Issue with Windows MAC address formatting

[ghost]

Correct me if I'm wrong but I read in several articles like this one that in Windows, the following restriction applies:

Some adapters (especially Wi-Fi cards) are unforgiving of MAC addresses changes if the first octet's 2nd half isn't a 2,6,A,E or begins with a zero. This requirement has been observed as far back as Windows XP and is formatted as:

D2XXXXXXXXXX D6XXXXXXXXXX DAXXXXXXXXXX DEXXXXXXXXXX

Now, AFAIK, D stands for 1-9. But all randomly generated MACs in SpoofMAC start with 0.

[MartinIngesen]

This is incorrect. The first octet isn't the D-part in your example, it's the 2, 6, A and E-part (second part of the first octet). The problem you are describing is pretty well explained here.

If we actually go and generate some mac addresses with the code found here, we'll get something like this:

0A:00:27:73:80:76 02:0F:4B:7F:8C:0B 02:03:FF:4C:2F:A9 0A:00:27:2B:0D:66 02:03:FF:2C:62:D9 02:50:56:02:3B:AD 02:16:3E:5D:F4:5C 02:0C:29:55:34:EA 02:1C:42:5E:C4:43 02:16:3E:08:2B:F9 0A:00:27:1B:D4:A8

The code uses MAC prefixes from VM-vendors (to possibly avoid collision with existing devices on your system), and if local_admin is true, it will take the first octet, and OR it with 2, resulting in the first octet becoming either 02 or 0A depending on which VM prefix is randomly selected.

Therefore, as long as local_admin isn't set to False, we have nothing to worry about!