原MAC地址被欺骗后如何检测? [英] How to detect the original MAC address after it has been spoofed?

问题描述

我们使用以下代码来检索 Windows pc 的活动 MAC 地址.

We are using the following code for retrieving active MAC address of a windows pc.

private static string macId()
{
    return identifier("Win32_NetworkAdapterConfiguration", "MACAddress", "IPEnabled");
}

private static string identifier(string wmiClass, string wmiProperty, string wmiMustBeTrue)
{
    string result = "";
    System.Management.ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    System.Management.ManagementObjectCollection moc = mc.GetInstances();
    foreach (System.Management.ManagementObject mo in moc)
    {
        if (mo[wmiMustBeTrue].ToString() == "True")
        {
            //Only get the first one
            if (result == "")
            {
                try
                {
                    result = mo[wmiProperty].ToString();
                    break;
                }
                catch
                {
                }
            }
        }
    }
    return result;
}
//Return a hardware identifier
private static string identifier(string wmiClass, string wmiProperty)
{
    string result = "";
    System.Management.ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    System.Management.ManagementObjectCollection moc = mc.GetInstances();
    foreach (System.Management.ManagementObject mo in moc)
    {
        //Only get the first one
        if (result == "")
        {
            try
            {
                result = mo[wmiProperty].ToString();
                break;
            }
            catch
            {
            }
        }
    }
    return result;
}

它可以正常检索 MAC 地址.问题是当 MAC 地址被欺骗时，它会返回被欺骗的 MAC 地址.我们想以某种方式检索在工厂分配的唯一的原始 MAC 地址.有什么办法吗?

It works fine to retrieve the MAC address. The problem is when the MAC address is spoofed then it returns the spoofed MAC address. We want to somehow retrieve the original MAC address which is unique and assigned at the factory. Is there any way to do so?

推荐答案

我想提供一个替代方案.我不知道它是否真的回答了一种唯一标识任何计算机的方法".
但是，此方法查询 System.Management 中的 Win32_BIOS 类并返回一个很有可能是唯一的字符串.(等着被否定！！)

I wish to give an alternative. I don't know if it really answer to 'a way to uniquely identify any computer'.
However, this method query the Win32_BIOS class in System.Management and return a string with high chances to be unique. (Waiting to be disavowed!!)

/// <summary>
/// BIOS IDentifier
/// </summary>
/// <returns></returns>
public static string BIOS_ID()
{
    return    GetFirstIdentifier("Win32_BIOS", "Manufacturer")
            + GetFirstIdentifier("Win32_BIOS", "SMBIOSBIOSVersion")
            + GetFirstIdentifier("Win32_BIOS", "IdentificationCode")
            + GetFirstIdentifier("Win32_BIOS", "SerialNumber")
            + GetFirstIdentifier("Win32_BIOS", "ReleaseDate")
            + GetFirstIdentifier("Win32_BIOS", "Version");
}

/// <summary>
/// ManagementClass used to read the first specific properties
/// </summary>
/// <param name="wmiClass">Object Class to query</param>
/// <param name="wmiProperty">Property to get info</param>
/// <returns></returns>
private static string GetFirstIdentifier(string wmiClass, string wmiProperty)
{
    string result = string.Empty;
    ManagementClass mc = new System.Management.ManagementClass(wmiClass);
    ManagementObjectCollection moc = mc.GetInstances();
    foreach (ManagementObject mo in moc)
    {
        //Only get the first one
        if (string.IsNullOrEmpty(result))
        {
            try
            {
                if (mo[wmiProperty] != null) result = mo[wmiProperty].ToString();
                break;
            }
            catch
            {
            }
        }
    }
    return result.Trim();
}

这篇关于原MAC地址被欺骗后如何检测?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！