Network adapters failed to support NDISReadNetworkAddress function

[klai]

Many new network adapters on VISTA fail to support
NDISReadNetworkAddress function.
This is the function that allows software configurable MAC Address.
Although the network adapters received "Certified for Windows VISTA"
logo, they fail to support this function.

Based on my understanding from Microsoft website, network adapters are
required to support NDIS 6.0 for Windows VISTA, and NDIS 5.1 for
Windows XP, and both NDIS versions require support for
NDISReadNetworkAddress function as stated in the Microsoft site:
http://msdn.microsoft.com/en-us/library/bb648482.aspx

We are the developer for SMAC (http://www.klcconsulting.net/smac) and
what we have found so far from our customers is that following
wireless network adapters do not support NDISReadNetworkAddress
function. Here are some wireless network adapters our customers have
reported that do not support this function.:

Atheros AR500x (HP and Dell systems (Dell 1515 WLAN half mini-Card))
Broadcom 4321AG (HP and Dell systems)
Intel PRO/Wireless 3945ABG, 4965AGN (HP systems)
D-Link DWA-140

I am not a network adapter driver developer, but I am interested in
your input if you develop network adapter drivers. Is
NDISReadNetworkAddress function one of Microsoft requirements for the
network adapter to get "Certified for Windows VISTA" logo?

MAC Address change instruction is at http://www.klcconsulting.net/change_mac_w2k.htm

Thank you.
/Kyle
KLC Consulting, Inc.
www.klcconsulting.net

 

[the wharf rat]

Based on my understanding from Microsoft website, network adapters are
required to support NDIS 6.0 for Windows VISTA, and NDIS 5.1 for

I think that NDISReadNetworkAddress is supported but there's
nothing that says the adaptor must support it. That's why you're
supposed to check the return code...

 

[Pavel A.]

Some vendors consider the ability to select MAC
address for consumer WLAN adapters harmful, and deliberately
removed it.
AFAIK this has been settled with MS and the major PC vendors
who use our adapters.
So it would take a bit more to spoof the MAC address on WLAN adapters
than a little NDIS IM driver

-- pa

 

[Pavel A.]

So it would take a bit more to spoof the MAC address on WLAN adapters

than a little NDIS IM driver

.... or little registry hacks

Regards,
-- pa

 

[Andrew McLaren]

Many new network adapters on VISTA fail to support
NDISReadNetworkAddress function.
This is the function that allows software configurable MAC Address.
Although the network adapters received "Certified for Windows VISTA"
logo, they fail to support this function.

The function call NDISReadNetworkAddress() is supported and works, on Vista
and XP and in NDIS 6.0 and 5.1. However, there's no guarantee calling this
function will actually change the MAC address which a hardware device uses
to send frames. As the MSDN doc describes:

http://msdn.microsoft.com/en-us/library/bb648482.aspx
<quote>
Note that NDIS does not validate the value at NetworkAddress. NDIS does
not guarantee that this value is a valid address, that the value has the
proper length, or even that the value is a network address. The caller of
NdisReadNetworkAddress must therefore not make any assumptions about this
value and must itself validate the value. If the caller determines that the
value is out of bounds, it should not use the value; instead, it should use
the permanent medium access control (MAC) address or a default address.
</quote>


For the NDISReadNetworkAddress() call to install a Locally Adminstered
Address, there are 2 prerequisites:
- the hardware device must suport the use of locally adminstered addresses;
and
- the driver installation must create a Windows registry value at the
correct location.

Locally administered addresses ("LAA") are a common feature in network
adapters; but they are not generally required by the IEEE 802 Standards
(they are required for 802.5 devices; ie, Token Ring cards; elsewhere,
optional).

If a vendor does not implement an LAA facility in their network adapter
hardware, then there is no way to install or spoof a MAC address, you must
use the OUI address (the "burnt-in address"). It would be extremely
difficult for any operating system to override this (at least, while
conforming to IEEE standards; a malicious attack may be able to fudge
something).

For more background information about the IEEE 802 Standards, see here:
http://standards.ieee.org/getieee802/

your input if you develop network adapter drivers. Is
NDISReadNetworkAddress function one of Microsoft requirements for the
network adapter to get "Certified for Windows VISTA" logo?

The requirements for Windows Logo certification are well-documented by
Microsoft. You can find details at Microsoft's device driver website
(http://www.microsoft.com/whdc):

Windows Logo Program: Overview
http://www.microsoft.com/whdc/winlogo

Certified for Vista Requirements
http://download.microsoft.com/downl...f35c/Windows Vista Software Logo Spec 1.1.doc

LAAs were originally designed to accomodate specific addressing schemes in
closed, corporate networks - nainly for legacy Xerox and IBM equipment. Now
that most devices participate in standard LANs and the wide-open Internet,
there's less need for LAAs; and some folks argue that LAAs can be a vector
for malicious attacks eg spoofing. So LAAs are somewhat deprecated.

Hope it helps (and, apologies to other readers for the massive
cross-posting)

Andrew
(member, IEEE Standards Association)