MAC address (Media Access Control address) is a quasi-unique identifier consists of a six byte number that attached to most network adapter card or network interface card (NIC). As such, all network cards, whether it’s of Ethernet NIC, Gigabit Ethernet NIC or wireless 802.11a/b/g/n WiFi or Hiper-LAN adapter, should have different MAC addresses, which also known as Ethernet Hardware Address (EHA) or adapter address.
In operating system, MAC address is often represented in 12-digit hexadecimal number. In practical usage, layer 2 MAC address is converted from layer 3 protocol addresses such as Internet Protocol (IP address) by ARP (Address Resolution Protocol), which then allowed each host to be uniquely identified and frames to be marked for specific hosts on broadcast networks, such as Ethernet. After translated (or when a host on LAN sends its MAC address to another machine which does n ot configured not to accept unrequested ARP replies on the network for preemptive caching), MAC address is cached on source PC ARP table for later use. Content of ARP table on each computer can be viewed by typing arp -a in Windows or arp in Linux. MAC address thus forms the basis of most of the layer 2 networking upon which higher OSI Layer protocols are built to produce complex, functioning networks.
There are many reasons or possibilities that an user may want to change the MAC address or a network adapter, which also known as MAC spoofing. For example, to bypass the MAC address filtering on firewall or router. The trick can be used to get pass the network access restriction by emulating a new unrestricted MAC address, or to gain access connection by spoof an authorized MAC address after sniffing the legitimate MAC address out of the air in MAC filtering Wi-Fi network.
Beside, hackers or enthusiasts also spoofing another host’s MAC address as their own in order to receive traffic packets not meant for them, although ARP poisoning technique is more commonly used. However, changing MAC address can still keep the real information from been detected and logged by various services such as IDS, firewall, DHCP server, wireless access points and etc, and is essential protect user’s privacy. MAC spoofing also potentially trigger a Denial of Service (DoS) attack by causing routing problem with duplicating MAC address exists in the network, especially those similar with gateway and AP router’s BSSID (Basic Service Set Identifier.)
Whatever the reason, it’s pretty easy to change the MAC address or perform MAC spoofing on most of today’s hardware, listed below. Actually, the original MAC address is burnt and imprinted to the network card, and cannot be changed. However, operating system can spoof as if there is different MAC address for the network interface card using tricks below.
Change the MAC address in Windows
1. Go to Start -> Control Panel. Double click on Network Connections (inside Network and Internet Connections category in Windows XP
). The, right click on the active network connection with network adapter that you want to change the MAC address (normally Local Area Network or Wireless Network Connection) and click on Properties.
Above steps work in Windows XP, Windows 2000 and Windows Server 2003. For Windows Vista, access to NIC’s properties is from Control Panel -> Network and Internet -> Network and Sharing Center -> Manage Network Connections.
Alternatively, if you already know which network adapter that’s responsible for your network or Internet connection, go to Device Manager and open the properties dialog by double click on the NIC itself.
2. In the General tab, click on the Configure button.
3. Click on Advanced tab.
4. In the Property section, select and highlight Network Address or Locally Administered Address.
5. To the right, “Not Present” radio button is by default selected as value. Change the value by clicking on radio button for Value:, and then type in a new MAC address to assign to the NIC.
Change MAC Address of Network Adapter
The MAC address consists of 6 pairs of numbers (0 – 9) and characters (A – F) combination.
6. Click OK when done.
7. To verify the change of MAC address, go to command prompt, then type in one of the following commands:
ipconfig /all
net config rdr
8. Reboot the computer if successful to make the change effective.
Note: To restore or reset back to original default MAC address, simply set back the option to “Not Present”.
Change the MAC Address of NIC in Windows via Registry
1. Open a command prompt.
2. Type the following command and hit Enter.
ipconfig /all
3. Record down the Description and the Physical Address (is MAC address) of the active network connection (discard those with Media Disconnected state).
Get MAC Address for Network Card
For example, in figure above, Description is Intel(R) Wireless WiFi Link and MAC address is in the format of XX-XX-XX-XX-XX-XX.
4. In the command prompt also, type the following command and hit Enter.
net config rdr
5. Record down the GUID for the MAC address for the active connection’s NIC which MAC address to be changed. The GUID is contained within the { and } brackets right in front of the MAC address as shown in figure below.
GUID for the NIC
6. Type regedt32 or regedit in Start -> Run box or in Start Search for Windows Vista. Note: for Windows NT 4.0 and Windows 2000, regedt32 must be used.
7. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
8. Expand the {4D36E972-E325-11CE-BFC1-08002BE10318} tree, and there will be more sub-keys in the form of 0000, 0001, 0002 and so on.
9. Go through each sub-key starting from 0000, look for subkey that has DriverDesc value data that matches NIC description copied from step above, that want its MAC address to be changed. In most cases, it will be similar to the network adapter card name.
To verify that the subkey found is indeed a correct one, check the value of the Net-CfgInstanceId, which should have the same value with the NIC’s GUID taken from step above.
10. Once a sub-key is matched to the network interface card that MAC address want to be spoofed, select and highlight the subkey. Right click on the sub-key (for example, 0000), then select New -> String Value. Name the new value name as NetworkAddress.
Note: If NetworkAddress REG_SZ registry key is already existed in the right pane, skip this step.
11. The double click on NetworkAddress and enter a new MAC address as its value data.
Change and Spoof MAC Address in Registry
Note that the 12-digit MAC address in hexadecimal format, and should be entered without any dash (-).
12. Reboot the system to make the new MAC address effective. Alternatively, if you don’t want to restart the system, try to disable and then re-enable the network adapter in Device Manager.
13. To verify the change of MAC address, go to command prompt, then type in one of the following commands:
ipconfig /all
net config rdr
Note: To restore or reset back to true original hardware burned-in MAC address, remove the NetworkAddress registry key that is been added.
Alternative: Third party tools and utilities to change the MAC address in Windows operating system are plenty, for example: SMAC (direct download link to smac20_setup.ex, supports Windows Vista, XP, 2003, 2000), Macshift (direct download link to macshift.zip, for Windows XP), BMAC (almost identical SMAC MAC changer clone by moorer-software.com), Mac MakeUp (direct download link to macmakeup.zip, for Windows 2000/XP/2003/Vista), MadMACs (MAC Address Spoofing And Host Name Randomizing App For Windows, directly download MadMACs.zip), EtherChange (direct download link to etherchange.exe), and Technitium MAC Address Changer (for Windows 2000 / XP / Server 2003 / Vista / Server 2008).
No comments:
Post a Comment