Ever fallen victim to the modern annoyance of a public Wi-Fi network that ruthlessly cuts you off after hitting a data cap or overstaying your 30-minute welcome?
Many such networks rely on a simple but outdated method of MAC-based authentication. They track your device’s MAC address — a supposedly unique identifier — and enforce network restrictions accordingly. But what if your laptop’s wireless card allowed you to change this address at will? Could you outsmart the digital gatekeepers and reclaim access to your precious collection of obscure Wikipedia articles?
For those new to the concept of MAC addresses — or just not keen on a Google deep dive — here’s a quick primer:
“A media access control address of a device is a unique identifier assigned to a network interface controller. For communications within a network segment, it is used as a network address for most IEEE 802 network technologies, including Ethernet, Wi-Fi, and Bluetooth.” — Wikipedia
In effect, this is saying the wireless module (Wi-Fi or Bluetooth card) in your device has a unique identifier bestowed upon it by its creator — the manufacturer. And this identifier is used by many network protocols for doing useful things… Like blocking your deep dives into the history of obscure sports.
Network Interface Controllers (NICs) hard-code their MAC address; however, conveniently, many drivers allow the MAC address broadcast by the operating system to be modified quite easily: Enter ‘MAC Spoofing.’
Level 1: Overstaying Our Welcome
Problem #1 comes about when a network severs our connection to the universe after having exceeded some sort of quota, be it time- or data-based. In this scenario, the orchestrator of the network has placed our address in an access control list that prevents further access until network rules are met: timeout or buyout.
This is an easy one to fix — just get a new address!
What follows will be a series of Mac-based terminal commands (convenient, really, given the topic 😉), but I’ll endeavour to include Linux equivalents where I can. They shouldn’t diverge too much, anyway. If you’re team Windows, you’re on your own — I’m sorry…
Step 0: Dependencies
We’ll be using ifconfig, openssl, sed, awk, and nmap in the following. Most should be pre-installed builtins, but if you find yourself lacking any of the tools (likely openssl or nmap) install via homebrew (Mac only) with…
brew install {package_name}
Step 1: Get & Set Your MAC Address
ifconfig is a useful built-in command on most Unix-based (Mac & Linux) operating systems that both gives us useful information about network interfaces, and allows us to configure them.
So, just run:
ifconfig {interface} ether
Where {interface} is your network card, usually en0, and ether requests the link-level (OSI model) address of the interface, aka the MAC address:
ifconfig en0 ether
Generates something akin to:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 39:42:b3:af:c3:99
This tells us that our MAC address is currently 39:42:b3:af:c3:99. But that just got blocked by the feudal lords of the network, so let’s replace it.
This can be done simply enough with an extension of our prior command:
sudo ifconfig en0 ether <new_mac_address> # sudo required to modify an interface
E.g.
sudo ifconfig en0 ether 49:47:4e:64:61:e9
This will bring the interface down briefly, re-program the link-level address, then bring it back up again. Voila! Your Wi-Fi access should automatically re-authenticate and give you fresh access to the network as a new user. You can double-check by re-running the first command. The result should match what you fed in.
Step 2: Bonus Points
If you want to streamline this process a bit, you can have a new address automatically generated for you with the help of openssl for generating randomness, and sed for stream-editing into something useful. Give this a spin:
sudo ifconfig en0 ether $(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//')
Level 2: Plus-Ones Welcome?
Ok, so we’re covered if we’re booted off a public network when the network decides we’ve overstayed. But what about hotels and other such establishments that ban you from the get-go unless you forfeit an extortion fee scaled in 10min time blocks. What then?!
Well, we have a solution for that, too.
But this scenario differs in that we must now identify as a user of the network that has already been authenticated. To achieve this, we’ll harness the powers of nmap to scan for active devices.
First, we need our IP address. Comparable to retrieving a MAC address with one minor tweak, run:
ifconfig en0 inet
To generate:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.60 netmask 0xffffff00 broadcast 192.168.1.255
This tells us that our current IP address is 192.168.1.60. Use this to scan the network for other devices:
sudo nmap -sn {ip_address}/24 # sudo required to retrieve MAC addresses
E.g.
sudo nmap -sn 192.168.1.60/24
Telling nmap to complete a ping scan of our IP with something akin to a subnet mask of 24-bits so, in effect, “please scan IP addresses 192.168.1.0 through 192.168.1.255, thank-you.” This will give you a list of results (hopefully) that look something like this:
MAC Address: 10:a9:58:65:5a:c8 (Samsung Electronics)
Nmap scan report for 192.168.1.60
Host is up (0.079s latency).
MAC Address: dd:88:fa:5d:29:f8 (Google)
Nmap scan report for 192.168.1.61
Host is up (0.24s latency).
MAC Address: f0:c9:3b:9e:82:cf (Apple)
Nmap scan report for 192.168.1.62
Host is up (0.016s latency).
Now all that’s left is to adopt one of the given addresses — easy peasy!
sudo ifconfig en0 ether f0:c9:3b:9e:82:cf # Borrowing Apple’s address
Once your interface has dropped and re-authenticated, you should find your Twitch live-streaming, once again, unobscured.
Level 3: Convenient Automation
In the spirit of convenience, this can be wrapped up into one tidy script available as a gist.
It has 3 flag-induced usages:
mac-spoof --set {mac_address}: to set your MAC address as desired;mac-spoof --randomise: to randomly assign a MAC address (Level 1);mac-spoof --select: to scan for available MAC addresses and select from the list presented (Level 2);
#!/bin/sh
set -e
get_mac_address() {
echo $(ifconfig en0 ether | grep ether | rev | cut -d' ' -f2 | rev)
}
get_ip_address() {
echo $(ifconfig en0 inet | grep inet | cut -d' ' -f2)
}
set_mac_address() {
sudo ifconfig en0 ether $1
}
set_branch() {
echo "Updating mac address: $(get_mac_address) -> $1"
set_mac_address $1
echo "Done. New MAC: $(get_mac_address)"
}
randomise_branch() {
echo "Current MAC: $(get_mac_address)"
NEW_MAC=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//')
set_mac_address ${NEW_MAC}
echo "Done. New MAC: $(get_mac_address)"
}
select*branch() {
IP_ADDRESS=$(get_ip_address)
DEVICES=$(sudo nmap -sn ${IP_ADDRESS}/24 | awk '/Nmap/{ip=$NF;next} /MAC/{printf "%s|%s|", ip,$3} /MAC/{for(i=4;i<=NF;i++) printf "%s*", $i; printf ";"} ')
# This part is needlessly clunky as, for whatever reason, the version of bash/sh on MAC misbehaves with arrays -- counts and index iteration didn't work properly
i=0
IFS=";" read -ra DEVICE_ARRAY <<< ${DEVICES}
for DEV in ${DEVICE_ARRAY[@]}; do
i=$((i+1)) && printf "\t%s) %s\n" "${i}" "${DEV}"
done
read -p "Select a device to spoof: " selected
NEW_MAC=$(echo ${DEVICE_ARRAY} | cut -d' ' -f${selected} | cut -d \| -f2)
echo "Spoofing MAC address: $(get_mac_address) -> ${NEW_MAC}"
set_mac_address $NEW_MAC
echo "Done. New MAC: $(get_mac_address)"
}
case $1 in
--set)
set_branch $2
;;
--randomise)
randomise_branch
;;
--select)
select_branch
;;
*)
echo "Unknown or no option given"
exit 64 # User error code
esac
Be Nice: A Word of Warning
I suggest being considerate with this knowledge and tailoring your use according to the types of paywalls you encounter. If, for instance, you’re confronted with a paywall that charges by the data consumed, it would be pretty darn inconsiderate to blitz a paying users quota.
Questions, qualms or something interesting to add? Start a conversation here!
Be nice; have fun; de nada and good night!! 😀