macOS firmware password hash mode ?
#1
Hi,

Can hashcat work on macOS firmware password hash ?
The one I put a year ago does not work  I am sure that I can recover it using PrinceProcessor as I remember its global pattern. 

However the only thing I have is the 16 char hash that is displayed in the boot screen when typing a keyboard combination but that’s all. I don’t see anything related in hashcat documentation. 
Note that firmware password differs from root/user/iCloud passwords. 

If hashcat has a mode for this hash that’d be a life saver. 

Thank you
Reply
#2
After digging it seems that the password is stored using a  [b]Message Autentication Code (MAC) using SHA256[/b], with a [b]variable number of rounds[/b].
Do you have a recommendation how that could be implemented into hashcat ? To my understanding a hash without a key if not exploitable here. 
Could you advise ?
Reply
#3
I'm not very familiar with these macOS passwords, but maybe you could try this:
https://forums.macrumors.com/threads/res...t-24518521
(using firmwarepasswd)

This might also be interesting to read: https://github.com/drduh/macOS-Security-...e#firmware

some info also here: https://tinyapps.org/docs/cracking-filevault.html (If a firmware password is set...)
Reply
#4
A macOS firmware password can be "undone" by official Apple Support.
See: https://support.apple.com/en-au/HT204455#forgot
Reply