Is it possible to change mac address at a hardware level?

I know you can spoof mac addresses at a software level however if I want to change the mac address of NIC or bluetooth adapter at a hardware level is this possible? Possibly through the BIOS settings on any lbrem device such as laptops and even phones?

I’m pretty sure they’re burned into the hardware.

How come on librem hardware they can’t be changed? I mean i thought purism or some open source manufacture makes the NICs and blutooth’s adapters?

There are no open source manufacturers.

There may be hardware with the MAC stored in writeable memory, but that’s not guaranteed. You’d have to analyze the hardware to find out.

1 Like

That’s why it is called hardware, it can’t be changed, like a hammer or an anvil.

The term for writeable memory (that is not easy to change) is called firmware. It’s not as hard. (Halfway between hardware and software.)

Software is the term for programmable stuff.

1 Like

I am referring to the firmware in the hardware. kinda like how you can reprogram an eeprom chip.

I see thanks man

No, no, and no :slight_smile:

The boundaries are fluid. What passes for firmware on most components of your computers is loaded into RAM and nowhere else - easily writable, volatile memory.

Writeable memory doesn’t have to store firmware, it may be configuration data like the aforementioned MAC address.

If you include stuff like mask ROM containing the first stage boot loader permanently burned into processors, then you have software that is also hardware.

Hardware = physical circuits. Software = executable instructions. Firmware = shenanigans.

I knew what you were saying. I’m just messing with ya.

Aside from all the aforementioned it depends, from my perspective this is something that is likely possible by replacing whichever chip that is a part of the network adapter that holds the MAC which would include desoldering and soldering, similar to the CPU on the librem14 and librem5.

My primary question would be why?

If the MAC used when talking to the network is the one configured in software, what does it matter what the actual hardware MAC is?

1 Like

This is prompting me to repeat a story (I forgot when I last posted it).

Over 20 years back there was a hardware reseller company that used a software tool to change the HP9000’s identity into the more expensive HP3000’s in firmware and then illegally selling them. The tool was tape-loaded. So the FBI were investigaing all employees who may have had this tape. An employee who had this tape and got wind of the investigation so he threw the tape cartridge off a pier. Later, when the FBI agent asked him “Do you have this tape?” He answered truthfully “No”.

(The agent could have had him if he asked “Have you EVER had this tape?”.)

That tape sleeps with the fishes.

Most programmable firmware devices also come with “code protection” built in. If the programmer sets a “code lock” fuse when programming the device, then anyone can erase and reprogram the device. But the stored code can never be read. It can only be executed. This protects the ownership of the firmware code since customers can only use, but not read (in any way) the programmer’s firmware code.

I read a story about the first ODB2 (automotive) reader devices that ever went on the market. The main ODB2 reader device was a Microchip Technology PIC16F device on a supporting PCB, and an appropriate connector/cable that plugged in to the ODB port under the dash in your car. Only one hobbyist in the entire world, turned enterprenure owned that entire market and had no competition. Then one day he accidentally released a new version wherein he forgot to lock the code protection and shipped those kits everywhere. After that, it was over for his business. Hobbyists everywhere were all building and programming their own versions. Inexpensive Chinese knockoffs hit the market almost immediately. The code was later published on the internet. Most programmers will never make that expensive mistake. So unless you can write (re-invent) the full device firmware from scratch, you probably can never change the MAC address.

Given that the purpose of the MAC address is to provide a globally unique address, if you were able to change the MAC address at the hardware level (i.e. permanently) then that could defeat the purpose and there is a small risk of breaking things by having a duplicate address.

I guess the answer is: use the appropriate Linux commands to see who the manufacturer is (whether we are talking about ethernet, WiFi or Bluetooth and whether we are talking about Librem laptop or Librem phone) and then ask the manufacturer.

Even if the hardware has the capability of allowing a permanent change to the MAC address, the Linux driver might not implement that. Or it might be something that can’t be done in software at all and requires specialist hardware connecting direct to the hardware.

I suppose if you are particularly concerned about unique identifiers, it makes sense to be able to rotate them all periodically so that the identifier cannot possibly be part of a fingerprint.

In other words, let’s say that you have made a temporary override of the MAC address that is used to talk to the network but you are worried that some rogue software might still be able to read the permanent hardware MAC address and use that in a fingerprint.

A better approach might be though to control the interfaces via which the permanent hardware MAC address might leak out (but this isn’t necessarily as easy as it sounds).

Remember all the controversy when Intel introduced the Processor Serial Number?

However all these problems are worse when you are running blackbox software that you can’t verify and hence have no option but to trust.

Back to my FBI story, the identifier that I describe was callled the HPSUSAN, an 8 or 9 character string. Which stood for “HP System Unique Serially Assigned Number” and resided in stable storage. One of the legal reasons to change it was hardware failure and replacement because the machine’s software licenses depended on it not to change.

No one complained about a privacy issue on this but bince these were multiuser systems, any privacy issue was “meh”.

P.S. The machine with HPSUSAN ZERO exists, and I know where it resides.

Interesting thing about desktop and bigger systems, you could change the NIC (and as a result, the MAC address) every day and no one would care.

Well, um, yeah but I don’t think that’s what the OP meant. :wink:

For most Librem hardware, in respect of the WiFi, you can indeed change the card every day and thereby change the hardware permanent MAC address but that
a) gets expensive
b) is a hassle
c) could compromise the antennae

For a lot of desktop (or laptop) hardware these days, the ethernet (Layer 2) is integrated in the chipset or at least the ethernet (Layer 2 and Layer 1) is a chip that is soldered on - and so it is not really practical to change it.

Pray tell what it would cost to buy a new NIC for a bigger system each day. :wink:

In the case of Microsoft Windows OEM licence there is a “soft” fingerprint. For example, one “identifier” might change and it will still recognise the licence as valid but if two “identifiers” change then the licence stops working.

Looking at the computer I’m sitting on at the moment, which has dual Intel ethernet, one integrated in the chipset (L2) and one on a dedicated chip, getting the chip models and then looking at the datasheets … it suggests that both have writeable NVM (Non-Volatile Memory) that includes the possibility of changing the hardware permanent MAC address.

However it would need a lot more knowledge than I have to know how to change the MAC address.


About 9 to 30 bucks on ebay!

Once you have got about a dozen of them it would probably be enough. It still does beg the question of “why?”. Yes I presume the original poster wants it on a phone. Having a mobile MAC address on a bigger system would require at least a dolly or a forklift. Too much to lug around.
(Remember I’m about the humor, I was delving into the absurd.)

The purpose had already defeated itself though. There are plenty of anecdotal reports of multiple adapters sharing the same burned address in the wild already. Then your only hope is reprogramming it.

1 Like

… or selling it and buying another, for the case where the address is on a removable card. Even though the MAC address is supposed to be globally unique, it only needs to be unique on “the” LAN1 - so if you roll the dice again, maybe you get lucky. :wink:

1 A more onerous requirement for portable devices.

Given the proliferation of MAC address randomisation anyway (software override) you wonder whether the Day 1 design decision even to have a permanent MAC address should be questioned.