Need to Crack OSX 10 and iOS 9 Password

CTL

CTL

Active Member
Reaction score
96
Location
New Jersey, USA
I thought I would give it a shot and ask on here! :)

I need to crack the password on an Macbook Air running OSX 10 and passcode on iphone 6 running iOS 9. The Macbook I believe also has FileVault 2 active.

Has anyone successfully cracked either? Possible?

I thought about purchasing Passware Kit. Has anyone used it?

That data on these devices is very sentimental to my client.(they need closure.) Even if I cant do it, I would like to point them in the right direction.

Note: Yes I know the FBI cant even crack the iphone.
 
You are not going to be able to "crack" them, as in brute force.

In the case of the iPhone you are SOL.

MB Air. You can boot it into target disk mode, power up holding down the T key, hook up to another Mac and browse the disk. If you can get to the file system and access the users then FV2 is not enabled. If you cannot then that's the end of the road. But not all is lost. If they had TM running and did not encrypt the backup then you can browse the store to retrieve files. Once you have the folders/files you can chown them to gain access. You can also load the email stores. Then you might find file(s) with passwords. If you find the MB Air password then you can get into the machine and access the keychain. But I do not think the keychain stores the PIN for PIN protected iOS devices. If the iPhone had been backed up, and again not encrypted, then you can use tools to browse the backups to retrieve data. I've used iExplorer with great success.

The Passware Kit is useless if the machine has been rebooted as it scans RAM for stored credentials.
 
Last edited:
If it is just a firmware password on the MBA without fileVault, you can get passed that (at least you could in the past)

Also, with FileVault enabled, time machine only backs up when you log on or off the computer. I've have the pleasure to meet a mac user that had never managed to do it and the time machine backup was an empty home folder. At least I restored their username
 
Thanks for the info so far. Sounds like it will be a dead end. But I will give it a go. I think my first plan of attack, is going to be good old guessing. I am going to sit down with my client and get basic info, things like birthday, favorite sports team, favorite band, favorite car, pets name etc..

Will either device permanently lock if there are too many tries?
 
trevm999 said:
Also, with FileVault enabled, time machine only backs up when you log on or off the computer. I've have the pleasure to meet a mac user that had never managed to do it and the time machine backup was an empty home folder. At least I restored their username
Click to expand...

Both my laptops are FV2 and TM backs up just the same as without FV2. My experience is that if you get the TM store you can browse it on another Mac.

CTL said:
Thanks for the info so far. Sounds like it will be a dead end. But I will give it a go. I think my first plan of attack, is going to be good old guessing. I am going to sit down with my client and get basic info, things like birthday, favorite sports team, favorite band, favorite car, pets name etc..

Will either device permanently lock if there are too many tries?
Click to expand...

Yep social engineering might work. Is the former user space (physical) available for you to survey? At any rate the iPhone does have an option to brick it after X failed attempts, don't remember the default settings. That's why the FBI has pushed it off to Apple in the case of San Bernardino. For regular OS X devices I am not aware of a easy method to nuke a drive after X failed logins. But you can, as always recommended, image the machine to get backups prior to surgery.
 
Last edited:
Mercenary Roadie said:
You have 10 guesses on that iPhone before you destroy everything on it. Be sure your client understands that before you start.
Click to expand...
Only if that option was enabled by the user, it is off by default.
You'll know if it is enabled because you only get 5 tries then on the 6th try it will disable the device for 1 minute.
After 7 tries, 5 minutes, after 8, 15 minutes, and after 9 & 10 attempts, 60 minutes. Then on the 11th try if you are wrong it will be wiped.

When that option is not enabled, which it more than likely isn't since not many users know about it, you get 20 tries first then the device will be disabled for a minute, then another wrong attempt it will be disabled for 5 minutes.
Then another chance and if wrong it is disabled for 15 minutes, then 60 minutes.
I think 60 minutes is as high as it goes, haven't tested in a while.
With each wait period you only get a single chance to enter in the passcode before it disables again.
 
CTL said:
I thought I would give it a shot and ask on here! :)

I need to crack the password on an Macbook Air running OSX 10 and passcode on iphone 6 running iOS 9.

That data on these devices is very sentimental to my client.(they need closure.) Even if I cant do it, I would like to point them in the right direction.
Click to expand...

They forgot their 4 or 6 digit iOS passcode? Nevertheless, do they have Touch ID enabled/setup? To test see if they can unlock it by placing the end of their thumb flat on the wake/home button. If the screen shakes indicating it rejected the biometric it is enabled, keep trying. Look up how to do it properly if needed. If it unlocks with their thumb print, go into settings and reset their passcode.

If it doesn't work, as long as their iCloud/iCloud Backup was being utilized for their important stuff they shouldn't lose anything because there is a copy of everything in the Cloud (even if you can never get back into that particular phone). If it's photos that they're worried about as long as they have iCloud Photo Library turned on (and enough iCloud Storage left) they'll still have them. They can buy a new iPhone and restore it from the Cloud.

You/they can log into their iCloud account from any PC at www.icloud.com to view most of what they have backed up. Some stuff that is backed up in the separate "iCloud Backup" won't be visible in the iCloud account, but that doesn't mean the backup doesn't exist, it just doesn't show up there. But several other things you can visibly see are backed up like photos, emails, contacts, etc. Just need their Apple ID (likely their iCloud email address) and iCloud password to log into icloud.com to see what is there; if they don't know that password I believe you should be able to reset that right there on the website.
 
Last edited:
The drive is definitely encrypted. I am currently working on seeing if TM was being used. I ordered a mac for my office because I don't have one.

What cable do I need to buy to connect them to each other? The MAC Air is new, but I ordered an older MAC MC240LL/A running Yosemite.
 
CTL said:
The drive is definitely encrypted. I am currently working on seeing if TM was being used. I ordered a mac for my office because I don't have one.

What cable do I need to buy to connect them to each other? The MAC Air is new, but I ordered an older MAC MC240LL/A running Yosemite.
Click to expand...

The air only has thunderbolt. Looks like the one you ordered is a White MB which has no thunderbolt but does have firewire. Pretty certain you cannot use USB between them, but there is such a thing as thunderbolt to firewire adapter
 
CTL said:
I thought I would give it a shot and ask on here! :)

I need to crack the password on an Macbook Air running OSX 10 and passcode on iphone 6 running iOS 9. The Macbook I believe also has FileVault 2 active.

Has anyone successfully cracked either? Possible?

I thought about purchasing Passware Kit. Has anyone used it?

That data on these devices is very sentimental to my client.(they need closure.) Even if I cant do it, I would like to point them in the right direction.

Note: Yes I know the FBI cant even crack the iphone.
Click to expand...
Okay, John McAfee :D
 
LABFE said:
They forgot their 4 or 6 digit iOS passcode? Nevertheless, do they have Touch ID enabled/setup? To test see if they can unlock it by placing the end of their thumb flat on the wake/home button. If the screen shakes indicating it rejected the biometric it is enabled, keep trying. Look up how to do it properly if needed. If it unlocks with their thumb print, go into settings and reset their passcode.

If it doesn't work as long as their iCloud/iCloud Backup was being utilized for their important stuff they shouldn't lose anything because there is a copy of everything in the Cloud (even if you can never get back into that particular phone). If it's photos that they're worried about as long as they have iCloud Photo Library turned on (and enough iCloud Storage left) they'll still have them. They can buy a new iPhone and restore it from the Cloud.

You/they can log into their iCloud account from any PC at www.icloud.com to view most of what they have backed up. Some stuff that is backed up in the separate "iCloud Backup" won't be visible in the iCloud account, but that doesn't mean the backup doesn't exist, it just doesn't show up there. But several other things you can visibly see are backed up like photos, emails, contacts, etc. Just need their Apple ID (likely their iCloud email address) and iCloud password to log into icloud.com to see what is there; if they don't know that password I believe you should be able to reset that right there on the website.
Click to expand...

Have you had any luck with this?
 
Markverhyden said:
You are not going to be able to "crack" them, as in brute force.

In the case of the iPhone you are SOL.

MB Air. You can boot it into target disk mode, power up holding down the T key, hook up to another Mac and browse the disk. If you can get to the file system and access the users then FV2 is not enabled. If you cannot then that's the end of the road. But not all is lost. If they had TM running and did not encrypt the backup then you can browse the store to retrieve files. Once you have the folders/files you can chown them to gain access. You can also load the email stores. Then you might find file(s) with passwords. If you find the MB Air password then you can get into the machine and access the keychain. But I do not think the keychain stores the PIN for PIN protected iOS devices. If the iPhone had been backed up, and again not encrypted, then you can use tools to browse the backups to retrieve data. I've used iExplorer with great success.

The Passware Kit is useless if the machine has been rebooted as it scans RAM for stored credentials.
Click to expand...

I finally have some time to work on this. The disk is encrypted in Target disk mode. How do I tell if the Backups are encrypted too?
 
Were the backups done via a locally attached drive? You can just hook up the device to any Apple and try to browser the subfolders. If you can get into the subfolders you should be good to go. You might need to take ownership, recursively, of the subfolders and their contents. However, I've not done any work with this in the latest OS's 10.10 or .11. So I do not know if they have changed thing. Worked fine in 10.9 and before.

Edit: I just tested a TM backup (not encrypted) to USB disk from my MBAir, OS X 10.11, and was able to browser just fine on another Apple.
 
Last edited:
You must log in or register to reply here.

Similar threads

thecomputerguy
Client basically told me he's dying and I really didn't know how to respond. How would you?
Replies
9
Views
671
Mike McCall
Mike McCall
M
How To: Sharing a Windows document and image Scanner with MacOS
Replies
0
Views
843
markosjal
M
A
Need Help Deciding Iphone 8 or IPhone X
Replies
18
Views
2K
Markverhyden
Markverhyden
phaZed
DriveSavers claims to have 100% success cracking locked iPhones
Replies
6
Views
888
johnrobert
johnrobert
HCHTech
IOS 12.01 and Exchange 2010
Replies
6
Views
2K
HCHTech
HCHTech
Back
Top