This works on other system menu bar icons, as well as on menus in some apps. For example, holding option down with the File menu open in most Apple apps gets you the "save as" item.
Now you'll spend your next hour option-clicking random stuff. Sorry.
Option is the most irritating feature of mac UX, everywhere it keeps popping new hidden features, it is true even for top menu and simple navigations.
Most irritating for me is if all windows of an app are hidden (minimized), simple Cmd+Tab doesn't brings anything to focus, but some gymnastics with Option and voila now you can see your Slack.
Author here! Yeah, that menu option was super useful to find, too. I've not really used this shell script for a while (I spend a lot less time in coffee shops now because Covid) but I still use the option-click thing regularly.
I gave it a try and couldn't get it to change. It will show as the new address in the terminal window but when I hit option + wifi it shows me the prior address.
I am actually suprised this was possible even in Mavericks. Using it since then...
Yes UI shows original address and existing connection will use existing address (ie not changed) But if you re-connect (turn off then on WiFi) it will use new one.
Weirdly "disconnect" was always using whatever set in the ifconfig. Meaning that I could "deauthenticate" other people by spoofing their address.
I’ve always wanted to try this on airplane wifi to (1) avoid the ridiculous charges and (2) see what happens when I share a MAC address with someone who already paid and is on the network ... I’m guessing nothing good.
Of course I need to first use wire shark or something to get a MAC address that’s already connected to the network. This is where I’m hazy.
Since most paid wifi networks let you log in without a network password and then gate internet access by redirecting HTTP/DNS requests to a captive portal, it should be possible to launch an ARP spoofing attack [0] to impersonate the default gateway, causing all clients to route their traffic to your device, whereupon you can examine it with WireShark or tcpdump to get at their MAC addresses. I've tried something similar while bored on a flight, but sadly the Surface Pro 7's Windows network drivers don't seem to let you change your MAC address.
If it's an open (unencrypted) network you don't even need to ARP spoof. Their MAC address will already be in cleartext in the packets - just start your interface in monitor mode on the proper channel and capture some traffic.
Cray computers were very famous in the 1970s and 1980s as highly specialist, highly parallel super computers with a fantastic marketing gimmick: not only were they the same size as 5 large refrigerators, they also came with their own built-in couch.
I always use Sage (the accounting software folks) one of 00-80-2c as it's burned into my memory 30 years later after working on Sage Mainlan back in the days...
I chose Silicon Graphics (08:00:69) and it's fascinating to see that anyone else did, for any reason. For reference, my ISP hands out 2-8 IPv4 addresses, expiry indefinite (unless I power down), to clients connected to the cable modem. So my stack looks like
Depending on the mood of the ISP, I can have several other networks running from the 4-port switch. If I spoof those MACs repeatedly, I can get an arbitrary (within range) block of public IPs, and there's some seriously weird behavior in allocating those IPs (change my MAC 48 times in a row, end up on the same IP I had just lost from a power outage?)
But actually do people still bother with mac-spoofing in 2020? It's from a security/nw-admin pov next to useless (whitelist/filtering nor does it boost privacy of end-users). IMHO it gives people false sense of security and as a "practice" seems like a relic from the 90ies.
I don't know how it is now, but I remember a lot of generic/no-name Androids using the Mediatek platform would have random MAC addresses (which change every time you re-enable WiFi) because the manufacturer didn't bother writing a fixed one, so the firmware automatically generates a random one to use.
This is not about privacy but access restriction (wifi in public hotspot limited to e.g. 30mins). And there it is still a very inexpensive solution i guess.
Plenty useful back when Panera limited you to 30 minutes of wifi; no idea if they still do.
Their wifi solution tracked you by MAC -- I think it was Sonicwalls? -- so when you hit the 30-min limit you'd spoof the MAC, re-connect, then back to business as usual.
I'd usually comply when the place was bumping -- hard to work when it's loud and crazy -- but most of the time it was empty in the mornings and the 30-min-limit was pointless.
A very useful thing that I automated recently is changing my router’s MAC address and subsequently rebooting the modem. For my ISP (xfinity) this has the amazing benefit of getting me a new IP. For a home connection, your IP is the easiest way to track you. Yes VPNs exist and are better (depends on provider, latency, blahblah), but if you don’t mind your ISP seeing your traffic and instead just want to avoid an IP representing your identity, it’s a very easy way to accomplish this.
I learned this back in the day when running into daily transfer limits on free file sharing websites. Big hassle when trying to download multi-part zip archives on a weekend.
Nowadays people upload to Google Drive, plus other hosts have more relaxed limits, so I haven't had the need to do it as often. But it's still useful to know.
I always wondered what happend to the rapidshare/megaupload space that existed if that’s what you mean by “free file sharing websites”. Curious where people moved to/what are the major indexes now?
When I used something like this on macOS, it confused software like OmniFocus that used the MAC address for licensing and synchronization. I'm not sure if that's still the case, but worth keeping an eye on.
My high school provided MacBook Pros to students that would only connect to the network if the MAC address was whitelisted. Since I wanted to use my own newer Mac, I spoofed the address of my school provided one.
Since it was an open network, it was simple scraping the network for other connected devices and spoofing one at random, and I was surprised when the same technique worked in say, hotels with open networks.
My university required registration of MAC addresses for whitelisting & bandwidth metering. My enterprising roommate and I worked out that we could bypass all bandwidth limitations by spoofing the MAC addresses of machines in the computer labs as long as the machine was turned off. We eventually got caught for using something like 90% of the university's total bandwidth - the security admin was thrown for quite a loop when he tracked down the machines that were supposedly using all of the bandwidth and found that they were turned off at the time. Apparently it took some creative techniques to figure out where the traffic was actually coming from.
Our punishment was something like two weeks with all internet access revoked (except for the use of lab machines for classwork), plus a written apology, plus a signed agreement not to violate the acceptable use policies again or else face the real punishment for what we did.
The school administrator in charge of the punishment asked the security admin what we were downloading (this was when the MPAA/RIAA were cracking down hard on people uploading files on sharing networks), but the security admin had mercy on us and told her he didn't think it was relevant, thank god!
> Apparently it took some creative techniques to figure out where the traffic was actually coming from.
probably they did lookup the MAC address on the switches and saw it on a port that did not match expectations. if you were using a wired connection this would trivially lead to you... on wireless you would have to narrow it down further by monitoring signal strength of the station :)
This was ~15 years ago. The bandwidth metering was in place to throttle people doing big downloads via the internet. We had something like 1gb per week at 100mbps, then gradually got brought down to something like dialup. Internet2 was not metered.
There were people running internal torrent trackers and file indexing/sharing sites on the LAN that could saturate the network infrastructure between the various dorms and buildings on campus. I guess the whitelisting also helped figure out who was doing what when problems happened.
My university dorms didn't allow XBox 360s or other gaming systems on the network, so I did the same thing by spoofing my laptop's address. I wasn't much of a "HACKERMAN" growing up, but this was one accomplishment that really drew me in and caused me to start studying OSI.
Yes but if they were connected to the same router.
Most of these systems are distributed and having multiple APs connected to some central Radius server.
Because modern systems optimize for roaming between nodes, you can join network, use dns-sd to gather mac addresses of the computers which are not physically connected to your AP (in conjuction with 'tcpdump -I')
Then voila, 2 devices using same MAC without any problems.
PS. I personally use "printer" addresses for 2 reasons:
1: generally everyone forgets to nicely setup firewall for them since they're infrastructure objects.
2: they have relatively less traffic and probably located some obsecure room with an AP for them.
i was less concerned about authentication issues and more about routing issues as ARP would lead to results depending on time and location inside the network topology...
Don't just randomly pick numbers for a mac address. Make sure the bit 1 of the leftmost octet is set to 1, which indicates a "locally administered" mac address, and that bit 0 of that same octet is set to zero, which indicates a non-multicast address.
ifconfig en0 | grep ether # one of these will return a MAC address that matches
ifconfig en1 | grep ether # the value you saw when looking for your current
ifconfig en2 | grep ether # mac address.
ifconfig en3 | grep ether # Keep incrementing the `en0` value until you run out of
# devices
I would have solved this by running “ifconfig -a | less” and then typing “/ether”. I’m curious if anyone has a different way of doing it!
At most you'll annoy your internet service provider. MAC addresses don't leave the immediate network they're used on, so you can do whatever you want within your home network.
It’s not an issue with Big Sur, rather it’s a hardware issue with Macs starting around 2018. I had the same problem on a 2020 MacBook Aid running Catalina.
Author here - Sorry about that! I'm still running an older (2017-era) MBP, but honestly I think many other solutions kicked around in the comments here are better than what I'd come up with.
(I'd really wanted to write a bash script, this seemed like a good option.)
I have to always do this to pass those hotel wifi login portals.
What I will do is spoof my mac address to match my laptop, and then pass the login wall to create a session. Then restore the original mac address, and then I can finally use my apple tv on the hotel wifi...
Then I use someone who's idle but has legimitate connection.
Please note that those networks are not encrypted/secured at all. So anyone within range (or with large antenna) can essentially capture or inject something...
This has been sitting in my ~/scripts/ folder for the past 3.5 years. Just changing randomly the last pair was enough to do the trick in most situations.
Also it requires understanding the first time which one is your WiFi interrface.
107 comments
[ 2.9 ms ] story [ 147 ms ] threadNow you'll spend your next hour option-clicking random stuff. Sorry.
Most irritating for me is if all windows of an app are hidden (minimized), simple Cmd+Tab doesn't brings anything to focus, but some gymnastics with Option and voila now you can see your Slack.
I hope it continues to be useful to you!
Switched to Powerline on the command prompt a while ago and can't go back.
On a Mac to change your MAC address of the Wi-Fi card, type: ifconfig en0 ether ab:cd:ef:ab:cd:ef
Replace en0 by another interface if needed
Yes UI shows original address and existing connection will use existing address (ie not changed) But if you re-connect (turn off then on WiFi) it will use new one.
Weirdly "disconnect" was always using whatever set in the ifconfig. Meaning that I could "deauthenticate" other people by spoofing their address.
http://www.gnu.org/software/macchanger
Of course I need to first use wire shark or something to get a MAC address that’s already connected to the network. This is where I’m hazy.
[0] https://en.wikipedia.org/wiki/ARP_spoofing
https://wiki.archlinux.org/index.php/MAC_address_spoofing
1. https://ubuntu.com/blog/if-youre-still-using-ifconfig-youre-... 2. https://wiki.archlinux.org/index.php/MAC_address_spoofing#ip... 2.
”We’ve got a problem; someone’s misusing the crap out of the free wifi”
”Lets narrow it down by hardware: what kind of device are they using?”
”How should I know!?”
”Check the first three bytes of their MAC address; it’ll tell you the mfr”
”OK... checking now... yeah I see them... looking up their MAC... bingo... hey, what is ‘Cray Inc’?”
—
Better versions of this joke are available here:
http://standards-oui.ieee.org/oui/oui.txt
https://en.m.wikipedia.org/wiki/Cray-1
The idea of someone wheeling one of these into a cafe (because they are stealing the free wifi) causes me non zero amusement.
The NSA example from someone else is better.
Interestingly the only time I’ve ever had the pleasure of reclining on a Cray banquette was at the NSA’s cryptology museum at Ft Mead.
[Motorola Surfboard]->[4p 1GbE Switch]->[Linksys E3000 (08:00:69::)]
Depending on the mood of the ISP, I can have several other networks running from the 4-port switch. If I spoof those MACs repeatedly, I can get an arbitrary (within range) block of public IPs, and there's some seriously weird behavior in allocating those IPs (change my MAC 48 times in a row, end up on the same IP I had just lost from a power outage?)
Just using a random value might give you "interesting" effects and lot of fun debugging those.
Though I’m not sure I ever bothered to lookup someone’s MAC address.
It does indeed boost privacy as wireless networks in public places have been trying to track phones this way for a while now.
I did politely ask for an IP before doing that, but they said it was a security risk.
Their wifi solution tracked you by MAC -- I think it was Sonicwalls? -- so when you hit the 30-min limit you'd spoof the MAC, re-connect, then back to business as usual.
I'd usually comply when the place was bumping -- hard to work when it's loud and crazy -- but most of the time it was empty in the mornings and the 30-min-limit was pointless.
Nowadays people upload to Google Drive, plus other hosts have more relaxed limits, so I haven't had the need to do it as often. But it's still useful to know.
I’ve been using it for years without a hitch. Installable with `brew install vitorgalvao/tiny-scripts/macspoof`.
https://github.com/feross/spoof
https://github.com/chrislgarry/XFinityHotspotSpoofer/blob/ma...
Since it was an open network, it was simple scraping the network for other connected devices and spoofing one at random, and I was surprised when the same technique worked in say, hotels with open networks.
Our punishment was something like two weeks with all internet access revoked (except for the use of lab machines for classwork), plus a written apology, plus a signed agreement not to violate the acceptable use policies again or else face the real punishment for what we did.
The school administrator in charge of the punishment asked the security admin what we were downloading (this was when the MPAA/RIAA were cracking down hard on people uploading files on sharing networks), but the security admin had mercy on us and told her he didn't think it was relevant, thank god!
probably they did lookup the MAC address on the switches and saw it on a port that did not match expectations. if you were using a wired connection this would trivially lead to you... on wireless you would have to narrow it down further by monitoring signal strength of the station :)
There were people running internal torrent trackers and file indexing/sharing sites on the LAN that could saturate the network infrastructure between the various dorms and buildings on campus. I guess the whitelisting also helped figure out who was doing what when problems happened.
[0] https://gist.github.com/siraben/c3133b39e470d1aed16fd71f42b8...
[0] https://gist.github.com/siraben/c3133b39e470d1aed16fd71f42b8...
you should probably know that using the same mac address in parallel will cause connectivity issues for both...
Most of these systems are distributed and having multiple APs connected to some central Radius server.
Because modern systems optimize for roaming between nodes, you can join network, use dns-sd to gather mac addresses of the computers which are not physically connected to your AP (in conjuction with 'tcpdump -I')
Then voila, 2 devices using same MAC without any problems.
PS. I personally use "printer" addresses for 2 reasons: 1: generally everyone forgets to nicely setup firewall for them since they're infrastructure objects. 2: they have relatively less traffic and probably located some obsecure room with an AP for them.
Its not unknown for a manufacturer to mess up and reuse MAC addresses.
Could you try if it works on your Apple device?
[0]: https://github.com/brona/iproute2mac
(I'd really wanted to write a bash script, this seemed like a good option.)
For example: https://news.ycombinator.com/item?id=26062315
Or, another solution that looks promising: https://news.ycombinator.com/item?id=26062553
That solution looks clean and simple, though I've not tried it. It might work for you!
What I will do is spoof my mac address to match my laptop, and then pass the login wall to create a session. Then restore the original mac address, and then I can finally use my apple tv on the hotel wifi...
I wish they had a web browser on the apple tv.
https://technitium.com/tmac/
Many public networks in Turkey require registering with TCKN (national id number) due to some "laws".
I don't want some random guy to log my activity and tie it to me direcly.
In macOS tcpdump command has ability to "monitor mode" wifi card.
> -e: shows mac addresses > -I: monitor mode (capital i)Then I use someone who's idle but has legimitate connection.
Please note that those networks are not encrypted/secured at all. So anyone within range (or with large antenna) can essentially capture or inject something...