Tuesday, July 19, 2011

MadMACs: MAC Address Spoofing And Host Name Randomizing App For Windows


Description:

        I hope you enjoy this little MAC address and host name changer. When Glj12 told me about his host name randomizer, I told him about my desire to make a MAC address randomizer. We decided it would be cool to rap them both together, so I ported parts of his VBScript to Autoit3.
        MadMACs was designed with the privacy paranoid in mind. The two main things a DHCP server records when you get an IP from it is your host name and the MAC address of the network card you are connecting from. This is identifying information that not all users want to leave behind. MadMACs allows you to randomize this information after it runs and reboots.

        If you have the source It can be compiled with Autoit3 from:

            http://www.autoitscript.com 

        I chose Autoit3 because it's free and very flexible. To find the latest version of MadMACs and its documentation visit:

            http://irongeek.com 

and look in the apps section.

Configuring MACs to Spoof and Randomize:

        The first thing you should do is copy MadMACs.exe to what ever directory you plan to have it run from. If mac-config.txt does not exist in the same directory as the binary a wizard will come up and guide you through configuring which adapters get their MAC addresses randomized. The Wizard will ask you what prefix to use on the MAC address, keep the default 00 unless you want to use a specific vendor's MAC address range. For a list of vendor specific prefixes see:

            http://standards.ieee.org/regauth/oui/oui.txt

        This wizard also lets you set a registry entry to automatically run the randomizer on start up. There are two possible command line parameters:

config
        Brings up the setup wizard
remove
        Removes all of the registry entries.
        If you run MadMAX without parameters you are asked "Do you wish to remove MadMACs from startup and clear the registry? Click No to configure MadMACs instead or Cancel to forget the whole matter." Make the logical choice to get the desired outcome.
        If you want MadMACs to randomly set your host name make a text file called dic.txt in the same directory as the binary. This text file's format is one word after another separated by line feeds. If you are feeling lazy just rename the file "sample dic.txt" that comes with MadMACs to "dic.txt". MadMACs will randomly select a word from dic.txt and make that your host name. You may not want to use the host name randomizing functionality if you need to reach the host with the same name every time.

        Most of the setting don't take effect until the computer reboots (sort of :) there are exceptions, like if you disable and enable the adapter). Basically, the current session randomizes the next session. If you have questions about the code, ask on the Binrev forums so I don't have to answer the same questions over and over again in email.

        I take no liability for the misuse of this code. If you mess up your system or network with a bad MAC address or host name it's your fault. Use at your own risk. I've only tested it in Windows XP, and Vista so far. Consider this code GPLed.

Side Notes:
        A patron of my website pointed out that MadMACs, and other similar tools, seem to have a problem randomizing the MAC address under Windows Vista if you are using the Intel Wireless WiFi Link 4965AGN chipset. It will work with the 4965AGN  if you randomize only the last two digits, and start it with the prefix 1234567890. It will also let you set the whole MAC address to DEADBEEFCAFE, or even let you randomize all 12 hex digits. However, if you take the default prefix of 00, MadMACs will make a random address up and put it in the NetworkAddress registry value, but the 4965AGN chipset drivers will not honor it. If anyone knows why, please contact me.

        For more information on how MAC addresses work read my article here:

            http://www.irongeek.com/i.php?page=security/changemac

        Thanks to Chronos and the others from BinRev for helping me with the name.

            http://www.binrev.com/forums/index.php?showtopic=25548 

        Thanks to the Ispell project for the sample word list. If you want a more polished Windows MAC Spoofing tool see:

            http://www.gorlani.com/publicprj/macmakeup/macmakeup.asp

        It's great, the only reason I wrote MadMACs was to better automate the randomization of MAC addresses and to add in the host name changing functionality.

        If you want a simular tool to this for Linux look at:
            http://www.hak5.org/wiki/MAC_Randomizer
Change Log:
Ver. 1.2: Qwasty let me know that if host name randomization is used with MacMACs, and the host name is over 15 characters (or has certain bad illegal characters) it can cause all sorts of lsass.exe errors on boot up. To fix this, I've updated the code to do some sanity checks on the possible hostnames given to it in dic.txt. Hopefully this fixes the problem. I also compiled it with the newerAutoit3 v3.2.12.1.

Ver. 1.1: Added better Vista support. It's compiled with Autoit3 v3.2.1.14 (beta), so older versions may not compile the script right. When you login to Vista you will still have to either tell it to run via the error message you see in the system tray about start up apps, or just turn off User Account Control (UAC).

http://www.irongeek.com/i.php?page=security/madmacs-mac-spoofer