107 comments

[ 2.9 ms ] story [ 147 ms ] thread
I just found out that you can hold option key while clicking on the wireless icon in OSX to get more details. * mind blown *
Same here. Option Click does special stuff on a lot of things, I didn't know about this one.
This works on other system menu bar icons, as well as on menus in some apps. For example, holding option down with the File menu open in most Apple apps gets you the "save as" item.

Now you'll spend your next hour option-clicking random stuff. Sorry.

(comment deleted)
Option is the most irritating feature of mac UX, everywhere it keeps popping new hidden features, it is true even for top menu and simple navigations.

Most irritating for me is if all windows of an app are hidden (minimized), simple Cmd+Tab doesn't brings anything to focus, but some gymnastics with Option and voila now you can see your Slack.

Author here! Yeah, that menu option was super useful to find, too. I've not really used this shell script for a while (I spend a lot less time in coffee shops now because Covid) but I still use the option-click thing regularly.

I hope it continues to be useful to you!

Me: Skimming through the post, sees his command line. Is that Bob the Fish?!

Switched to Powerline on the command prompt a while ago and can't go back.

One-liner Randomize OpenWRT mac address

    uci set network.wan.mac_addr=$(hexdump -n3 -e'1/3 "8c:8d:8e" 3/1 ":%02X" "\n"' /dev/random) && uci commit network
TL;DR:

On a Mac to change your MAC address of the Wi-Fi card, type: ifconfig en0 ether ab:cd:ef:ab:cd:ef

Replace en0 by another interface if needed

This should be the top reply, not the useless discussion without any extra content.
Does it actually work? As of ~5 years ago Mac OS X would report that it had changed the MAC address without actually having done so.
I gave it a try and couldn't get it to change. It will show as the new address in the terminal window but when I hit option + wifi it shows me the prior address.
I am actually suprised this was possible even in Mavericks. Using it since then...

Yes UI shows original address and existing connection will use existing address (ie not changed) But if you re-connect (turn off then on WiFi) it will use new one.

Weirdly "disconnect" was always using whatever set in the ifconfig. Meaning that I could "deauthenticate" other people by spoofing their address.

“Mac” in title needs to be all caps. MAC = media access control. It’s not referring to a company’s product.
Hacker news automatically changes the capitalization of submission titles like that, unfortunately
If you edit it, the second time stays as you typed it.
I emailed the admins, and they fixed it.
Both my OS do that for me by default.
I’ve always wanted to try this on airplane wifi to (1) avoid the ridiculous charges and (2) see what happens when I share a MAC address with someone who already paid and is on the network ... I’m guessing nothing good.

Of course I need to first use wire shark or something to get a MAC address that’s already connected to the network. This is where I’m hazy.

Can confirm that it works for refreshing free trials.
Since most paid wifi networks let you log in without a network password and then gate internet access by redirecting HTTP/DNS requests to a captive portal, it should be possible to launch an ARP spoofing attack [0] to impersonate the default gateway, causing all clients to route their traffic to your device, whereupon you can examine it with WireShark or tcpdump to get at their MAC addresses. I've tried something similar while bored on a flight, but sadly the Surface Pro 7's Windows network drivers don't seem to let you change your MAC address.

[0] https://en.wikipedia.org/wiki/ARP_spoofing

If it's an open (unencrypted) network you don't even need to ARP spoof. Their MAC address will already be in cleartext in the packets - just start your interface in monitor mode on the proper channel and capture some traffic.
Spoof the last three bytes all you like, but set the first three to 00:0E:AB. It’s unlikely, but it might give someone a chuckle.

”We’ve got a problem; someone’s misusing the crap out of the free wifi”

”Lets narrow it down by hardware: what kind of device are they using?”

”How should I know!?

”Check the first three bytes of their MAC address; it’ll tell you the mfr”

”OK... checking now... yeah I see them... looking up their MAC... bingo... hey, what is ‘Cray Inc’?

Better versions of this joke are available here:

http://standards-oui.ieee.org/oui/oui.txt

I still don't get it. What makes this company particularly funny?
They make supercomputers, which are typically the size of a large room. It's quite unlikely you'll see one connecting to your free wifi.
Cray Inc? Pun of crying.
I'm pretty sure that's not the joke.
Cray computers were very famous in the 1970s and 1980s as highly specialist, highly parallel super computers with a fantastic marketing gimmick: not only were they the same size as 5 large refrigerators, they also came with their own built-in couch.

https://en.m.wikipedia.org/wiki/Cray-1

The idea of someone wheeling one of these into a cafe (because they are stealing the free wifi) causes me non zero amusement.

The NSA example from someone else is better.

Interestingly the only time I’ve ever had the pleasure of reclining on a Cray banquette was at the NSA’s cryptology museum at Ft Mead.

lots of fun ones. I'd do something like Boeing. There's an airplane on your wifi
I always use Sage (the accounting software folks) one of 00-80-2c as it's burned into my memory 30 years later after working on Sage Mainlan back in the days...
Looking at the list I'd go for SpaceX (00-26-12)
I chose Silicon Graphics (08:00:69) and it's fascinating to see that anyone else did, for any reason. For reference, my ISP hands out 2-8 IPv4 addresses, expiry indefinite (unless I power down), to clients connected to the cable modem. So my stack looks like

[Motorola Surfboard]->[4p 1GbE Switch]->[Linksys E3000 (08:00:69::)]

Depending on the mood of the ISP, I can have several other networks running from the 4-port switch. If I spoof those MACs repeatedly, I can get an arbitrary (within range) block of public IPs, and there's some seriously weird behavior in allocating those IPs (change my MAC 48 times in a row, end up on the same IP I had just lost from a power outage?)

That's even _necessary_, as there are a few flag bits in the MAC address - broadcast, user-administrated-address, etc.

Just using a random value might give you "interesting" effects and lot of fun debugging those.

or generate an address that is reserved for computers sold to the NSA (:

  #
  # 00-20-91 (hex)    J125, NATIONAL SECURITY AGENCY 
  # 002091 (base 16) J125, NATIONAL SECURITY AGENCY
  #
  $> NSA_MAC=$(echo "00:20:91:"`openssl rand -hex 3 \
    | sed 's/\(..\)/\1:/g; s/.$//'`)
  $> sudo ifconfig eth0 hw ether $NSA_MAC

But actually do people still bother with mac-spoofing in 2020? It's from a security/nw-admin pov next to useless (whitelist/filtering nor does it boost privacy of end-users). IMHO it gives people false sense of security and as a "practice" seems like a relic from the 90ies.
Plenty of captive portals use mac-addresses to identify if users have used the captive portal (or have paid the fee of entry if it’s a paid service).

Though I’m not sure I ever bothered to lookup someone’s MAC address.

Bluetooth and wifi mac spoofing is pretty common, both when scanning and connecting. Both iOS and android do it to certain degrees.

It does indeed boost privacy as wireless networks in public places have been trying to track phones this way for a while now.

I don't know how it is now, but I remember a lot of generic/no-name Androids using the Mediatek platform would have random MAC addresses (which change every time you re-enable WiFi) because the manufacturer didn't bother writing a fixed one, so the firmware automatically generates a random one to use.
My Pixel 4 uses a different mac every time it connects to a wifi network by default. You can disable it per-network.
This is not about privacy but access restriction (wifi in public hotspot limited to e.g. 30mins). And there it is still a very inexpensive solution i guess.
My university won't give me an IP, so I can't plug my laptop in. Solution was to fire up an old windows machine and grab the MAC off that.

I did politely ask for an IP before doing that, but they said it was a security risk.

Plenty useful back when Panera limited you to 30 minutes of wifi; no idea if they still do.

Their wifi solution tracked you by MAC -- I think it was Sonicwalls? -- so when you hit the 30-min limit you'd spoof the MAC, re-connect, then back to business as usual.

I'd usually comply when the place was bumping -- hard to work when it's loud and crazy -- but most of the time it was empty in the mornings and the 30-min-limit was pointless.

A very useful thing that I automated recently is changing my router’s MAC address and subsequently rebooting the modem. For my ISP (xfinity) this has the amazing benefit of getting me a new IP. For a home connection, your IP is the easiest way to track you. Yes VPNs exist and are better (depends on provider, latency, blahblah), but if you don’t mind your ISP seeing your traffic and instead just want to avoid an IP representing your identity, it’s a very easy way to accomplish this.
I learned this back in the day when running into daily transfer limits on free file sharing websites. Big hassle when trying to download multi-part zip archives on a weekend.

Nowadays people upload to Google Drive, plus other hosts have more relaxed limits, so I haven't had the need to do it as often. But it's still useful to know.

I always wondered what happend to the rapidshare/megaupload space that existed if that’s what you mean by “free file sharing websites”. Curious where people moved to/what are the major indexes now?
Another one liner you can use for macOS:

  sudo ifconfig en0 ether $(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//')
You can always get your original MAC address from About This Mac > System Report > Network > Locations > Hardware (MAC) Address
At least on macOS, the script can be made more efficient with less code; no need for interaction or manually reconnecting: https://github.com/vitorgalvao/tiny-scripts/blob/master/macs...

I’ve been using it for years without a hitch. Installable with `brew install vitorgalvao/tiny-scripts/macspoof`.

with Big Sur though?
Still works on Big Sur and M1 Macs.
When I used something like this on macOS, it confused software like OmniFocus that used the MAC address for licensing and synchronization. I'm not sure if that's still the case, but worth keeping an eye on.
My high school provided MacBook Pros to students that would only connect to the network if the MAC address was whitelisted. Since I wanted to use my own newer Mac, I spoofed the address of my school provided one.

Since it was an open network, it was simple scraping the network for other connected devices and spoofing one at random, and I was surprised when the same technique worked in say, hotels with open networks.

I'm not positive if any of them charge at this point, but years ago this would also work at airports.
My university required registration of MAC addresses for whitelisting & bandwidth metering. My enterprising roommate and I worked out that we could bypass all bandwidth limitations by spoofing the MAC addresses of machines in the computer labs as long as the machine was turned off. We eventually got caught for using something like 90% of the university's total bandwidth - the security admin was thrown for quite a loop when he tracked down the machines that were supposedly using all of the bandwidth and found that they were turned off at the time. Apparently it took some creative techniques to figure out where the traffic was actually coming from.

Our punishment was something like two weeks with all internet access revoked (except for the use of lab machines for classwork), plus a written apology, plus a signed agreement not to violate the acceptable use policies again or else face the real punishment for what we did.

The school administrator in charge of the punishment asked the security admin what we were downloading (this was when the MPAA/RIAA were cracking down hard on people uploading files on sharing networks), but the security admin had mercy on us and told her he didn't think it was relevant, thank god!

> Apparently it took some creative techniques to figure out where the traffic was actually coming from.

probably they did lookup the MAC address on the switches and saw it on a port that did not match expectations. if you were using a wired connection this would trivially lead to you... on wireless you would have to narrow it down further by monitoring signal strength of the station :)

See how Aaron Schwartz got caught, if someone really wants to get you, even wireless is easy to trackdown if you physicaly visit the location.
wow, whitelisting & bandwidth metering - I never saw a university SO strict.
This was ~15 years ago. The bandwidth metering was in place to throttle people doing big downloads via the internet. We had something like 1gb per week at 100mbps, then gradually got brought down to something like dialup. Internet2 was not metered.

There were people running internal torrent trackers and file indexing/sharing sites on the LAN that could saturate the network infrastructure between the various dorms and buildings on campus. I guess the whitelisting also helped figure out who was doing what when problems happened.

In my uni there was a limit of one mac address per network socket in dorms (also metering). Also no wifi.
My university dorms didn't allow XBox 360s or other gaming systems on the network, so I did the same thing by spoofing my laptop's address. I wasn't much of a "HACKERMAN" growing up, but this was one accomplishment that really drew me in and caused me to start studying OSI.
>Since it was an open network, it was simple scraping the network for other connected devices and spoofing one at random

you should probably know that using the same mac address in parallel will cause connectivity issues for both...

Correct. In a sibling comment I posted the actual script I used that scrapes and dedupes, and a "spoof only" mode to lessen the chance of a collision.
Yes but if they were connected to the same router.

Most of these systems are distributed and having multiple APs connected to some central Radius server.

Because modern systems optimize for roaming between nodes, you can join network, use dns-sd to gather mac addresses of the computers which are not physically connected to your AP (in conjuction with 'tcpdump -I')

Then voila, 2 devices using same MAC without any problems.

PS. I personally use "printer" addresses for 2 reasons: 1: generally everyone forgets to nicely setup firewall for them since they're infrastructure objects. 2: they have relatively less traffic and probably located some obsecure room with an AP for them.

i was less concerned about authentication issues and more about routing issues as ARP would lead to results depending on time and location inside the network topology...

    brew install spoof-mac
or

    pip install SpoofMAC
Don't just randomly pick numbers for a mac address. Make sure the bit 1 of the leftmost octet is set to 1, which indicates a "locally administered" mac address, and that bit 0 of that same octet is set to zero, which indicates a non-multicast address.

  ifconfig en0 | grep ether # one of these will return a MAC address that matches
  ifconfig en1 | grep ether # the value you saw when looking for your current
  ifconfig en2 | grep ether # mac address.
  ifconfig en3 | grep ether # Keep incrementing the `en0` value until you run out of 
                              # devices
I would have solved this by running “ifconfig -a | less” and then typing “/ether”. I’m curious if anyone has a different way of doing it!
Isn't it illegal to change mac address?
At most you'll annoy your internet service provider. MAC addresses don't leave the immediate network they're used on, so you can do whatever you want within your home network.
How would your ISP even know unless they are spying on data only available on your wifi network with an ISP provided router?
I spoof my router's MAC address to change my external IP address at will. But yeah, hopefully they can't see the MAC addresses on your local network.
Why? You may well need to do this in case of Address Clashes.

Its not unknown for a manufacturer to mess up and reuse MAC addresses.

I tried this but I didn't work. When I googled it, I found out that Apple has disabled this in BigSur. Here is the link to it: https://developer.apple.com/forums/thread/106768
It’s not an issue with Big Sur, rather it’s a hardware issue with Macs starting around 2018. I had the same problem on a 2020 MacBook Aid running Catalina.
Author here - Sorry about that! I'm still running an older (2017-era) MBP, but honestly I think many other solutions kicked around in the comments here are better than what I'd come up with.

(I'd really wanted to write a bash script, this seemed like a good option.)

For example: https://news.ycombinator.com/item?id=26062315

Or, another solution that looks promising: https://news.ycombinator.com/item?id=26062553

That solution looks clean and simple, though I've not tried it. It might work for you!

I have to always do this to pass those hotel wifi login portals.

What I will do is spoof my mac address to match my laptop, and then pass the login wall to create a session. Then restore the original mac address, and then I can finally use my apple tv on the hotel wifi...

I wish they had a web browser on the apple tv.

(comment deleted)
Instead of setting some random address in public networks, use someone else's address.

Many public networks in Turkey require registering with TCKN (national id number) due to some "laws".

I don't want some random guy to log my activity and tie it to me direcly.

In macOS tcpdump command has ability to "monitor mode" wifi card.

    sudo tcpdump -Ie
> -e: shows mac addresses > -I: monitor mode (capital i)

Then I use someone who's idle but has legimitate connection.

Please note that those networks are not encrypted/secured at all. So anyone within range (or with large antenna) can essentially capture or inject something...

(comment deleted)
This has been sitting in my ~/scripts/ folder for the past 3.5 years. Just changing randomly the last pair was enough to do the trick in most situations. Also it requires understanding the first time which one is your WiFi interrface.

  13 Jun  2017 changeMACAddress.sh*

  #!/bin/bash
  sudo ifconfig en0 ether xx:xx:xx:xx:xx:$(od -txC -An -N1 /dev/random|sed 's/ //g'); sudo ifconfig en0 down; sleep 1; sudo ifconfig en0 up