hashcat Forum
macOS firmware password hash mode ? - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: macOS firmware password hash mode ? (/thread-9468.html)



macOS firmware password hash mode ? - Kaliya.a - 08-25-2020

Hi,

Can hashcat work on macOS firmware password hash ?
The one I put a year ago does not work  I am sure that I can recover it using PrinceProcessor as I remember its global pattern. 

However the only thing I have is the 16 char hash that is displayed in the boot screen when typing a keyboard combination but that’s all. I don’t see anything related in hashcat documentation. 
Note that firmware password differs from root/user/iCloud passwords. 

If hashcat has a mode for this hash that’d be a life saver. 

Thank you


RE: macOS firmware password hash mode ? - Kaliya.a - 08-25-2020

After digging it seems that the password is stored using a  [b]Message Autentication Code (MAC) using SHA256[/b], with a [b]variable number of rounds[/b].
Do you have a recommendation how that could be implemented into hashcat ? To my understanding a hash without a key if not exploitable here. 
Could you advise ?


RE: macOS firmware password hash mode ? - philsmd - 08-26-2020

I'm not very familiar with these macOS passwords, but maybe you could try this:
https://forums.macrumors.com/threads/reset-macos-firmware-password.2039622/?post=24518521#post-24518521
(using firmwarepasswd)

This might also be interesting to read: https://github.com/drduh/macOS-Security-and-Privacy-Guide#firmware

some info also here: https://tinyapps.org/docs/cracking-filevault.html (If a firmware password is set...)


RE: macOS firmware password hash mode ? - Banaanhangwagen - 08-26-2020

A macOS firmware password can be "undone" by official Apple Support.
See: https://support.apple.com/en-au/HT204455#forgot