flat assembler
Message board for the users of flat assembler.

Index > Windows > How to: Change your MAC address with assembly

Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17664
Location: In your JS exploiting you and your system
revolution
How to: Change your MAC address with assembly

Attached is a small demonstration file showing how to find and manipulate the network card(s). I expect it will work with Win2K and XP. Maybe Vista and 7 also. I tested with XPsp2. You need to run it with administrator privileges.

Currently the code does this:
  1. Searches for the first adapter that has a gateway listed
  2. Disables the adapter
  3. Clears any spoofed MAC and sets to hardware default
  4. Enables the adapter
If you want to do something other than use the manufacturers default MAC then you can customise with your own MAC setting function.

No .exe given, you have to assemble it yourself.


Description: The code
Download
Filename: NewMAC-fasm.asm
Filesize: 17.57 KB
Downloaded: 103 Time(s)

Post 19 Jul 2010, 18:46
View user's profile Send private message Visit poster's website Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
i dont see any file
Post 20 Jul 2010, 12:01
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
b1528932 wrote:
i dont see any file
If you are logged in, you should see the revolution's attachment.
Post 20 Jul 2010, 12:16
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17664
Location: In your JS exploiting you and your system
revolution
b1528932 wrote:
i dont see any file
Probably you have to be logged in to see it?
Post 20 Jul 2010, 12:17
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
How he could have posted if not by being logged in?
Post 20 Jul 2010, 16:31
View user's profile Send private message Reply with quote
MHajduk



Joined: 30 Mar 2006
Posts: 6038
Location: Poland
MHajduk
Problems with "visibility" of the attachments may occur when you:
  1. read the thread as a guest

  2. click "Post reply" button (you'll see the login panel)

  3. log in

  4. write reply
I've written this response that way and I haven't seen revolution's attachment during this process. Wink
Post 20 Jul 2010, 16:47
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Oh I see, when you're returned back there is an anchor in the link that scrolls the page down to your reply.
Post 20 Jul 2010, 16:56
View user's profile Send private message Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
Overriding MAC address with the registry is one of those Windows features that just make you dumbfounded. Like the registry key that lets you load a DLL into every process.
Post 20 Jul 2010, 21:58
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17664
Location: In your JS exploiting you and your system
revolution
r22 wrote:
Overriding MAC address with the registry is one of those Windows features that just make you dumbfounded. Like the registry key that lets you load a DLL into every process.
It is the MS way of providing persistence across reboots. Rather than an .ini or .cfg file they use the registry to save things for use later. Otherwise where else could we store the new MAC address?
Post 21 Jul 2010, 04:27
View user's profile Send private message Visit poster's website Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
Clearly it's just me, but allowing modification of a hardware identifier in software seems insane.

But Linux and Windows both allow it, so maybe the utility of it outweighs any security concerns.

I just want a world where MAC address filters are viable and network devices come with their own private keys, and asymmetric encryption key exchange + symmetric encryption is the DEFAULT for IP packets. Soon * bides time * ...
Post 22 Jul 2010, 19:40
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17664
Location: In your JS exploiting you and your system
revolution
r22 wrote:
I just want a world where MAC address filters are viable and network devices come with their own private keys, and asymmetric encryption key exchange + symmetric encryption is the DEFAULT for IP packets. Soon * bides time * ...
Nobody likes to buy crippled products.
Post 23 Jul 2010, 14:15
View user's profile Send private message Visit poster's website Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
revolution wrote:
r22 wrote:
I just want a world where MAC address filters are viable and network devices come with their own private keys, and asymmetric encryption key exchange + symmetric encryption is the DEFAULT for IP packets. Soon * bides time * ...
Nobody likes to buy crippled products.

I don't follow, are you saying locking down a hardware ID like a MAC address is akin to crippling the device? If so, I offer my equally glib response... MAC is to a NIC, as VIN is to a Car.
Post 23 Jul 2010, 17:07
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17664
Location: In your JS exploiting you and your system
revolution
But a VIN is not used in the process of driving the car. A MAC is part of the network protocol. And putting fixed private/public keys and algorithms into hardware is just wrong. If the algo is broken tomorrow by a new mathematical analysis then you are left with a useless NIC.
Post 24 Jul 2010, 01:17
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Isn't the MAC override stored in HKLM anyway? This means unauthorized users won't be able to override it. If you have local admin privs, there's no point in making this hard to do.
Post 25 Jul 2010, 19:38
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17664
Location: In your JS exploiting you and your system
revolution
The MAC is stored at:
Code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\<4 digit adapter number>\NetworkAddress    
And, yes, I mentioned in the first post, you need to have administrator privileges to run the code.
Post 26 Jul 2010, 02:11
View user's profile Send private message Visit poster's website Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Thanks for the example and sharing Rev. Smile
Post 27 Jul 2010, 11:01
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.