RT-AC68u MAC ID's Have Changed After DDR Configuration Upgrade Tool

[yilee]

RT-AC68u serious issue! RMerlin or some other senior members please reply to my request. Thanks. I have to get some guidance on this matter. It's not something that I will disregard.

It is an understatement to say that I am disturbed about this issue and will greatly appreciate any help in understanding what happened as well as how I should proceed going forward. I posted earlier in another section but got no responses. I need to know if my issue is unexplainable in which case I would like a suggestion about where I could go to have the router examined.

My RT-ac68u device MAC numbers are completely different since successfully using the DDR Configuration Update Download from the Asus Website!! ALSO THE PIN CODE CHANGED! It was my understanding that MAC device ID's were basically permanent. Now the numbers on the sticker on the back of the device do not match what shows on the RT-68u WEB GUI or on my Zywall USG100 firewall logs. However, everything is working great. It seems very fast and stable running 5GHz 802.11AC on a very new laptop. I am using the ac68u as an Access Point under the Zywall USG100 Firewall.
Edit: Research on Google turned up this:
a.Original MAC ID at first and on sticker on back of router is unknown vender starting with d8:50:e6
b. The new MAC ID after the DDR Configuration Upgrade starts with 00:90:4c which is Epigram Inc. which is now Broadcom which makes sense.
So now I'm wondering what the story is on the original MAC ID that I started out with?
This is what transpired:

1. Got everything working great as Access Point with default firmware 374.205.

2.Successfully updated firmware to 374.583. Everything continues to work great and Zywall is still identifying the Original MAC's on the AC68u

3.Thought long and hard and decided not to use the DDR Updater but eventually I convinced myself that if I did update I might be in better shape for future firmware updates. So I ran the DDR Updater Successfully after performing a proper Reset.

4. Afterwards during setup my Zywall immediately blocked DHCP assignment to the AC-68u Access Point due to IP-MAC Binding Block. After seeing the Firewall Block I realized that the MAC ID number was no longer the same as before which was very disturbing. Also the MAC Id for the 5GHZ is different from the main LAN MAC and the 2.4GHz MAC at the last portion for which I understand it is normal for the 5GHz mac to be slightly different at the end of the MAC sequence.

5. So I regrouped and reset the AC68u then re-ran the DDR Updater again only to se a dialog box state that the AC68u was already using the updated boot file. So I then re-ran the 374.583 firmware update successfully again.

6.So, after all the re-updating, the MAC ID's were still different from the original defaults. So I then removed the Zywall's reserved MAC-IP reservation and rebooted the Zywall and then accessed the AC68u Web GUI and set it up as an Access Point again and then let the Zywall automatically assign a new IP address to the AC68u and then once I knew the assigned IP address I then set the AC68u back as static and set the Zywall to reserve the NEW MAC ID of the RT-ac68u.

7. I set everything up again and everything is working great. Very stable, getting 866.7Mbps and the Intel Dual Band AC7260 using the Intel ProSet software with administrative group policy for extra features. I have no software bugs and am overly impressed with this new Lenovo t540p laptop. All drivers are up to date.

However, I am at a lost about how to proceed because unless I get a reasonable answer as to what happened I will feel forced to contact Asus or Newegg to get a different router for security reasons.
Is it possible that the AC68u has been assigned a known backdoor MAC ID that is commonly known to hackers? Also, even though I do not use WPS, the PIN Code was also changed to what I would consider an easy string to break by just guessing!

Is there a way to access the Router CLI setting through Telnet or SSH(I think) and fix this issue? It would seem to me that MAC ID's are not possible to manually change at all even with a BOOT Update. Did everyone who used the DDR Updater get the same MAC ID?
Any help is greatly appreciated.

 

[L&LD]

I am not sure how this is an issue?

Could you provide an example where it might be one?

 

[yilee]

I am not sure how this is an issue?

Could you provide an example where it might be one?

Thanks for your reply. I hope others will chime in. I'm surprised about the approach of your reply. MY MAC ID's were overwritten (changed) after the DDR Upgrade install. I consider this as an important security issue that needs an explanation. I have been doing further research and have found that the problem has popped up a few times over the years for others, but that the explanations have been inadequate or the fixes too complicated vs just returning the router to the Mfg and starting over. It's a matter of security principal for me and playing it safe, not if my system is currently working OK or not. It is working perfect at the moment. I know there are some of you out there that write boot codes etc... and know the possible ways that this phenomenon can occur and if it is something to be concerned with.
I have read that there is a failsafe back-up MAC that the router will use if a boot firmware upgrade loses its higher level administrative boot settings during the upgrade. Is it possible that my now current MAC ID's are the real ID's and that the original MAC's were unknown administrative MAC's that ASUS has assigned to the underlying REAL MAC's that came from Epigram(Broadcom). I have read that there are code tweak downloads(complicated for most people) from the Mfg. that are sometimes used to fix this problem when it occurs but seldom given much publicity for obvious reasons.
I am still optimistic that someone from SNB can shed some light on the matter. Thanks

 

[L&LD]

Thank you for replying and I'm not trying to be dense; but I don't think you answered my question?

How is a MAC address an security issue?

 

[yilee]

Thank you for replying and I'm not trying to be dense; but I don't think you answered my question?

How is a MAC address an security issue?

Well I'm further amazed by the direction of your probing my reasoning when the obvious issue is how is it that the ASUS RT-AC68u DDR configuration Upgrade downloaded from their global site cause my original unknown vender MAC ID's(d8:50:e6) to be overwritten to new MAC ID's by Epigram(Broadcom)(00:09:4c).
Questions:
1. Is it true that MAC ID's are supposed to be permanent and unique for each device?
2. Is it normal for such Boot Configuration Upgrades to alter the MAC ID's?
3. If not, is it possible that the download that I used from ASUS was somehow altered maliciously at their webserver ?
4. If it is not normal for MAC id's to be altered during such a process, then is it possible for unintentional or maliciously installed MAC id's to pose an increased security issue in certain situations if the router inadvertently or intentionally communicates with a malicious 3rd party?

My firewall rules have locked down the Asus router from going out to the internet except for protocol services that I use, everything else is blocked. I did this because I saw that the router was using tcp protocol 2869 to go out to a telecom site in France. The Asus Access Point was doing this on it's own from it's assigned IP address. I don't exactly fully trust the router yet and am only using it because it is behind a firewall and very tightly configured. It is however working perfect. I generally like the AC68u a lot, but I want an explanation for what took place and if someone can explain to me if having the wrong MAC ID(but legitimate) or a malicious(intentionally installed MAC ID) :
1.Poses a security risk?
2. Is it legal for a device with a serial number to use a different MAC ID than was originally intended by the Mfg.?
I posed several questions and if someone can give me some reasonable answers to all of these questions then I believe I will be able to make a decision.
Thanks

 

[L&LD]

Well, you can't seem to answer the question (at least not so I am understanding it).


I'll try one more time:

If you downloaded your firmware upgrade from Asus (as you seem to have done) what can the issue be?

Does a MAC address hold anything inherently special that I don't know about?

Considering that we can use/spoof any MAC address we want with our routers to 'fool' our ISP's modem with; I can't see any cause for concern.

But I'm willing to learn (if you can respond with a more direct answer).

 

[yilee]

Well, you can't seem to answer the question (at least not so I am understanding it).


I'll try one more time:

If you downloaded your firmware upgrade from Asus (as you seem to have done) what can the issue be?

Does a MAC address hold anything inherently special that I don't know about?

Considering that we can use/spoof any MAC address we want with our routers to 'fool' our ISP's modem with; I can't see any cause for concern.

But I'm willing to learn (if you can respond with a more direct answer).

I am looking for an explanation as to how it is possible or what was the mechanism that caused my MAC ID's change on the Rom Boot of the ASUS AC68u. I am not here to answer my own question. I am familiar with MAC spoofing and realize that Spoofing with a MAC ID that you know is legitimate is safe. How about someone else with more experience try to give me an explanation about the mechanism of how my MAC ID were altered and please expound on why ASUS is using UNKNOWN VENDER MAC ID'S on the sticker on the back of the router. There may be a very good explanation. I don't want to have to take this issue to Newegg where I purchases the AC68u in order to get a response from ASUS. Let's hear an explanation about what happened from someone like RMerlin who would know exactly how this might have taken place. I will keep this post at the top of the list until I get a real response and if I get kicked off then I will know that this site is rigged in favor of the Venders such as Asus and many of you guys are basically their reps except for the hard core code writers like RMerlin who truly have a purer agenda.

 

[mtrains]

Seems to me your concern with the Mac id is a symptom of something else. The root cause of your concern seems to be that you are worried about the integrity of the utility you downloaded from Asus. I would recommend that you take this up with Asus instead of taking up Merlin's valuable time away from other issues that are relevant to a larger set of users.

 

[jlake]

I am looking for an explanation as to how it is possible or what was the mechanism that caused my MAC ID's change on the Rom Boot of the ASUS AC68u. I am not here to answer my own question. I am familiar with MAC spoofing and realize that Spoofing with a MAC ID that you know is legitimate is safe. How about someone else with more experience try to give me an explanation about the mechanism of how my MAC ID were altered and please expound on why ASUS is using UNKNOWN VENDER MAC ID'S on the sticker on the back of the router. There may be a very good explanation. I don't want to have to take this issue to Newegg where I purchases the AC68u in order to get a response from ASUS. Let's hear an explanation about what happened from someone like RMerlin who would know exactly how this might have taken place. I will keep this post at the top of the list until I get a real response and if I get kicked off then I will know that this site is rigged in favor of the Venders such as Asus and many of you guys are basically their reps except for the hard core code writers like RMerlin who truly have a purer agenda.

Rigged? Lol. These guys are extremely biased. They are perceiving your comments/questions as an attack on Asus. They will defend Asus til the death. It's as if you are questioning their child. If this was a sports forum, they'd be called " homers ".

Anyway you pose a good fair question that unfortunately I have no clue to an answer. But your question(s) is certainly legitimate and interesting.

 

[L&LD]

I still don't know how this can be an issue for anyone.

jlake, you have to get off your 'extremely biased' line: I am not asking or defending against Asus routers; my question is general.

You and the OP sound similarly minded when it comes to 'security'. Even when you can't explain what the issue might be.

 

[Kris404]

A Mac address can change if you flash with another CFE. This is why you are advised not to share CFEs but back them up, just in case.

Instead of calling people trying to help or understand your problem, biased, take it up with Asus. This is not their official forum.

 

[yilee]

Seems to me your concern with the Mac id is a symptom of something else. The root cause of your concern seems to be that you are worried about the integrity of the utility you downloaded from Asus. I would recommend that you take this up with Asus instead of taking up Merlin's valuable time away from other issues that are relevant to a larger set of users.

I am still amazed why no one wants to expound on this issue that from my research on google has plagued many users over the years. I just want to understand the process about how the MAC id's sometimes gets changed during a firmware upgrade. It is obviously an issue that ASUS and all other Venders (based on my research on google) do not want get involved in probably because it would increase their customer service activity and the proper fix a download fix from the Vender is not the type of fix they want to put out to the public because many individuals would change their MAC ID's possible to avoid being traced by the authorities.
But anyway, I thought it would be a breeze to get a quick answer from the forum, but I now see that the powers above do not want to go there.

So for anyone else following this thread this is what I have put together from my research:
1. Generally MAC ID's are not exposed to the internet except for the MAC you are using to set up your IP provider service. I suppose your IP provider knows your MAC ID.
2.I finally did find a web source that identified my original MAC ID as a legitimate Asustek MAC vendor ID.
3.The new MAC ID is evidently a legitimate vendor MAC ID from Epigram(Broadcom) which make sense.
4. Evidently is not that uncommon for vendors like ASUS to administratively assign their own vendor MAC ID on top of the original Mfg(Epigram in my case) through a firmware upgrade.
5. However, when further firmware boot/DDR upgrades are applied as in my case, you might in some cases lose the original ASUS MAC ID that is on the sticker at the back of the device and will instead get the actual MAC ID of the Mfg who made the communications controller chip which in my case is Epigram/Broadcom.
6. I tend to now believe that this does not pose any security problems especially if the new MAC ID is from the actual Mfg of the routers communications chip. (ie: it makes sense, Broadcom in my case). However I would find the situation much more bothersome if the new MAC ID didn't make sense about where it came from.
7. Lastly, I believe, for good reason that the Vendors do not want to talk about this problem because I do not think the authorities like the idea of having lot of devices out there with MAC id's that do not match the Device Serial Number and providing a fix to the public would only make the problem worse and the fix would be abused.

So, that's my take and I hope that I have helped in some way. On the other hand I would welcome the Senior Members to make comments or corrections to my deductions above. Thanks.

 

[L&LD]

So, this isn't an issue in the end.

There is no conspiracy; you are the one that downloaded the upgrader - Asus or any other manufacturer didn't make you to.

You are not talking to the manufacturer's here.

We're just users trying to help each other.

After all this; the MAC address is not tied to a serial number (and of this I'm glad). Nor can it be used to gain access to a network on it's own. Still.

 

[yilee]

So, this isn't an issue in the end.

There is no conspiracy; you are the one that downloaded the upgrader - Asus or any other manufacturer didn't make you to.

You are not talking to the manufacturer's here.

We're just users trying to help each other.

After all this; the MAC address is not tied to a serial number (and of this I'm glad). Nor can it be used to gain access to a network on it's own. Still.

I now believe there is no limit how far you will go to avoid what this thread is about. It's about someone who has far less knowledge than many of the senior members( who joined well before 2013) and all I wanted was a small explanation to help me avoid having to scour the internet for an answer or a tidbit that would make something in my head click and then I would realize the most likely reason that caused the MAC change. You never once offered any help and in my opinion you are useless.
1. As far as the authorities are concerned I suspect that they like the idea of Serial Numbers being attached to MAC ID's and in general that's the way the devices are manufactured and most likely are supposed to stay that way.
2. I take full responsibility for using ASUS's download as I always do in these situations. However, my question was a generic question as to the mechanism of how it is possible for a MAC ID to get altered during a Boot Firmware Upgrade.
3. I have seen my question raised by many others in previous google searches and I believe it's time that a Truly Senior Member gives a simple layman's explanation concerning the matter so that others can research the answer in the future without having to go through this ridiculous back and forth with you. Thanks.

 

[Kris404]

I am still amazed why no one wants to expound on this issue..

That is because, they probably don't know or do not have an answer to give. Not because of some conspiracy to keep quiet.

I have used the tool on my AC68U without this issue. (I wish I didn't, as I can't overclock it anymore).

Anyway, I'm out of this thread to let you deal with some 'Senior Members'

 

[yilee]

That is because, they probably don't know or do not have an answer to give. Not because of some conspiracy to keep quiet.

I have used the tool on my AC68U without this issue. (I wish I didn't, as I can't overclock it anymore).

Anyway, I'm out of this thread to let you deal with some 'Senior Members'

My intention was not to insult anyone other than one individual in particular and I believe rightfully so. I am new to this forum and getting on in my years, but how can a member be a very senior member when they joined in the Fall of 2013? I don't write code, but I have used Telnet to access my older Zywall Firewalls in years past, but avoid it now day with the great Web GUI's and have forgotten more than I know these days.

However, I do believe my question is a good question, and I do believe that some of the very very senior members do have a good explanation that they can give me or at least they can confirm my deductions or discredit them, that's all I am wanting. I'm the type of person who has to understand why things work the way they do especially if the issue can affect me. In this case this issue could still possibly be a security issue, but I doubt it.
Could someone contact RMerlin or other who might be familiar with this issue and ask one of them to post a short comment concerning my deductions about my issue. Thanks

Edit: I'm not sure what to say, I just read that RMerlins join date was in 2012 which I am not sure how I should interpret. I thought SNB has been around for much longer than that and that he would have been a founding member or something. Please just disregard my assumptions and I apologize, but I still would like someone to take a stab at commenting on my previous deductions. Thanks

Edit: After further investigation, I now realize the reason why no one has an answer for me. It's most likely that everyone using wireless are much younger than those using wired. I looked around and saw that the join date for the senior members in the wired networking area have been members for much longer. This makes sense. I am only now converting a new laptop to wireless with great results after dismal results back in 2008. I waited until now I thought the 802.11AC drivers and hardware matured enough and I was right, 802.11AC is the Cat's Meow. I suppose I could start this thread over again in the Wired Networking area where it's more likely that someone will have covered this issue in the past. Thanks.

 

[Paralel]

I did this upgrade on my AC68U, nothing changed, except for the clock speed of the RAM.

I even did this upgrade using the riskiest method, over a wireless link, several rooms away from the router, without doing a reset or reboot or anything first and it worked perfectly.

I think the reason no one has responded to your post is that 1) No one thinks it's a serious issue 2) The ranting in this thread seems a little weird/paranoid and people don't want to get involved with that.

 

[L&LD]

yilee,

You do realize what a complete hat you are, right? You're asking for answers and so am I. You don't give answers and don't deserve the same.

Hope to never have to come across your complete and utter garbage postings again.

You hoped that you helped in some way? If you can't even answer my direct questions, I don't see how it could help anyone else.

 

[yilee]

yilee,

You do realize what a complete hat you are, right? You're asking for answers and so am I. You don't give answers and don't deserve the same.

Hope to never have to come across your complete and utter garbage postings again.

You hoped that you helped in some way? If you can't even answer my direct questions, I don't see how it could help anyone else.

You obviously do not have enough experience(years) to have come across this issue as it is documented on the internet well enough without simple explanations. I imagine that you are from a younger generation from me raised on wireless mostly. I could be wrong but I am not wrong about you being useless. Did you ever stop and think that I was asking everyone about the mechanism that could cause the MAC ID to change as well as if this MAC change could possible pose a security threat.. I could not answer your question because I did not know the answer to your question. Plus, your question was obviously designed to answer my question with another question, which is in this case a copout. You are truly not fit to be a very senior member.Thanks

 

[Pierino]

Senior member just means you have posted a lot, not that you joined long ago.
A person could have been the second person ever to join this site, posted only once and still be a new member. Lol
Doesn't mean they know anything. I'm a senior member, almost 47 and I don't know anything.

Btw RMerlin or anyone else owes you nothing. If they know the answer and feel like answering, they might.
The way this thread went on you'd think that NSA was infiltrating your router.