Hacker News new | past | comments | ask | show | jobs | submit login
SpoofMAC - Spoof your MAC address in Mac OS X (feross.org)
126 points by nh on Jan 17, 2013 | hide | past | web | favorite | 33 comments

Original author here. Thanks, nh, for sharing this.

To those wondering why you would use SpoofMAC when you can just do `sudo ifconfig en1 ether 00:11:22:33:44:55:66`, let me explain why I wrote this.

The main advantage of SpoofMAC is that it automatically disassociates from any connected Wi-Fi networks before it changes your MAC address. The ensures the MAC change will be applied correctly. The biggest annoyance with doing it manually is figuring out how to dissociate manually, which usually requires trying to connect to a non-existant network.

After I put the code on GitHub, a few random contributors submitted patches for features like random MAC generation, etc. <3 open source.

Glad that so many are finding this useful.

You can disassociate from any network with the well hidden airport command:

    /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Resources/airport --disassociate
EDIT: and looking at the source, that's exactly how you're doing it.

There was a great article in 2600 Mag about scanning a network for devices that were already connected to a pay-to-play WiFi network. You could then change your mac address to a mac address already connected. You would then share the connection and bypass having to pay for WiFi. It was really handy at airports and coffee shops that would charge to get online.

That doesn't "share" the connection.

You repeatedly bump each other off of the connection until someone gives up and leaves. Please don't do that.

That was Volume 28, number four. Winter 2011-2012, Page 10 I believe titles " Mac Spoofing your way to free internet".

It would be cool if there were software that could detect such a person, report them to the authorities and we could watch them being hauled away to jail.

Are you a hacker? What are you doing in Hacker News?

Being a hacker doesn't necessitate being an asshole parasite.

If you're going to do this keep in mind it's illegal.

Illegal as in criminally or just violating a TOS? I suspect its just the latter.

Cool script--it has some useful features like generating a random MAC. But it's also possible to set your mac with:

sudo ifconfig [device] [mac]

...and one can replace [mac] with `openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'` for a random address.

You probably want to mask off the multicast bits.

That doesn't always work without a few extras, as explained on the page.

should redirect the error/warning output so that it isn't mashed into the command:

    openssl rand -hex 6 2>/dev/null | sed 's/\(..\)/\1:/g; s/.$//'
because if you are running this on startup there is a chance HOME or RANDFILE aren't set yet, the .rnd file doesn't exist or the permissions on it are not set properly - resulting in a warning such as "PRNG not seeded" or "unable to write 'random state'" that would be passed into the ifconfig command.

Command substitution does not capture standard error.

you're right, it is from my own script where I do it different with more sanity checks and my own errors, I just applied it to the line above.

I'm also in that habit for anything fired at startup or in cron so you don't pollute logs.

Just leave out the [mac] and it will give you a random address.

i.e. sudo python SpoofMAC.py en1

What I really want is a tool which lets me masquerade (to nmap, etc.) as whatever kind of machine I want. Pick MAC addresses out of the correct range, but also change how the network stack, etc. respond to various passive and active attempts at fingerprinting.

It's eventually going to throw up alarms if your macbook pro osx 10.8.2 with an valid apple or intel MAC is on a network segment, then drops off, then a machine reappears with a DECstation MAC address.

> but also change how the network stack, etc. respond to various passive and active attempts at fingerprinting.

I can't see how you could do this without swapping out part of the OS, which is where the network stack lives these days. A simpler way might be to swap out the whole OS, by using virtual machines that communicate on an internal virtual LAN: The Windows XP virtual machine sends the packets under control of the Linux virtual machine that's hosting the analysis software.

> It's eventually going to throw up alarms if your macbook pro osx 10.8.2 with an valid apple or intel MAC is on a network segment, then drops off, then a machine reappears with a DECstation MAC address.

It's an eternal game of cat and mouse anyway; if it isn't detailed MAC address analysis, it's subtle timing quirks, or hooking AM radio receivers to computers listening for the sounds of CPUs grinding through AES, or something else.

Seems a bit silly to write a python script for this when most people have it in a bash function. I find running a python command through the interpreter like that to be cumbersome, but a good script nonetheless.

On another note: GO BEARS! Down with the tree!

If you are on windows , there is a small app to change your mac address easily: http://www.zokali.com/win7-mac-address-changer

Neato, I liked it so I cleaned it up/rewrote it a bit -> https://github.com/feross/SpoofMAC/pull/4

guys, what are practical use cases for spoofing your MAC address?

Drexel University has wi-fi throughout campus. Its main wi-fi network, dragonfly3, allows any device to connect using WPA2 (with your student account as your login). But it also has dragonfly and dragonfly2, which are secured with only WEP, but only allow whitelisted MAC addresses to connect (to prevent strangers who have cracked the password from connecting). Each student has a customizeable list of up to only two MAC addresses, editable through a web interface, that they can keep on the whitelist.

When I was living in a dorm on campus, I had two devices (gaming consoles) whose OSs didn’t support WPA2, meaning I had to connect them to dragonfly2. These two devices filled up my whitelist. And occasionally, the dragonfly3 network signal totally dropped out while I was using that network on my computer, while the dragonfly2 network stayed accessible. So then I wanted to connect to dragonfly2 with my computer.

To do that, I had to log in to the web interface, select one of my other devices to unlist, and then add my computer’s MAC address in its place. If I had had SpoofMAC, I could have used it to set my computer’s MAC address to match one of my other device’s. Running SpoofMAC would probably have taken much less time than changing my whitelist through the web interface, and would have obviated the need to re-list the removed device when I wanted to use it again.

This is very silly and very pointless. If they already have the WEP keys then grabbing frames to get whitelisted MAC addresses is trivial. This does nothing but make it more annoying for legitimate users.

Also, for these silly things I usually keep a DD-WRT capable router around like the trusty WRT54G or one of the newer Buffalo routers. It's easy to use it in a bridge configuration to have as many devices as you want behind it.

The only time I've "needed" to do it is at places that limit their wifi connection times.

For example, the Panera Breads in my area all limit their connection times to 30 minutes during lunchtime. If you spoof your MAC address every 30 minutes, you can keep going.

My old ISP had a MAC white list on its dhcp server. I used MAC spoofing to be able to plug in my own firewall/router.

I had an ISP that would whitelist the MAC address that was allowed to connect to it. When I first signed up, I didn't realize this and they used an old server I had sitting around.

Because their technical support was so awful, it was easier to spoof the MAC of the old server than it was to get through to someone who could actually whitelist my new machine's MAC.

My school had a guest network that would allow people to use it for a few hours, but after that would force them to jump through some sort of registration hoops to get permanent access. Spoofing their MAC addresses seemed to be the easier alternative.

Literally did this 10 minutes ago when connecting to hotel Wi-Fi.

`$ sudo ifconfig en1 ether 00:11:22:33:44:55:66`

Careful, you may be violating the CFAA by using tools such as this.

No you wouldn't be. Not in and of itself. If you commit a "computer" crime and they find that you have done this, then yes they will add it to the charges.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact