Cannot change MAC address on Macbook Pro 2018 and newer

[blaesus]

Solution: Update to macOS 10.15 Catalina

Updating to macOS 10.15 Catalina appears to fix the issue.

Original report

I cannot randomize any MAC address with spoof-mac. The program returns fine, but the MAC addresses are not changed. I tried changing en0 and en1 and neither took effect. The Node.js spoof doesn't work either.

I tried rebooting or signing in as another user; neither worked.

By the way, sudo ifconfig en0 ether aa:bb:cc:dd:ee:ff doesn't work either.

spoof-mac version: 2.1.1

This is a new machine. I have another Macbook which runs on 10.12, where spoof-mac works just fine.

Thanks for making the tool! It is really helpful.

[eric8810]

Same problem，i tried many tools like python version, wifi-spoof etc. Even the cmdline "if en0 ether xx:xx:xx" has been confirmed failed. Seems like the new machine blocks up the spoof interface.

2018 new mbp 15

[jonluca]

Confirming the same issue.

Edit: Problem discussed previously was unrelated

[TkTech]

@jonluca your problem probably isn't the same. Can you try turning off System Integrity Protection temporarily and try again?

[jonluca]

Issue seems to just be with new 2018 MBPs

SIP is turned off.

I believe it is the same problem. I’m running ‘sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx’ and it A) fails silently and B) returns a 0 exit code.

The console just shows what system events are happening right after. Does your console not show those events?

[TkTech]

No, the error message you're getting is because the code signature database (DetachedSignatures) can't be opened. Either it's really gone, or SIP is blocking it from being opened (which happens). Either way that message usually means your permssions are messed up somewhere.

You also can't change the MAC, but that's the same for everyone at the moment. Two different problems.

[jonluca]

Ah gotcha.

The DetachedSignatures file actually doesn’t exist - is that an issue?

I’m running 10.14 beta by the way.

[TkTech]

Really hard for me to debug, I know users are having lots of trouble with OSX but with only one machine available to me with the real NIC I'm stuck on an older version of OS X. Pretty much turns into a game of 20 questions.

If you download an unsigned app, you know the prompt to confirm/deny running it? If you hit accept, close the app, and run it again, does the prompt reappear or does it remember it? If it remembers it, that means 10.14 has moved the signatures from DetachedSignatures to somewhere new. If it keeps asking you, then OS X can't create the database file and that usually means either the permissions are messed up, or something moved the /private/var -> /var symlink

One important question; is this a fresh install of the beta, or installed over an older version?

[jonluca]

Removed so as to not clog up conversation. This problem is unrelated to lack of ability to spoof mac address.

[TkTech]

Well, try to get rid of one problem. If you turn off the OS X firewall under preferences and restart you should get rid of the socketfilterfw errors. Try that and see what you get.

[jonluca]

Removed so as to not clog up conversation. This problem is unrelated to lack of ability to spoof mac address.

[TkTech]

-67062 from taskgated is "code object is not signed at all", so it's still a code signing issue.

My guess at the moment:

It doesn't look like it's intentional, since in that case they would have just return 0; in the framework, or only allowed an internal signature to make the change. Instead, something somewhere, probably part of the networking daemon, doesn't seem to be signed properly in the beta, and OS X won't allow the change from an unsigned app.

[eric8810]

MacOS error: -67062 same return I tried with internal term console, still the same

[jonluca]

Now I feel quite dumb.

I use zsh, and my terminal prompt has a cwd git status indicator. Git is installed through brew, and as such is not signed. After every command, zsh runs git status in the current directory, and that's what the error is.

If I run in it raw bash with no prompt, taskgated disappears.

[feross]

Confirmed that this has stopped working on 2018 MBPs. The web has no answers either.

If anyone has information about how to fix this, please share.

[ben-richardson]

Having the same issue on a MacBook Pro 13-inch (2018).

Is there any further sense of whether this is Apple-intentional, a hardware issue, or a bug?

[phaberest]

I'm on the same boat...did any of you find a solution or workaround to this issue?

[Cfretz244]

I can also confirm this isn't working on the 2018 MacBooks. Unfortunate. It's not like I'm spoofing my MAC all the time, but it can be very situationally useful.

[TkTech]

Can anyone with one of the new macbooks try changing their address to anything with the OUI 88:E9:FE? Ex, 88:E9:FE:AA:AA:AA.

[ben-richardson]

@TkTech Doesn't work. MAC is not changed. Tested on MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports).

[TkTech]

@ben-richardson thank you for trying it out, it's very hard to test hardware problems without access to the hardware!

Were the first 3 octets of the interface you tried to change 88:E9:FE originally?

[ben-richardson]

@TkTech Nope. Originally F0:XX:XX…

[TkTech]

@ben-richardson F0:76:6F, F0:24:75, F0:79:60, F0:18:98? (You guys don't need to censor the first 3 octets, they just tell you the manufacturer and are not sensitive, called an OUI)

[ben-richardson]

@TkTech Ha, OK. F0:18:98

[TkTech]

@ben-richardson perfect, can you try changing the address to F0:18:98:AA:AA:AA?

[ben-richardson]

@TkTech Tried, no change. Does not change MAC.

[blaesus]

Same here. My OUI starts with 88:E9:FE. I tried to change only the last byte of MAC and it doesn't work: the same way it failed before, returning without error but the MAC is not changed.

[jonluca]

Could someone on Mojave but with a pre 2018 MBP upload their ifconfig binary?

I doubt there’ll be a difference but it’s best to double check.

[yspreen]

Additional info: I tried changing my (2018) mac address in the last byte only, still does not work. This is not about manufacturer protection.

[halo]

I found a suggestion to determine whether this is a software or a hardware issue:

You could find out by booting from USB other OS, which has MBP2018 LAN card driver. I would be really suprised to see if hardware chip would not allow to send packet with MAC address other than factory assigned

Could anybody with a 2018 MBP try that? I.e. boot with Tails or Ubuntu or even Windows via Bootcamp and try to change the MAC address there.

[treku]

It is not looking good on brand new MBP 2018. Changing mac address on factory default High Sierra was working with no problems (not sure about SpoolMAC thou, but it might work as well). Now when upgraded to Mojave, both options (via iptables command line) and SpoolMAC doesn't work. I think Apple blocked this tool which is not very good if you are changing the address in hotels or airports to get free wifi for longer periods. Cheked logs when trying to change it, nothing there.

[blaesus]

Update: When I plugged in an iPad as a networking device (en9), spoofing does work. Unfortunately, spoofing built-in devices doesn't work. (I use Mojave now.)

[yspreen]

Changing mac address on factory default High Sierra was working with no problems

How? I'm on HS and nothing works for me.

[TkTech]

@y-spreen with what model hardware? This is looking like a driver/hardware issue with the built-in wifi in recent MacBooks with High Sierra only.

[treku]

@y-spreen I tried on High Sierra with just a command line similar to this: sudo ifconfig en0 ether xx:xx:xx:xx:xx:xx This is no longer working since I updated to Mojave.

[yspreen]

@TkTech MBP 2018

[Konstigt]

Have this issue, MacBook Pro (15-inch, 2016) + Mojave

[joachimtingvold]

Update: When I plugged in an iPad as a networking device (en9), spoofing does work. Unfortunately, spoofing built-in devices doesn't work. (I use Mojave now.)

@blaesus, I'm trying with an USB-C Ethernet adapter (Belkin F2CU040), and I'm not able to change the MAC address at all on that one either, so it's not only limited to built-in devices. Running Mojave on 2018 MBP.

[joachimtingvold]

Also, I'd suggest everyone reading this thread/issue to submit a feedback to Apple (regardless if it's a bug or "by design"). Since Apple tends to adhere to privacy concerns, letting their users be able to randomize the WiFi MAC address should be of interest to them.

https://www.apple.com/feedback/macbookpro.html

[lucafrost]

Reporting the same issue on a 2017 MBP running Mojave... Kept the OUI octets the same, SIP is still enabled, however, I strongly suspect this is not the issue.

I'll submit this as feedback to Apple, might also speak to a friend at the Genius Bar - not sure how much help they'll be lol.

[lucafrost]

Here's a boilerplate Bug Report message for those who wish to submit a request:

To whom it may concern,

I'm running [macOS Version] on a [Hardware Model].

As someone concerned with Privacy, I'm very worried with an issue resulting in me being unable to change the Mac address of my network card via Terminal. Use of the command 'ifconfig en0 | grep ether 00:00:00:.....' executes without error, however, option-clicking on WiFi in the Menu bar yields no change to the MAC address. 

The WiFi is enabled, but disconnected from all networks. I've kept the first 3 octets of the desired Mac address the same as the OUI in case that was the cause of the issue to no avail. And SIP is enabled.

Please provide a means to remedy the issue for your privacy-conscious users.

Regards,

Link: https://www.apple.com/feedback/macbookpro.html

[danipolo]

Any solution by now? That's so sad. Spending good money on a laptop and having this kind of issues. So bad.

[jonluca]

Unfortunately no.

Today I doubled down to see if it was a hardware issue (or at least lower level than macOS kernel). I've attempted to get the new MacbookPro15,1 to boot from Linux, but that also has issues. Because of the new T2 chip and SecureBoot, as well as a lack of drivers for the new NVME drive and keyboard/trackpad, nothing works. See here for more info https://github.com/Dunedan/mbp-2016-linux/issues/71..

I'll try booting from Windows and changing it from there later today.

[jonluca]

Alright, I used Bootcamp and followed this guide, the regedit version.

It successfully changed the mac address. This confirms that the change is not hardware - it's either a change in the kernel or a change in the ifconfig binary.

Can anyone with an older version of macOS upload their ifconfig binary? The one on my 2018 MBP on Mojave has MD5 (/sbin/ifconfig) = 0c60b4d4632aa1db59b69584e2a3b09b

[jonluca]

It might be a change to the driver in the newest WiFi cards. AFAIK the driver needs to implement the setProperties in IOKit. Apple might've disabled this, either intentionally or accidentally, in the newest chipset drivers.

Some possible helpful information for anyone reading this thread later:

• A dapptrace when attempting to change mac addresses - https://gist.github.com/jonluca/0c8477e2a6194b5adb23fc45e71b8c1a. This was run with sudo dapptrace -ac ifconfig en0 ether ce:a1:fc:be:ac:a1 > functrace.txt 2>&1

• All syscalls made by ifconfig when changing mac addresses - https://gist.github.com/jonluca/4bf3348e94f43ff582b45c0f611b88cb

• IOReg output for ARPT https://gist.github.com/jonluca/389b572cc11d0f6ece4dfbfdb3982a4f

• System report for Wifi Card https://gist.github.com/jonluca/262a63019b8419168900c6ed79c98521

Does anyone have experience with macos drivers or changing hardware properties from userland?

Also the other weird thing is that in this thread we have 2 people reporting this issue on A) Older macbooks and B) on older versions of macos (i.e. not Mojave). Can we figure out if that's true or if their issue is something else (I'd guess permissions related).

@frxst can you post your chipset information? System Report -> Network -> WiFi information should be enough.

[blaesus]

@jonluca My data points:

MBP2018 + High Sierra = failure  // As I originally reported
MBP2018 + Mojave = failure  // My current setup
MBP2017 + High Sierra = OK

[lucafrost]

@jonluca Here's my chipset info: https://gist.github.com/frxst/05b50c0e4f063154f1c999af83a6716d

[ghost]

MBP 2018 13 inch here. Changed MAC address on Bootcamp Windows 10 with tmac without any problem. The issue should be software related.

[timcampos]

Note: I have a 2015 Macbook Air running Mojave 10.14.2 - with this device I am able to change my MAC address no problem.

My 2018 Macbook Pro running Mojave 10.14.2 - no such luck.

Has anyone tried disabling SIP and does that help?

[wildone]

changing last chars worked for me

[ghost]

changing last chars worked for me

Could you expand on that? Do you have a MBP 2018?