Tuesday, May 29, 2012

How to Change or Spoof a MAC Address

As we all know How important MAC address Is.Mac address is used for tracing the Hacker/Attacker. Overriding (or spoofing) your NIC / network adapter MAC address can be immensely useful for a number of reasons when using your PC on a large network. In essence you’re creating a new identity for your box and any limitations associated with your previous MAC will no longer affect you!


What is a MAC Address?

The MAC address is a unique value associated with a network adapter. MAC addresses are also known as hardware addresses or physical addresses. They uniquely identify an adapter on a LAN.

MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:



The first half of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body (see sidebar). The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example,


The prefix


indicates the manufacturer is Intel Corporation.

Why MAC Spoofing

There are many reasons or possibilities that an user may want to change the MAC address or a network adapter, which also known as MAC spoofing. For example, to bypass the MAC address filtering on firewall or router. The trick can be used to get pass the network access restriction by emulating a new unrestricted MAC address, or to gain access connection by spoof an authorized MAC address after sniffing the legitimate MAC address out of the air in MAC filtering Wi-Fi network. 

Hackers also spoofing another host’s MAC address as their own in order to receive traffic packets not meant for them, although ARP poisoning technique is more commonly used. However, changing MAC address can still keep the real information from been detected and logged by various services such as IDS, firewall, DHCP server, wireless access points and etc, and is essential protect user’s privacy. MAC spoofing also potentially trigger a Denial of Service (DoS) attack by causing routing problem with duplicating MAC address exists in the network, especially those similar with gateway and AP router’s BSSID (Basic Service Set Identifier.)

Whatever the reason, it’s pretty easy to change the MAC address or perform MAC spoofing on most of today’s hardware, listed below. Actually, the original MAC address is burnt and imprinted to the network card, and cannot be changed. 

Change the MAC address in Windows

Go to Start -> Control Panel. Double click on Network Connections (inside Network and Internet Connections category in Windows XP). 

The, right click on the active network connection with network adapter that you want to change the MAC address (normally Local Area Network or Wireless Network Connection) and click on Properties.

Above steps work in Windows XP, Windows 2000 and Windows Server 2003. 

For Windows Vista, Windows 7 access to NIC’s properties is from Control Panel -> Network and Internet -> Network and Sharing Center -> Manage Network Connections.Alternatively, if you already know which network adapter that’s responsible for your network or Internet connection, go to Device Manager and open the properties dialog by double click on the NIC itself.

In the General tab, click on the Configure button.

Click on Advanced tab.

In the Property section, select and highlight Network Address or Locally Administered Address.

To the right, “Not Present” radio button is by default selected as value. Change the value by clicking on radio button for Value:, and then type in a new MAC address to assign to the NIC.


=> The MAC address consists of 6 pairs of numbers (0 – 9) and characters (A – F) combination. For example, 88-17-E8-90-E2-0A. When entering the new MAC value, omit the dash (-), for example 8817E890E20A.
=> Click OK when done.
=> To verify the change of MAC address, go to command prompt, then type in one of the following commands:ipconfig /all
net config rdr

=> Reboot the computer if successful to make the change effective.

Note: To restore or reset back to original default MAC address, simply set back the option to “Not Present”.

Change the MAC Address of NIC in Windows via Registry

Open a command prompt.

Type the following command and hit Enter.ipconfig /all

Record down the Description and the Physical Address(is MAC address) of the active network connection (discard those with Media Disconnected state).

For example, in figure above, Description is Intel(R) Wireless WiFi Link 4965AGN and MAC address is in the format of 00-XX-XX-XX-XX-XX.

In the command prompt also, type the following command and hit Enter.net config rdr

Record down the GUID for the MAC address for the active connection’s NIC which MAC address to be changed. The GUID is contained within the { and } brackets right in front of the MAC address as shown in figure below.


Type regedt32 or regedit in Start -> Run box or in Start Search for Windows Vista. Note: for Windows NT 4.0 and Windows 2000, regedt32 must be used.

Navigate to the following registry key: 


Expand the {4D36E972-E325-11CE-BFC1-08002BE10318} tree, and there will be more sub-keys in the form of 0000, 0001, 0002 and so on.

Go through each sub-key starting from 0000, look for subkey that has DriverDesc value data that matches NIC description copied from step above, that want its MAC address to be changed. In most cases, it will be similar to the network adapter card name.To verify that the subkey found is indeed a correct one, check the value of the NetCfgInstanceId, which should have the same value with the NIC’s GUID taken from step above.

Once a sub-key is matched to the network interface card that MAC address want to be spoofed, select and highlight the subkey. Right click on the sub-key (for example, 0000), then select New -> String Value. Name the new value name as NetworkAddress.

Note: If NetworkAddress REG_SZ registry key is already existed in the right pane, skip this step.

The double click on NetworkAddress and enter a new MAC address as its value data.


Note that the 12-digit MAC address in hexadecimal format, and should be entered without any dash (-). For example, 1A2B3C4D5E6F.

Reboot the system to make the new MAC address effective. Alternatively, if you don’t want to restart the system, try to disable and then re-enable the network adapter in Device Manager.

To verify the change of MAC address, go to command prompt, then type in one of the following commands:ipconfig /all
net config rdr

Change the MAC Address via Third Party Tools

Third party tools and utilities to change the MAC address in Windows operating system are plenty, for example: SMAC, Technitium MAC Address Changer

Technitium MAC Address Changer allows you to change (spoof) Media Access Control (MAC) Address of your Network Interface Card (NIC) irrespective to your NIC manufacturer or its driver. It has a very simple user interface and provides ample information regarding each NIC in the machine. Every NIC has a MAC address hard coded in its circuit by the manufacturer. This hard coded MAC address is used by windows drivers to access Ethernet Network (LAN). This tool can set a new MAC address to your NIC, bypassing the original hard coded MAC address. Technitium MAC Address Changer is a must tool in every security professionals tool box.


SMAC is a powerful and easy to use MAC Address Changer (Spoofer) for Windows systems, regardless of whether the network card manufacturers allow this option or not.


SMAC v2.7 Serial Keys


I will share with you in my next post How To MAC Address Spoofing in BackTrack 5

If you like this post then kindly Share with your friends and groups and hit like on InvisibleHackers Official or

Connect With us on Facebook.
Thank You For Visiting..... 

Written by

Hello, My name is Ankit Bhandari You can visit and Learn Ethical Hacking from my blog. But all these hacking tricks only for educational purpose. Me and My Blog will not responsible for any wrong use of this. Enjoy it but never miss use it.


Post a Comment


© 2014 Invisible Hackers. All rights Reserved. Designed by InvisibleHackers