EFI Bruteforcer

Automated bruteforce attack against the EFI and iCloud lock.

Similar projects worth following
Using a Teensy one can easily bruteforce the EFI and iCloud lock. It is a low cost solution for a very common problem.

One buys a used MacBook Pro at a very attractive price, the seller then locks it days latter remotely asking for a boat load of more money.

The idea came after someone in my family when thought that. He bought a laptop, paid cash in person and a week latter the seller was asking for $300 more. Initially I though that it was a block in the operating system so I told him it would be really easy to solve that issue that he just needed to send it to me so that I could do a low level format and reinstall the OS.

I quickly realized that it was more complicated than than, went through all steps to reset the NVPram, cache, tried to reset the 'bios' with no luck.

It occurred to me that since it was a 4 digit PIN it would be easy to manually brute force it but I wanted the avoid the risk to jump a couple of combinations or spend weeks doing this.

I chose the Teensy mainly because it supports USB in HID mode and it was low cost, I was not going to spend a lot of money doing a favor, specially since I had 0 experience programming in C/C++ let alone dealing with micro controllers.

As you can see from the attached link to github, the sketch is simple, it just goes through all combinations one by one, In order to save money I avoided the use of screens so I wrote a shellscript to estimate the range on which the current PIN was being attempted.

  • 1 × Teensy 3 3rd version of Teensy development board without any addons

  • 1
    Step 1

    There is no need for soldering or anything just install de Arduino SDK, then the Teensyduino, plug  your board and upload the sketch attached to my github link

View all instructions

Enjoy this project?



envymysin wrote 05/28/2018 at 21:57 point

would like help with code to add 1602a lcd display any help would be appreciated

  Are you sure? yes | no

@orvtech wrote 08/16/2019 at 16:34 point

You and I buddy.

  Are you sure? yes | no

lilgangster wrote 06/27/2015 at 08:31 point

Does this working with newer MacBooks ? 6 digits ?

  Are you sure? yes | no

@orvtech wrote 08/16/2019 at 16:33 point

In theory it could if you modify the code a bit but it would take over 2 years. With some tweaks it could take just a couple of weeks but I don't have the laptop any more to do those changes and tests. If you do try changing the language using the mouse after every lock wait period. 

  Are you sure? yes | no

Edım wrote 06/24/2015 at 15:14 point

Where we supply

  Are you sure? yes | no

David Preece wrote 08/02/2014 at 22:52 point
Serves them right for using a four digit pin.

  Are you sure? yes | no

@orvtech wrote 08/03/2014 at 15:05 point
and for being scammers ;)

  Are you sure? yes | no

Edım wrote 06/24/2015 at 15:14 point

Where we supply

  Are you sure? yes | no

Similar Projects

Does this project spark your interest?

Become a member to follow this project and never miss any updates