Well Documented

Simply Solutions

Spoof MAC Address from Boot using launchd

You can never be too safe. Once upon a time, the lovely people at Apple let you change your MAC address right from the System Preferences. Alas, gone are those days. But I’ve got a better solution for you, and it involves plists.

Firstly, create a Bash script to do the spoofing and place it in a directory you don’t randomly eradicate. I would suggest root. In Terminal type:
cd / && sudo vim .macspoof.sh

Once inside vim, type i to begin “inserting” text. Enter the following text and be certain to follow this formatting exactly:
ifconfig en0 lladdr 00:00:00:00:00:00
ifconfig en1 lladdr 00:00:00:00:00:01

You should choose a MAC address that isn’t as obvious as a series of 0’s. Add 1 to the wireless MAC to simulate a probable setup.

Then hit the escape key to leave “insert” mode, type :wq and hit enter. That will “write” the file and “quit.”

Set the permissions of the script for root access only:
sudo chown -R root:admin .macspoof.sh

Now make the script executable:
sudo chmod u=rwx .macspoof.sh

Now we’ll need to create a .plist file for launchd to handle. Do the following:
cd /Library/LaunchDaemon && sudo vim com.superuser.macspoof.plist

Inside of vim, you can either type or paste the following code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.superuser.macspoof</string>
<key>ProgramArguments</key>
<array>
<string>/.macspoof.sh</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>RunAtLoad</key>
<true></true>
<key>Debug</key>
<true></true>
</dict>
</plist>

“Write” and “quit” the file, then change it’s permissions:
sudo chown -R root:wheel com.superuser.macspoof.plist

Next, we’ll load the plist into launchd:
sudo launchctl load com.superuser.macspoof.plist

Confirm that the plist loaded:
sudo launchctl list | grep macspoof
If the plist name appears, it’s installed.

Reboot your machine and check your MAC address:
ifconfig | grep ether

To remove the .plist, type the following:
sudo launchctl unload -w /Library/LaunchDaemon/com.superuser.macspoof.plist

If you’re familiar with these commands, you know you’ve just created a way to run any Bash script as root from boot. This is both incredibly powerful and extremely dangerous.

About these ads

Single Post Navigation

2 thoughts on “Spoof MAC Address from Boot using launchd

  1. JK on said:

    Good info but it should be GroupName not UserGroup. UserGroup throws errors.

  2. Brandon on said:

    Thanks for the edit!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: