SMAC
- MAC Address
Modifying Utility for Windows 2000 and XP systems.
By
KLC Consulting (KLC) Security Team,
| Kyle Lai, |
Senior Security Consultant, |
| Bob Bourret, |
Senior Software Developer |
smac@klcconsulting.net
http://www.klcconsulting.net
Thank
you for using SMAC.
SMAC
is developed for RESPONSIBLE, LEGAL AND ETHICAL USE ONLY!!!
SMAC
Official Website is at http://www.klcconsulting.net/smac.
Table of Content:
Description:
(back to Top)
With
SMAC, you can modify the MAC address of almost any Network Interface Card (NIC)
on Windows 2000 & XP systems, regardless of whether manufacturers allow
this option or not.
We
haven't seen a NIC that does not support changing MAC addresses on Windows
2000 and XP systems, but that is not to say there is
not any out there. If you find a
NIC that doesn't support changing MAC addresses, we would appreciate it if you
send us your findings at smac@klcconsulting.net.
SMAC
is developed based on the research done by Kyle Lai, a KLC senior security
consultant. Information is available at http://www.klcconsulting.net/Change_MAC_w2k.htm.
If you find this program useful, please send $10.00 (US Dollars) to KLC
Consulting to support SMAC development.
SMAC
was designed as a security vulnerability testing tool for MAC
address based authorization and authentication systems, Intrusion Detection
Systems, MAC address based software licensing, and network troubleshooting
tool. However, there are many
other applications for SMAC.
When
changing MAC address, make sure you assign MAC addresses according to IANA
Number Assignments database. You
can find the information at http://www.iana.org/assignments/ethernet-numbers.
The latest MAC address Organization Unique Identifier (OUI) listing is
available at http://standards.ieee.org/regauth/oui/oui.txt.
Please
submit bug reports and your wish list to us (smac@klcconsulting.net).
This will help us create stronger products and help the community.
Features:
(back to Top)
Version
1.0
-
Easy,
user friendly GUI for changing MAC addresses.
-
List
all NIC's device ID, Status, NIC description, spoofed (Yes/No), IP,
and active MAC addresses.
-
Log
SMAC activities.
Version
1.1
-
Supports
Windows 2000 & XP systems in all languages.
-
Adds
View Log option (menu File->View Log) to view SMAC activity log
from within the SMAC GUI.
-
Adds
"Clear New Spoofed MAC Address" button (X)
Bug
Fixes: (back
to Top)
Version
1.1
-
Non-English versions of Windows 2000 & XP
will no longer get stuck on the Agreement screen.
-
"Refresh"
button will no longer clear the entry of "New Spoofed MAC
Address."
-
"Refresh"
button will no longer lose the item selection from the list.
-
"Remove
MAC" button will no longer clear the entry of "New Spoofed MAC
Address."
-
"New
Spoofed MAC Address" entry area will now be blank by default to
avoid invalid MAC address entries.
-
"New
Spoofed MAC Address" entry area is re-adjusted to fix some display
problems.
Change
Log: (back
to Top)
-
January
9, 2003 - version 1.0, Initial Release
-
January
25, 2003 - version 1.1, International Version and bug fixes
Installation:
(back to Top)
Install
SMAC 1.1:
-
If
SMAC 1.0 was previously installed, uninstall SMAC 1.0 by going to
"Control Panel -> Add/Remove Programs." (Log
file will not be deleted. If SMAC 1.1 is installed to the same
folder as SMAC 1.0, SMAC log will be reused.)
-
Install
SMAC 1.1.
-
Unzip
the downloaded SMAC file into a designated installation folder
-
Run
"setup.exe" to install SMAC
Supported
Operating Systems (tested): (back
to Top)
-
Windows
2000 Professional, Server, Advanced Server
-
Windows XP Home, Professional
Usage
Guide: (back
to Top)
SMAC
1.1 has 2 modes of operation: [WBEM
ON] and [WBEM OFF]. The mode of
operation is shown on the top left corner of the window.
If
you have the ôWindows Management Instrumentation (WMI)ö service running,
it will be running on [WBEM ON] mode. Otherwise,
it will be running on [WBEM OFF] mode. WMI
service is shipped with Windows 2000 & XP and started automatically by
default. In SMAC 1.1, [WBEM ON]
mode shows more information.
SMAC
1.1 also provides logging capability to track SMAC activities.
The log file is located in the same directory as the SMAC program file.
Descriptions
of information displayed:
|
|
Description
|
|
|
Network
device ID
|
|
Active
|
Indicates
whether a network adapter is configured and available for use.
|
|
Spoofed
|
Contains
spoofed MAC address in the registry
|
|
Network
Adapter
|
Description
of Network Adapters
|
|
IP
Address
|
Assigned
IP address
|
|
Active
MAC
|
Active
MAC Address for the Network Adapter
|
Note:
-
ôSpoofedö
column determines if there is a spoofed MAC address entry in the
registry. This column
does NOT indicate whether the Active MAC is spoofed.
-
ôActive
MACö column may or may NOT contain the true hardware MAC address. If there is a spoofed MAC address is in the registry during
the system boot-up process, then removed after the system is boot-up,
there is no easy way to determine if the current MAC address is
spoofed unless using vendor specific network adapter device drivers.
Therefore, SMAC does not show if the Active MAC is spoofed or
not.
|
|
Description
|
|
|
When
the checkbox is checked, SMAC will display only the network adapters
that are configured and available for use.
|
|
"Remove
MAC" button
|
Remove
the spoofed MAC address for the selected Network Adapter.
|
|
"Update
MAC" button
|
Update the new
spoofed MAC address into the registry for selected Network Adapter.
|
|
"Refresh"
button
|
Refresh
the List with current information.
|
|
"Exit"
button
|
Exit
SMAC program.
|
|
Arrow
button ( D
)
|
Move the adjacent
address to the ôNew Spoofed MAC Addressö entry area.
|
|
Clear New Spoofed MAC Address button (X)
|
Clear the New Spoofed MAC Address
|
|
"Spoofed MAC Address" field
|
Shows the current spoofed MAC address registry
entry for the specified network adapter.
|
|
"Active MAC Address" field
|
Shows current active MAC address for the
specified network adapter.
|
True
Hardware Burned-in
MAC Address:
(back to Top)
In order to get the True Hardware MAC address, you
must remove the spoofed MAC entry from the registry. Here are the
steps:
- Select the specified network adapter
- Click "Remove MAC" button
- Disable and re-enable the network adapter, or
just reboot the system.
- Refresh SMAC to display true hardware burned-in
MAC address for the specified network adapter.
Activate
New MAC Address: (back
to Top)
There are 2 ways to make the newly changed MAC
addresses active. Method I
does not require a system reboot.:
I.
Go to Start->Setting->Control Panel, and double click on
"Network Neighborhood".
WARNING: Make sure you understand that you WILL lose the network
connection after completing step "2." below. If you are a
DHCP client, you might get a new IP address after completing step
"3."
1.
Select the Network Adaptor for which you want the MAC address
changed.
2.
Right click on the selected Network Adaptor and click
"Disable." Verify
that the status column for this adaptor has changed to "Disabled"
3.
Right click on the selected Network Adaptor and click
"Enable." Verify
that the status column for this adaptor has changed to "Enabled"
4.
If for any reason the network adapter cannot be disabled or re-enabled, you
will have to
reboot your system to make the changes effective.
II.
Reboot your Windows 2000 system.
How
to contact KLC Consulting, Inc. (KLC): (back
to Top)
KLC Consulting, Inc.
P.O. Box 395
Holden, MA 01520
For more information about KLC and its services,
please visit their website at http://www.klcconsulting.net
or send an email to info@klcconsulting.net.
Copyright
⌐
2003 KLC CONSULTING, INC.
ALL
RIGHTS RESERVED |