Created
March 8, 2017 02:40
-
-
Save captainpete/bc73e56455c51967b7a04ee5980ed321 to your computer and use it in GitHub Desktop.
Ruby script for brute-forcing Apple encrypted volumes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'pry' | |
| require 'set' | |
| # disk UUID | |
| # find with `diskutil corestorage list` | |
| UUID = "1D1D6CEB-4613-472C-AE71-BD50651D44D1" | |
| SUFFIXES = [ '', '!!', '123' ] | |
| JOINS = [ '', ',', ', ' ] | |
| FIRST = [ nil, 'something something' ] | |
| LAST = [ nil, 'else else' ] | |
| def unlock(passphrase) | |
| unlock_cmd = "diskutil corestorage unlockVolume #{UUID} -stdinpassphrase" | |
| _in, _out = IO.pipe | |
| pid = spawn(unlock_cmd, :in => _in, :out => '/dev/null', :err => '/dev/null') | |
| _in.close | |
| _out.puts passphrase | |
| _out.close | |
| Process.waitpid2(pid)[-1].exitstatus | |
| end | |
| def suffixed(phrase, &block) | |
| SUFFIXES.each { |suffix| yield "#{phrase}#{suffix}" } | |
| end | |
| def joined(first, last, &block) | |
| if [first, last].any? &:nil? | |
| yield "#{first}#{last}" unless [first, last].all? &:nil? | |
| else | |
| JOINS.each { |join| yield [first, last].join(join) } | |
| end | |
| end | |
| def transform_stream(&block) | |
| FIRST.each { |first| LAST.each { |last| | |
| joined(first, last) { |phrase| suffixed(phrase, &block) } | |
| } } | |
| end | |
| # brute-force it!! | |
| transform_stream do |phrase| | |
| status = unlock phrase | |
| puts "#{status}: #{phrase}" | |
| exit 0 if status.to_s =~ /0/ | |
| end | |
| exit 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment