MAC address and OS system calls

chrstrbrts · Apr 19, 2016

Hello,

I'm wondering if there exists in the popular OSes e.g. Linux, Windows, Mac OS a system call that retrieves the "real" MAC address burned on the ethernet and wifi NICs' EEPROM chips.

That is, I'm wondering if a system call exists that will bypass the OS / software "faked" MAC address and retrieves the MAC address flashed by the manufacturer.

If so, what is its name and what is the name of the C wrapper function?

Thanks.

sm625 · Apr 20, 2016

What do you mean by "faked" MAC address? Are you saying that the MAC address reported by

Code:

 ipconfig /all

isnt real?

mv2devnull · Apr 20, 2016

There are plenty of scenarios, where MACs are "spoofed" in software. Example:
Your ISP grants IP only to a MAC that you have registered. To the MAC of your
home router. Then you have to replace the router. You could (1) register new MAC,
or (2) use the feature on router's web interface that lets you make it pretend
that it is the old router -- "clone MAC".

ethtool can do it:
http://stackoverflow.com/questions/14955504/finding-original-mac-address-from-hardware-itself

Thus, fetch ethtool's sources to see what system calls it does use.

chrstrbrts · Apr 20, 2016

sm625 said:
What do you mean by "faked" MAC address? Are you saying that the MAC address reported by

Code:

ipconfig /all

isnt real?

Yes, that's what I'm saying.

I'm still new to computers, so I might be wrong.

But, my belief is that when you change the MAC address of your NIC card through the registry or through the control panel (in Windows) or through however it's done in *NIX, the change is superficial.

You've only changed some data structure in the kernel that gets written out to disk.

It's persistent because it's written to disk, but you're not re-flashing the NIC's EEPROM that way.

You can verify this in Windows by resetting the NIC's MAC address to its original no matter how many times you've changed it through software.

Now, the only way that I might be wrong and the OS actually flashes the EEPROM for you while it's still plugged into the mobo or peripheral card is if when you changed the original MAC address for the very first time, the OS saved the original MAC address somewhere and relies on that data whenever you reset it in the future.

You can attempt to verify this theory:

Take two HDs both with the same version of Windows with the right chipset drivers for your mobo and plug one in.

Check the original MAC address of the NIC and write it down on paper.

Change the MAC address of your NIC through the OS / software using the first HD and restart the computer so the change takes hold.

Check the NIC's MAC address to verify change.

Shut down the computer and replace the first HD with the second.

Now, check the NIC MAC address.

If the address was changed back to the original, you know that the change you created was just superficial and at the software level and did not entail a flashing of any chips.

If the change is persistent, then you must have actually flashed the chip.

chrstrbrts · Apr 21, 2016

OK. I ran the test, and I'm right.

I have 2 HDs with the right chipset drivers for my mobo, one running Win 7 and the other Win 8.1.

They're not the same OS, but that doesn't really matter.

I started out with the Win 7 HD and recorded the original MAC address for my ethernet on a piece of paper, then changed it in control panel.

I then restarted to verify the change.

Then, I replaced HDs, and checked the MAC address through ipconfig/all.

It gave me the original MAC address.

It must be the case that changing the address through the OS is just superficial and doesn't change anything hardware related.

Elixer · Apr 21, 2016

chrstrbrts said:
Hello,

I'm wondering if there exists in the popular OSes e.g. Linux, Windows, Mac OS a system call that retrieves the "real" MAC address burned on the ethernet and wifi NICs' EEPROM chips.

That is, I'm wondering if a system call exists that will bypass the OS / software "faked" MAC address and retrieves the MAC address flashed by the manufacturer.

If so, what is its name and what is the name of the C wrapper function?

Thanks.

There are many ways to change the MAC though, so, if you are trying to use the MAC address for some kind of protection scheme, don't bother, it isn't reliable.

sm625 · Apr 22, 2016

There is a program from Intel called eeupdate.exe which lets you change the MAC ID on pretty much any intel NIC. Short of using a specific vender's tool, I do not see how you change the MAC ID from within windows. I know nothing in windows that is capable of altering the actual physical MAC ID of a NIC. Are you sure you are not confusing MAC ID with IP Address?

chrstrbrts · Apr 22, 2016

Elixer said:
There are many ways to change the MAC though, so, if you are trying to use the MAC address for some kind of protection scheme, don't bother, it isn't reliable.

Can you explain further, please?

Are you saying that if I spoof the MAC address through the OS, there's some way to learn the true MAC address burned on the ROM?

sm625 said:
There is a program from Intel called eeupdate.exe which lets you change the MAC ID on pretty much any intel NIC.

Is there a counterpart for Realtek NICs?

sm625 said:
Short of using a specific vender's tool, I do not see how you change the MAC ID from within windows. I know nothing in windows that is capable of altering the actual physical MAC ID of a NIC. Are you sure you are not confusing MAC ID with IP Address?

I think that you misread what I've written above.

I said you can't change the MAC address on the hardware level through the OS.

IHateMyJob2004 · May 2, 2016

You used to be able to change hardware mac addresses on linux. . It wouldn't be windows itself. It would be a third party app.

Update : apparently you can change it via windows. . Google for the win!

chrstrbrts · May 6, 2016

IHateMyJob2004 said:
Update : apparently you can change it via windows. . Google for the win!

I've googled extensively and can't find anything really.

I have found reference to a few third party apps that will flash EEPROMs for Broadcom devices, but nothing for Realtek.

IHateMyJob2004 said:
You used to be able to change hardware mac addresses on linux.

I'm not asking that.

I'm asking about changing MAC addresses at the hardware level.

I don't think that that is so trivial.

IHateMyJob2004 · May 6, 2016

chrstrbrts said:
I've googled extensively and can't find anything really.

I have found reference to a few third party apps that will flash EEPROMs for Broadcom devices, but nothing for Realtek.

I'm not asking that.

I'm asking about changing MAC addresses at the hardware level.

I don't think that that is so trivial.

Did you read what i said? . At one time windows protected that while linux did not

Ken g6 · May 7, 2016

chrstrbrts said:
That is, I'm wondering if a system call exists that will bypass the OS / software "faked" MAC address and retrieves the MAC address flashed by the manufacturer.

If so, what is its name and what is the name of the C wrapper function?

IHateMyJob2004 said:
It wouldn't be windows itself. It would be a third party app.

chrstrbrts said:
I have found reference to a few third party apps that will flash EEPROMs for Broadcom devices, but nothing for Realtek.

It looks like you found your answer as this relates to programming: There isn't a system call to do this. Any further discussion would relate to hardware, and would belong in a hardware forum. As [thread=2470596]your thread in a hardware forum was locked[/thread], I think it's time to lock this one too. -- Programming Moderator Ken g6

Search

MAC address and OS system calls

chrstrbrts

Senior member

sm625

Diamond Member

mv2devnull

Golden Member

chrstrbrts

Senior member

chrstrbrts

Senior member

Elixer

Lifer

sm625

Diamond Member

chrstrbrts

Senior member

IHateMyJob2004

Lifer

chrstrbrts

Senior member

IHateMyJob2004

Lifer

Ken g6

Programming Moderator, Elite Member

TRENDING THREADS