MAC address changes on the Mac
Updated: Aug 13, 2019
Firstly, that should read “MAC address changes on the Mac”. While this blog makes headings look super neat and keen, it does tend to CAPITALIZE EVERY THING which can be annoying.
Anyway, back to business. I have a client who does some sensitive work of a sensitive nature with a large California-based company in the services sector. They are, as one would suppose, sensitive about security to the point that their internal access tool for vendors requires installing an unpleasantly intrusive client-side app that not only checks credentials/authentication, but also scans the MAC address of each connecting machine and matches that against a database prior to allowing/refusing access. I’m not sure whether that genius or hamfisted evil.
Either way, it’s pretty impressive – but can create a problem if oh, I don’t know, maybe you dropped your MacBook Air down a stairwell and it turned out to be sensitive to massive inertial damage. Which is exactly what happened. Thus, said client was now unable to remotely access the data she needed to get as her new Mac’s MAC address was – as is the nature of these things – different to the old one. Her customer’s Helpdesk weren’t technically very helpful. They gave her A Ticket and said that they’d get back to her in a few days. Right.
ifconfig to the rescue. I love ifconfig. It’s the general-purpose utility for controlling and monitoring the state of every I/O port on the Mac, and next to nettop is probably the most useful go-to tool for this kind of problem. It seemed natural that this would be the best place to look, and as ever it didn’t disappoint.
It turned out that spoofing a MAC address was terribly, terribly easy. Note: you can spoof a MAC address but you can’t actually change it in hardware. To spoof it, all you have to do is use ifconfig to identify the interface that you want to spoof on (usually just en0) and then:
sudo ifconfig en0 ether a1:a2:a3:a4:a5:a6
Et, as they say, voila. As far as the server/client tool was concerned the new MacBook Air shared the same MAC address as the old MacBook Air, and she was back in business. Now there was just the matter of pulling all the other data off of the old destroyed MacBook…