By term7 in MacOS Privacy

SpoofMAC

A MAC address uniquely identifies your device to each new network it connects to. MAC addresses can therefore be used to track your location as you move between WiFi networks and Bluetooth receivers. We show you how to randomize your devices MAC addresses every time you reboot your computer!

SpoofMAC

"The MAC address is a unique identifier tied to your physical Network Interface (Wired Ethernet or Wi-Fi) and could of course be used to track you if it is not randomized."

The Hitchhiker's Guide to Online Anonymity

The MAC address of a device is unique and hard-coded into its physical components. Your computer can always be identified via the unique MAC address of its network interfaces (i.e. Ethernet, Wi-Fi & Bluetooth). This is why the MAC address of a wireless device constitutes an excellent unique identifier to track its owner. Your computer needs a MAC address to connect to a Network Interface Controller (NIC). In other words: the administrators of the public wifi in a library, in an airport or in your local Starbucks can always identify your device by its MAC address, which means it can be used to track you over time.

MAC addresses of wireless devices are collected and stored by several systems. For instance logs of wireless routers include the MAC address of all devices that have been connected. Those logs contain events related to management aspects of the wireless network (association, authentication, disconnection, etc.) and each event associates a MAC address with a timestamp. Another example is Radio-Frequency tracking systems that are specifically designed to track the movement of individuals thanks to the wireless devices that they are wearing. Such systems are based on a set of sensors collecting wireless signals that triangulate and track the movement of individuals over time. Those systems are deployed in areas such as shopping centres, museums, roads, subway stations, etc. - where they provide valuable information on mobility patterns and shopping habits.

Most often retailers use your MAC address to deliver targeted advertising. However MAC address tracking can also be used for government surveillance. For example, documents released by NSA whistleblower Edward Snowden show that the Canadian spying agency CSEC illegally used MAC addresses collected from passengers who connected to the free internet service at a major Canadian airport to track the wireless devices of thousands of ordinary airline passengers for days after they left the terminal.

Furthermore MAC addresses are not random. The first six digits of your MAC address are a special number sequence called the organizationally unique identifier (OUI), which is used by manufacturers to identify their chips. If there is a known vulnerability of a chip, hackers can obtain clues based on your devices OUI wether or not a certain exploit works against your devices.

This is why you should always randomize your devices' MAC addresses and switch off both Wi-Fi and Bluetooth whenever you don't use it. It is less likely that your MAC addresses will be used to hack into your computer - however they will be used to track you.

MAC Address Tracking Countermeasures

SpoofMAC

The only effective way to mitigate MAC Address Tracking is to switch off Wi-Fi and Bluetooth whenever you don't use it and to randomize your MAC addresses!

However, on MacOS you cannot change your MAC address in the System Settings. According to other tutorials online, you have to type the required commands in your Terminal.app (found with Spotlight: press and [SPACE], then type Terminal, or find it in your Applications -> Utilities Folder). We did not manage to change our MAC address with these commands. Yet a couple of years ago on an older MacBook, this approach did work for us, which is why we include it here. It also shows how tedious it is:

1) First, you have to turn off Wi-Fi via the Control Center, or with this command: 

# Turn off Wi-Fi:networksetup -setairportpower en0 off

2) This command will generate a random MAC Address:

# Generate random MAC Address:openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//'

3) Select the generated hex number and use the Command + C shortcut to copy it.

4) Enter the following command, paste the copied MAC address at the end using the Command + V shortcut, and press the Return key:

# Change your MAC Address:sudo ifconfig en0 ether

5) Enter your password when prompted.

6) Turn your Wi-Fi back on via the Control Center, or with this command:

# Turn off Wi-Fi:networksetup -setairportpower en0 on

You should now have a new temporary MAC address that persists until you reboot your computer. Every time you reboot your computer, you have to repeat these steps before you connect to the internet.

As you can see, it should be possible to change or spoof your devices' MAC address, yet on MacOS this is tedious and harder than it should be. On our test computer (MacBook Pro / late 2019 / MacOS Sonoma) these commands did not work at all.

Even if you succeed to change your MAC address manually, every reboot will reverse your changes. This is where SpoofMAC comes in. SpoofMAC is an open source tool, originally written in Python by Github user Feross, that makes it easy for you to change the MAC addresses of your computer via the Command Line. Add a launch daemon and you can be sure that your MAC address is randomized with every single reboot, so that it becomes impossible to track and fingerprint you via your device's MAC addresses.

"I made SpoofMAC because changing your MAC address in Mac OS X is harder than it should be. The biggest annoyance is that the Wi-Fi card (Airport) needs to be manually disassociated from any connected networks in order for the change to be applied correctly. Doing this manually every time is tedious and lame."

Feross Aboukhadijeh / Maker of SpoofMAC

SpoofMAC: Manual Setup

Randomize your Wi-Fi MAC Address

Follow this step-by-step guide if you want to learn to install SpoofMAC and how to setup a LaunchDaemon that randomizes your MAC Address on MacOS. If you prefer an automated fast and easy way to set it up, use our scripted solution instead: SpoofMAC: Interactive Script

INSTALL SPOOFMAC:

We don't use the original SpoofMAC package that is based on Python, but a more recent version that makes use of npm. We use MacPorts to install required dependencies. If you don't have MacPorts installed on your system, please follow our tutorial about MacPorts first before you proceed to install SpoofMAC.

1) Install dependencies:

sudo port install npm10

2) Enter your password when prompted.

3) Use npm to install spoof:

 sudo npm install spoof -g

This is it. SpoofMAC is now installed on your system! You can always use SpoofMAC from the command line.

HOW TO USE SPOOFMAC:

List all usage instructions:

# Usage Instructions:spoof --help

List all available devices and their respective MAC addresses:

# List devices:spoof list

List only wi-fi devices and their respective MAC addresses:

# List Wi-Fi devicesspoof list --wifi

Randomize MAC address (requires root) using hardware port name. IMPORTANT: You first have to switch off wifi, otherwise it will fail to execute:

# Turn off Wi-Fi:networksetup -setairportpower en0 off
# Randomize Wi-Fi:sudo spoof randomize wi-fi

Set device MAC address to something specific (requires root). In this example we use 00:0C:29:54:B6:3D. IMPORTANT: You first have to switch off Wi-Fi, otherwise this command will fail to execute:

# Turn off Wi-Fi:networksetup -setairportpower en0 off
# Set specific Wi-Fi MAC address:sudo spoof set 00:0C:29:54:B6:3D wi-fi

Reset device to its original MAC address (requires root):

# Reset Wi-Fi:sudo spoof reset wi-fi

CREATE LAUNCHDAEMON:

We want to set up a global LaunchDaemon that spoofs our computer's Wi-Fi MAC address every time we (re)boot it.

Whenever we reboot our computer, we want it to execute the following command automatically:

# Randomize Wi-Fi:sudo spoof randomize wi-fi

Since a LaunchDaemon runs with administrator privileges, we do not need to use sudo, but we need to specify absolute paths to the necessary executables. To create the SpoofMAC LaunchDaemon, first navigate to the folder where all LaunchDaemons are installed:

cd /Library/LauchDaemons

Open a command-line editor, i.e. nano, to create the LaunchDaemon:

sudo nano info.term7.spoof.mac.plist

Copy and paste the following lines:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>info.term7.spoof.mac</string>
	<key>ProgramArguments</key>
	<array>
		<string>/opt/local/bin/node</string>
		<string>/opt/local/bin/spoof</string>
		<string>randomize</string>
		<string>en0</string>
	</array>
	<key>RunAtLoad</key>
	<true/>
</dict>
</plist>

Press [control] + X and then Y + [ENTER] to save the file and close the editor.

Next, configure the required ownership and permissions:

# Ownershipsudo chown root:wheel /Library/LaunchDaemons/info.term7.spoof.mac.plist
# Permissionssudo chmod 644 /Library/LaunchDaemons/info.term7.spoof.mac.plist

Finally, to activate the automatic Wi-Fi MAC randomization, start the LaunchDaemon with the following command:

# Start LaunchDaemonsudo launchctl load /Library/LaunchDaemons/info.term7.spoof.mac.plist

Congratulations! Your SpoofMAC is now up and running. Every time you restart your computer it will randomize your Wi-Fi MAC address automatically.

Uninstall SpoofMac

the manual way...

1) Unload the LaunchDemon:

# Unload LaunchDemonsudo -u $(stat -f '%Su' /dev/console) launchctl unload /Library/LaunchDaemons/info.term7.spoof.mac.plist

2) Delete the LaunchDemon:

# Delete LaunchDemonsudo rm /Library/LaunchDaemons/info.term7.spoof.mac.plist

3) Uninstall spoof:

# Uninstall spoofsudo npm uninstall spoof -g

SpoofMAC has been purged from your system.

SpoofMAC: Interactive Script

Setup SpoofMAC interactively

Both our interactive script and our speedy install script install spoof and set up a LaunchDaemon that starts whenever you boot up your computer. We also provide a simple uninstall script.

BE CAREFUL: YOU SHOULD ALWAYS LOOK THROUGH THE CONTENT OF ANY SHELL SCRIPT YOU DOWNLOAD FROM AN UNKNOWN SOURCE BEFORE YOU EXECUTE IT! MAKE SURE IT IS SAFE TO EXECUTE!

WE HOST OUR SCRIPTS FOR EVERYONE TO SEE ON GITHUB.

To run our script, you first have to download it. Open the Terminal.app (found with Spotlight: press and [SPACE], then type Terminal, or find it in your Applications -> Utilities Folder). In your Terminal, use this command to navigate to your Downloads Folder:

cd ~/Downloads

Download the interactive script:

# Interactive Scriptcurl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/04_SpoofMAC/script/install_SpoofMAC.sh

Download the speedy install script:

# Speedy Install Scriptcurl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/04_SpoofMAC/script/SPEEDY-INSTALL_SpoofMAC.sh

If you ever want to uninstall SpoofMAC, download our uninstall script:

# Uninstall Scriptcurl -O https://raw.githubusercontent.com/term7/MacOS-Privacy-and-Security-Enhancements/main/02_Kill-Siri/script/UNINSTALL_kill-siri.sh

Give the respective file execute permissions:

chmod +x *SpoofMAC.sh

Execute the respective script:

./install_SpoofMAC.sh
./SPEEDY-INSTALL_SpoofMAC.sh
./UNINSTALL_SpoofMAC.sh

If asked, enter your administrator password and hit [ENTER] and follow the instructions. Your password won't be shown by default.

PREVIEW:

MacOS-Privacy-and-Security-Enhancements/04_SpoofMAC at main · term7/MacOS-Privacy-and-Security-Enhancements
Executables to enhance MacOS Privacy and Security. Contribute to term7/MacOS-Privacy-and-Security-Enhancements development by creating an account on GitHub.
GitHubterm7

guerrill.art

All content on term7.info is free and open source.

We encourage you to copy, adapt, share and re-distribute!