HOW TO: Change / spoof a physical MAC address in Windows

There are many reasons why you would want to change your MAC address (or to be precise: the physical address of one of your wifi or ethernet devices). The following article will focus on possibilities and limits of changing this identifier using Windows operating systems.
Changing these values without the need of complex or commercial software is explained in an easily understandable way so that ideally you only need everyday computer knowledge to follow.

Every device you use to access the internet or another network has what you can call a MAC address - a unique identifier of the form XX:XX:XX:XX:XX:XX that is factory assigned to the device (see Wikipedia). While you cannot change this factory burnt-in identifier, you can tell your operating system to use a string of your choice instead of this factory address when communicating with a network. As many systems (like your local Wi-Fi at McDonalds, Starbucks, University or in a train) use this address to identify you (because there is basically no other identifier for this purpose), it might be of interest to change or, to use the correct word as you cannot change the factory address, spoof  it. For example, if a 30-minutes-limit or anything else blocks you from using this network.
MAC Address (Windows 8.1; in yellow)
There are many ways how to change this identifier, basically you can download a program, change your network adapter settings (as explained here), or in the Windows registry (as explained here; this is basically the best way as a program or changing the adapter settings does nothing else as change this registry entry. If the value does however not exist, you can easily generate it here). You can easily check if a mac address changed using the command line (Windows+R, then type cmd) and there entering either ipconfig /all (which shows many netowrk infos) or getmac (which - surprise - shows the physical addresses of your adapters).

This change of a MAC identifier does however not always work - and to be precise, it should also not always work. An IEEE authority convention dictates how the OUI (the first half of a MAC address) has to look like, and a very important rule regulates the use of the two last bits of the first byte of the MAC identifier. The MAC address consists of six bytes (XX in the top example represents one byte), where one number is described by four bits. And this rule says that a single-device MAC address that is not from a company (so, for example your spoofed one) has a 0 as last bit in the first byte (or first octet of bits), and a 1 as second-last bit. With this information at hand, it is clear that the second value (so to say Y in a MAC identifier of the form XY:XX:XX:XX:XX:XX) can only be formed by four bits of the form 0010, 0110, 1010, or 1110. This means Y can be 2, 6, A (after 9 comes A in the hexadecimal system), or E. While Windows XP for example does not care about these inventions, Windows 8.1 or other new systems do (open systems like Linux do usually not, by the way), especially when configuring a wireless device (LAN ethernet adapters for example are not regulated this way by Windows 8.1). This is a common issue when people try to figure out problems changing the physical address of their Wi-Fi adapters and the change does simply not work, because Windows will only spoof the address if the convention is followed.

Wi-Fi im ICE - ab jetzt ohne Begrenzung.
This makes it relatively easy for webmasters or admins to regulate access of devices with spoofed MAC addresses, as simply addresses with 2, 6, A, or E in second position are blocked. When you use open systems like Linux, or a virtual machine with Linux inside Windows 8.1 tunneling the network traffic, you can however still use any identifier you wish.

0 Kommentare:

Kommentar veröffentlichen

Kommentare verfassen ist hier sehr einfach, man kann sogar ohne Anmeldung anonym Kommentare hinterlassen. Also, zeig' uns deine Meinung ...



E-Mail *

Nachricht *