MAC address spoofing not working

I'm trying to spoof the MAC address of a MBP 15" 2018 running High Sierra 10.13.6 in order to validate network filtering but I'm unable to change it using ifconfig.


"sudo ifconfig en0 ether <new mac address>"


Does anyone knows if there is a hardware/software limitation to do it on the new MacBooks?

Post not yet marked as solved Up vote post of rene08 Down vote post of rene08
22k views

Replies

I've updated to 10.13.6 (17G65) and checked on my mac mini late 2012 and MBP 2011.

Had no issues changint it on both on ethernet(en0) and wifi(en1)

bash-3.2# ifconfig en1 ether
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 28:cf:e9:00:7a:b7 
bash-3.2# ifconfig en1 ether 28:cf:e9:00:7a:b8
bash-3.2# ifconfig en1 ether
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  ether 28:cf:e9:00:7a:b8

Router also sees this change

Yes, I also test with a 2014 MacBook Pro and it worked fine.


I'm only seeing the problem on a 2018 MacBook Pro

intresting if it's an OS/kext or hardware issue.

You could find out by booting from USB other OS, which has MBP2018 LAN card driver.

I would be really suprised to see if hardware chip would not allow to send packet with MAC address other than factory assigned 🙂

In either way You should fill bug report related to this machine.

Having the same issue with a 13-inch MacBook Pro 2018.


Any resolution available?

same here... it seems like it's a specific problem on MacBook Pro 2018 series...

any resolutions, yet?

This is kinda outside my area of expertise — being more of a user-level thing than an API-level thing — but I’m curious if anyone has filed a bug about this yet? If so, what’s the bug number?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hello. It seems like there is no further activity on this thread. I am experiencing the issue on a 2018 MacBook Pro, running Mojave. I tried chatting with Applecare about this, and was advised this was an "unsupported feature". Anything you could do to help from your end would be appreciated.

Anything you could do to help from your end would be appreciated.

What was the number of the bug you filed?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Same issue on a brand new iMac pro running high sierra

Since @alberto33016 didn't reply, I filed a new bug with Apple: #46479902.

Any help would be really appreciated.


Edit: it turns out that my bug is a duplicate of bug #45252200

I filed a new bug with Apple: #46479902.

Thanks for that.

it turns out that my bug is a duplicate of bug #45252200

Indeed. I can’t say anything about the state of that bug right now )-:

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I filed the following bug: 45252200


Hasnt been marked as duplicate, but I filed it under Security since for me it breaks my confidentiality and I got an email saying that they re-categorized it.

Alright everyone.


My ticket has been closed and I pinged a bunch of friends I have that work at Apple HQ.


Final result. This is not a bug. Apple is removing this feature for security reasons. This makes no sense since doing this does not put the individual doing it at a security risk. But I don't. Im so done with the platform. You can't just remove ifconfig functionality. Thats not how any of this works.

I filed another bug since I really don't think they are getting that they are breaking standards.


Here is the bug <47137510>


Area:
Terminal

Summary:
Per the manual page, a user with sudo should be able to change the link-level MAC address using the ifconfig command

lladdr addr              Set the link-level address on an interface.  This can be used to              e.g. set a new MAC address on an ethernet interface, though the              mechanism used is not ethernet-specific.  The address addr is              specified as a series of colon-separated hex digits.  If the              interface is already up when this option is used, it will be              briefly brought down and then brought back up again in order to              ensure that the receive filter in the underlying ethernet hard-              ware is properly reprogrammed.

However this does not work on all hardware models late 2018+
Steps to Reproduce:
run:

ifconfig INTERFACE lladdr aa:bb:cc:dd:ee:ff

or
run:
ifconfig INTERFACE ether aa:bb:cc:dd:ee:ff

Expected Results:

for the Link-Level address to be changed per the manual page and following standards of Unix and BSD for the ifconfig command

Actual Results:
Fails silently

Version/Build:
10.14.2 (18C54)

Configuration:
All Macs shipped after August of 2018

Any updates on this bug?