hashcat Forum Support hashcat v
APFS encrypted device with T2-Chip

Threaded Mode
APFS encrypted device with T2-Chip
matt99 Offline
Junior Member
**
Posts: 33
Threads: 16
Joined: Dec 2016
#1
02-06-2020, 04:50 PM (This post was last modified: 02-06-2020, 04:52 PM by matt99.)
Following to this post, I successfully extracted an apfs-hash with apfs2hashcat and was able to attack it with hashcat (there was no T2-chip installed). Now the question arises how the hash behaves when a T2 chip is installed in the Macbook? Can you still read out the hash like that or what should i watch out for?
Is there anything to be considered when restoring the password or can you attack as usual, for example with wordlists and rules?
Find
Reply
digitalhussar Offline
Junior Member
**
Posts: 3
Threads: 1
Joined: Feb 2020
#2
02-16-2020, 06:47 PM
with the new t2 chip the keybag cannot be extracted from the disc image, so no tools can help you get the hash out. This can only be done with hardware
Find
Reply
Zen6 Offline
Junior Member
**
Posts: 7
Threads: 1
Joined: Dec 2020
#3
01-08-2021, 11:06 PM
Hi digitalhussar,
can you share your information about extracting the keybag out of a T2 chip?
Are you attacking over the Thunderbolt PCIe lines or over the USB debug port and chackm8/blackbird?
I'm struggling for months on a MacBook Air 2020 and am thankful for any idea.
Thanks
Find
Reply