Tech 101: Spoofing a MAC Address in macOS High Sierra

Wi-Fi (AirPort) icon

In this article, we’ll show you how to spoof a MAC address on a macOS computer running High Sierra. This is a technique for changing the factory-assigned physical Media Access Control (MAC) address of a network interface on a networked device to a random address. MAC spoofing means that you’re changing a computer’s identity and it can be done for a number of reasons.

First, some Internet Service Providers (ISPs) want to register a client computer’s MAC address for service and billing services. When you wish to connect a new device to your network, the ISP may not grant access to a device with a different MAC address than those already registered to the ISP. By spoofing the MAC address to the address that was registered by the ISP, a user can work around the ISP limitation.

Next, some software can only be installed and run on systems with a pre-defined MAC address. Should you need to run that software on a new Mac or one in which the Wi-Fi (or Ethernet) card has been replaced, spoofing is required in order to make the software believe you’re using the original computer.

The primary reason for MAC spoofing is to mask your identity. In other words, this is used to protect your privacy. If you do not wish to have your computer tracked by MAC address, spoofing can show a different MAC address every time you log onto a network.

It’s interesting to note that iOS automatically delivers a random MAC address to Wi-Fi networks exactly for the purpose of preventing user tracking. This change was made to iOS by Apple in 2014.

The following instructions assume that you have some knowledge of and experience with the macOS Terminal app. If you feel uncomfortable using Terminal, then you may wish to either pass on spoofing your MAC address or use the WiFiSpoof app outlined at the end of this post. Now, let’s get to work:

1) Determine the name of the Wi-Fi interface on your Mac
Depending on the Mac you’re using, the Wi-Fi interface can have one of several names, usually en0 or en1. To figure out the address for your Mac, hold down the Option key and click on the Wi-Fi icon in the menu bar. You’ll see something similar to this screenshot:

Finding the name of the Wi-Fi interface (en0)

(Finding the name of the Wi-Fi interface (en0).

In this case, we see that the name is en0 (that’s en, followed by a zero). Remember, this may be different on your Mac.

2) Temporarily disable Wi-Fi
When spoofing the MAC address on our Mac, Wi-Fi must be temporarily disabled. This is quickly done by once again holding down the Option key, clicking on the Wi-Fi icon in the menu bar, then select “Disconnect from XYZ” where XYZ is actually the name of your Wi-Fi network (see screenshot below). You’ll get a visual indication that you’re no longer connected to the Wi-Fi network as the Wi-Fi icon becomes grayed out.

Use "Disconnect from" to temporarily disable the Wi-Fi connection

(Use “Disconnect from” to temporarily disable the Wi-Fi connection.)

3) Launch Terminal
Next, launch the Terminal app. It’s found in the Utilities folder inside the Applications folder, or you can click on the Spotlight “magnifying glass” icon in the menu bar, type Terminal into the Spotlight search field, and press Return.

4) Verify the existing MAC address
To verify the existing built-in MAC address for the Wi-Fi adapter, type the following command into Terminal and press Return:

ifconfig en0 |grep ether

Remember to replace the en0 in the command with the proper name for your Mac (perhaps en1) if you determined in Step 1 that it was different from en0. In the example below, the physical MAC address is 46:cf:fd:1c:78:3f :

Using Terminal to find the existing MAC address for interface en0 (Wi-Fi)

(Using Terminal to find the existing MAC address for interface en0 (Wi-Fi).

5) Generate a random hexadecimal number to serve as the “new” MAC address
In Terminal, enter the following command (it’s OK to copy this and paste it into Terminal):

openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

The response will be a 6 hexadecimal character address. In the example below, the random address is 9b:87:5e:59:68:5c —

Generating the random hexadecimal number for the spoofed MAC address

(Generating the random hexadecimal number for the spoofed MAC address.)

6) Copy the random address from Terminal, then type the following command and paste the random address at the end before pressing Return:

sudo ifconfig en0 ether

In the example below, I’ve entered sudo ifconfig en0 ether 9b:87:5e:59:68:5c

Entering the command to temporarily change the MAC address

(Entering the command to temporarily change the MAC address.)

Since we’re entering this command as root, we are prompted to enter the root password.

7) Test that the random address is now our MAC address.
Once again, we’ll use ifconfig in Terminal to see what our existing MAC address is for Wi-Fi. Enter the following command:

ifconfig en0 |grep ether

and we see the response as seen in the screenshot below with our random address:

The MAC address has changed

(The MAC address has changed.)

Indicating that we’re spoofing the MAC address. Success!

You can now connect to Wi-Fi again, knowing that any Wi-Fi router you’re connected to now thinks that you’re coming from another MAC address. Note that if you use the Option – Wi-Fi icon method described in Step 1, you’ll still see the physical MAC address listed, but using Terminal and ifconfig as in Step 7 will verify that the MAC address is being spoofed.

Note that when you restart your Mac, all Wi-Fi MAC address spoofing goes away — you’re back to using your physical MAC address. If you want to use the Internet anonymously all the time, spoofing your MAC address using the Terminal method can be time-consuming. Fortunately, there’s an app for that…

WiFiSpoof
For many people, MAC spoofing isn’t really necessary except on rare occasions. But for those who need to zealously protect their privacy, an app called WiFiSpoof (US$19.99, on the Mac App Store) is a quick and easy way to change a MAC address.

The WiFiSpoof Mac app

(The WiFiSpoof Mac app.)

The app even provides a way to randomize a new MAC address every few minutes, a perfect way to prevent tracking while using a public network. It’s somewhat overpriced, but if you require complete security or do network security testing, the price tag for WiFiSpoof could be considered reasonable.


LEAVE A COMMENT


  • False, this changes the IP on your terminal, but if you go to the network preferences you will see your Mac address is still the original one




  • I was able to change my MAC in High Sierra by ensuring the first three octets of the address stay the same as the hardware address.

    XX:XX:XX:YY:YY:YY

    Leave XX’s the same as hardware address, change YY’s.




  • How can you change it back to the original (hardware) MAC address?




  • Another reason to do this is to register a device that doesn’t have a web browser onto a network that uses a sign-in page – for instance to get an AppleTV onto a hotel WiFi. Get the AppleTV’s MAC address (it’s in the Settings menu), change (i.e. spoof) your laptop’s MAC address to the MAC address to the AppleTV, log onto the hotel’s WiFi with your laptop, and now your AppleTV can access the network without going through the sign-in page.




  • doesnt seem to work anymore. Im using MacOS Sierra 10.12.6. after ifconfig en0 ether , ifconfig en0 | grep ether still shows the old one :(




  • “Since we’re entering this command as root, we are prompted to enter the root password.”

    This is totally incorrect. The whole point of the sudo command is to elevate a command to admin/root level so you don’t have to log in as root to do things. You would not enter the root password for sudo, you enter your own login password.




  • I should make an service app from automation app that you could just load with the startup items and sell it for $9.99. Think anyone would buy it, instead of paying $20?




  • why not just change it in network control panel?




  • How different is this from using a VPN?




    • Quite different. This does nothing to change the IP address of the network connection you are using, which is what a privacy VPN masks by having you tunnel all your traffic so that it enters the open internet from their site.




  • Since you drop into terminal anyway, would a script like the following do the same thing? My only question about changing interface MAC is: does ARP have the current interface MAC cached in other devices on my network and if so, will the change confuse other devices about how to get back to my machine?

    #!/bin/bash

    IF=en0
    export PATH=”$PATH:/sbin:/usr/bin”

    mac=`ifconfig $IF | grep ether | awk ‘{print $2}’`
    echo “$IF mac before change=$mac”
    randmac=`openssl rand -hex 6 | sed ‘s/\(..\)/\1:/g; s/.$//’`
    sudo ifconfig $IF ether $randmac
    mac=`ifconfig $IF | grep ether | awk ‘{print $2}’`
    echo “$IF mac after change=$mac”




  • My only concern with this is what if the randomly generated MAC address duplicates one that is already on the local network? That would be quite a mess.




    • The first six digits of a MAC address identify the hardware vendor. By generating a random MAC address, you are not just hiding who you are, but potentially presenting yourself as some other vendor’s hardware, which can have deleterious effects on some networks that actually care about such things.

      To avoid this, you can make use of the convention that all hardware vendors are assigned MAC address prefixes whose second hex digit has a “2-bit” of 0. Any MAC address with a second digit of 2, 3, 6, 7, A, B, E, or F is guaranteed to belong to no vendor. Therefore it will collide only with other “random” MAC addresses you (or someone else) generated for yourself; and this collision can only occur within your local area network, as MAC addresses aren’t communicated beyond that (at least not in IPV4).