Cyber Defense

Change Random MAC Address In Windows With PowerShell Script

-

Changing the hardware MAC address on network interface cards is useful for maintaining privacy and security testing. On Windows 7 and later, the MAC address for 802.11 wireless interfaces must sometimes be specially crafted in order for the operating system to accept it.

Here is a simple little PowerShell script for changing MAC addresses from the command line; inside the zip file, look in the \Day5-IPSec\Wireless folder for the script named "New-MACaddress.ps1" (all the scripts in the zip file are free and in the public domain).

The New-MACaddress.ps1 script will:

  • Set the appropriate Windows registry value to override the default MAC address for a NIC.
  • If you have multiple NICs, the script will ask you which to modify, or you can pass in the NIC number as an argument.
  • The MAC will be random, except that it will have a valid manufacturer identifier from a common vendor like Intel, Apple or Netgear.
  • By default, the script changes the MAC, releases the DHCP lease for that one NIC, disables the NIC, enables the NIC, and then renews its DHCP lease again; if you don't want this behavior, use the -DoNotResetInterface switch, but note that the new MAC address will not become effective until after the NIC is reset.
  • Note that many interfaces, such as for your particular 802.11 wireless card, will not accept a custom MAC address unless a special bit in the MAC indicates that it has been customized. If this is the case for your particular NIC, use the -Wireless switch to set that special bit.

Prerequisites

The New-MACaddress.ps1 script requires PowerShell 2.0 or later.

You must be a member of the local Administrators group.

Examples

To select a random MAC address with a valid vendor ID number, and either assign the MAC to the sole physical interface, or, if there are multiple interfaces, prompt the user to select the desired interface:

new-macaddress.ps1

To delete the registry value for the custom MAC address so that the built-in MAC of the NIC will be used instead (revert to factory default):

new-macaddress.ps1 -resetdefault

To modify the registry, but not disable and enable the NIC, and not release or renew any DHCP leases:

new-macaddress.ps1 -donotresetinterface

Note: If you examine the source code, you'll find a few other options for the random-mac() function to play with.

Background

The Media Access Control (MAC) address is a 48-bit number built into a Network Interface Card (NIC) by the manufacturer, though the MAC address can usually be changed or "spoofed" on Windows by modifying a registry value named "NetworkAddress" in a key associated with that particular NIC.

With IPv4, a host can discover the MAC of another network-attached device using the Address Resolution Protocol (ARP) or, with IPv6, with ICMP Neighbor Discovery Protocol (NDP).

To see your current MAC address(es), open CMD or PowerShell, run "ipconfig.exe /all" and look for the "Physical Address" line(s). Your MAC address(es) will look similar to "00-0D-28-3F-2B-54" because they are formatted in hexadecimal.

Some 802.11 wireless NIC drivers will not accept a customized MAC address unless the "locally administered" bit is set in the first octet of the MAC address (this is what the -wireless switch does in the script).

While IP addresses change frequently, MAC addresses generally do not, hence, unchanging MAC addresses are a privacy risk because they can be used for device tracking over long periods of time. Changing one's MAC address is also useful for a variety of security purposes (some good, some bad) such as in penetration testing.

Similar Tools

There are many utilities for changing MAC addresses on Windows, but some are graphical-only and some are not open source or in the public domain. Here are some of the more popular ones:

[Last Updated: 24.Dec.2016]

 

6 Comments

Posted August 11, 2012 at 5:49 AM | Permalink | Reply

sam

Is this program limited by microsofts ban on changing mac address's to numbers other than 02:XX:XX:XX:XX:XX ?

Posted August 13, 2012 at 1:59 PM | Permalink | Reply

Jason Fossen

Hi Sam:
Check out the -wireless switch for the script, which does set the bit for a locally-administered MAC address because many wireless NIC drivers will not function without it. However, this bit is not set when not using the -wireless switch, hence, if any NIC, wireless or otherwise, functions without that special bit, don't use the -wireless switch. And if you want to edit the script, it is pretty well commented and in the public domain, so please feel free to have fun with it!
Cheers,
Jason

Posted December 24, 2016 at 3:27 AM | Permalink | Reply

Ivan Torres

Seems useful but there is no New-MACaddress.ps1 under scripts.zip\\Day6-PowerShell or any of its folders.
Is there another source or alternative?
Thanks.

Posted December 24, 2016 at 11:40 AM | Permalink | Reply

Jason Fossen

Hi Ivan, it's been moved to the Day5-IPSec\\Wireless folder, the article has been updated. Thanks!

Posted September 11, 2017 at 6:24 PM | Permalink | Reply

Josh

Hey Jason, I'm having a problem running the script. When I apply it to my wireless interface it advises that it changes the MAC address but it's the same.
Any thoughts on how to troubleshoot this?

Posted September 18, 2017 at 4:50 PM | Permalink | Reply

Jason Fossen

Hi Josh: Try the -Wireless switch, because some wireless drivers will only accept a custom MAC with a particular format, and some interfaces/drivers do not accept custom MAC addresses at all. Best Regards, Jason

Post a Comment






Captcha


* Indicates a required field.