• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Changing(spoofing) MAC address

Ha, since when is anything on the G1 illegal?

If you're running OS X on an Apple machine you can change your MAC address with one simple command from the Terminal. Linux is similarly easy.

I figure that since Android is Linux-based there must be a way to do it, the question is just whether it requires root access.
 
Upvote 0
Upvote 0
I am not sure how to acomplish this, but from prior knowledge the MAC address is semi-hard coded into the NIC (Network Interface Card, I know it's a chip these days but the acronym still stands). Part of the MAC address is the manafacturer ID which is normally hard coded, the remainder of the address is left to be incremented when the card is rolled out, so supposedly no two addresses are ever the same. As the ID can be flashed prior to rolling out the card, by nature it can be changed after the fact. To do this, you will have to have low level access to the hardware, which can only be done at the OS level.

The ifconfig method mentioned a few posts down will give you what you want, you could write a small script to do this or write a library which can be used by java.

Enjoy!
 
Upvote 0
1 Changing the MAC address on a device is similar to altering the serial number on something.

This may or may not be illegal, that really depends on the device, and more importantly how its being used. Basically as soon as you change the MAC address and try and use a fake one you're falsifying information. Which on a low level means you're probably breaking the user agreements or terms of service. (i.e. changing the MAC address on a cable modem means your device is trying to connect under a different user account as some cable companies (comcast) uses the MAC address as the only thing tied to your account).

2. Truly changing a MAC address is not an easy task. Sure in Linux and OS X you can tell the system to use a different address, the physically coded address' in the hardware is still the same, and if THEY are asked to authenticate they will provided their unique id number. (changing a MAC address at the system level is something network engineers will do to manage network/user security)

Can they be changed, yes, with either software or with a diagnostic tool.

Should they be changed, not really. They are meant to be unique, and if they're being used to identify you as an account holder you're breaking TOS.

Is it illegal, only in how you use it.
 
Upvote 0
You need a usb chord
a rooted phone
and terminal emulator
I posted this tutorial over at rohitab under Leisure Suit Larry
But it never seem to have posted and the more the merrier
After your rooted head into terminal emulation type su and go into /data/misc/wifi
Look for a file called nvram.txt
Copy it to your sdcard and then to your cpu desktop
open it with notepad and at the
bottom of nvram.txt is the mac address
This i was able to verify and test on android Citrus Ciena
Edit that mac address and save it as nvram1.txt onto sdcard
Now go back to data wifi misc and copy nvram.txt to nvram.bak
Head into gui and then settings then wifi then turn on the wifi but don't connect to any wifi
turn off the wifi,switch back to terminal
Copy the nvram1.txt to data misc wifi
remove the original (make sure you got it backed up)
Rename nvram1.txt to nvram.txt
head back into gui and then settings then wifi
Now for me it immediately stated unable to turn on wifi
Ignore it and try to turn it on anyways
When it turns on your newly edited mac address will take effect
Connect to your AP
NOW B4 REBOOTING YOU MUST CHANGE NVRAM BACK TO THE ORIGINAL!

did this and verified a fake mac address with tcpdump-arm
Busybox ip link show eth0
And a router with wpa2 table reflected the new fake mac
 
Upvote 0
Maybe someone here with some Android Bourne Shell scripting know how can help me
I have this script which will change MAC address on the fly but i cant seem to check if file exist when using if then else statements

here is a simple check if exist script call but it wont echo what i want
===========
#!/bin/bash
if [ -e "/data/misc/wifi/nvram.bak" ];
then echo "!@#";
fi;
echo "1111"
==========

AND HERE IS MY MAC CHANGE SCRIPT WHICH WORKS
i just want to see if the bak file exist or not so i dont overwrite the bak with the fake
ran it like so:
copy the .sh script to sdcard
copy it to /data/local
while in the sdcard directory run it with
sh /data/local/test.sh OR you can sh test.sh with the file in sdcard (either way)
which works fine except the check exist conundrum
===========
#!/bin/bash
echo "Enter Fake MacAddress:"
read macx;
echo "# Motorola Ciena B2B Test nvram by BRCM JP, 2010.07.15
# $Copyright (C) 2008 Broadcom Corporation$
# $id$

sromrev=3
vendid=0x14e4
devid=0x432f
boardtype=0x569

boardrev=0x32

boardflags=0x200

# Specify the xtalfreq if it is otherthan 38.4MHz
xtalfreq=38400

aa2g=1
aa5g=0

ag0=255

# 11g paparams
pa0b0=0x1695,0x1695,0x1542
pa0b1=0xFB50,0xFB50,0xFBF8
pa0b2=0xFF3E,0xFF3E,0xFF8C
pa0itssit=62
pa0maxpwr=69
ofdmpo=0x66666668
cckpo=0x2222

mcs2gpo0=0x8888
mcs2gpo1=0x8888

# 11g rssi params
rssismf2g=0xa,0xa,0xa
rssismc2g=0xb,0xb,0xb
rssisav2g=0x3,0x3,0x3
bxa2g=0

# country code
ccode=ALL
cctl=0x0
cckdigfilttype=1
ofdmdigfilttype=1

rxpo2g=0

boardnum=1

# xtal pu and pd time control variable
# pu time is driver default (0x1501)
#r13t=0x1501

#######
nocrc=1

#for mfgc
otpimagesize=182

# sdio extra configs
hwhdr=0x05ffff031030031003100000

#This generates empty F1, F2 and F3 tuple chains, and may be used if the host SDIO stack does not require the standard tuples.
#RAW1=80 02 fe ff

#This includes the standard FUNCID and FUNCE tuples in the F1, F2, F3 and common CIS.
RAW1=80 32 fe 21 02 0c 00 22 2a 01 01 00 00 c5 0 e6 00 00 00 00 00 40 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 20 04 D0 2 29 43 21 02 0c 00 22 04 00 20 00 5A

### !!! W A R N I N G !!! ###
### Please do not add anything after this line.
### "macaddr" should be the last item(line) in this file.

macaddr=$macx" > nvram.txt;
cp nvram.txt /data/local;
rm nvram.txt;
cp /data/misc/wifi/nvram.txt /data/misc/wifi/nvram.bak;
rm /data/misc/wifi/nvram.txt;
mv /data/local/nvram.txt /data/misc/wifi;
chmod 755 /data/misc/wifi/nvram.txt;
===========
 
Upvote 0
on top of all that... if you do something like add a blank line at the end of a script file when piping output to create a file...
NOTE: OMIT THE <EOF> its there to show the board thats where it would end
it will create the file (test.txt) in this case and add a ? at the end of it.. forcing yu to use busybox ls to see the file with a ? and then rm to remove it so long yu add the? ... dont ask me how that exploit works but it does
#!/bin/bash
echo "123123" > /data/local/test.txt
CRLF (BLANK NEWLINE)
<EOF>

Well i do apologize and it seems to be fixed and im not going to try to cover up the mistake. Ill leave the post here for all to see
I do have a copy in my email proving this did occurr now lemme say this
no sooner did this happen from my cell bash did the verizon arbitrary unit call me up saying i am being sued. Talking about how he has deep pockets. Lol
i got the phone for free for signing up for a plan
Then canceled the plan after 2 days
The contract was signed by me but the rep didn't sign creating a legal binding contract
But this sucks that i cant reproduce this any longer
if yu would like to see my email copy of the entire terminal printout let me know
pm me...
sorry to let y'all down
 
Upvote 0
Here is the terminal output
Im factory resetting and sdcard format reloading to stock with no updates to try and re-produce this problem

# ls -l
-rw-rw-rw- root root 1425 2011-02-18 15:28 testx.txt
drwxrwx--x shell shell 2011-02-17 19:05 tmp
# rm testx.txt
rm failed for testx.txt, No such file or directory
# ls testx.txt
testx.txt: No such file or directory
# ls -l
-rw-rw-rw- root root 1425 2011-02-18 15:28 testx.txt
drwxrwx--x shell shell 2011-02-17 19:05 tmp
# echo hhvhghhhhhfgchcjchhch> testx.txt
# ls
testx.txt
testx.txt
tmp
#rm testx.txt
# ls
testx.txt
tmp
# rm testx.txt
rm failed for testx.txt, No such file or directory
# ls
testx.txt
tmp
#
 
Upvote 0
Okay heres how it works
Create a windows notepad shell script
testx.sh
with
#!/bin/bash
echo "123123123">testx.txt

heres the hex output showing the windows CARRIAGE RETURN + NEWLINE (0d0a)
23 21 2f 62 69 6e 2f 62 61 73 68 0d 0a 65 63 68 6f 20 31 32 33 31 32 33 31 32 33 3e 2f 64 61 74 61 2f 6c 6f 63 61 6c 2f 74 65 73 74 78 2e 74 78 74 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00

now plug in the USB CHORD and setup USB developement debug mode in the settings
place that testx.sh into /sdcard
UNPLUG THE USB CHORD
su
cp /sdcard/testx.sh /data/local
PLUG THE USB CHORD BACK IN
goto /data/local
sh testx.sh
and you will have a file testx.txt with a hidden ?
 
Upvote 0
Here's the android terminal output

$ export PATH=/data/local/bin:$PATH
$cd sdcard
$ cp testx.sh /data/local
cp: /data/local/testx.sh: Permission denied
$ su
#cp testx.sh /data/local
# cd /data/local
# ls
testx.sh
tmp
# sh testx.sh
: not found
# ls
testx.txt
testx.sh
tmp
# ls -l
-rw-rw-rw- root root 10 2011-02-20 19:46 testx.txt
----rwxr-x root root 43 2011-02-20 19:46 testx.sh
drwxrwx--x shell shell 2011-02-20 18:50 tmp
# busybox ls
testx.sh tmp
testx.txt?
# rm testx.txt
rm failed for testx.txt, No such file or directory
# ls
testx.txt
testx.sh
tmp
# rm testx.txt
rm failed for testx.txt, No such file or directory
#
 
Upvote 0
$ export PATH=/data/local/bin:$PATH
$cd sdcard
$ cp testx.sh /data/local
cp: /data/local/testx.sh: Permission denied
$ su
#cp testx.sh /data/local
# cd /data/local
# ls
testx.sh
tmp
# sh testx.sh
: not found
# ls
testx.txt
testx.sh
tmp
# ls -l
-rw-rw-rw- root root 10 2011-02-20 19:46 testx.txt
----rwxr-x root root 43 2011-02-20 19:46 testx.sh
drwxrwx--x shell shell 2011-02-20 18:50 tmp
# busybox ls
testx.sh tmp
testx.txt?
# rm testx.txt
rm failed for testx.txt, No such file or directory
# ls
testx.txt
testx.sh
tmp
# rm testx.txt
rm failed for testx.txt, No such file or directory
#
 
Upvote 0
#!/bin/ash
#a pinginn was here
#save as mac-spoof.sh [chmod 777 mac-spoof.sh su > sh mac-spoof.sh ](From term)
echo "Backing Up Mac Address To SDcard!"
ifconfig wlan0| grep HWaddr >> /mnt/sdcard/mac.log
echo "!Org Mac Address!" >> /mnt/sdcard/mac.log
echo "Seting Random Address"
ip link set wlan0 address 00:12:f0:dd:cc:dc
#end

this will change your mac addy to "00:12:f0:dd:cc:dc" change as needed
i test it in the standerd sdk works with 2.1 it also backs up your org address
to the sdcard for safe keeping..
im runing a x10 with 2.3.5 on it an it is not allowing me to set the mac with the ip etc cmd so im going to keep working on a script for the xperia users. but for the rest that shoud work....
also android uses busybox to send all commands to the kernel and busybox uses ash and not bash
just a heads up anyway hope this helps sum ppl


EDIT::1

#!/bin/ash
#writing for Xperia X10 MiUi 1.9.9
#X10 Android 2.2/2.3 set /data/misc/wifi/mac_address to
#/data/misc/wi-fi/MAC*address
#a pinginn was here
#save as mac-spoof.sh [chmod 777 mac-spoof.sh su > sh mac-spoof.sh ](From term)
echo "Backing Up Mac Address To SDcard!"
ifconfig wlan0| grep HWaddr >> /mnt/sdcard/mac.log
echo "Org Mac Address" >> /mnt/sdcard/mac.log
echo "Seting Random Address"
rm /data/misc/wifi/mac_address
echo "00:12:f0:dd:cc:dc" >> /data/misc/wifi/mac_address
echo "Your Mac Address Is Spoffed To 00:12:f0:dd:cc:dc"
#END

EDIT::2
that is currintly work on my android 2.3.5 (MiUi 1.9.9) =D spoffing

EDIT::3
also im going to try and get a database of wireless mac addys so that it will pull an replace
the address with diff address everytime the script is execed so it can be added to corn =D

EDIT::4
after 24hur test changing networks worked fine however enabling GPS restored the org mac address. so im gessing the mac is assinged to the GPS and that must be the same to access the satellites.
anyway enjoy spoofing
 
Upvote 0
#!/bin/ash
#a pinginn was here
#save as mac-spoof.sh [chmod 777 mac-spoof.sh su > sh mac-spoof.sh ](From term)
echo "Backing Up Mac Address To SDcard!"
ifconfig wlan0| grep HWaddr >> /mnt/sdcard/mac.log
echo "!Org Mac Address!" >> /mnt/sdcard/mac.log
echo "Seting Random Address"
ip link set wlan0 address 00:12:f0:dd:cc:dc
#end

this will change your mac addy to "00:12:f0:dd:cc:dc" change as needed
i test it in the standerd sdk works with 2.1 it also backs up your org address
to the sdcard for safe keeping..
im runing a x10 with 2.3.5 on it an it is not allowing me to set the mac with the ip etc cmd so im going to keep working on a script for the xperia users. but for the rest that shoud work....
also android uses busybox to send all commands to the kernel and busybox uses ash and not bash
just a heads up anyway hope this helps sum ppl


EDIT::1

#!/bin/ash
#writing for Xperia X10 MiUi 1.9.9
#X10 Android 2.2/2.3 set /data/misc/wifi/mac_address to
#/data/misc/wi-fi/MAC*address
#a pinginn was here
#save as mac-spoof.sh [chmod 777 mac-spoof.sh su > sh mac-spoof.sh ](From term)
echo "Backing Up Mac Address To SDcard!"
ifconfig wlan0| grep HWaddr >> /mnt/sdcard/mac.log
echo "Org Mac Address" >> /mnt/sdcard/mac.log
echo "Seting Random Address"
rm /data/misc/wifi/mac_address
echo "00:12:f0:dd:cc:dc" >> /data/misc/wifi/mac_address
echo "Your Mac Address Is Spoffed To 00:12:f0:dd:cc:dc"
#END

EDIT::2
that is currintly work on my android 2.3.5 (MiUi 1.9.9) =D spoffing

EDIT::3
also im going to try and get a database of wireless mac addys so that it will pull an replace
the address with diff address everytime the script is execed so it can be added to corn =D

EDIT::4
after 24hur test changing networks worked fine however enabling GPS restored the org mac address. so im gessing the mac is assinged to the GPS and that must be the same to access the satellites.
anyway enjoy spoofing

I made that sh file and put it on my /sdcard/ folder. Then I used Better Terminal and sh the file and this is what I got:

Code:
Backing up Mac Address to SDCard!
wlan0: No such device
Setting Random Address
rm failed for /data/misc/wifi/mac_address, No such file or directory
Your Mac Address Is Spoffed To 00:12:f0:dd:cc:dc
 
Upvote 0
It might be that your device uses eth0 as an ID instead of wlan0. That was the case for my phone. Run
Code:
busybox ifconfig
to check.

And if that's whats up, just change all instances of "wlan0" to "eth0". You can probably omit "rm /data/misc/wifi/mac_address" as well, since your phone is missing it.

Btw pinginn, have any luck implementing a db?

I changed it to eth0 already and also removed the rm /data/misc/wifi/mac_address but its not changing the ip. I use the command busybox ifconfig to see my MAC Address but the script didn't change it.
 
Upvote 0
Here's my edited version
Code:
#!/system/bin
 echo "Backing Up Mac Address To SDcard!"
 busybox ifconfig eth0 | grep HWaddr >> /mnt/sdcard/mac.log
 echo "!Org Mac Address!" >> /mnt/sdcard/mac.log
 echo "Seting Random Address"
 busybox ifconfig eth0 hw ether 00:12:f0:dd:cc:dc
 #end
See if changing the last line to the following fixes it.
Code:
ip link set eth0 address 00:12:f0:dd:cc:dc
For me either way works.
 
Upvote 0
You need a usb chord
a rooted phone
and terminal emulator
I posted this tutorial over at rohitab under Leisure Suit Larry
But it never seem to have posted and the more the merrier
After your rooted head into terminal emulation type su and go into /data/misc/wifi
Look for a file called nvram.txt
Copy it to your sdcard and then to your cpu desktop
open it with notepad and at the
bottom of nvram.txt is the mac address
This i was able to verify and test on android Citrus Ciena
Edit that mac address and save it as nvram1.txt onto sdcard
Now go back to data wifi misc and copy nvram.txt to nvram.bak
Head into gui and then settings then wifi then turn on the wifi but don't connect to any wifi
turn off the wifi,switch back to terminal
Copy the nvram1.txt to data misc wifi
remove the original (make sure you got it backed up)
Rename nvram1.txt to nvram.txt
head back into gui and then settings then wifi
Now for me it immediately stated unable to turn on wifi
Ignore it and try to turn it on anyways
When it turns on your newly edited mac address will take effect
Connect to your AP
NOW B4 REBOOTING YOU MUST CHANGE NVRAM BACK TO THE ORIGINAL!

did this and verified a fake mac address with tcpdump-arm
Busybox ip link show eth0
And a router with wpa2 table reflected the new fake mac

When I typed /data/misc/wifi on the terminal emulator there is a error message showing that permission denied. How to get permission for this?? Please reply to me..
 
Upvote 0
Saw this thread and tweaked around a bit on my LG L9 and was able to write a 3 line script that works... easily. Run the script and it'll toggle OFF you wifi, change your mac then toggle back on. Toggle wifi off then on to revert to original one. Easy, work and you DON'T have to worry about changing file or permissions. Just execute VIA rom toolbox or script manager. NEED ROOT AND BUSYBOX INSTALLED. Should be a given


anyways, here it is (assuming your device uses wlan0. If not try eth0)


#!/system/bin
busybox ifconfig wlan0 down
busybox ifconfig wlan0 hw ether [MAC]
busybox ifconfig wlan0 up
#end


I also noticed on my network I get duplicate IP's with the spoofed mac... not sure why but will look into it.


*EDIT*
"busybox ifconfig wlan0 up" not needed as it automatically enabled WiFi after MAC change.
 
  • Like
Reactions: Knives
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones