Hi everyone,
I recently bought a macbook from Ebay and after having received it I formatted the hard drive to do a clean install of the OS. That's were things got a bit tricky... I can't reinstall the OS since I am prompted for the EFI password every time I attempt to boot from a CD or a bootable usb key. Neither I or the previous owner know the password and Apple wants to charge me a fait bit of money to recover it.
I've done some research, and it seems possible to brute force the password which is most likely a 4digits pin code. I decided to use the rubber ducky to create a payload similar to the one Darren uses to hack the pin of an android phone but I haven't had much luck so far.
The laptop seems to recognise the ducky as an external keyboard but doesn't type the full pin and only a single digit ends up being typed. I reckon it's pretty much the same problem than this user ran into :
https://forums.hak5.org/index.php?/topic/32410-macosx-efi-anyone-have-payload-for-efi-password/
I've done a fair bit of research and it seems that people wanting to bruteforce the EFI password mostly use the teensy development board. I'm pretty sure that the ducky is perfectly capable of doing the same thing and I would like to use this thread to come up with a payload that everyone can use to bruteforce mac EFIs.
I have noticed that a few people have already posted on this forum about this issue (see link bellow) but no one has posted a working payload yet.
https://forums.hak5.org/index.php?/topic/30800-payload-on-macbook-air2010-2013-help-needed/
This is the non working payload I have been using so far, any help would be greatly appreciated
DELAY 5000
STRING 0000
ENTER
DELAY 10000
STRING 0001
ENTER
DELAY 10000
STRING 0002
ENTER
DELAY 10000
...
Useful link.
http://www.hackmac.org/forum/topic/1524-efi-pin-bruteforcing/