EUI-64 Decoder

Extract the original MAC address from any IPv6 EUI-64 interface identifier. Reverses the ff:fe insertion and U/L bit flip to recover the 48-bit hardware address — with direct integration to Max Intel's MAC Address Lookup for manufacturer identification and CVE vulnerability scanning.

Last updated:

01
Parse
Expands the IPv6 address and isolates the 64-bit interface identifier
02
Reverse
Strips the injected ff:fe and flips the U/L bit back
03
Recover
Outputs the original 48-bit MAC with manufacturer lookup and CVE scanning

🧬IPv6 → MAC DecoderReady

Examples:

📋Batch Mode

MAC Address Lookup

Identify device manufacturers and check known CVE vulnerabilities from any MAC address.

MAC Address Generator

Generate random MAC addresses with 4 modes, IEEE OUI vendor search, and bulk CSV/TXT export.

IP Address Lookup

Investigate IP addresses for geolocation, ISP, ASN, and threat intelligence data.

Wireless & Network

Search WiFi networks, cell towers, and network infrastructure information.

How Do You Extract a MAC Address from an IPv6 Address Using EUI-64?

Max Intel's EUI-64 Decoder reverses the RFC 4291 interface identifier encoding to recover the original 48-bit MAC address from any IPv6 address generated via SLAAC (Stateless Address Autoconfiguration). According to NIST SP 800-119 (Guidelines for the Secure Deployment of IPv6), EUI-64-based addressing embeds hardware identifiers directly into network-layer addresses, creating a persistent tracking vector that the decoder exploits for forensic analysis.

Why Is EUI-64 Decoding Important for Network Forensics?

IPv6 addresses in firewall logs, packet captures, and IDS alerts may contain the device's actual hardware address. The SANS Institute IPv6 forensics methodology identifies EUI-64 decoding as a critical first step in incident response — the extracted MAC reveals the device manufacturer via OUI lookup, which narrows the investigation to specific hardware types. A 2024 RIPE NCC measurement study found that approximately 12% of observed IPv6 addresses still use EUI-64 identifiers despite the adoption of Privacy Extensions (RFC 4941). Enterprise networks, IoT devices, and industrial control systems are the most common sources of EUI-64 addresses, as many embedded systems do not implement randomized interface identifiers.

How Does EUI-64 Encoding Work?

The process defined in RFC 4291 Section 2.5.1 takes a 48-bit MAC address and creates a 64-bit interface identifier in three steps: split the MAC between the OUI (first 3 bytes) and device ID (last 3 bytes), insert ff:fe between them to create 8 bytes, then invert bit 6 of the first byte (the Universal/Local bit). Max Intel's decoder reverses this transformation, detecting whether the ff:fe sentinel is present and flagging addresses that use RFC 4941 Privacy Extensions or RFC 7217 Stable Privacy Addresses — which generate randomized IIDs that contain no recoverable hardware information.

EUI-64 (Extended Unique Identifier-64)
A method for converting a 48-bit MAC address into a 64-bit IPv6 interface identifier by inserting ff:fe and flipping the U/L bit, defined in RFC 4291.
SLAAC (Stateless Address Autoconfiguration)
An IPv6 mechanism (RFC 4862) that allows hosts to automatically configure addresses using the network prefix and an interface identifier — often derived from the MAC via EUI-64.
Privacy Extensions (RFC 4941)
A mechanism that generates randomized temporary interface identifiers to prevent hardware tracking via EUI-64, now the default on most desktop and mobile operating systems.
U/L Bit (Universal/Local Bit)
Bit 6 of the first byte of a MAC address. When 0, the address is universally administered (factory-assigned); when 1, it is locally administered. EUI-64 inverts this bit during conversion.

🧬 EUI-64 Decoder — Frequently Asked Questions

What is EUI-64 and how does IPv6 use it?

EUI-64 (Extended Unique Identifier) is a method defined in RFC 4291 for generating a 64-bit IPv6 interface identifier from a 48-bit MAC address. The process inserts ff:fe between the OUI (first 3 bytes) and the device ID (last 3 bytes), then flips the Universal/Local (U/L) bit (bit 6 of the first byte). This creates a globally unique interface ID used in SLAAC (Stateless Address Autoconfiguration). The process is reversible, allowing MAC address recovery from the IPv6 address.

Can you always extract a MAC address from an IPv6 address?

No. Only IPv6 addresses generated via SLAAC using EUI-64 contain an embedded MAC address. Privacy Extensions (RFC 4941) generate randomized temporary interface IDs that contain no hardware information. Stable Privacy Addresses (RFC 7217) use a hash function, and DHCPv6-assigned addresses use server-allocated IDs. This tool detects all three cases by checking for the ff:fe sentinel bytes.

Why is EUI-64 decoding useful for OSINT and network forensics?

IPv6 addresses in network logs, packet captures, and firewall rules may contain the device's real MAC address embedded via EUI-64. Extracting this MAC reveals the hardware manufacturer (via OUI lookup), which identifies the device type — critical for incident response, rogue device detection, and network inventory. Combined with vulnerability databases like NIST NVD, the manufacturer identification enables immediate assessment of known CVEs affecting that device.

MAC Lookup

Network device manufacturer identification.

DHCP Parser

Analyze DHCP lease files.

MAC Lookup App

Desktop MAC address lookup tool.

IP Lookup

IP geolocation and threat intel.