A MAC address is a unique identifier assigned to your network card, and some networks implement MAC address filtering as a method of security. Spoofing a MAC address can be desired for multiple reasons, and it is very easy to spoof your MAC address in both Mac OS X 10.4 and 10.5. For the purpose of this article, we are going to assume you want to spoof your Mac’s wireless MAC address. So without further ado, here’s a 3 step process on how to do it:
Retrieving your current MAC address
First, you’re going to want your current wireless MAC address so you can set it back without rebooting. Launch the Terminal and type the following command:ifconfig en1 | grep ether
You’ll know see something like:ether 00:12:cb:c6:24:e2
And the values after ‘ether’ makeup your current MAC address. Write this down somewhere so you don’t forget it. If you do, it’s not the end of the world, you’ll just have to reboot to reset it from a change.
Spoofing a MAC address
To spoof your MAC address, you simply set that value returned from ifconfig to another hex value in the format of aa:bb:cc:dd:ee:ff
For this example, we will set our wireless MAC address to 00:e2:e3:e4:e5:e6 by issuing the following command:sudo ifconfig en1 ether 00:e2:e3:e4:e5:e6
The sudo command will require that you enter your root password to make the change.
Verifying the Spoofed MAC address worked
If you want to check that the spoof worked, type the same command as earlier:ifconfig en1 | grep ether
Now you will see:ether 00:e2:e3:e4:e5:e6
Meaning your MAC address is now the value you set it to. If you want to further verify the spoof, simply login to your wireless router and look at the ‘available devices’ (or attached devices) list, and your spoofed MAC address will be part of that list.
If you want to set your MAC address back to its real value, simply issue the above ifconfig commands with the MAC address that you retrieved in step 1. You can also reboot your Mac.
Enjoy!
Note: Reader Dee Brown points out the following, which may help with some users having difficulties: “running 10.5.6 you need to do the trick to disassociate from the network. ****DO NOT TURN AIRPORT OFF****. What you will have to do is click your airport and click join network and enter some bogus name as the network ssid. Then while it’s trying to connect click cancel.At this point you may spoof using the sudo ifconfig en1 ether command”
other reads point out that Dee Brown’s trick works in 10.5.7 and above too. Thanks Dee!
Update: If you’re still having problems with MAC address spoofing in Leopard or Snow Leopard, the above method still works but try disassociating with any wireless network BUT keep your wireless Airport on (as mentioned above) – an easy way to do this is to type the following in the command line:
airport -z
Note that you have to have the ‘airport’ command setup to work for users, you can do that by copy and pasting this command into the Mac Terminal:
sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
Once disassociated from the network you should be able to spoof your MAC address as usual
[Copied from http://osxdaily.com/2008/01/17/how-to-spoof-your-mac-address-in-mac-os-x/]
In Backtrack 4 it is easier to do the same. Just run the following:
ReplyDeleteIf the interface you want to change the mac address is "eth0" then,
ifconfig eth0 down
You can use any mac address you like. In this example i will use 00:11:22:33:44:55
macchanger --mac 00:11:22:33:44:55 eth0
ifconfig eth0 up
To confirm this has worked type:
ifconfig -a
or
iwconfig (for wireless interface)
and check the mac address of your card
In case of wireless interface, you have to type
airmon-ng stop eth0 (if eth0 if your wireless interface)
before doing the steps mentioned above. And type
airmon-ng stop eth0
after doing the steps mentioned above.