Batch MAC Spoofer
Windows has always been restrictive compared to Linux. While Linux developers are benefiting from the power of pure hardware, Windows users, on the other hand, were given GUI based user experience, which depends on API calls, not giving the vibe of full control. Even though Windows doesn’t seem like an OS with ultimate customizability, there are still ways for achieving some Linux-ish tasks on Windows. Talking about tasks, this project is based on the tool “macchanger“, which is working on Linux, to give similar functionality to Windows machines. You can eventually download the source code immediately but I recommend you to take a look at the information about MACs and this script below. 😀
This tool is intended to teach IT Security enthusiasts about network security implementations. Any illegal activity is not our responsibility.
What Is A MAC Address?
The MAC ( Media Access Control ) is a unique identifier number for network interface cards ( NIC ). MACs are used to detect the location where a network packet should go along with the IP on networks. The difference between IPs and MACs is MACs are always static while IPs can be dynamic according to how and where you connect to the Internet.
Every MAC follows the same rules:
- Each character is represented in hexadecimal numbers.
- There are a total of 12 characters, or 6 pairs.
- Every pair is separated from another with a semicolon.
An example for a MAC Address -> 0E:BF:C8:25:FF:9A:B6
- If you are a Windows user, you can check yours from the command prompt by typing: ipconfig /all or getmac
- If you are a Linux user, you can use ifconfig command on the terminal.
Technically, a MAC Address is not alterable. Each one of them is burned into your network interface card. Even though they cannot be changed directly on the hardware, the software side can spoof it. The potential power of spoofing MAC addresses is so valuable since a MAC Address gives a lot of information to anyone who has a technical understanding.
What Can You Infer From A MAC?
MAC Addresses are consist of 2 parts. Each part includes 3 pairs of characters. The first 3 pairs are the most valuable ones because they reveal the information about your device’s manufacturer. A hardware company sets the same pairs onto their similar hardware. Because of this, you can predict what the device is. There is a database that consists of MAC pairs and manufacturer names on the website wireshark.org. The last 3 pairs are for identifying unique devices. This information can still be useful.
With this web-based tool, you can query yours or other people’s MAC address.
MAC Spoofing On Windows
The trick behind scenes depends on the Windows Registry, where much information is stored about the machine and users. The script simply finds where the information about your network card is stored which you selected. And then changes the value in the registry with the one you specified in the script.
Registry is the location of many information about the machine and the users. Many things can be altered or viewed.
Including MAC Addresses. 🙂
You have to run the script with administrator privileges. Writing to registry requires admin rights.
The script simply welcomes you with the interface selection screen, where you specify the interface you wish to use if you have more than one. If you have only a single interface, the script automatically sets it as default.
Note: This script only works with wireless interfaces, do not expect any functionality with ethernet cards.
Then the main menu pops up. You have the option to select your interface later. You can also plug in any new/external interface and select it later on the interface selection page.
After typing “macspoof”, you have 3 options, you can randomize the MAC, define it with your custom MAC, or revert to its original static form. Be careful when typing the custom MAC, Windows accepts only some patterns for new MACs. Do not put semicolons between pairs, and do not use any character different than E, A, 2, or 6 while typing the second character. Example:
0ABBCCDDEEFF -> The second char is A so it is valid.
EXBBCCDDEEFF -> The second char is X so it is invalid.
a6bbccddeeff -> The second char is 6, and lower case values are also accepted so it is valid.
aa11bb22cc33dd -> Length is longer than 12 chars so it is invalid. Shorter lengths are also not accepted.
A Demonstration Video By TUX
Note: This video shows the script version 1.0.0 which doesn’t include the custom-defined MACs. This feature came after the update 1.1.0.