Has been a long time since I released MacMakeup 1.99. A new version (2.x) was created but never publicly distributed.
Many of you continued to ask for updated versions, even if 1.99 seems to work some way even on newer operating systems. The problem arise when using DEP since the executable was packed and probably something goes wrong during unpacking in memory. For this same reason, some stupid antivirus software decided MacMakeup was a worm of some kind, and I received tons of email asking for a “clean” version… I think people who spent money on this crapware “security” software should ask their money back. Really.
Nevertheless, while I’m writing an article about MAC address spoofing on Windows and its usage in the cloud era (I’ll publish it in some weeks), I created McMMKUP, the nephew of MacMakeup. The good news is that it is open source, so you can really see the way code must NOT be written.
It comes as a Powershell script, and it should run on any platform where PS runs, that is Windows XP, Windows 2003, Windows Vista, Windows Seven, and Windows 8, each in 32 or 64 bit flavour.
It has a new name, not to be confused with some “tool” used to make girls look prettier (hope I didn’t clash another registered trademark).
You can download two zips: one containing the script with its normal extension, that is .ps1, the other with .txt extension, to avoid panic in the antivirus community (Whaaaaaat? An executable script inside a compressed archive!?! This must be a uber-hackish world-terminating virus, let’s blacklist the entire domain…
At this point a black hole could have hogged the entire universe; in this case the rest of the explanation can be somewhat unuseful.
Here is what you should see:
And this is some explanation:
 and : the list of valid commands and a brief explanation.
 the list of physical interfaces found on the host. See below for details.
 the status of the flag that indicates if the interface must be automatically disabled and then re-enabled after spoofing the MAC address. The default is set to False, meaning the interface must be cycled manually. Use the command cycle to toggle this flag. You can set your default in the Global variables area in the first lines of the script.
 The prompt to type commands into.
Basically we have 2 commands:
Command “s”: it takes 2 parameters, the first one indicating which interface you want to operate (yello field 1 on the second bitmap), and the second containing the new MAC address.
So to change the Intel Wireless interface in the bitmap just type:
s 1 0102030a0b0c
There is currently no check on the MAC other then it being of the right length, so choose a valid one.
The “c” command reverts the changes, so typing
will reset the original MAC address.
You can see field 4 can indicate 2 things:
- Firmware: the interface is using its own real MAC
- Spoofed xxyyzzaabbcc: this MAC is spoofed.
Field 2 reports the interface name as seen in Network connections; Field 3 is the name as reported by the device driver.
This code is not meant to be error-proof, but thanks to the Power of the Shell any error occurring is hidden, so you virtually should see no problems using it :-) For example, if you start it without admin privileges, the program will show you info, but happily and silently fail to change it.
There are several areas to improve, hope I’ll restore the forums to discuss it with you.
You’ll only see PHYSICAL interfaces, the ones you can plug a cable into or wireless ones. These are the ones where changing the MAC is not only possible, but useful. Changing virtual interfaces MAC addresses is most of the times a waste of time, and sometimes it will make then not working. And we don’t WantFuckUpThings. Also remember that MAC addresses live in your own LAN, and without some special software they cannot be seen by web sites and generally by host outside your gateway.
This script contains a powerful hidden polymorphic engine: if you add a single blank line to the end, the MD5, SHA1 and CRC32 of the file will change all together completely! I know this will sound unbelievable, but if you must blacklist my code and the domain or continent hosting it, do string searches or you can miss it!