- Posts: 3
- Thank you received: 1
Forum Login
Encryption algorithm
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
- krayzeeman
-
Topic Author - Offline
- Noob
-
Less More
8 years 5 months ago - 8 years 5 months ago #1809 by krayzeeman
Encryption algorithm was created by krayzeeman
Does anybody know how the EFI password is encrypted on the newer Macs (2011 and later)?
It's probably a one-way encryption, but if the password is a 4-digit PIN, there are only 10.000 possibilities, and this should be easy to brute-force once we know the encryption algorithm.
If we are able to brute force it, there is no more need to reflash the EFI chip, and less risk of damaging the Mac.
I've noticed that no matter what the password is, the encrypted version always seems to be 69 (0x45) bytes in length.
Krayzeeman
It's probably a one-way encryption, but if the password is a 4-digit PIN, there are only 10.000 possibilities, and this should be easy to brute-force once we know the encryption algorithm.
If we are able to brute force it, there is no more need to reflash the EFI chip, and less risk of damaging the Mac.
I've noticed that no matter what the password is, the encrypted version always seems to be 69 (0x45) bytes in length.
Krayzeeman
Last edit: 8 years 5 months ago by krayzeeman.
Please Log in or Create an account to join the conversation.
8 years 5 months ago #1820 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic Encryption algorithm
I have not found any correlation with the passcode and what is found in the dump. A place to start though would be to save the passcode as A and then grab the passcode area from a dump. Then try AA, AAA, AAAA, AAAAA, AAAAAA, AAAAAAA, AAAAAAAA, etc. and try and find a pattern. Of course this would be so on and so forth throughout the alphabet, numbers, symbols, uppercase, lowercase. It isn't far fetched to think they store it as a hash, but the fact of the matter is you still have to at least read the firmware with a piece of hardware and it is much more simple and quicker to modify the firmware than to try and decrypt it even if we knew what math they used. I do, however, think that some collective minds could continue the research to make this completely unnecessary by using token.paul's tutorial to get into the mac and dumping its firmware which in the end would be more efficient and safer.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
- krayzeeman
- Topic Author
- Offline
- Noob
-
Less More
- Posts: 3
- Thank you received: 1
8 years 5 months ago #1827 by krayzeeman
Replied by krayzeeman on topic Encryption algorithm
I did some more investigation on the password record, and compared records from several locked ROM’s.
I noticed that the first 16 bytes of the active password record are exactly the same in all of the ROMS, and also the last 5 bytes of that password record are the same in all dumps.
When I set a known password “1234” to a Mac, and dump the EFI boot ROM, I noticed that bytes 16 through 63 of the password record contain a sort of hash, and when I change the password to ‘0006’ I get a completely different set of numbers in this area.
However when I change the password back to ‘1234’ this area is completely different from the first time I set the password to ‘1234’, and when I change the password back to ‘0006’ it’s again different form the fist time I set it to ‘0006’.
This suggests that the stored password is some kind of salted hash.
Another thing I noticed is that when using the one mac I have at hand to play with, bytes 56 through 63 in the active password record stay the same, regardless of the password. These bytes are however completely different in the other ROM’s I have examined.
This suggests that the password hash is stored in bytes 16 through 55, and is exactly 40 bytes in length, and bytes 56 through 63 are related to some sort of ID of the Mac.
On another Mac however bytes (56 through 63) also changed when changing the password. The difference between these two Macs is that the first one uses a record format 1, and the second one uses record format 2 in the $SVS area.
PS. on Macs with Mac OS X 10.9 and lower you can read the EFI ROM with a tool called DarwinDumper, so no need to open the Mac and use tools like the Bus Pirate or a Raspberry Pi. On later OS’s Apple has closed this security leak by not allowing unsigned kexts to be installed, and hereby blocking direct access to the EFI ROM.
I noticed that the first 16 bytes of the active password record are exactly the same in all of the ROMS, and also the last 5 bytes of that password record are the same in all dumps.
When I set a known password “1234” to a Mac, and dump the EFI boot ROM, I noticed that bytes 16 through 63 of the password record contain a sort of hash, and when I change the password to ‘0006’ I get a completely different set of numbers in this area.
However when I change the password back to ‘1234’ this area is completely different from the first time I set the password to ‘1234’, and when I change the password back to ‘0006’ it’s again different form the fist time I set it to ‘0006’.
This suggests that the stored password is some kind of salted hash.
Another thing I noticed is that when using the one mac I have at hand to play with, bytes 56 through 63 in the active password record stay the same, regardless of the password. These bytes are however completely different in the other ROM’s I have examined.
This suggests that the password hash is stored in bytes 16 through 55, and is exactly 40 bytes in length, and bytes 56 through 63 are related to some sort of ID of the Mac.
On another Mac however bytes (56 through 63) also changed when changing the password. The difference between these two Macs is that the first one uses a record format 1, and the second one uses record format 2 in the $SVS area.
PS. on Macs with Mac OS X 10.9 and lower you can read the EFI ROM with a tool called DarwinDumper, so no need to open the Mac and use tools like the Bus Pirate or a Raspberry Pi. On later OS’s Apple has closed this security leak by not allowing unsigned kexts to be installed, and hereby blocking direct access to the EFI ROM.
Please Log in or Create an account to join the conversation.
8 years 5 months ago #1831 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic Encryption algorithm
So, focusing on what we have been calling the "type 1" bin would be something of interest for now. You are on the right track with this and may want to keep in mind the obfuscation techniques Apple used to use on pre-2011 macs. It would be nice to actually implement a software only approach rather than flashing at all. Having a fresh mind looking into this may spark back up some interest, because I have basically written it of for the past year. We have been looking into many alternatives, one being that you can short the 3.3v pin and the WP pin of the chip while using a tool like darwin dumper to write back to the chip. Actually, token.paul has a kext that will work on most macs for flashrom if I am not mistaken. I will have to get ahold of him and ask about it again but its floating around on the forum. He has been absent lately for personal reasons, but I am sure he will be back in the near future and would love to try and tackle this head on if he has not already debunked the idea behind it. My outlook here is, if this "hash" is truly encrypted and not just obfuscated then in half of the cases it will not be 4 digit numerical code which means it will not be 1 of 10,000 permutations. However this may be something we can add into a toolkit of some sort that will have many avenues of approaching the EFI lock.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
8 years 5 months ago #1832 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic Encryption algorithm
Any update to the research you are doing I would like to see more of. If you post it here I will go over it next time I am online. It is nice to see vigilance on the subject still.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
8 years 5 months ago #1836 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic Encryption algorithm
I also want to add that the section that changes on the type1 firmware that stays the same in the type2 firmware I think may be a counter. Please have a look at token.paul's ROM cleaner script which may lead you further down the rabbit hole.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
Who's Online
We have 264 guests and no members online
N00BZ
- ljamal
- ljamal74
- mikeg2atest
- ducchinhbui
- anjarezt
Cookies
EU e-Privacy Directive
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.