how to spoof MAC address via code
Solution 1:
I got curious so I pulled the source for MadMACs. Turned out to be pretty straightforward to port the core logic to C#, so here it is if anyone is interested.
private const string baseReg =
@"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\";
public static bool SetMAC(string nicid, string newmac)
{
bool ret = false;
using (RegistryKey bkey = GetBaseKey())
using (RegistryKey key = bkey.OpenSubKey(baseReg + nicid))
{
if (key != null)
{
key.SetValue("NetworkAddress", newmac, RegistryValueKind.String);
ManagementObjectSearcher mos = new ManagementObjectSearcher(
new SelectQuery("SELECT * FROM Win32_NetworkAdapter WHERE Index = " + nicid));
foreach (ManagementObject o in mos.Get().OfType<ManagementObject>())
{
o.InvokeMethod("Disable", null);
o.InvokeMethod("Enable", null);
ret = true;
}
}
}
return ret;
}
public static IEnumerable<string> GetNicIds()
{
using (RegistryKey bkey = GetBaseKey())
using (RegistryKey key = bkey.OpenSubKey(baseReg))
{
if (key != null)
{
foreach (string name in key.GetSubKeyNames().Where(n => n != "Properties"))
{
using (RegistryKey sub = key.OpenSubKey(name))
{
if (sub != null)
{
object busType = sub.GetValue("BusType");
string busStr = busType != null ? busType.ToString() : string.Empty;
if (busStr != string.Empty)
{
yield return name;
}
}
}
}
}
}
}
public static RegistryKey GetBaseKey()
{
return RegistryKey.OpenBaseKey(
RegistryHive.LocalMachine,
InternalCheckIsWow64() ? RegistryView.Registry64 : RegistryView.Registry32);
}
For brevity's sake, I've left out the implementation of InternalCheckIsWow64(), but that can be found here. Without this, I was running into issues with not finding the registry I wanted due to structural differences between 32- and 64-bit OSes.
Obligatory disclaimer -- play with the registry at your own peril.
Solution 2:
This should point you in the right direction, but you're going to have to figure out the code:
- look in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\and you'll see a few sub keys corresponding to the interfaces in the "network connections" control panel. Probably only one will have a valid IP, and the others will have 0.0.0.0 You'll need to do some pattern matching to figure out which one is the right one. - get the key name for the interface (it's a GUID, or at least looks like one), and go back to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}and check each one'sNetCfgInstanceIdvalue (or search) for the GUID of the interface.
Solution 3:
Windows 10
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4d36e972-e325-11ce-bfc1-08002be10318}\0004\NetworkAddress