How to spoof your MAC address on Mac OS X (for reals)

Update: For users of Mac OS X 10.7 (Lion) and 10.8 (Mountain Lion), a much easier solution called SpoofMAC exists as a set of Python scripts. (via)

One of the oddities of Apple’s Mac OS X platform is that some things that should be easy are obtusely difficult, and remarkably so. Changing the hostname of a Mac OS X Server is one good example. Another is changing the “Ethernet ID” (aka. MAC address, aka. link-level address) of a network interface card.

This should be really simple, as the correct command line is plain as day (where the string of colon-separated 00’s is your preferred MAC address):

sudo ifconfig en1 lladdr 00:00:00:00:00:00

There are numerous blog posts all over the ‘net that tell you this time and again, but each one seems to have comments from users complaining that it doesn’t work on their system. I ran into a similar problem not long ago when my MacBook Pro didn’t do what I expected. Just like others, whenever I tried to run the above command, nothing seemed to happen:

ifconfig | grep ether # Determine current MAC addresses
sudo ifconfig en1 lladdr 00:00:00:00:00:00 # Try changing MAC address for en1 (usually Airport) 
ifconfig | grep ether # Confirm change; but uh-oh! Output is the same as before! Why?

Here’s how I fixed this problem.

The thing to know is that there seem to be a number of conditions that will prevent Mac OS X from successfully changing a NIC’s MAC address. Some are obvious and some are not. As far as I can tell, these conditions are:

  • having the interface “down” (i.e., if you’ve recently run ifconfig en0 down or an equivalent),
  • being associated with (i.e., connected to) a Wi-Fi network with your Airport card,
  • having the System Preferences application running,
  • forgetting to “unstick” the current system configuration set.

It’s the last one that bit me. Mac OS X has a feature called “system configuration sets” or “locations,” as it’s termed in much of the GUI. These can be accessed via the Network pane in System Preferences, or via the scselect command from Terminal; it’s that scselect command which offers the key to changing a Mac’s MAC address.

On my MacBook Pro (which, for the record and if it matters, is running Mac OS X 10.6.7), I need to do all of the following before running ifconfig, as shown above:

  • If I’m changing my Airport card’s MAC address, I need to disassociate from any network. (This can most easily be done by invoking airport -z from Terminal. If you don’t have this command, see my tips on where to find airport.)
  • Quit System Preferences if it’s open.
  • Tell the operating system to “delay changing the system’s ‘location’ until the next system boot” by running: scselect -n.

According to the man page for scselect:

scselect provides access to the system configuration sets, commonly referred to as “locations”. When invoked with no arguments, scselect displays the names and associated identifiers for each defined “location” and indicates which is currently active. scselect also allows the user to select or change the active “location” by specifying its name or identifier. Changing the “location” causes an immediate system re-configuration, unless the -n option is supplied.

[…]

-n Delay changing the system’s “location” until the next system boot (or the next time that the system configuration preferences are changed).

Once I perform the above rigmarole, I can then change my MAC address without issue. But I have to be ludicrously careful. As soon as I open the Network System Preferences pane or otherwise do something to change the system configuration preferences, I have to run through that rigmarole again before changing my MAC address will work as expected.

13 replies on “How to spoof your MAC address on Mac OS X (for reals)”

  1. I get the ‘connection timeout’ that all the other instructions result in. 10.6.7.
    I wish someone would just lay out the terminal commands. Give me the commandments, not the rabbinic-level commentary!

    This is what I enter in the Terminal:
    sudo airport -z
    sudo scselect -n
    sudo ifconfig en1 lladdr 11:11:11:11:11:11
    ifconfig | grep ether

    the last command confirms the change…. then when I try to connect to the wireless network, I get ‘connection timeout’ after entering my password.

    (some version suggest ‘ether’ instead of ‘lladdr’. either way it does not work)

  2. I wish someone would just lay out the terminal commands.

    It doesn’t seem to be a purely Terminal-based rigmarole, Tony. That’s why you’re not getting Terminal commands only. Although I suppose you could try this:

    airport -z
    osascript -e 'tell application "System Preferences" to quit'
    scselect -n
    sudo ifconfig en1 lladdr 11:11:11:11:11:11
    ifconfig | grep ether

    I added an osascript command for you so you could quit System Preferences, as I described in the post above, from the command line. However, you should note that if you have any other utilities that affect the “system’s location”—and I don’t know if there are any others beyond System Preferences.app—then you’ll want to quit those, too.

    Good luck.

    Oh, and ether is just a synonym for lladdr; they’re exactly the same command, only you use ether for earlier versions of OS X and lladdr for later ones.

  3. Thanks for the reply, but that still doesn’t work.
    The osascript is unnecessary since System Preferences is not running.
    Maybe something is clashing with it.. I’ll try creating a blank new user account and re-do the terminal stuff.

  4. Look people. ifconfig en0 ether 00:whatever DOES NOT change the actual MAC address on the card. It only changes it in the equivalent OS X registry for stupid commands like ifconfig. If an application does the system calls to get the active interface cards and reads the card, the original MAC address is returned.

    You are all retarded with this solution

  5. And if an application only reads the registry, the spoofed MAC address is returned, correct? Obviously, this would be successful depending on the context.

    Do you know how to “change the actual MAC address on the card,” repairman4? Your comment does not indicate that you do.

    Also, using words like “retarded” as an insult is a good indicator that the person using the word is at least lazy, and likely somewhat intellectually vacuous, since there are numerous alternatives that do not disparage people with disabilities. Consider considering that in your next comment, won’t you?

  6. OK. It seems in Lion spoofing doesn’t work anymore. The only thing we get is ‘Connection timeout’. Seems the connection software must be reading hardware id. On terminal level all seems OK (MAC address changed), but connections do not work :(

  7. Thanks for your tips but I am still not able to connect to Wi-Fi.

    I´m using a MacBook Pro 2.16Ghz with MacOs 10.7.5

    I try:

    sudo airport -z
    sudo ifconfig en1 ether 04:1c:09:0a:cb:4c
    sudo ifconfig en1 down
    sudo ifconfig en1 up

    I get the error “A connection timeout occurred.” when I try to associate to the wifi network.

    ifconfig en1 |grep ether list the new MAC address
    ether 04:1c:09:0a:cb:4c

    but
    networksetup -listallhardwareports still list the original MAC address

    Hardware Port: Wi-Fi
    Device: en1
    Ethernet Address: xx:xx:xx:xx:xx:xx

    Any ideias why networksetup still have the original MAC address ?

    Thanks

Comments are closed.