Mac – Spoofing MAC address in a persistent fashion

mac address

So I like to set a new, randomly-generated MAC address after every restart using

ruby -e 'print ("%02x"%((rand 64)*4|2))+(0..4).inject(""){|s,x|s+":%02x"%(rand 256)} + "\n"'

and then copy/pasting the output after the command

sudo ifconfig en0 ether

so that I get a new IP address from my ISP each day. I would like to further automate this process so that on startup my computer automatically runs these two commands, but I don't know enough about CLI syntax to make it work. How can I combine these two commands so that ifconfig takes the generated output of the ruby command in a single step? And then, how can I get that to automatically run at startup?

Thank you.

Best Answer

Run EDITOR=nano sudo crontab -e and add a line like this:

@reboot ifconfig en0 ether $(printf \%02x $(($RANDOM\%128*2)))$(head -c4 /dev/random|hexdump -v -e '/1 ":\%02x"')

Commands scheduled by @reboot are run after you restart or turn the computer on but not after you log out and back in. % has to be escaped as \% in crontab.

From a comment at http://osxdaily.com/2010/11/10/random-mac-address-generator/:

You need to be careful that this does not generate multicast mac addresses, as these are technically illegal as source macs. The strict definition of a multicast mac address is one where the least significant bit of the first byte is set to 1. So if the first octet’s LSB is 1 (01, 03,05, a1, etc) you technically have a multicast mac source. See http://en.wikipedia.org/wiki/MAC_address.

Using multicast src macs might not cause immediate connectivity problems, but certainly has implications for switches learning the mac address preventing unicast flooding, and routers allowing arp to resolve.

Cisco, for example, will not allow mac learning if the source is non-unicast, and Cisco routers will not install arp entries for multicast macs to unicast ip addresses.

Related Solutions

IOS – Does iOS 8’s MAC address randomization give the actual MAC address once connected

It should, but I have found no source that explicitely states it. Apple writes in its iOS Security Guide for September 2014 that

When iOS 8 is not associated with a Wi-Fi network and a device’s processor is asleep, iOS 8 uses a randomized Media Access Control (MAC) address when conducting PNO scans. When iOS 8 is not associated with a Wi-Fi network or a device’s processor is asleep, iOS 8 uses a randomized MAC address when conducting ePNO scans. Because a device's MAC address now changes when it's not connected to a network, it can’t be used to persistently track a device by passive observers of Wi-Fi traffic.

This is of course a bit ambigiuous because it doesn't explicitely describe the behaviour when the iDevice is connecting.

It should be noted that contrary to the statement above, the MAC address randomization currently only works if there is no cellular connection and Location Services are deactivated.

MacOS – Change MAC address in OS X Yosemite

One possible problem is that randomly generated MACs will fail half the time. The first byte of a MAC address needs to be even (e.g. end in 0, 2, 4, 6, 8, A, C, E).

So, for example, 3b:92:22:cf:55:7e wouldn't work because '3b' is odd. See Wikipedia's MAC address article for the details (even = unicast, odd = multicast).

To avoid this problem, you can slightly edit your random-MAC sed command to force the second nibble to 0.

openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/./0/2; s/.$//'

Combining this with hrbrmstr's answer worked for me:

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport --disassociate
sudo ifconfig en0 ether $(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/./0/2; s/.$//')
networksetup -detectnewhardware

Best Answer

Related Solutions

IOS – Does iOS 8’s MAC address randomization give the actual MAC address once connected

MacOS – Change MAC address in OS X Yosemite

Related Question