GemiGuard Mirage Pro — IMEI obfuscation on Mudi V2
Stronger anonymity and log management on the GL.iNet Mudi GL-E750V2 VPN router
GemiGuard Mirage is hardened privacy firmware for the GL.iNet Mudi GL-E750V2, adding tools to boost anonymity and control network identifiers. The Mirage Pro version improves operational stability and adds new functionality for automatically wiping traces of activity.
Key new features in Mirage Pro
Improved stability. Optimizations that reduce the likelihood of freezes and increase reliability in real-world operating conditions.
Continuous wiping of logs and Wi-Fi history. Added a feature that automatically wipes system logs and the connection history of Wi-Fi clients every 30 minutes. The goal is to reduce the volume of accumulated activity traces on the device and lower the risk of information leakage through local logs.
IMEI and the modem chip
An IMEI number is assigned to the modem chip inside a mobile device. The modem is responsible for initiating and managing data transfer with cellular networks. The IMEI is encoded in the modem chip’s firmware, stored in non-volatile memory and retained even after a software update. Each modem is assigned a unique IMEI to ensure global uniqueness and efficient network management.
In devices with multiple modems, each modem has its own IMEI. In the case of a shared modem serving several SIM cards, a single IMEI is used for all connections.
The GL.iNet GL-E750V2 Mudi has a single modem — the Quectel EM060K-GL — and therefore a single IMEI number. On the Mudi V2, GemiGuard Mirage randomizes this IMEI on demand via the device’s physical toggle switch.
Other GL.iNet cellular devices have no such physical switch and cannot trigger Mirage IMEI randomization; on those, the IMEI can be changed manually via AT commands.
Mirage tiers by device:
Mirage Pro — IMEI randomization on demand via the Mudi V2’s physical toggle switch, plus all Mirage features:
- Mudi V2 (GL-E750V2)
Mirage — DNS encryption, log wiping, removal of Wi-Fi client history, MAC and BSSID randomization:
- Flint 3 (GL-BE9300)
- Flint 3e (GL-BE6500)
- Beryl 7 (GL-MT3600BE)
- Slate 7 (GL-BE3600)
- Beryl AX (GL-MT3000)
- Slate AX (GL-AXT1800)
- Spitz Plus (GL-X2000)
- Puli (GL-XE300)
- Opal (GL-SFT1200)
Mirage Light — DNS encryption and log wiping (plus removal of Wi-Fi client history / Ethernet-MAC randomization where the device supports it):
- Brume 3 (GL-MT5000)
- Brume 2 (GL-MT2500)
- Mango (GL-MT300N-V2)
GemiGuard Mirage and the obfuscation of IMEI, MAC and BSSID
GemiGuard Mirage extends the capabilities of the Mudi router, providing control over:
- IMEI — the cellular modem identifier
- MAC addresses of the Wi-Fi interface
- Wi-Fi BSSID — the access point identifier
These features make it harder for an attacker to identify and track the Mudi, delivering a substantial boost to privacy and anonymity.
Beyond these identifiers, Mirage also encrypts DNS queries — hiding your lookups from the local network and upstream providers, and preventing DNS-based snooping and leaks.
Benefits of using GemiGuard Mirage
Enhanced anonymity
Regular IMEI changes disrupt device identification, making it harder to link devices to specific users, teams or locations.
Protection against cellular tracking
Obfuscating device activity reduces the risk of tracking through network logs or compromised infrastructure.
Wi-Fi security
BSSID randomization reduces the likelihood of session correlation and device geolocation through Wi-Fi access point databases.
Fewer local traces
Regular log wiping (every 30 min) reduces the volume of stored local data, lowering the risk of leakage in the event of physical access.
Risks of obfuscation and log wiping
Legal and regulatory aspects. In some jurisdictions or for certain classes of use, removing logs or identifiers may carry legal consequences — be sure to verify compliance with local law.
Loss of records for investigation or diagnostics. Automatic log wiping makes it harder to reconstruct events during incidents and may make post-factum investigation of problems impossible — before enabling it, we recommend assessing your logging policy and monitoring tools.
Standardization. IMEI and MAC changes must comply with the 3GPP TS 23.003 standard to minimize risk. Mirage generates valid random IMEIs in accordance with this standard.
Network problems. Invalid IMEIs can attract the attention of network operators and attackers. Mirage uses only valid random IMEIs, which minimizes this risk.
Key considerations
- Integrate IMEI, MAC and BSSID obfuscation into a comprehensive counter-surveillance strategy — do not rely on a single layer of protection alone.
- Weigh the trade-off between anonymity and the ability to perform diagnostics and investigations — assess your threat model.
- Use reliable hardware and software — stable equipment and dependable firmware are critical.
- Assess your adversary’s capabilities and plan accordingly — IMEI spoofing can also serve as a tool to mislead an opponent.
Obfuscation of the IMEI and network identifiers, along with the new local-data management capabilities, make GemiGuard Mirage Pro a useful tool for strengthening operational security. Before deployment, we recommend carrying out an internal assessment of risks and logging policies.
Reference knowledge base article
For a deeper understanding of the IMEI as an identifier, the scenarios in which it is transmitted to the cellular network and the principles of obfuscation, read our detailed article: IMEI obfuscation on the GL.iNet Mudi GL-E750V2 VPN router. We separately address the topic of GPS telemetry in the Mudi and Puli — what the device transmits and what it does not.