I'm trying to spoof the MAC address of the computer that executes my program. Right now I'm getting the current MAC address of the machine using the 'getmac' command via cmd, then I want to change it via the 'RegistryKey' class(windows.system32).
The issue is that I don't know the string to pass to the OpenSubKey
method.
For example this is the method to read the current MAC with registry key reading:
private string readMAC()
{
RegistryKey rkey;
string MAC;
rkey = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}\\0012", true); //--->this is the string to change
MAC = (string)rkey.GetValue("NetworkAddress");
rkey.Close();
return MAC;
}
I got curious so I pulled the source for MadMACs. Turned out to be pretty straightforward to port the core logic to C#, so here it is if anyone is interested.
private const string baseReg =
@"SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\";
public static bool SetMAC(string nicid, string newmac)
{
bool ret = false;
using (RegistryKey bkey = GetBaseKey())
using (RegistryKey key = bkey.OpenSubKey(baseReg + nicid))
{
if (key != null)
{
key.SetValue("NetworkAddress", newmac, RegistryValueKind.String);
ManagementObjectSearcher mos = new ManagementObjectSearcher(
new SelectQuery("SELECT * FROM Win32_NetworkAdapter WHERE Index = " + nicid));
foreach (ManagementObject o in mos.Get().OfType<ManagementObject>())
{
o.InvokeMethod("Disable", null);
o.InvokeMethod("Enable", null);
ret = true;
}
}
}
return ret;
}
public static IEnumerable<string> GetNicIds()
{
using (RegistryKey bkey = GetBaseKey())
using (RegistryKey key = bkey.OpenSubKey(baseReg))
{
if (key != null)
{
foreach (string name in key.GetSubKeyNames().Where(n => n != "Properties"))
{
using (RegistryKey sub = key.OpenSubKey(name))
{
if (sub != null)
{
object busType = sub.GetValue("BusType");
string busStr = busType != null ? busType.ToString() : string.Empty;
if (busStr != string.Empty)
{
yield return name;
}
}
}
}
}
}
}
public static RegistryKey GetBaseKey()
{
return RegistryKey.OpenBaseKey(
RegistryHive.LocalMachine,
InternalCheckIsWow64() ? RegistryView.Registry64 : RegistryView.Registry32);
}
For brevity's sake, I've left out the implementation of InternalCheckIsWow64()
, but that can be found here. Without this, I was running into issues with not finding the registry I wanted due to structural differences between 32- and 64-bit OSes.
Obligatory disclaimer -- play with the registry at your own peril.
This should point you in the right direction, but you're going to have to figure out the code:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\
and you'll see a few sub keys corresponding to the interfaces in the "network connections" control panel. Probably only one will have a valid IP, and the others will have 0.0.0.0 You'll need to do some pattern matching to figure out which one is the right one.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
and check each one's NetCfgInstanceId
value (or search) for the GUID of the interface.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With