Saturday, June 18, 2011

How to Break into a Mac (And Prevent It from Happening to You)

How to Break into a Mac (And Prevent It from Happening to You)
We recently went through a few ways to break into a Windows PC without the password, and it turns out it's just as easy to break into a Mac too. Here's how to do it and keep yourself protected.
Just like on Windows, there are quite a few ways to break into a Mac, but many of them are variations on the same thing, so we're going to highlight the two easiest ways—one with a Mac OS X installer CD and one without—and show you how to keep yourself protected. Note that while these two methods will get you into the OS without knowing the password, you can always just use our previously mentioned "lazy method" with a Mac too—just boot up the computer with a Linux Live CD and start grabbing files.

How to Reset the Mac OS X Password

Both of the methods outlined below are ways to reset the Mac OS X password. While there are cracking utilities like John the Ripper or THC-Hydra, they're either complicated to use or expensive to buy, so we won't go into them here like we did with Windows (which has the very easy-to-use Ophcrack). Both of these methods assume the target computer is running Snow Leopard.

Method One: Use the Mac OS X Installer CD

How to Break into a Mac (And Prevent It from Happening to You)
If you have the Mac OS X installer CD handy, it's super easy to change the administrator account's password. Just insert the CD into the target Mac and hold the "c" key as you boot up the computer. It will boot into the Mac OS X installer. Once it does, head up to Utilities in the menu bar and choose Password Reset. You'll get a window prompting you to select the drive on which OS X is installed; so choose the drive you want to get into and select the user whose password you want from the drop-down menu.
How to Break into a Mac (And Prevent It from Happening to You)
Enter a new password for that user and hit the save button. That's it! When you reboot the computer, you can use your new password to log into the computer. Note that unfortunately, you still won't be able to unlock the Keychain, so if what you're trying to access has another layer of password protection, you won't be able to access it.

Method Two: Boot into Single-User Mode

How to Break into a Mac (And Prevent It from Happening to You)
If you don't have an installer CD handy, you just need to do a bit of fancy command-line footwork to achieve the same end as the CD method. Boot up the computer, holding Command+S as you hear the startup chime. The Mac will boot into single user mode, giving you a command prompt after loading everything up. Type the following commands, hitting Enter after each one and waiting for the prompt to come up again before running the next one:
/sbin/fsck -fy
/sbin/mount -uw /
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
dscl . -passwd /Users/whitsongordon lifehacker
Replace whitsongordon with the user whose account you want to access and lifehacker with the new password you want to assign to that user.
If you don't know the user's username, it should be pretty easy to run ls /Users at any time during single user mode to list all the home folders on the Mac, which usually correspond to the usernames available on the Mac. Note that, once again, this doesn't give you access to the OS X Keychain, so anything protected with another layer of passwords will be off-limits.

How to Protect Your Mac from Being Broken Into

Luckily, while it's pretty easy to break into a Mac, it's also just as easy to protect yourself. Just like last time, our main recommendation is encrypting your entire OS. Note that this does not mean use OS X's built-in FileVault tool. We weren't impressed with FileVault the last time we looked at it, and it turns out it's pretty easy to get past FileVault's protection.
How to Break into a Mac (And Prevent It from Happening to You)Instead, we recommend you use our favorite free, open-source encryption tool TrueCrypt. It came out with a Mac version back in 2008, and it still works wonderfully at encrypting entire partitions and drives on your computer. And, since anyone wanting to boot the computer needs to know your TrueCrypt password, they'll never even get to the password reset stage—so all your files will be safe.
Update: As many of you have pointed out in the comments, I misunderstood a few things about both FileVault and TrueCrypt. FileVault is not easily bypassable, and while it won't encrypt your entire drive, it should keep you safe from the above methods. TrueCrypt cannot currently encrypt an entire boot drive on a Mac.
However, you also pointed out that there's another simple way to keep people from resetting your password, and that's using a firmware password. If you have a Mac OS X installer CD, you can boot up from it and go to Utilities > Firmware Password Utility and set a firmware password. This prevents other folks from being able to boot up your computer from another hard disk, CD, or in single user mode. Someone with bad intentions could still bypass it, but it would require quite a bit of alone time with your hardware. So, for best results, you'll probably want to encrypt your files with FileVault and set up a firmware password.

As always, these are just a few of the easiest ways to break into a Mac. Do you know of any others? Share them with us in the comments (don't forget to share their weaknesses, too, so we know how to protect ourselves from them).

No comments:

Post a Comment

[Please do not advertise, or post irrelevant links. Thank you for your cooperation.]