A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle




MadMACs: MAC Address Spoofing and Host Name Randomizing App for Windows 7 (Should work in Windows Vista and Windows 8 too)

MadMACs: MAC Address Spoofing and
Host Name Randomizing App for Windows 7
(Should work in Windows Vista and Windows 8 too) 

from Irongeek

Download Newest MadMACs

        I wrote MadMACs awhile back, as a simple script to randomize my MAC address (and host name) in Windows on every boot. I had not updated it in a long time so it stopped working well in newer versions of Windows (Windows  7, Windows Vista and Windows 8). When someone would try to get MadMACs to work on a newer version of the OS, Windows would not always respect the registry setting for what MAC address they were suppose to use. Seems that if it is a wireless interface, the 2nd nibble has to be a 2, 6, A or an E on Windows Vista and newer. I included functionality in the new version of MadMACs to make sure this nibble is correct if you tell it the NIC you are trying to change/randomize the MAC address on is a WiFi card. I've also added a GUI for configuring your MAC addresses on your network cards (the old version used prompts), made the config file more INI like, and made it so that MadMACs itself can reset your adapter and start using the new MAC address immediately (name changes will take a reboot).

Source code is included. Here are the simple directions:

1. Place the EXE where you intend it to be ran from.
2. Choose the interface to configure.
3. Set a prefix (or the whole MAC address if you don't want to randomize) you want to use.
4. Set the "Change Default MAC address on this interface" check box.
5. Set "Check if this is a WiFi NIC (or some problematic wired ones) under Vista/7/8 (2nd nibble randomly set to 2, 6, A or E)" however you want.
6. Click "Save/Apply" to save and apply you MAC address settings.
7. Toggle "Run On Startup" as you see fit. Turn it on if you want to randomize the MAC address on every boot.
8. If you want to rename the computer on each boot (useful for some DHCP related logging issues), rename "Sample dic.txt" to "dic.txt" or provide your own computer name list text file in the same directory.

Enjoy, and I take no responsibility if it screws anything up. It's been working fine in my Windows 7 64bit test environments so far.
 

Notes from older, pre-2.0 versions

 

Description:

        I hope you enjoy this little MAC address and host name changer. When Glj12 told me about his host name randomizer, I told him about my desire to make a MAC address randomizer. We decided it would be cool to rap them both together, so I ported parts of his VBScript to Autoit3.

        MadMACs was designed with the privacy paranoid in mind. The two main things a DHCP server records when you get an IP from it is your host name and the MAC address of the network card you are connecting from. This is identifying information that not all users want to leave behind. MadMACs allows you to randomize this information after it runs and reboots.

        If you have the source It can be compiled with Autoit3 from:

            http://www.autoitscript.com 

        I chose Autoit3 because it's free and very flexible. To find the latest version of MadMACs and its documentation visit:

            http://irongeek.com 

and look in the apps section.

Configuring MACs to Spoof and Randomize:

        The first thing you should do is copy MadMACs.exe to what ever directory you plan to have it run from. If mac-config.txt does not exist in the same directory as the binary a wizard will come up and guide you through configuring which adapters get their MAC addresses randomized. The Wizard will ask you what prefix to use on the MAC address, keep the default 00 unless you want to use a specific vendor's MAC address range. For a list of vendor specific prefixes see:

            http://standards.ieee.org/regauth/oui/oui.txt

        This wizard also lets you set a registry entry to automatically run the randomizer on start up. There are two possible command line parameters:

config
        Brings up the setup wizard
remove
        Removes all of the registry entries.

        If you run MadMAX without parameters you are asked "Do you wish to remove MadMACs from startup and clear the registry? Click No to configure MadMACs instead or Cancel to forget the whole matter." Make the logical choice to get the desired outcome.

        If you want MadMACs to randomly set your host name make a text file called dic.txt in the same directory as the binary. This text file's format is one word after another separated by line feeds. If you are feeling lazy just rename the file "sample dic.txt" that comes with MadMACs to "dic.txt". MadMACs will randomly select a word from dic.txt and make that your host name. You may not want to use the host name randomizing functionality if you need to reach the host with the same name every time.

        Most of the setting don't take effect until the computer reboots (sort of :) there are exceptions, like if you disable and enable the adapter). Basically, the current session randomizes the next session. If you have questions about the code, ask on the Binrev forums so I don't have to answer the same questions over and over again in email.

        I take no liability for the misuse of this code. If you mess up your system or network with a bad MAC address or host name it's your fault. Use at your own risk. I've only tested it in Windows XP, and Vista so far. Consider this code GPLed.

Side Notes:

        A patron of my website pointed out that MadMACs, and other similar tools, seem to have a problem randomizing the MAC address under Windows Vista if you are using the Intel Wireless WiFi Link 4965AGN chipset. It will work with the 4965AGN  if you randomize only the last two digits, and start it with the prefix 1234567890. It will also let you set the whole MAC address to DEADBEEFCAFE, or even let you randomize all 12 hex digits. However, if you take the default prefix of 00, MadMACs will make a random address up and put it in the NetworkAddress registry value, but the 4965AGN chipset drivers will not honor it. If anyone knows why, please contact me.

        For more information on how MAC addresses work read my article here:

            http://www.irongeek.com/i.php?page=security/changemac

        Thanks to Chronos and the others from BinRev for helping me with the name.

            http://www.binrev.com/forums/index.php?showtopic=25548 

        Thanks to the Ispell project for the sample word list. If you want a more polished Windows MAC Spoofing tool see:

            http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp

        It's great, the only reason I wrote MadMACs was to better automate the randomization of MAC addresses and to add in the host name changing functionality.

        If you want a simular tool to this for Linux look at:

            http://www.hak5.org/wiki/MAC_Randomizer

 

Change Log:

Ver. 2.0: 12/26/2012 GoHP from: http://gohpdee.com/ told me awhile back a few tips of how things have changed in versions of Windows post XP (Vista, 7 and 8) when it comes to setting a MAC address. Seems that if it is a wireless interface, the 2nd nibble has to be a 2, 6, A or an E. I included functionality in the new version of MadMACs to make sure this nibble is correct if you tell it the NIC you are trying to change/randomize the MAC address on is a WiFi card. I've also added a GUI for configuring your MAC addresses on your network cards (the old version used prompts), made the config file more INI like, and made it so that MadMACs itself can reset your adapter and start using the new MAC address immediately.

Ver. 1.2: Qwasty let me know that if host name randomization is used with MacMACs, and the host name is over 15 characters (or has certain bad illegal characters) it can cause all sorts of lsass.exe errors on boot up. To fix this, I've updated the code to do some sanity checks on the possible hostnames given to it in dic.txt. Hopefully this fixes the problem. I also compiled it with the newer Autoit3 v3.2.12.1.

Ver. 1.1: Added better Vista support. It's compiled with Autoit3 v3.2.1.14 (beta), so older versions may not compile the script right. When you login to Vista you will still have to either tell it to run via the error message you see in the system tray about start up apps, or just turn off User Account Control (UAC).

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast