MAC address

Xtreix

GrapheneOSuser74 Yes, unfortunately, what you're asking for doesn't seem technically feasible, or at least I'm not aware that it is.

DeletedUser237

As others have said you can't really change it permanently on the hardware level, so you can either ask the place you had to connect (I assume your work due to NAC doing the filtering) to remove your device from the db, or live with it and in the future don't connect to such networks.

GrapheneOSuser74

DeletedUser237 Thank you. This is good advice.

GrapheneOSuser74

It would be nice to have the opportunity to get a randomized MAC before we make WiFi connects.

de0u

GrapheneOSuser74 It would be nice to have the opportunity to get a randomized MAC before we make WiFi connects.

The code should definitely be choosing the randomized MAC before making the connection, so presumably you are hoping to learn what it is at an earlier stage than was possible? Can you describe the steps you took and what went wrong?

GrapheneOSuser74

de0u As I mentioned I had a situation when MAC address is required in order to initiate a connection to a WiFi router. It is impossible to get the MAC address in advance, so I had to use the Device's MAC.

de0u

GrapheneOSuser74 I understand the general idea, but since the device was not identified and the steps tried were not disclosed, it is not yet clear that there was no way to make it work.

For example, it was not stated whether the device rejects the phone before or after the phone connected with a password (or 802.1X).

It is up to you whether or not to provide more detail (personally I'm not going to ask again). Or you could try posting an issue on the GrapheneOS issue tracker -- but if following that path I would suggest providing a lot more detail.

Best wishes!

DeletedUser237

de0u the way I see it (just assumptions but there are some strong indications of it, but I agree with you, there could be more details provided) OP had to connect to a network at work and due to filtering MAC needs to be provided prior to successfully connect. Since you don't see your randomized MAC prior to initiating connection the only way was to provide the device Mac as it is always the same.

E: also the reason why OP did not provide if the attempt would fail prior or after successful authentication is that maybe they don't know/did not test it. IT said it's like this and rarely people object.

de0u

DeletedUser237 If the MAC filtering happens before association, there might not be a workaround. But if association happens first and MAC filtering happens afterward, it might be possible to succeed at authenticating and fail by being filtered, but by that point there would be an entry in Settings for the network, so it would be possible to obtain and report a per-network randomized MAC. There is actually one network where I use that approach, so I know it can work.

Meanwhile, if a feature request will be filed, I suspect the developers will want to know whether there is or isn't a workaround and also how many people might be affected by the situation as it stands.

GrapheneOSuser74

DeletedUser237 the way I see it (just assumptions but there are some strong indications of it, but I agree with you, there could be more details provided) OP had to connect to a network at work and due to filtering MAC needs to be provided prior to successfully connect. Since you don't see your randomized MAC prior to initiating connection the only way was to provide the device Mac as it is always the same.

I exactly mean the same thing.

DeletedUser237

de0u My intention was never to disagree with you, I know it can be done with per network MAC and even if it would be rejected immediately, logs would show this attempt, so it could still be worked out, depends on the willingness of the IT team and knowledge of the user.

I also don't see a reason to change current behavior as it would be very costly in terms of time and resources needed.