Table of Contents

Shortnote

We can spoof the MAC address of all the network cards on an OS X machine by using launchd and making sure that the addresses are changed once per session so that every time the computer restarts, all the MAC addresses will be forged. The script uses launchd's LaunchOnlyOnce option to make sure that the script runs only once on load. All the MAC addresses are changed by the net.was.macspoof.sh bash script, including the wireless.

Services that need a fixed MAC address, may be interrupted but since the script is loaded on boot, the services will pick-up the spoofed MAC address and use it until the system restarts. Another option would have been to change the MAC address every time and interface goes up, however that may destabilize any software that uses the MAC address.

Setup

The files below have to be placed on your filesystem, one of them called net.was.macspoof.plist which must be placed in /Library/LaunchDaemons and the other is the bash script that changes the addresses called net.was.macspoof.sh which must be placed in /Library/Scripts/Wizardry and Steamworks/. You may of course edit those paths and experiment.

Bash Script

The bash script just forks a process for every network card which sets a random MAC address for each interface. The script is placed at /Library/Scripts/Wizardry and Steamworks/net.was.macspoof.sh with the following contents:

net.was.macspoof.sh
#!/bin/bash
# Copyright (C) 2011 Wizardry and Steamworks.
#
#  Licensed to Wizardry and Steamworks under
# the GPLv3 GNU License which can be found at:
#    http://www.gnu.org/licenses/gpl.html
#
 
ETH=`ifconfig | grep flags | awk 'BEGIN { FS=":" } { print $1 }'`
 
for et in $ETH; do
  HW=$(printf "%s:%s:%s:%s:%s:%s\n" `jot -r -w "%02x" 6 0 99`)
  ( /sbin/ifconfig $et up; /sbin/ifconfig $et ether $HW 2>&1 | true ) &
done

Launchd

The launchd plist is placed at /Library/LaunchDaemons/net.was.macspoof.plist with the following contents:

net.was.macspoof.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>net.was.macspoof</string>
  <key>ProgramArguments</key>
  <array>
    <string>/Library/Scripts/Wizardry and Steamworks/net.was.macspoof.sh</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>LaunchOnlyOnce</key>
  <true/>
</dict>
</plist>

and then loaded using launchctl:

launchctl load -w /Library/LaunchDaemons/net.was.macspoof.plist

Due to the RunAtLoad flag, the script will run on every boot. It is wise to restart the computer after the setup and make sure that the MAC address has changed.

More on MAC Addresses

As a reference, the MAC address can be viewed using just ifconfig:

ifconfig en1

where en1 is your ethernet interface. The MAC address consists of 6 pairs of 2 hexadecimal numbers, eg 4b:5d:03:13:3b:29 which have some information encoded depending on the type of machine or the country of origin.