the most significant byte is 06 (hex), the binary form of which is 00000110, where the second-least-significant bit is 1. Therefore, it is a locally administered address.”

private mac address
Practical uses:

~/U-Boot/tools $ cat gen_eth_addr.c
/* (C) Copyright 2001
* Murray Jensen
GPLv2 bla bla bla...
*/
#include "stdio.h"
#include "stdlib.h"
#include "unistd.h"
#include "time.h"

int
main(int argc, char *argv[])
{
unsigned long ethaddr_low, ethaddr_high;

srandom(time(0) | getpid());

/*
* setting the 2nd LSB in the most significant byte of
* the address makes it a locally administered ethernet
* address
*/
ethaddr_high = (random() & 0xfeff) | 0x0200;
ethaddr_low = random();

printf("%02lx:%02lx:%02lx:%02lx:%02lx:%02lx\n",
ethaddr_high >> 8, ethaddr_high & 0xff,
ethaddr_low >> 24, (ethaddr_low >> 16) & 0xff,
(ethaddr_low >> 8) & 0xff, ethaddr_low & 0xff);

return (0);
}

Still people make the same mistakes again and again…
The Uboot community was always against it but even big companies like Marvel choose to do it their way (getting pseudo aleatory numbers from undocumented registers).

http://lists.denx.de/pipermail/u-boot/2011-August/099819.html

http://git.marvell.com/?p=u-boot-kw.git;a=summary

mkdir mi_marvell

git clone git://git.marvell.com/u-boot-kw.git/

mi_marvell/u-boot-kw/drivers/net $ vim kirkwood_egiga.c

while (!eth_getenv_enetaddr(s, dev->enetaddr)) {
/* Generate Ramdom MAC addresses if not set */
sprintf(buf, “00:50:43:%02x:%02x:%02x”,
get_random_hex(), get_random_hex(),
get_random_hex());
setenv(s, buf);

commit 4efb77d41f9c5d93f0f92dda60e742
023fa03c72
Author: Prafulla Wadaskar
Date: Sat Jun 20 11:01:53 2009 +0200

mi_marvell/u-boot-kw/cpu/arm926ejs/kirkwood/cpu.c

soc reg offsets KW_REG_UNDOC_0x1470 and KW_REG_UNDOC_0x1478 are reserved regs and
* Does not have names at this moment (no errata available)


/*
* Generates Ramdom hex number reading some time varient system registers
* and using md5 algorithm
*/
unsigned char get_random_hex(void)
{
int i;
u32 inbuf[BUFLEN];
u8 outbuf[BUFLEN];

/*
* in case of 88F6281/88F6192 A0,
* Bit7 need to reset to generate random values in KW_REG_UNDOC_0x1470
* Soc reg offsets KW_REG_UNDOC_0x1470 and KW_REG_UNDOC_0x1478 are reserved regs and
* Does not have names at this moment (no errata available)
*/
writel(readl(KW_REG_UNDOC_0x1478) & ~(1 << 7), KW_REG_UNDOC_0x1478);
for (i = 0; i < BUFLEN; i++) {
inbuf[i] = readl(KW_REG_UNDOC_0x1470);
}
md5((u8 *) inbuf, (BUFLEN * sizeof(u32)), outbuf);
return outbuf[outbuf[7] % 0x0f];
}

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s