Jump to content

mac OS X Password/FileVault


Recommended Posts

Hey guys, I got a pretty good challenge on my hands. One that I'm surprised I haven't seen here yet. OS X security seems to be pretty good. I have my friends ibook with FileVault enabled. I thought I could just be slick and boot off a live CD and gain access to the drive. Something weird, I don't really have any mac experience, but it won't accept any disc in the cd drive. It just spits them all back out I'm not sure if this is in mac security of if the drive could be bad or something I know it isn't the cd's I've used a good variety even a macintosh printer installation cd just to see if it'd read it.

So I just messed around for a few tryin default log in techniques and after sometime just tried root for user and a couple bad passwords and it asked me for the master password to reset a user password.

Just curious does anyone know of a way to crack an actually account or master password. Any good mac or linux type tool? Also do macs have like a bios/cmos setup?

Sorry for all the n00b ?'s I been googling for about 4 hours now, my friend saw what I can do with my favorite live-cd distro and he had a mac so I decided to test it on a mac, but im just not sure now if his drive works or if it's a mac security issue why it won't accept any cd-media?

Appreciate any guidance:)

Link to comment
Share on other sites

If it's like any thing like Linux, the password is just stored as a md5 hash, except Linux (and BSD) also add a trailing string (some thing to do with time of root user creating or some thing strange like that).

Anyway, it will be pretty hard to crack, there aren't any (known) weaknesses in the algorithms, and a time/disk space trade off thing doesn't work because each machine (except in a network environment where all machines authenticate with a server) adds a unique string (of numbers?) to the password before it hashes is.

All you can attempt to do is grab the password hashes (Don't know where there stored my self, but I'll bet only root can read them) and find out what the unique string is that is added to the password before hashing occurs (and work out where and how it is added), then just get brute forcing, and wait a long time if the passwords are any good.

Link to comment
Share on other sites

Thanks for all the input guys:D could I mount the HD in a windows based system and see the the contents/file system of the drive since it's a mac? Or does it have to be a linux or mac based type system?


Yea I did check that website which gave me a good understanding on how good mac security is. Thanks though.

Link to comment
Share on other sites

Yea I figured linux would be a better way to go with reading the drive. I do have the adapter to go from lap-top HD to IDE so I guess I am good there. I guess I just have 1 more ? about the whole situation. The cd-rom, this is one where it's not a slot you slide the cd into it's more like a ibm based machine where it has the drive tray, but... is it an OS X security issue to where it will not ready any disc until sucessful log in, or is it possible there could be some type of bios preventing it? I never seen a mac or heard of one with a bios cmos feature and so far haven't found any useful info googling except I think I read the new mac's with the intel chip I think has a bios.

Link to comment
Share on other sites

Filevault only encripts the users home folder so hold command (that little apple key) and S when you boot. You'll log into Darwin as root automatically with the drive set as read only, from there grabbing hashes shouldn't be too hard.

Hey thanks man. It loaded Darwin just fine. Although I've never messed with Darwin I should be able to get the hashes and hopefully crack them. What I was thinking was dumping the hashes to a usb drive and it being a mac system, using a version of linux to crack the hashes or is a hash file just a hash file reguardless of platform?

One thing I was curious about is since I am able to boot Darwin couldn't I somehow just add a user account that way to log onto the system then proceed to try to gain the highest level of priveledges? I was able to get the ibook to at least read cd's... well I found an old one I burned along time ago os x cd 1, back track and knoppix it did not spit any of those back out, but when I boot holding option to select boot device only the hard drive was listed. I'm getting closer and shall own this ibook soon. :D

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...