Hi, Few month ago I set the firmware password on my MacBookAir6,2. That password does not protect the regular booting, but prevents from entering into recovering mode and booting from external media.
Now I realised that I forgot the password. My guess that it was not too complicated, probably consist of a dict word or a word and a number.
As I have regular and admin access to the computer, I was able to copy Firmware Password Utility from Recovery partition. Now I'm thinking about bruteforce solution as this utility does not have any delays on bad passwords.
But anyway it gonna be slow and painful. Is there any ways possible with the root access in my case? Maybe I could get access to password hash and try to brute force it in more powerful ways without gui involved?
Here is expect script that uses setregproptool. It starts setregproptool with "-o password" argument. And then it sends 4 more strings with password. setregproptool has bruteforce checks and insert delays after 4 bad passwords. So I just kill it and restart over after every 5 attempts (including -o argument).
It took 20 minutes on my macbook to check all keys from 0000 to 9999. Ok for those who have 4 (or even 6) digits password.
But too slow for me, 'cause my password is alphnum and much longer.
#!/opt/local/bin/expect -f
set timeout -1
log_user 0
set p 0
while {$p < 10000} {
set pass [format "%04d" $p]
send_user "$pass\r";
set PID [spawn ./setregproptool -d -o "$pass"]
match_max 100000
expect -exact "Enter current password: "
for {set i 0} {$i < 4} {incr i 1} {
incr p 1
set pass [format "%04d" $p]
send -- "$pass\r"
expect -exact "\r
Enter current password: "
}
exec kill -9 $PID
expect eof
wait -i $spawn_id
}
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.