In this article, we are going to write a python script that teaches how to you easily change your Windows Mac Address in Python to a random value on a Windows 7 Ultimate x64 system.
Depending on the operating system there may be small differences in the method.
Attack plan
What we are interested in, however, is being able to manipulate the registry with a script, so once we have succeeded we should be able to:
- find a key.
- list subkeys.
- add and delete a value.
There are various methods to change your Windows MAC address with python, the one we are interested in consists of the following steps:
- Open the registry (just type “regedit.exe” in the search from the start menu)
- Look for the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class{4D36E972-E325-11CE-BFC1-08002BE10318}“.
- Insert a “REG_SZ” value (this is a string) with the name “NetworkAddress” and a string containing the MAC Address without separating it.
- Restart the network interface.
The only purpose of the script is just illustrative, open to later modification, but the structure of the code is basic.
Said that we have no input control whatsoever since it would only be a kind of semi-automation.
Get subkeys
But let’s get our hands dirty with the code now and see the support methods that we are using.
The first three, which are self-explanatory, are a kind of wrapper methods for winreg library:
- inserting a value in the register
- deleting a value
- generate a MAC address
import winreg
from contextlib import suppress
import itertools
import random
import subprocess
def restore_old_mac(key):
winreg.DeleteValue(key, 'NetworkAddress')
def set_new_mac(key, mac):
winreg.SetValueEx(key, 'NetworkAddress', 0, winreg.REG_SZ, mac)
def generate_random_mac():
chars = "1234567890ABCDEF"
return ''.join(random.choices(chars, k=12))
At this point we need a method to list the subkeys instead, let’s see the code before commenting.
reg_path = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}"
def get_subkeys(reg_path):
root = winreg.ConnectRegistry(None, winreg.HKEY_LOCAL_MACHINE)
subkeys = []
with suppress(WindowsError), winreg.OpenKey(root, reg_path) as n_key:
for i in itertools.count():
subkeys.append(winreg.OpenKey(n_key, winreg.EnumKey(n_key, i), access=winreg.KEY_ALL_ACCESS))
return subkeysThe method performs the following steps:
- Defines the path of the key that contains all the potential network interfaces that we will connect to.
- Initialises an empty list containing the subkeys
- Iterates through the list until a WindowsError is generated indicating the end of the subkeys by adding each subkey to the list
- Returns the list of subkeys
A solution to get the right interface
Now a problem arises, it becomes difficult to know which interface is of interest and to avoid complicating our lives, we are going to make the choice “more manual”, but to do this we need a method that looks for the description (found in the DriverDesc value of each key) and shows it to us so that we can select the right interface-index to work on, so let’s look at this method!
def print_driver_desc(subkeys):
for k, i in zip(subkeys, range(len(subkeys))):
with suppress(WindowsError):
for j in itertools.count():
val = winreg.EnumValue(k, j)
if val[0] == 'DriverDesc':
print(f"[{i}]", val[1])The method iterates through the list of subkeys and for each subkey it searches for the value “DriverDesc” in a nested loop. as soon as it finds it, it prints out the value and index of the corresponding subkey. As with the subkey search, for the values until generating a WindowsError at the end of the list.
How to change your Windows Mac Address
Now we can put the pieces together and write our main, which:
- obtains all the subkeys representing the interfaces
- print the descriptions with their indexes on the screen
- asks you to enter the index of the interface
- asks you to choose whether to generate a random MAC or restore the original one.
Remember that if the value “NetworkAddress” does not exist in the key, the value will remain its original one,
but let’s see the code
if __name__ == "__main__":
subkeys = get_subkeys(reg_path)
print_driver_desc(subkeys)
print("\n\nChoose your Network interface...\n")
interface_index = int(input())
print("\nChoose your option\n[0] I want to restore my original MAC address\n[1] I want to generate random MAC address\n")
option = input()
if option == "0":
with suppress(FileNotFoundError):
restore_old_mac(subkeys[interface_index])
elif option == "1":
random_mac = generate_random_mac()
set_new_mac(subkeys[interface_index], random_mac)
print("Value set at: ", random_mac)
else:
print("[-] Wrong Choice Try again!")How to make your MAC address changes active.
If we try to run it, we notice that the changes are not active, this is because we need to restart the interface, and it may be interesting to do this directly from our script using the netsh tool. So the commands that we are interested in are:
- The one to see all the available interfaces
netsh interface show interface- The one to enable/disable the interface
netsh interface set interface "<INTERFACE_NAME>" enable
netsh interface set interface "<INTERFACE_NAME>" disableLet us see how to use these commands via the subprocess module and since it becomes complex to select the correct interface, we will again make sure that
user can enter it via input:
result = subprocess.check_output(["netsh", "interface", "show", "interface"], shell=True)
print(result.decode())
iface_name = input("\nPlease write the name of your interface:\n")
subprocess.call(f"netsh interface set interface \"{iface_name}\" disable")
subprocess.call(f"netsh interface set interface \"{iface_name}\" enable")Conclusion
Now let’s see the complete code:
import winreg
from contextlib import suppress
import itertools
import random
import subprocess
reg_path = "SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}"
def restore_old_mac(key):
winreg.DeleteValue(key, 'NetworkAddress')
def set_new_mac(key, mac):
winreg.SetValueEx(key, 'NetworkAddress', 0, winreg.REG_SZ, mac)
def get_subkeys(reg_path):
root = winreg.ConnectRegistry(None, winreg.HKEY_LOCAL_MACHINE)
subkeys = []
with suppress(WindowsError), winreg.OpenKey(root, reg_path) as n_key:
for i in itertools.count():
subkeys.append(winreg.OpenKey(n_key, winreg.EnumKey(n_key, i), access=winreg.KEY_ALL_ACCESS))
return subkeys
def print_driver_desc(subkeys):
for k, i in zip(subkeys, range(len(subkeys))):
with suppress(WindowsError):
for j in itertools.count():
val = winreg.EnumValue(k, j)
if val[0] == 'DriverDesc':
print(f"[{i}]", val[1])
def generate_random_mac():
chars = "1234567890ABCDEF"
return ''.join(random.choices(chars, k=12))
if __name__ == "__main__":
subkeys = get_subkeys(reg_path)
print_driver_desc(subkeys)
print("\n\nChoose your Network interface...\n")
interface_index = int(input())
print("\nChoose your option\n[0] I want to restore my original MAC address\n[1] I want to generate random MAC address\n")
option = input()
if option == "0":
with suppress(FileNotFoundError):
restore_old_mac(subkeys[interface_index])
elif option == "1":
random_mac = generate_random_mac()
set_new_mac(subkeys[interface_index], random_mac)
print("Value set at: ", random_mac)
else:
print("[-] Wrong Choice Try again!")
result = subprocess.check_output(["netsh", "interface", "show", "interface"], shell=True)
print(result.decode())
iface_name = input("\nPlease write the name of your interface:\n")
subprocess.call(f"netsh interface set interface \"{iface_name}\" disable")
subprocess.call(f"netsh interface set interface \"{iface_name}\" enable")To execute, save the file with “main.py”, launch a terminal as an administrator in the same directory as the script and type:
python main.pyFurther readings
If you found it interesting to read, I recommend the following articles:
