View Single Post
  #1  
Old 05-20-2008, 06:40 PM
mazuki mazuki is offline
Member
 
Join Date: Apr 2008
Posts: 8
Default Bypass filevault, admin, all passwords

Please anyone offer insight into this, i tested it myself but would like your thoughts on my work, as i only figured it out after playing on a mac for a couple weeks

tools: usb drive and two files, easily created with mac OS on any mac computer that is filevault capable.

the beauty of this fix is that it doesn't require you to enable anything on the computer, or look for anything, it just requires the placing of 2 small files on it, and you can successfully circumvent any filevault encryptions, account passwords and system keychains. so in essence, with this hack you get not only the users account and files, but access to any stored passwords they use, email, chat, everything.

the method:

there are two files that are created when enabling a master password on mac OS X

named:

FileVaultMaster.cer
FileVaultMaster.keychain

the placement of these files in the proper folder (either /Library/Keychains/ or /System/Library/Keychains) will enable a master password, overwrite an old one, or deleting them will disable master password. you would think that this is locked to only a single mac computer, but surprisingly it doesn't. all you need to do is boot to single user mode, mount your usb drive, cp the files to that location, reboot like normal, enter a password incorrectly 3-5 times and then use the master password to reset it, all while keeping the user's keychains intact and not causing the filevault encryption to lock the users files to be inaccessible.

i didn't walk through every step because it will depend on the filesystem of the USB drive you use, whether it's ntfs, hfs, ext3 or FAT

and this works across 10.4 and 10.5 (i tested both) and possible back to 10.0, whenever filevault master password was implemented, this should work

of course, you can also use the same method for user accounts, just create your own password, and then take the file that is the same name as the GUID of your user in the shadow hash folder (forgot the location) and replace any of the users, will work the same way, but i prefer the master password as it will keep keychains in effect, i.e. you have access to the emails, chat programs, and encrypted files/folders
Reply With Quote