_____                  _                   _                                
     / ____|                | |                 (_)                               
    | |  __    ___    _ __  | |   __ _   _ __    _        ___    ___    _ __ ___  
    | | |_ |  / _ \  | '__| | |  / _` | | '_ \  | |      / __|  / _ \  | '_ ` _ \ 
    | |__| | | (_) | | |    | | | (_| | | | | | | |  _  | (__  | (_) | | | | | | |
     \_____|  \___/  |_|    |_|  \__,_| |_| |_| |_| (_)  \___|  \___/  |_| |_| |_|

 |  \/  | __ _  ___|  \/  | __ _| | _____ _   _ _ __  
 | |\/| |/ _` |/ __| |\/| |/ _` | |/ / _ \ | | | '_ \ 
 | |  | | (_| | (__| |  | | (_| |   <  __/ |_| | |_) |
 |_|  |_|\__,_|\___|_|  |_|\__,_|_|\_\___|\__,_| .__/ 

This page was taken from the old site for historical purposes only.

Has been a long time since I released MacMakeup 1.99. A new version (2.x) was created but never publicly distributed.

Many of you continued to ask for updated versions, even if 1.99 seems to work some way even on newer operating systems. 
The problem arise when using DEP since the executable was packed and probably something goes wrong during unpacking in 
memory. For this same reason, some stupid antivirus software decided MacMakeup was a worm of some kind, and I received 
tons of email asking for a “clean” version… I think people who spent money on this crapware “security” software should 
ask their money back. Really.

Nevertheless, while I’m writing an article about MAC address spoofing on Windows and its usage in the cloud era (I’ll 
publish it in some weeks), I created McMMKUP, the nephew of MacMakeup. The good news is that it is open source, so you 
can really see the way code must NOT be written.

It comes as a Powershell script, and it should run on any platform where PS runs, that is Windows XP, Windows 2003, 
Windows Vista, Windows Seven, and Windows 8, each in 32 or 64 bit flavour.

It has a new name, not to be confused with some “tool” used to make girls look prettier (hope I didn’t clash another 
registered trademark).

You can download two zips: one containing the script with its normal extension, that is .ps1, the other with .txt extension, 
to avoid panic in the antivirus community (Whaaaaaat? An executable script inside a compressed archive!?! This must be a 
uber-hackish world-terminating virus, let’s blacklist the entire domain…

So, to make it short:

download the script and put it where you want on your disk. You can find it at the bottom of this page.
if you’re running an ancient platform :-), download and install Windows Powershell
Start Powershell with administrative privileges. This sounds like “Run as administrator”. Not required if you’re not 
planning to change anything.
If you didn’t do it before, type Set-ExecutionPolicy unrestricted. Of course, you can sign the script after a thorough 
code review and use other execution policies :-)
Just run the script: mcmkup.ps1

At this point a black hole could have hogged the entire universe; in this case the rest of the explanation can be 
somewhat unuseful.

Here is what you should see:


And this is some explanation:

[1] and [2]: the list of valid commands and a brief explanation.

[3] the list of physical interfaces found on the host. See below for details.

[4] the status of the flag that indicates if the interface must be automatically disabled and then re-enabled after 
spoofing the MAC address. The default is set to False, meaning the interface must be cycled manually. Use the command 
cycle to toggle this flag. You can set your default in the Global variables area in the first lines of the script.

[5] The prompt to type commands into.

Basically we have 2 commands:

Command “s”: it takes 2 parameters, the first one indicating which interface you want to operate (yello field 1 on the 
second bitmap), and the second containing the new MAC address.

So to change the Intel Wireless interface in the bitmap just type:

s 1 0102030a0b0c

There is currently no check on the MAC other then it being of the right length, so choose a valid one.

The “c” command reverts the changes, so typing

c 1

will reset the original MAC address.

You can see field 4 can indicate 2 things:

-          Firmware: the interface is using its own real MAC

-          Spoofed xxyyzzaabbcc: this MAC is spoofed.

Field 2 reports the interface name as seen in Network connections; Field 3 is the name as reported by the device driver.

This code is not meant to be error-proof, but thanks to the Power of the Shell any error occurring is hidden, so you 
virtually should see no problems using it :-) For example, if you start it without admin privileges, the program will 
show you info, but happily and silently fail to change it.

There are several areas to improve, hope I’ll restore the forums to discuss it with you.

Which interfaces are listed
You’ll only see PHYSICAL interfaces, the ones you can plug a cable into or wireless ones. These are the ones where 
changing the MAC is not only possible, but useful. Changing virtual interfaces MAC addresses is most of the times a 
waste of time, and sometimes it will make then not working. And we don’t WantFuckUpThings. Also remember that MAC 
addresses live in your own LAN, and without some special software they cannot be seen by web sites and generally by 
host outside your gateway.

Special note for virus “experts” and “me-big-analyst”
This script contains a powerful hidden polymorphic engine: if you add a single blank line to the end, the MD5, SHA1 
and CRC32 of the file will change all together completely! I know this will sound unbelievable, but if you must 
blacklist my code and the domain or continent hosting it, do string searches or you can miss it!

[ (D)ownload ] MD5: 3bcceedae737ac8409f89f8694075fd5

[ (H)ome ]                       [ (Y)ell for sysop ]              [ (C)ookie policy ]