MAC Address Spoofing

MAC Address Spoofing

Ashish Gawai

Independent Cyber Security Researcher

ashish.gawai008@gmail.com

Introduction :-

The availability of information in today’s world is a astonishing, Any device which can connect to the internet is able to fetch data at a lightning speed. The availability of data is independent of the type of device used, Everything can be formatted and redesigned to best suit your device. Whether it may be an old Java mobile, Old Computer or the latest Smart phone .

While being astonished by this technology one question arises to us that, How can you get the data you want right to you? it comes down to addresses. So not surprisingly, along with an IP address there’s also a hardware address. Typically it is tied to a key connection device in your device called the network interface card, or NIC. The NIC is essentially a computer circuit card that makes it possible for your computer to connect to a network.

An NIC turns data into an electrical signal that can be transmitted over the network.

Every NIC has a hardware address that’s known as a MAC, for Media Access Control. Where IP addresses are associated with TCP/IP (networking software), MAC addresses are linked to the hardware of network adapters.

What is MAC Address :

A MAC address is given to a network adapter when it is manufactured. It is hard-wired or hard-coded onto your computer’s network interface card (NIC) and is unique to it. MAC address is sometimes referred to as a networking hardware address, the burned-in address (BIA), or the physical address. Here’s an example of a MAC address for an Ethernet NIC: 00:0a:95:9d:68:16.

MAC address is the first address which is considered the first layer on which the whole foundation of networking is based, using a MAC address an internal IP address is assigned to the device by the Router. So it is safe to say that if you can get the MAC address of someone you can Theoretically trace its owner.

MAC Address Spoofing :

Although physical MAC (Media Access Control) addresses are permanent by design, several mechanisms allow modification, or “spoofing”, of the MAC address that is reported by the operating system. This can be useful for privacy reasons, for instance when connecting to a Wi-Fi hotspot, or to ensure interoperability. Some internet service providers bind their service to a specific MAC address; if the user then changes their network card or intends to install a router, the service won’t work any more. Changing the MAC address of the new interface will solve the problem. Similarly, a hacker can change the MAC address of his NIC while he is executing an attack on a victim and is in need to become anonymous for the session.

MAC address spoofing can be done by using few tools which are developed for these specific purpose. While using these software the attacker can impersonate a MAC Address of his choosing or let the software assign a random MAC address for him.

Tools Used :

1. Technitium MAC Address Changer (Windows)

Web sight : https://technitium.com/tmac/

Download : https://technitium.com/download/tmac/TMACv6.0.7_Setup.zip

2.Macchanger (Linux and Mac OS)

Web sight : https://github.com/alobbs/macchanger

Download : https://codeload.github.com/alobbs/macchanger/zip/master

Technitium MAC Address Changer :

Technitium MAC Address Changer allows you to change (spoof) Media Access Control (MAC) Address of your Network Interface Card (NIC) instantly. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.

Features :

Works on Windows 10, 8 & 7 for both 32-bit and 64-bit. Enhanced network configuration pre-sets with IPv6 support allow you to quickly switch between network configurations. Allows complete configuration of any network adapter. Command line options with entire software functionality available. You can select a pre-set from specified pre-set file to apply directly. Update network card vendors list feature allows you to download latest vendor data (OUI) from IEEE.org.

How Does It Work?

This software just writes a value into the windows registry. When the Network Adapter Device is enabled, windows searches for the registry value ‘NetworkAddress’ in the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1- 08002bE10318}\[ID of NIC e.g. 0001]. If a value is present, windows will use it as MAC address, if not, windows will use the hard coded manufacturer provided MAC address. Some Network Adapter drivers have this facility built-in. It can be found in the Advance settings tab in the Network Adapter’s Device properties in Windows Device Manager.

Macchanger :

GNU MAC Changer is an utility that makes the manipulation of MAC addresses of network interfaces easier.

It is developed by Alvaro Lopez Ortega <alvaro@alobbs.com>

Proof of Concept in PDF

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s