Can I change the mac address on....

Discussion in 'MacBook' started by ricrhys, Feb 17, 2009.

  1. ricrhys macrumors member

    Joined:
    May 22, 2008
    #1
    My macbook 2.4 GHz intel core duo, with AirPort Extreme.

    Im fairly new to web security

    i've tried

    sudo ifconfig en1 ether 01:02:03:04:05:06

    and

    sudo ifconfig en1 lladdr 00:00:00:00:00:01

    neither seem to work, it will ask for my password and i enter it then when i

    ifconfig en1 | grep ether/lladdr

    it still shows my original address any ideas?

    (Im going to be doing an ethical hacking module soon so just trying to get my head round this)
     
  2. Tallest Skil macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #2
    I don't believe you can change a MAC address.

    I could be wrong, but changing it could lead to all sorts of nonsense going on.

    Just try changing IP addresses.
     
  3. ricrhys thread starter macrumors member

    Joined:
    May 22, 2008
    #3
    ok

    what if i was using mac address filtering on my AP and wanted to test its integrity, I dont have that many machines so by imitating using my machine non allowed and allowed addresses i could test it, I know on older machines you could do this and the address could either be manually changed back or would change its self on restart. :apple:
     
  4. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #4
    no not on a Mac without a program. i searched for programs once upon a time but found nothing that worked properly.

    try using bootcamp + windows, its much easier.
     
  5. clyde2801 macrumors 601

    clyde2801

    Joined:
    Mar 6, 2008
    Location:
    In the land of no hills and red dirt.
    #5
    Sure...just send your macbook to my address!

    Wait, did I misunderstand your question? :D
     
  6. ricrhys thread starter macrumors member

    Joined:
    May 22, 2008
  7. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #7
    The MAC address is usually locked into the hardware. Some mainframe type systems allowed changing the MAC address, which was used when you had to replace a malfunctioning board and needed to keep the same MAC address. The MAC address is not a random number; there's a code for it and changing it is not a good idea.
     
  8. brand macrumors 601

    brand

    Joined:
    Oct 3, 2006
    Location:
    127.0.0.1
    #8
    It doesn't really matter. Anytime you connect to a wireless access point or plug in an Ethernet cable you are giving away your MAC address.
     
  9. ricrhys thread starter macrumors member

    Joined:
    May 22, 2008
    #9
    ok sorry maybe im not being clear or not understanding your replies, im not trying physically or permanently change the mac address just temporarily spoof it, its easily done with other operating systems. Is this because they have a different way of implementing the mac add i.e not in the firmware.

    i was trying to use a program called macchanger (the program i use in bt3) but am having trouble installing it in os x
     
  10. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #10
    MacDaddyX should do the trick.
     
  11. ricrhys thread starter macrumors member

    Joined:
    May 22, 2008
    #11
    looked ideal but after trying all the Apple oid's and all the broad com ones it still says it looks like it didn't like that mac, back to the drawing board
     
  12. Mr_Brightside_@ macrumors 68020

    Mr_Brightside_@

    Joined:
    Sep 23, 2005
    Location:
    The 6ix
    #12
    Hm... sorry about that. Changing the MAC address has always been tricky for me; whether with Terminal, MacDaddy or anything else- though the ethernet address is easy to change, either the Terminal way or with MacDaddy.
     
  13. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #13
    1) MAC addresses are, at least for most NICs, software controlled. It's very, very rare to find a MAC address "locked in to the hardware".

    2) "Mainframe type systems"? You mean servers? Either way, yes, that is a legitimate (albeit rather rare) reason to change an interface's MAC address.

    3) You're right that the MAC address isn't a random number, but there are quite a few legitimate reasons to change it. Provided you don't pick a colliding one, there's not really any harm that will come from changing it.

    --

    To the OP: I've got a 2.4Ghz BlackBook, so I know what you're talking about.

    First, be warned that MAC address spoofing is known to either break or no longer work the same way when Apple releases system updates. 10.5.5 and (IIRC) 10.5.4 both changed the procedure for spoofing your MAC address.

    On my MacBook4,1 running 10.5.6:

    The following will return with no error (provided that Airport is on), but will not change the address.
    Code:
    sudo ifconfig en1 lladdr 00:00:DD:C0:FF:EE
    
    The following will return with no error (provided that Airport is on), but will only change the address if not associated with an access point:
    Code:
    sudo ifconfig en1 ether 00:00:DD:C0:FF:EE
    
    There are a whole bunch more subtleties, but that should work for you. The whole MAC spoofing thing is a mess on OS X anyways. Different combinations of hardware and versions of OS X mean that the procedure is likely to differ from machine to machine -- so once you figure out how to do it, try to remember it ;-)
     
  14. brand macrumors 601

    brand

    Joined:
    Oct 3, 2006
    Location:
    127.0.0.1
    #14
    It sounds like you need to go back to Networking101 because that couldn't be further from the truth.

    MAC address are not software controlled. Each NIC has a unique MAC address that hard coded to that device. It is possible to spoof a different MAC address thereby hiding the original MAC address with software. Ultimately the MAC address that is hard coded to that NIC has not changed. Spoofing a MAC address is usually only done temporary to allow someone to bypass access control lists on servers, routers, or wireless access points.

    Since you say there are so many legitimate reasons why someone would need to spoof their MAC, name a few. Spoofing a MAC address is usually done to bypass the security on a network. In case you didn't know that is illegal and a Felony in the United States. Given that, I would say that much harm could come from it.
     
  15. ricrhys thread starter macrumors member

    Joined:
    May 22, 2008
    #15
    thanks buddy worked a treat,

    brand
    my legitimate reason is stated in my first post,
    in my ethical hacking module an understanding of security is vital and this is just part of the process, just trying to get a bit of a head start
    thanks again
    ric
     
  16. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #16
    The network at my workplace requires me to register my MAC address in order to receive an IP. I have two notebooks that I use regularly, but only ever take in one at a time to work. Rather than apply for two allocations, I simply spoof the MAC address.

    It's also useful for diagnostic purposes, such as testing your network setup to see if it quarantines unknown hosts.

    Oh, and no sane network administrator uses MAC addresses as a form of security for a wireless network. Anyone who attended "Networking101" (as you termed it) should know that.

    Sigh.

    If you re-read my post, you'll notice that I said that MAC addresses were software controlled. This is correct. A MAC address is not an immutable characteristic of the hardware (as "locked in to the hardware" would imply), but rather a variable characteristic, controlled either by software on the device (firmware) or on the device's host (i.e. drivers.)

    For all practical purposes it has. In most cases the MAC address presented to the network and to the host computer will be the "spoofed" MAC -- in such cases the NIC will be the only component that actually knows the "real" MAC address. This is just semantics though: the end result is that when you "spoof" a MAC address, it's usually indistinguishable from the device's "true" MAC.

    One of the most common reasons to spoof your MAC to get a DHCP server to assign a new IP address. This isn't in and of itself illegal, and is often quite a legitimate thing to do.

    Inferring that the only reason that one might want to spoof a MAC address is to commit a felony is absurd, and frankly makes me think that you're rather poorly-informed when it comes to network security. If I had to guess, I'd say that you're one of those people that thinks that changing a phone's IMEI is illegal in the US too...
     
  17. brand macrumors 601

    brand

    Joined:
    Oct 3, 2006
    Location:
    127.0.0.1
    #17
    That is also how we assign IPs at the college where I am a network technician. Assigning IPs by MAC address, a sort of static DHCP, is one of the easier and cheaper ways of initially restricting physical access to a network. Where I work we have an acceptable use policy ,as do most organizations, and the act of spoofing a MAC to gain access to the network is in violation of the policy and considered illegal.


    That is a valid reason but you did say that "there are quite a few legitimate reasons" why someone might want to change their MAC address. The 2 or 3 well known reasons that you have given would not be classified at "quite a few".


    While that is true, unfortunately I have met many home users that use MAC filtering as their only form of security. Additionally I have meet many network admins that use MAC filtering as only a single part of their security. I never said that that use it was their only method of security.


    I don't need to re-read your post because I never said that the MAC address was not able to be temporarily changed. Whenever that device is powered off MAC address reverts to the hared coded MAC of the NIC.

    Technically you are not supposed to be able to change to hard coded MAC in the firmware but there are still ways. For all intents and purposes and according to the standards it is not possible.


    While act of changing a MAC might not be illegal, using it as a means to connect to someone else's network is often times illegal and not a legitimate way to gain access.


    Maybe you should go back and re-read my post. I never inferred that the only reason one might want to spoof a MAC address was to commit a felony. The felony is a byproduct of their true intentions. I am actually very well educated in computers, networking, and security since it is what I do for a living. From what you have shown me you would be the one that is poorly-informed about network security.
     
  18. ppc750fx macrumors 65816

    Joined:
    Aug 20, 2008
    #18
    It's illegal if you're not authorized to use the network. If you are authorized to use the network, it's not illegal, although it may be a violation of your AUP. In my case, it's neither.

    Nope. I'm not gonna play that game. I gave you some real world examples of why one might want to do it. I'm not going to sit here and think up scenarios until you finally deem them of acceptable quantity and quality.

    And neither did I. My point was that no knowledgeable admin would use MAC filtering as a form of security at all. It's a about as much of a security measure as posting a sign next to the RJ45 ports saying "Don't be bad."

    I wasn't aware that it was stated in any RFCs (or similar) that MAC addresses were to be immutable. Out of curiosity, according to which standards is it not supposed to be possible?

    I've obviously struck a nerve here. :D

    Guess I'm poorly informed when it comes to network security. After all, I was foolish enough to think that basing your security around a trivially-modifiable pseudo-unique ID was a bad idea. Hell, I was even dumb enough to say that something that could be changed by software was "software controlled". You sure showed me.
     

Share This Page