Help! (Forgot Master password)

Have you tried changing or cracking the password via Single User Mode or the CLI?

A step-by-step explaination for the exploit is here.

(And shouldn't this be in Genius Bar?)

Phroggy, Placebo is talking about the master password, not the root password. The master password decrypts the other passwords used by FileVault.

Placebo is screwed basically because OS X can no longer read the home directories. Having not used FileVault, and not intending to use FileVault, I don't know of any way of killing FileVault without knowing the master password.

Barto

Ah, thanks, Barto, my bad.


(I haven't used FileVault yet, nor do I plan to; too many horror stories.)

How can anyone "forget" their own password, master or otherwise? Unless you just made a weird random series of letters and numbers like the bank does? In which case, you might should've written it down somewhere.

My password is a simple word, but a word that doesn't really exist because it came to me in a dream years and years ago. I woke up and said "what in the hell is a...".



I think the word you're looking for, Placebo, is "screwed". Apple makes it a point of saying in several places "if you lose or forget this, your data is gone forever" or words to that effect.

vieiriafairuzaloaf, Paul?

Ah, I see, Placebo.

Damn you, murbot!



That's NOT it...but it's better than mine!

decrypt = decode, break, crack, cryptanalyze, decipher

but it's probably 1337 like d3c0d3, or d3cryp7 etc.

Hmmm

Look, if i clone my hd onto a fw hd, then connect it to any other mac i can read all my files without any passwords...

That makes me think...

WHY IS THIS POSSIBLE? are permissions ignored on external hds?

or am i imagining things?

Yes! That is, if you want them to be:



Mind the 'ignore ownership' checkbox.

No sign yet of a larger HD, btw, keeping my fingers crossed.

der Kopf

YOU DIDN'T GET IT YET?!?!?!

i will dig up tracking # for you.
(probably tomorrow, as today i have to work...after work)


And back to ignoring ownership... It doesn't make too much sense, because...

What's the point of password protecting my stuff if someone can just make a copy of it and access it?
It should retain permissions, possibly with an option of changing them, but you would need your password for it.

Sorry Placebo, for hijacking your thread.

The operating system is what recognizes and respects permissions.

Your concern with security is kind of what prompted FileVault.

this is inherent in unix (and unix-like, probably other systems') security. the users on your computer are stored in a special database, on your computer. for example, lets say you have 1 user "piwozniak". under the scenes the OS translates the name into an ID, example 501. these IDs are only valid locally. so, when a file is owned by piwozniak, under the scenes, it's owned by 501; and in the dirty 1s and 0s of the OS' mind, piwozniak, his home directory, his password, everything, is just a extra information, directly associated with that ID. But, when you pull out the hd, and pop it into another computer not as the root (boot/startup) partition, the OS has to think about the permissions.

it says to itself, "i have a file here, owned by 501. i wonder if they mean 501 as defined in my set of users, or 501 by some foreign set of users. afterall, i can't be certain that my 501 aligns properly with this foreign disk's 501, i don't even know if i can access a user database on this disk. and if i could, i don't know if the user really wants me to. maybe i'll just ignore the permissions on this drive, and let the users run willy nilly all over the place. or, i could force all files owned by 501 to refer to my 501, and assume that they align. even if i have an ID 501, i don't know if the passwords will match up. i just hope i dont run into any IDs on this hd that i don't have in my database. o woe is me, the lowly OS."

OK

I understand.

i was thinking about it for the last 30 min, and it makes sense,
Even if a file's owner is a user,(not system) how can an OS compare that users' password to the original password? it would have to be attached to the file itself.

How about disallowing access to files on external volumes, if not owned by system?

That would prevent anyone from accessing my stuff.

Right, but then how would i access my own files from external HD?


Thanks guys as always.

Now that you've posted that to a world-readable board, change it.

There is an easy way to reset the master password on a mac. Visit
http://homepage.mac.com/bethanyoffic...20Corporation/ for instructions on how to reset a lot of passwords on a mac. I compiled it myself. IF you want' you can donate via PayPal for research on some of the matters that do not have answers. (I need another mac to test everything out on). Anyway, you will find how to reset the master password there.

Lomoco
Mac_Hack corporation
Mac_Hack.corp@yahoo.com

You are not required to donate though

I think you could also access all your data by booting from an external disk, with OS 9.

I already did this a long time ago, under Panther. Booting with OS 9 gave me access to all the #@$%?porn stuff another user left in his personal account, and I trashed everything Muhahahahaaa !

Hmmmm. Sounds like a bug

No, not at all. OS 9 and OS X both use the same disk format, HFS+. OS 9 simply ignores all of the permissions. This is normal. You can do this with any OS X disk to bypass the permissions completely.

Wow. I never knew that. Thanks for the info. That might come in handy later on.

This is sort of why having physical access to the hard drive is generally considered a bypass for all security on it, unless you use something like FileVault. This is the same thing that happens if you place the drive in an external enclosure, and do as der Kopf posted above.

What, MacHack Corp doesn't already publish this info??

Come-on! I am just getting started. I am just concentrating on password bypassing or resetting for now. I might publish that on my site later. You can contact mac_hack directly at mac_hack.corp@yahoo.com to make complaints and such.

I remember I was in a classic app not to long ago and while I was browsing for a folder, I came across the folder "var" and it was in italics. And of course everyone should know that "var" is what is considered a hidden Folder. (A folder name with a "." in front of it.) So I see what you mean.

So, How did it go? Were you able to reset the master password? You should have been able to.

Is FileVault currently active?

If it IS active, fat chance getting your master password.

If it is NOT active, I think it can be gotten easily.

So here is what I recommend:

1) Open "Keychain" and browse all of your saved passwords to see if any of those may have been the one you forget for your master password.

2) Try "" (a completely blank password) and "password" to see if you set it up like that when you set up your computer. It's unlikely -- but it's possible.

3) If all else fails; call Apple -- I'm sure they can help somehow.

Actually, if you just delete the file /Library/Keychains/FileVaultMaster.keychain, it will reset the master password as long as you don't have filevault on which this person doesn't. So Placebo is lucky in this case. OR oyu could go into terminal and type "sudo rm /Library/keychains/filevaultmaster.keychain" and your problem is solved.

You can't browse the filevault keychain without the master password.

Not true!!

IF the keychain is locked, you cannot browse it without the password. IF it is NOT locked, browse away. By default, it is not locked on start-up once it has been unlocked and quit.

Are you referring to the "FileVault" keychain, or the "login" Keychain? The "login" keychain is by default unlocked yes, but not the "FileVault" keychain. Go back and check.

I mean the FileVault keychain. Not the system one. oops

I meant the system keychain as in the application, "Keychain Access."

But my point was that maybe he used the same password that he used for the master password as another password and by browsing the list of stored other passwords, he would find the one that was his master password.

Or he could just reset it and make a new one instead of trying to recover it by browsing through keychains, hoping that he used the same one for something else. However, your suggestion is a good one and if he wants to use the same password, then I would recommend that too. And also to check key-logs to see if he typed it in plain text ever. (If he has a key-logger)

E-mail Changed! It is now Lomoco.MacHack@gmail.com

I am really confused, I put file vault on, stupidly and quite unnecessarily, and yes, have forgotten my password, it was some combination of parts of words and i cant find the exact one, I cant even really see what filevault is meant to be doing, other than slow my laptop use right down, I guess i can just backup my files and re install the os?

will that reset on mack hack work safely, with file vault on, and not destroy/lose any data?

Thankyou