APFS encrypted device with T2-Chip
#1
Following to this post, I successfully extracted an apfs-hash with apfs2hashcat and was able to attack it with hashcat (there was no T2-chip installed). Now the question arises how the hash behaves when a T2 chip is installed in the Macbook? Can you still read out the hash like that or what should i watch out for?
Is there anything to be considered when restoring the password or can you attack as usual, for example with wordlists and rules?
Reply
#2
with the new t2 chip the keybag cannot be extracted from the disc image, so no tools can help you get the hash out. This can only be done with hardware
Reply
#3
Hi digitalhussar,
can you share your information about extracting the keybag out of a T2 chip?
Are you attacking over the Thunderbolt PCIe lines or over the USB debug port and chackm8/blackbird?
I'm struggling for months on a MacBook Air 2020 and am thankful for any idea.
Thanks
Reply