1. Tablet future looks bright! Read more about: Alcatel Xess | Samsung Galaxy View
    New Forums: Alcatel Xess | Samsung Galaxy View
    Dismiss Notice

Changing(spoofing) MAC addressGeneral


Last Updated:

  1. matthiasgalica

    matthiasgalica New Member

    I'd like to spoof the MAC address on my G1, is there a way to do it without having root access?

    I'm running RC33, and I'm thinking there might be a way to do it using adb, has anybody tried this yet?

    Thanks,
    -Matthias

    Advertisement
  2. Goooooooooogle

    Goooooooooogle Well-Known Member

    Is this not illegal?
  3. matthiasgalica

    matthiasgalica New Member

    Ha, since when is anything on the G1 illegal?

    If you're running OS X on an Apple machine you can change your MAC address with one simple command from the Terminal. Linux is similarly easy.

    I figure that since Android is Linux-based there must be a way to do it, the question is just whether it requires root access.
  4. Goooooooooogle

    Goooooooooogle Well-Known Member

    Well it would depend how deep in the system the MAC address is.

    Do you need to sudo to make it work on OS X/Linux?
  5. matthiasgalica

    matthiasgalica New Member

  6. Goooooooooogle

    Goooooooooogle Well-Known Member

    If it needs sudo then it needs root I'm afraid.
  7. Ageless Stranger

    Ageless Stranger Well-Known Member

    I am not sure how to acomplish this, but from prior knowledge the MAC address is semi-hard coded into the NIC (Network Interface Card, I know it's a chip these days but the acronym still stands). Part of the MAC address is the manafacturer ID which is normally hard coded, the remainder of the address is left to be incremented when the card is rolled out, so supposedly no two addresses are ever the same. As the ID can be flashed prior to rolling out the card, by nature it can be changed after the fact. To do this, you will have to have low level access to the hardware, which can only be done at the OS level.

    The ifconfig method mentioned a few posts down will give you what you want, you could write a small script to do this or write a library which can be used by java.

    Enjoy!
  8. drustvold

    drustvold Well-Known Member

    1 Changing the MAC address on a device is similar to altering the serial number on something.

    This may or may not be illegal, that really depends on the device, and more importantly how its being used. Basically as soon as you change the MAC address and try and use a fake one you're falsifying information. Which on a low level means you're probably breaking the user agreements or terms of service. (i.e. changing the MAC address on a cable modem means your device is trying to connect under a different user account as some cable companies (comcast) uses the MAC address as the only thing tied to your account).

    2. Truly changing a MAC address is not an easy task. Sure in Linux and OS X you can tell the system to use a different address, the physically coded address' in the hardware is still the same, and if THEY are asked to authenticate they will provided their unique id number. (changing a MAC address at the system level is something network engineers will do to manage network/user security)

    Can they be changed, yes, with either software or with a diagnostic tool.

    Should they be changed, not really. They are meant to be unique, and if they're being used to identify you as an account holder you're breaking TOS.

    Is it illegal, only in how you use it.
  9. JMC31337

    JMC31337 Member

    You need a usb chord
    a rooted phone
    and terminal emulator
    I posted this tutorial over at rohitab under Leisure Suit Larry
    But it never seem to have posted and the more the merrier
    After your rooted head into terminal emulation type su and go into /data/misc/wifi
    Look for a file called nvram.txt
    Copy it to your sdcard and then to your cpu desktop
    open it with notepad and at the
    bottom of nvram.txt is the mac address
    This i was able to verify and test on android Citrus Ciena
    Edit that mac address and save it as nvram1.txt onto sdcard
    Now go back to data wifi misc and copy nvram.txt to nvram.bak
    Head into gui and then settings then wifi then turn on the wifi but don't connect to any wifi
    turn off the wifi,switch back to terminal
    Copy the nvram1.txt to data misc wifi
    remove the original (make sure you got it backed up)
    Rename nvram1.txt to nvram.txt
    head back into gui and then settings then wifi
    Now for me it immediately stated unable to turn on wifi
    Ignore it and try to turn it on anyways
    When it turns on your newly edited mac address will take effect
    Connect to your AP
    NOW B4 REBOOTING YOU MUST CHANGE NVRAM BACK TO THE ORIGINAL!

    did this and verified a fake mac address with tcpdump-arm
    Busybox ip link show eth0
    And a router with wpa2 table reflected the new fake mac
  10. JMC31337

    JMC31337 Member

    or use the notepad app from the market. copy the nvram to sdcard so forth so on... but when you reboot you gotta chmod the file with 755...
  11. JMC31337

    JMC31337 Member

    Maybe someone here with some Android Bourne Shell scripting know how can help me
    I have this script which will change MAC address on the fly but i cant seem to check if file exist when using if then else statements

    here is a simple check if exist script call but it wont echo what i want
    ===========
    #!/bin/bash
    if [ -e "/data/misc/wifi/nvram.bak" ];
    then echo "!@#";
    fi;
    echo "1111"
    ==========

    AND HERE IS MY MAC CHANGE SCRIPT WHICH WORKS
    i just want to see if the bak file exist or not so i dont overwrite the bak with the fake
    ran it like so:
    copy the .sh script to sdcard
    copy it to /data/local
    while in the sdcard directory run it with
    sh /data/local/test.sh OR you can sh test.sh with the file in sdcard (either way)
    which works fine except the check exist conundrum
    ===========
    #!/bin/bash
    echo "Enter Fake MacAddress:"
    read macx;
    echo "# Motorola Ciena B2B Test nvram by BRCM JP, 2010.07.15
    # $Copyright (C) 2008 Broadcom Corporation$
    # $id$

    sromrev=3
    vendid=0x14e4
    devid=0x432f
    boardtype=0x569

    boardrev=0x32

    boardflags=0x200

    # Specify the xtalfreq if it is otherthan 38.4MHz
    xtalfreq=38400

    aa2g=1
    aa5g=0

    ag0=255

    # 11g paparams
    pa0b0=0x1695,0x1695,0x1542
    pa0b1=0xFB50,0xFB50,0xFBF8
    pa0b2=0xFF3E,0xFF3E,0xFF8C
    pa0itssit=62
    pa0maxpwr=69
    ofdmpo=0x66666668
    cckpo=0x2222

    mcs2gpo0=0x8888
    mcs2gpo1=0x8888

    # 11g rssi params
    rssismf2g=0xa,0xa,0xa
    rssismc2g=0xb,0xb,0xb
    rssisav2g=0x3,0x3,0x3
    bxa2g=0

    # country code
    ccode=ALL
    cctl=0x0
    cckdigfilttype=1
    ofdmdigfilttype=1

    rxpo2g=0

    boardnum=1

    # xtal pu and pd time control variable
    # pu time is driver default (0x1501)
    #r13t=0x1501

    #######
    nocrc=1

    #for mfgc
    otpimagesize=182

    # sdio extra configs
    hwhdr=0x05ffff031030031003100000

    #This generates empty F1, F2 and F3 tuple chains, and may be used if the host SDIO stack does not require the standard tuples.
    #RAW1=80 02 fe ff

    #This includes the standard FUNCID and FUNCE tuples in the F1, F2, F3 and common CIS.
    RAW1=80 32 fe 21 02 0c 00 22 2a 01 01 00 00 c5 0 e6 00 00 00 00 00 40 00 00 ff ff 80 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 20 04 D0 2 29 43 21 02 0c 00 22 04 00 20 00 5A

    ### !!! W A R N I N G !!! ###
    ### Please do not add anything after this line.
    ### "macaddr" should be the last item(line) in this file.

    macaddr=$macx" > nvram.txt;
    cp nvram.txt /data/local;
    rm nvram.txt;
    cp /data/misc/wifi/nvram.txt /data/misc/wifi/nvram.bak;
    rm /data/misc/wifi/nvram.txt;
    mv /data/local/nvram.txt /data/misc/wifi;
    chmod 755 /data/misc/wifi/nvram.txt;
    ===========
  12. JMC31337

    JMC31337 Member

    on top of all that... if you do something like add a blank line at the end of a script file when piping output to create a file...
    NOTE: OMIT THE <EOF> its there to show the board thats where it would end
    it will create the file (test.txt) in this case and add a ? at the end of it.. forcing yu to use busybox ls to see the file with a ? and then rm to remove it so long yu add the? ... dont ask me how that exploit works but it does
    #!/bin/bash
    echo "123123" > /data/local/test.txt
    CRLF (BLANK NEWLINE)
    <EOF>

    Well i do apologize and it seems to be fixed and im not going to try to cover up the mistake. Ill leave the post here for all to see
    I do have a copy in my email proving this did occurr now lemme say this
    no sooner did this happen from my cell bash did the verizon arbitrary unit call me up saying i am being sued. Talking about how he has deep pockets. Lol
    i got the phone for free for signing up for a plan
    Then canceled the plan after 2 days
    The contract was signed by me but the rep didn't sign creating a legal binding contract
    But this sucks that i cant reproduce this any longer
    if yu would like to see my email copy of the entire terminal printout let me know
    pm me...
    sorry to let y'all down
  13. JMC31337

    JMC31337 Member

    Here is the terminal output
    Im factory resetting and sdcard format reloading to stock with no updates to try and re-produce this problem

    # ls -l
    -rw-rw-rw- root root 1425 2011-02-18 15:28 testx.txt
    drwxrwx--x shell shell 2011-02-17 19:05 tmp
    # rm testx.txt
    rm failed for testx.txt, No such file or directory
    # ls testx.txt
    testx.txt: No such file or directory
    # ls -l
    -rw-rw-rw- root root 1425 2011-02-18 15:28 testx.txt
    drwxrwx--x shell shell 2011-02-17 19:05 tmp
    # echo hhvhghhhhhfgchcjchhch> testx.txt
    # ls
    testx.txt
    testx.txt
    tmp
    #rm testx.txt
    # ls
    testx.txt
    tmp
    # rm testx.txt
    rm failed for testx.txt, No such file or directory
    # ls
    testx.txt
    tmp
    #
  14. JMC31337

    JMC31337 Member

    Okay heres how it works
    Create a windows notepad shell script
    testx.sh
    with
    #!/bin/bash
    echo "123123123">testx.txt

    heres the hex output showing the windows CARRIAGE RETURN + NEWLINE (0d0a)
    23 21 2f 62 69 6e 2f 62 61 73 68 0d 0a 65 63 68 6f 20 31 32 33 31 32 33 31 32 33 3e 2f 64 61 74 61 2f 6c 6f 63 61 6c 2f 74 65 73 74 78 2e 74 78 74 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00

    now plug in the USB CHORD and setup USB developement debug mode in the settings
    place that testx.sh into /sdcard
    UNPLUG THE USB CHORD
    su
    cp /sdcard/testx.sh /data/local
    PLUG THE USB CHORD BACK IN
    goto /data/local
    sh testx.sh
    and you will have a file testx.txt with a hidden ?
  15. JMC31337

    JMC31337 Member

    Here's the android terminal output

    $ export PATH=/data/local/bin:$PATH
    $cd sdcard
    $ cp testx.sh /data/local
    cp: /data/local/testx.sh: Permission denied
    $ su
    #cp testx.sh /data/local
    # cd /data/local
    # ls
    testx.sh
    tmp
    # sh testx.sh
    : not found
    # ls
    testx.txt
    testx.sh
    tmp
    # ls -l
    -rw-rw-rw- root root 10 2011-02-20 19:46 testx.txt
    ----rwxr-x root root 43 2011-02-20 19:46 testx.sh
    drwxrwx--x shell shell 2011-02-20 18:50 tmp
    # busybox ls
    testx.sh tmp
    testx.txt?
    # rm testx.txt
    rm failed for testx.txt, No such file or directory
    # ls
    testx.txt
    testx.sh
    tmp
    # rm testx.txt
    rm failed for testx.txt, No such file or directory
    #
  16. JMC31337

    JMC31337 Member

    $ export PATH=/data/local/bin:$PATH
    $cd sdcard
    $ cp testx.sh /data/local
    cp: /data/local/testx.sh: Permission denied
    $ su
    #cp testx.sh /data/local
    # cd /data/local
    # ls
    testx.sh
    tmp
    # sh testx.sh
    : not found
    # ls
    testx.txt
    testx.sh
    tmp
    # ls -l
    -rw-rw-rw- root root 10 2011-02-20 19:46 testx.txt
    ----rwxr-x root root 43 2011-02-20 19:46 testx.sh
    drwxrwx--x shell shell 2011-02-20 18:50 tmp
    # busybox ls
    testx.sh tmp
    testx.txt?
    # rm testx.txt
    rm failed for testx.txt, No such file or directory
    # ls
    testx.txt
    testx.sh
    tmp
    # rm testx.txt
    rm failed for testx.txt, No such file or directory
    #
  17. pinginn

    pinginn New Member

    #!/bin/ash
    #a pinginn was here
    #save as mac-spoof.sh [chmod 777 mac-spoof.sh su > sh mac-spoof.sh ](From term)
    echo "Backing Up Mac Address To SDcard!"
    ifconfig wlan0| grep HWaddr >> /mnt/sdcard/mac.log
    echo "!Org Mac Address!" >> /mnt/sdcard/mac.log
    echo "Seting Random Address"
    ip link set wlan0 address 00:12:f0:dd:cc:dc
    #end

    this will change your mac addy to "00:12:f0:dd:cc:dc" change as needed
    i test it in the standerd sdk works with 2.1 it also backs up your org address
    to the sdcard for safe keeping..
    im runing a x10 with 2.3.5 on it an it is not allowing me to set the mac with the ip etc cmd so im going to keep working on a script for the xperia users. but for the rest that shoud work....
    also android uses busybox to send all commands to the kernel and busybox uses ash and not bash
    just a heads up anyway hope this helps sum ppl


    EDIT::1

    #!/bin/ash
    #writing for Xperia X10 MiUi 1.9.9
    #X10 Android 2.2/2.3 set /data/misc/wifi/mac_address to
    #/data/misc/wi-fi/MAC*address
    #a pinginn was here
    #save as mac-spoof.sh [chmod 777 mac-spoof.sh su > sh mac-spoof.sh ](From term)
    echo "Backing Up Mac Address To SDcard!"
    ifconfig wlan0| grep HWaddr >> /mnt/sdcard/mac.log
    echo "Org Mac Address" >> /mnt/sdcard/mac.log
    echo "Seting Random Address"
    rm /data/misc/wifi/mac_address
    echo "00:12:f0:dd:cc:dc" >> /data/misc/wifi/mac_address
    echo "Your Mac Address Is Spoffed To 00:12:f0:dd:cc:dc"
    #END

    EDIT::2
    that is currintly work on my android 2.3.5 (MiUi 1.9.9) =D spoffing

    EDIT::3
    also im going to try and get a database of wireless mac addys so that it will pull an replace
    the address with diff address everytime the script is execed so it can be added to corn =D

    EDIT::4
    after 24hur test changing networks worked fine however enabling GPS restored the org mac address. so im gessing the mac is assinged to the GPS and that must be the same to access the satellites.
    anyway enjoy spoofing
  18. joelstitch

    joelstitch Member

    I made that sh file and put it on my /sdcard/ folder. Then I used Better Terminal and sh the file and this is what I got:

    Code (Text):
    1. Backing up Mac Address to SDCard!
    2. wlan0: No such device
    3. Setting Random Address
    4. rm failed for /data/misc/wifi/mac_address, No such file or directory
    5. Your Mac Address Is Spoffed To 00:12:f0:dd:cc:dc
  19. Captain Starfish

    Captain Starfish Well-Known Member

    It might be that your device uses eth0 as an ID instead of wlan0. That was the case for my phone. Run
    Code (Text):
    1. busybox ifconfig
    to check.

    And if that's whats up, just change all instances of "wlan0" to "eth0". You can probably omit "rm /data/misc/wifi/mac_address" as well, since your phone is missing it.

    Btw pinginn, have any luck implementing a db?
  20. joelstitch

    joelstitch Member

    I changed it to eth0 already and also removed the rm /data/misc/wifi/mac_address but its not changing the ip. I use the command busybox ifconfig to see my MAC Address but the script didn't change it.
  21. Captain Starfish

    Captain Starfish Well-Known Member

    Here's my edited version
    Code (Text):
    1. #!/system/bin
    2.  echo "Backing Up Mac Address To SDcard!"
    3.  busybox ifconfig eth0 | grep HWaddr >> /mnt/sdcard/mac.log
    4.  echo "!Org Mac Address!" >> /mnt/sdcard/mac.log
    5.  echo "Seting Random Address"
    6.  busybox ifconfig eth0 hw ether 00:12:f0:dd:cc:dc
    7.  #end
    8.  
    See if changing the last line to the following fixes it.
    Code (Text):
    1. ip link set eth0 address 00:12:f0:dd:cc:dc
    For me either way works.
  22. joelstitch

    joelstitch Member

    For some reason now it keeps connecting and disconnecting. I also check my mac address and it didn't change.
  23. Captain Starfish

    Captain Starfish Well-Known Member

    WiFi networks with WPA disconnect the device when the mac is changed. I'm not sure about open/WEP networks.

    Anyways you should tinker around with the script, you might find your fix. If you do, could you post what you did? Thanks
  24. tonyjoseph

    tonyjoseph New Member

    When I typed /data/misc/wifi on the terminal emulator there is a error message showing that permission denied. How to get permission for this?? Please reply to me..
  25. SmileyKid

    SmileyKid New Member

    Saw this thread and tweaked around a bit on my LG L9 and was able to write a 3 line script that works... easily. Run the script and it'll toggle OFF you wifi, change your mac then toggle back on. Toggle wifi off then on to revert to original one. Easy, work and you DON'T have to worry about changing file or permissions. Just execute VIA rom toolbox or script manager. NEED ROOT AND BUSYBOX INSTALLED. Should be a given


    anyways, here it is (assuming your device uses wlan0. If not try eth0)


    #!/system/bin
    busybox ifconfig wlan0 down
    busybox ifconfig wlan0 hw ether [MAC]
    busybox ifconfig wlan0 up
    #end


    I also noticed on my network I get duplicate IP's with the spoofed mac... not sure why but will look into it.


    *EDIT*
    "busybox ifconfig wlan0 up" not needed as it automatically enabled WiFi after MAC change.
    Knives likes this.

Share This Page