Tel: 617-314-9721
info@klcconsulting.net

Home

About KLC

Services

SMAC

Trojan Analysis Resources  

Simple + Intuitive MAC Address Spoofer on
Windows 2000, XP, 2003, VISTA, 2008, Windows 7, Virtual Machine (VM)


SMAC 2.7

SMAC Named to PC World's "101 Fantastic Freebies" List!

SMAC featured in Hacking for Dummies, 2nd Edition - "I like using a neat Windows utility called SMAC,..." by author Kevin Beaver, CISSP

SMAC-CL: SMAC Command Line Edition.  Scriptable Console based tool for spoofing MAC Addresses on Windows 2000, XP, 2003, VISTA.  

Babel Fish Translation:

  

Download Now   Try Now

SMAC is a MAC Address Changer (Spoofer) for Windows 7, XP, Server 2003, and VISTA systems, regardless of whether the manufactures allow this option or not. 

SMAC customers include major organizations such as Intel, HP, Boeing, Cisco, Siemens, CSC, Berkeley Lab, Sandia National Lab, Boingo Wireless, SPI Dynamics, ABB, etc.  Just to name a few...  There has been over 1,500,000 downloads.

NEW FEATURES - SMAC 2.0 presents many new features that have been in user's wish list! For example, Change MAC address in 3 clicks, generate Random MAC Address, automatic activation of new MAC Address, etc...

Check out ALL FEATURES!

 



SMAC 2.0 Screenshot -   Click to enlarge.

Screenshot 2

 


By:

Kyle Lai, CISSP, CISA

KLC Consulting, Inc.

klai@klcconsulting.net

www.klcconsulting.net 

 

URL of this article is http://www.klcconsulting.net/change_mac_w2k.htm 

   

Table of Content:

Why:
  • Protect Personal and Individual Privacy.  Some companies track users via their MAC Addresses...  In addition, there are more and more Wi-Fi Wireless connections available these days, and Wireless network security and privacy is all about MAC Addresses...

  • Perform Security Vulnerability Testing, Penetration Testing on MAC Address based Authentication and Authorization Systems, i.e. Wireless Access Points. (Disclaimer: Authorization to perform these tests must be obtained from the system owner(s).)

  • Build "TRUE" Stand-by (offline) systems with the EXACT same CompterName, IP, and MAC ADDRESSES as the Primary Systems.  If Stand-by systems should be put online, NO arp table refresh is necessary, which eliminates extra downtime.

  • Some online Game Players (Gamers) require changing the MAC addresses to fix IP problems for some reason...

  • Build High-Availability solutions.  For example, some firewalls that run on multi-port NIC's (i.e. quad port NIC) require the same MAC address for every port.

  • Troubleshoot Network problems.  Arp Tables, Routering, Switching, ...

  • Troubleshoot system problems

  • Test network management tools

  • Test incident response procedures on simulated network problems

  • Test Intrusion Detection Systems (IDS), whether they are Host and Network Based IDS.

  • If for whatever reason you need to keep the same MAC address as your old NIC, but your old NIC failed...

  • Some software can ONLY be installed and run on the systems with pre-defined MAC address in the license file.  If you need to install one of these software to another system with a different Network Interface Card (NIC) because your NIC is broken, SMAC will come handy.  However, you are responsible to comply with the software vendor's licensing agreement.

  • Some Cable Modem ISP's assign IP addresses base on the PC's MAC addresses.  For whatever reason, if you need to swap 2 PC's  regularly to connect to the cable modem, it would be a lot easier to change the MAC addresses rather than to change Network Interface Card (NIC).  (You need to check with your ISP and make sure you are not violating any service agreements.)

  • Over 1,500,000 downloads by users from major corporations and from around the world, making SMAC the most stable and popular Windows MAC Address Modifying utility.

How:
  • SMAC took advantage of the NdisReadNetworkAddress function in the Microsoft Device Driver Development Kit (DDK.)

  • NdisReadNetworkAddress(...) is called by the network adapter driver to obtain a user specified MAC address in the registry. After the driver confirms that there's a valid MAC address specified in the registry key, the driver then programs the MAC address to its hardware registers to override the burn-in MAC address.

Caution:
  • Make sure you DO NOT assign one MAC address to multiple NIC's on a local area network (LAN).  If you do that, you will create a lot of problems.  MAKE SURE YOU HAVE ONE UNIQUE MAC ADDRESS PER NIC!!!

  • Make sure you DO NOT use Multicast or invalid MAC addresses.  You can check out the Multicast MAC addresses at http://www.iana.org/assignments/ethernet-numbers.  Note:  "00-00-00-00-00-00" is not a valid MAC address.

  • MAKE SURE YOUR INTENTION AND PURPOSE IS LEGAL AND ETHICAL!!!

Tool:
  • SMAC is a Windows MAC Address Modifying tool, and is based on this research article.  SMAC is developed by KLC Consulting Security Team.  URL of SMAC is http://www.klcconsulting.net/smac

Getting Started

Before we get into the technical details, if you are not comfortable of changing MAC Address via registry entries, please use the User Friendly SMAC MAC Address Changer.  It will be less risk and it will make your life a lot easier. 

There could be couple ways to do change (spoof) MAC Addresses on Windows 2000, XP, 2003, and VISTA.  Make sure you read through the steps first.  If my explanation does not make sense to you, please use SMAC.  

The following information is provided “AS IS.”  If you have any inputs, please feel free to send me an email.

*** Disclaimer: Try these steps at your own risk!!!  These steps will work, but they are not supported by Microsoft.  
*** I will not be responsible for any damages that might occur on your system.
*** Please don't try the steps below if you do not agree with this disclaimer!

Before we start:  KLC Consulting Security Team has developed a Windows MAC Address Spoofing tool, SMAC.  SMAC is developed based on this research article, and it has many functionalities.  SMAC allows Windows 2000, XP, 2003 Server and VISTA users to change MAC address regardless of whether manufacturers allow this option or not.  URL of SMAC is http://www.klcconsulting.net/smac

Method 1:

This is depending on the type of Network Interface Card (NIC) you have.  If you have a card that doesn’t support Clone MAC address, then you have to go to second method.

    1. Go to Start->Settings->Control Panel and double click on Network and Dial-up Connections.

    2. Right click on the NIC you want to change the MAC address and click on properties.

    3. Under “General” tab, click on the “Configure” button

    4. Click on “Advanced” tab

    5. Under “Property section”, you should see an item called “Network Address” or "Locally Administered Address", click on it. (See figure below as an example)

    6. On the right side, under “Value”, type in the New MAC address you want to assign to your NIC.  Usually this value is entered without the “-“ between the MAC address numbers.

    7. Goto command prompt and type in “ipconfig /all” or “net config rdr” to verify the changes.  If the changes are not materialized, then use the second method.

    8. If successful, reboot your systems.

 

Method 2:

This method requires some knowledge on the Windows Registry.  If you are not familiar with Windows Registry, just use the simple-to-use SMAC MAC Address Changer to change the MAC addresses (the easiest and safest way,) or consult with a technical person before you attempt on the following steps.  Also, make sure you have a good backup of your registry.

1.     Goto command prompt and type “ipconfig /all”, and

    I. Record the Description for the NIC you want to change.

    II. Record the Physical Address for the NIC you want to change.  Physical Address is the MAC Address


figure 1.

2.     Goto command prompt and type “net config rdr”, and you should see something like

       
figure 2.

3.     Remember the number between the long number (GUID) inside the { }.  For example, in the above “net config rdr” output, for MAC address “00C095ECB793,” you should remember {1C9324AD-ADB7-4920-B02D-AB281838637A}.  You can copy and paste it to the Notepad, that’s probably the easiest way.  (See figure 2.)

4.     Go to Start -> Run, type “regedt32” to start registry editor.  Do not use “Regedit.”

5.     Do a BACKUP of your registry in case you screw up the following steps.  To do this

  1. Click on “HKEY_LOCAL_MACHINE on Local Machine” sub-window

  2. Click on the root key “HKEY_LOCAL_MACHINE”. 

  3. Click on the drop-down menu “Registry -> Save Subtree As” and save the backup registry in to a file.  Keep this file in a safe place.

IF YOU ARE NERVOUS ABOUT THIS STEP, JUST USE SIMPLE-TO-USE GUI BASED SMAC MAC ADDRESS SPOOFER TO MAKE THIS PROCESS SAFER and EASIER FOR YOU. ☺

6.    Go to “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}.  Double click on it to expand the tree.  The subkeys are 4-digit numbers, which represent particular network adapters.  You should see it starts with 0000, then 0001, 0002, 0003 and so on.  (See figure 3.)

   
Figure 3.

7.     Go through each subkey that starts with 0000.  Click on 0000, check DriverDesc keyword on the right to see if that's the NIC you want to change the MAC address.  The DriveDesc should match the Description you recorded from step (a.-I.).  If you are not 100% sure about the DriverDesc, then you can verify by checking if the NetCfgInstanceID keyword value matches the GUID from step (c).  
If there is no match, then move on to 0001, 0002, 0003, and so on, until you find the one you want.  Usually 0000 contains the first NIC you installed on the computer.
In this demonstration, 0000 is the NIC I selected. (See figure 3.)

8.     Once you selected the subkey (i.e. 0000), check if there is a keyword "NetworkAddress" exist in the right side of the window. (See figure 3.)

    I. If "NetworkAddress" keyword does not exist, then create this new keyword:

        i. Click on the drop down menu “Edit -> Add Value”.

        ii.  In the Add Value window, enter the following value then click OK.  (See figure 4.) 
            Value Name: = NetworkAddress
   
         Data Type: = REG_SZ 

                 
            Figure 4.

        iii.  String Editor window will pop up at this time (see figure 5.)  

        iv.  Enter the new MAC address you want to modify.  Then click OK.
        (There should not be any "-" in this address.  Your entry should only consist of 12 digits as seen in the figure 5.)

    II. If "NetworkAddress" keyword exists, make sure it shows the keyword type is REG_SZ, and it should show as NetworkAddress:REG_SZ:  .  This keyword might not have a value at this time.  

        i. Double click on the keyword NetworkAddress and the String Editor window will pop up. (See Figure 5.)

        ii.  Enter the new MAC address you want to modify.  Then click OK.
        (There should not be any "-" in this address.  Your entry should only consist of 12 digits as seen in the figure 5.)

           
        Figure 5.

The Simple-to-Use SMAC MAC Address Changer (Spoofer) is definitely a lot SAFER and EASIER for this type of process.  Check out some SMAC screenshots. ☺

 

9.     There are 2 ways to make the new MAC address active.  Method I does not require a system reboot:

    I.  Goto Start->Setting->Control Panel, and double click on "Network Neighborhood".
    WARNING: Make sure you understand that you WILL lose the network connection after completing step "ii." below, and
    if you have a DHCP client, you will get a new IP address after completing step "iii."

        i.  Select the Network Adaptor you just changed the MAC address.

        ii.  Right click on the selected Network Adaptor and click "Disable."  
       Verify the status column for this adaptor changes to "Disabled"

        iii.  Right click on the selected Network Adaptor and click "Enable."
       Verify the status column for this adaptor changes to "Enabled"

        iv.  If for any reason it cannot be disabled or re-enabled, you have to
        reboot your system to make the changes effective.

    II.  Reboot your Windows system. 

10.  Once completing step j (if rebooting the system, wait until the reboot is completed), go to command prompt, type “ipconfig /all” to confirm the new MAC address.

Note: SMAC 2.0 Professional Edition can do step 9 and 10 with "1-click" and that really means 1 click, on the "Activate MAC" button.

Now you have seen the whole process, it's time to see how SMAC MAC Address Changer (Spoofer) is a lot SAFER and EASIER for changing (spoofing) MAC Address on Windows 2000, XP, 2003, and VISTA . ☺

Restore The TRUE Hardware burned-in MAC Address:

If you want, just download SMAC Evaluation Edition and select the Network Adapter you spoofed, then click on "Remove MAC" to simply remove the spoofed MAC address.  That simple.  Or, if you like the technical challenge, please follow the steps below:

  1. Remove the entry you added:

  1. If you followed Method 1, then go back to the advanced properties window and remove the entry you add.

  2. If you followed Method 2, then remove the "NetworkAddress" keyword you added in the registry.

  1. Use step (j) above to activate the change you make.

  2. Once rebooted, go to command prompt, type “ipconfig /all” to confirm the original MAC address.

 

If MAC Address changes does not work:

If for whatever reason the MAC address cannot be changed using method 2, make sure you restore the registry setting by following the "Restore The TRUE Hardware burned-in MAC Address" instruction above.  If necessary, restore the registry you just backed-up to get your system back to the original state.  You can do this by clicking on the drop-down menu “Registry->Restore,” and restore your backup registry file.

MAC Address Spoofer:

KLC Consulting Security Team has developed SMAC, a Windows MAC Address Changer / Spoofer for Windows 2000, XP, 2003, and VISTA  Server systems, regardless of whether manufacturers allow this option or not.  SMAC has been used by many Fortune 500 companies to help enhancing their security and provide network solutions.   KLC has integrated features requested by network and security professionals, and SMAC has been published in many security books and training manuals.  SMAC URL is http://www.klcconsulting.net/smac

Reference:

  1. Microsoft MSDN - Network Devices and Protocols: Windows DDK NdisReadNetworkAddress function.

  2. Microsoft Windows 2000 Resource Kit - (Network adapters) {4D36E972-E325-11CE-BFC1-08002BE10318}

  3. Microsoft MSDN - Security Issues for Network Drivers

Additional information:

  1. SMAC MAC Address Spoofer for Windows 2000, XP, 2003 and VISTA

  2. MAC Address Spoofing on VMWare Hosted Virtual Machine (VM)

  3. MAC Address Spoofing for Windows 2000, XP, and 2003, and VISTA systems

  4. MAC Address Spoofing for Windows NT 4.0

  5. MAC Address Spoofing for Windows 98/ME

  6. MAC Address Spoofing for Unix/Linux

  7. MAC Address Spoofing for Macintosh

  8. Trojan Analysis by Kyle Lai

 

About KLC Consulting:

KLC's mission is to provide a continuous effort to protect the confidentiality, integrity and availability of your corporate resources and data. Through each stage of the information security lifecycle, we help you prevent, detect, respond to, and resolve your enterprise security issues.  We published several best practices articles and virus analyses to assist the public to stay secure.

KLC encompasses security expertise in the MAC Address (Network Address) based Security, Networking and Application Security, Financial Institutions (GLBA), Healthcare (HIPAA Security) and Pharmaceutical (21 CFR Part 11), Vulnerability Management and Protection, Security Technologies Design and Implementation, and a full range of Professional Security Services.

Contact KLC Consulting:

KLC Consulting, Inc.
http://www.klcconsulting.net 

Telephone:
617-314-9721

E-Mail:
info@klcconsulting.net 

Postal Mail:
KLC Consulting, Inc.
PO Box 395
Holden, MA 01520

Copyright © 2002-2011 KLC Consulting
All rights reserved.

Legal Disclaimer