Change MAC Address on Win2K & XP

From: Kyle Lai (
Date: 11/22/02

  • Next message: Lisa Dokes: "Insurance"
    Date: 22 Nov 2002 22:37:08 -0000
    From: Kyle Lai <>
    ('binary' encoding is not supported, stored as-is)

    I konw many of you want to answer "NO" or "ONLY if you can find the
    option in the NIC advanced properties", because that's the answer I heard
    all the time through out my research,

    However, the answer is: YES!!!!!!!!!!


    I wrote a detailed instruction on how to change MAC address on Windows
    2000 & XP, and you can find it at:

    I know there was one discussion before, but that thread offered no
    solutions... I researched for a long time, and I finally discovered the
    solution through Microsoft MSDN Driver Development Kit (DDK) and Win2K
    resource kit. I have many people tested my instructions, and I haven't
    found a NIC that can't be spoofed. Not to say there isn't one out there.

    The method is to call a DDK function - NdisReadNetworkAddress.

    NdisReadNetworkAddress(...) is called by the network adapter driver to
    obtain a user specified MAC address in the registry. After the driver
    confirmed that there's a valid MAC address specified in the registry key,
    the driver then programs the MAC address to its hardware registers to
    override the burn-in MAC address.

    Not all manufacturers support this function I heard, but like I said, I
    haven't seen one NIC that can't be spoofed. I am interested in learning
    which brand and model can't be spoofed. If you know of any, please send
    me an email.

    I think this discovery might not be new to the device driver developers,
    but it certainly is still a well kept secret to lots of security
    professionals out there. Therefore, I decided to reveal this secret
    because there are too many wrong answers out there.

    I am also writing a free tool, SMAC, to change MAC address on Wnidows
    2000 & XP. I basically plan to incorporate the technique I discovered
    with some other functionalities. SMAC 1.0 is due to release in a few
    weeks. Please check for updates.

    Kyle Lai, CISSP, CISA
    InfoSec Consultant

    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see: