Menu Categories Author

Nubis Novem

IT consulting company with real cloud experience

Amazon EC2 Windows instance with custom MAC on network interface

– What is your address?
– 127.0.0.1
– I meant your physical address!
– 02:CB:25:88:33:D2
Anonymous

As we mentioned previously, AWS hosting platform is notorious for lacking basic everyday features. That was its plague from the beginning: not having it! “Sorry, not invented here” continued to be Amazon web service’s middle name in 2016.

This time we stumbled upon inability to change (clone or spoof) physical address of a network interface in EC2 instance. Before VPC era it was even more ridiculous: physical address (like 02-72-F3-2D-91-35 shown via “ipconfig /all” command), also known as interface’s “MAC address” for each network interface was dynamic. It would actually change at random upon instance reboot along with a new private IP and new host name liberally assigned to the instance. Thanks to introduction of VPC setup, times of Amazon “classic” networking were over. Special kudos to VPC team that it does not require you to reattach static IP (called elastic in Amazonese) after an instance went down and started up again. Now MAC address is set firm in the network interface. Too firm, even solid, we would say, not much elastic.

We were not able to alter MAC address of main network adapter inside a Windows 2012 R2 instance. No matter how we tried with registry hacks and even 3rd party software tools, the outcome was unsuccessful. Though for certain applications dependent on a particular MAC value it does not have to be on a primary network card. We realized we just needed another network card! That could be achieved by installing a dummy loopback network driver that would serve as an additional network interface. It can be assigned with a bogus IP while its physical (or MAC) address we may alter freely. Luckily, Microsoft offers such driver among most of its Windows distributions that is called KM-TEST Loopback Adapter. Enough said, here is the recipe:

  1. Start “Add Hardware” wizard. That may be found via Control Panel -> Device manager -> Action -> Add legacy hardware (there should be at least 3 other ways to invoke it, as it slightly deviates from one Windows version to another).
  2. From the “Add Hardware” screen click Next and navigate to “Install hardware … manually (Advanced)” choice.
  3. Click Next again, then choose “Network adapters” in the long list of device drivers.
  4. Choose Microsoft on the left from list of manufacturers and find “Microsoft KM-TEST Loopback Adapter” for a quick install.
  5. Once the network adapter is installed, right click and choose “Properties“, then go to “Advanced” tab and then “Network Address” would be right there for you to spoof as desired. For instance, 0272f32d9135.
  6. Other TCP/IP parameters of the loopback adapter did not matter for our purpose, but one may experiment further as it appears to be a harmless toy.

This setup was enough for an application to detect that it is running with certain network card.

Please feel free to comment on our humble observations. We may be encouraged to share more with our readers in future.

References

Leave a Reply

Your email address will not be published.

WordPress spam blocked by CleanTalk.