Change MAC Address on Win2K & XP

From: Kyle Lai (
Date: 11/22/02

  • Next message: Lisa Dokes: "Insurance"
    Date: 22 Nov 2002 22:37:08 -0000
    From: Kyle Lai <>
    ('binary' encoding is not supported, stored as-is)

    I konw many of you want to answer "NO" or "ONLY if you can find the
    option in the NIC advanced properties", because that's the answer I heard
    all the time through out my research,

    However, the answer is: YES!!!!!!!!!!


    I wrote a detailed instruction on how to change MAC address on Windows
    2000 & XP, and you can find it at:

    I know there was one discussion before, but that thread offered no
    solutions... I researched for a long time, and I finally discovered the
    solution through Microsoft MSDN Driver Development Kit (DDK) and Win2K
    resource kit. I have many people tested my instructions, and I haven't
    found a NIC that can't be spoofed. Not to say there isn't one out there.

    The method is to call a DDK function - NdisReadNetworkAddress.

    NdisReadNetworkAddress(...) is called by the network adapter driver to
    obtain a user specified MAC address in the registry. After the driver
    confirmed that there's a valid MAC address specified in the registry key,
    the driver then programs the MAC address to its hardware registers to
    override the burn-in MAC address.

    Not all manufacturers support this function I heard, but like I said, I
    haven't seen one NIC that can't be spoofed. I am interested in learning
    which brand and model can't be spoofed. If you know of any, please send
    me an email.

    I think this discovery might not be new to the device driver developers,
    but it certainly is still a well kept secret to lots of security
    professionals out there. Therefore, I decided to reveal this secret
    because there are too many wrong answers out there.

    I am also writing a free tool, SMAC, to change MAC address on Wnidows
    2000 & XP. I basically plan to incorporate the technique I discovered
    with some other functionalities. SMAC 1.0 is due to release in a few
    weeks. Please check for updates.

    Kyle Lai, CISSP, CISA
    InfoSec Consultant

    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    Relevant Pages

    • Re: best antivirus solution for a Mac.
      ... DVD driver doesn't play nice with the printer driver for some reason. ... > updates for Panther in the last year too. ... > packs and several security updates. ... > I think that it is great that you are productive on a Mac. ...
    • >>> MAC SECURITY <<<
      ... mac home security ... free security software for mac ... internet security for mac ...
    • Re: the exploit that wasnt
      ... The other Mac Book Pro? ... brought Microsoft into a security discussion about Mac OS X. ... The number of security patches, ... if you were to scan random machines on the internet for a week, ...
    • Re: 13 MASSIVE holes found in Safari...
      ... And yet Apple releases monthly security updates. ... But most malware use the normal http port, ... that it's OK because he's on a Mac and Macs are 100% safe). ...
    • Re: The Myth of the secure Mac
      ... >> yes, it's in Tiger, perhaps you didn't read the Security Brief as you ... the real reason is they can't break a mac. ... Plug your Mac into Linux box acting as DHCP server ...