Mac Password

Newer versions of Open Firmware password-protect your boot process. To make use of this functionality, you must be running Open Firmware version 4.1.7 or newer. You can find what version your machine is running by launching System Profiler and looking for the Boot ROM Version section. If you need to upgrade your Open Firmware, go to http://www.info.apple.com/ and search for the correct upgrade based on your platform. Alternatively, firmware updates are also available on your Mac OS X 10.2 installation CD.

After you have updated your machine, download the Open Firmware Password application from http://docs.info.apple.com/article.html?artnum= 120095 or install it from the Mac OS X 10.2 installation CD. This application allows you to password-protect certain functions of Open Firmware when the system is being booted, including

• Booting to CD-ROM, NetBoot, or a specific disk
• Booting in verbose mode
• Booting into single user mode
• Booting to the Open Firmware prompt (Command-Option-O-F at startup) and issuing commands

Figure 3.2 shows the Open Firmware Password utility in action. Be sure you use a difficult-to-guess password.

These functions are in a test environment, if a normal start automatically is desired, but booting on a CD would be carried out only by a malicious user. Unfortunately, many people like to a higher level of security password when booting simply would have up to the operating system. This functionality is similar to a POST password on a PC. Although Apple offer not a tool to configure a boot password, firmware is directly open support this concept.

NVRAM is a program on the Internet via the terminal program, the firmware shows the contents of the many open variables stored inside. Running you can view it as a normal user the public values and do not change the value. They run about sudo nvram prints a all private sections, such as your password, and allows the change of the open firmware content. The option-p prints the contents of the open firmware:

bash-2.05a$ sudo nvram -p
Password:
... a great deal of output...
security-mode command
... more output...
security-password %e8%cc%d2%cf%c1%c1

Rather than use the nvram command, a machine can be booted directly to the Open Firmware prompt. Pressing Command-Option-O-F as a machine is being booted, bypasses the normal boot process and provides you with a prompt that directly controls Open Firmware. The security mode can be reset to none by issuing the setenv security-mode none command at the Open Firmware prompt. printenv displays all Open Firmware variables. Typing reset-all reboots the host after resetting the password. For a complete discussion of Open Firmware commands, see Apple Tech Note 1061 at http://developer.apple.com/technotes/tn/tn1061.html.

Apple open firmware password application security mode is on command. This provides the functionality listed above. To the security mode to the original value that your computer ships with sudo nvram security mode = “none”. To activate all open firmware password protection activities, including booting on the standard media, to provide full security mode. This forces a user, wants a machine that access password to the normal operating system know open firmware to boot the. To set the password brute force unlikely to have a password, is easy to guess that and contains a variety of character set.

NOTE
The security password displayed by the nvram command is not a cryptographically secured password. The password is simply displayed in its hexadecimal representation. This is merely an obfuscation of the password, not actual protection. Be aware that a user with administrative privileges can easily decrypt this password and use it later without your knowledge.

Open firmware password protection does not warrant the host in a way contrary to, what you want to boot. An attacker who can open the computer can force reset a password. By adding or removing memory, the host in a mode where it is possible, will provide by pressing command-option-PR at boot time reset the PRAM. Once the PRAM is reset three times, the password protection. This trait in the open firmware architecture highlights the reason for physical locks on your hosts.

Also, a utility called FWSucker allows an attacker, once logged in to a host, to harvest the Open Firmware password. Even guest users can decrypt the password. FWSucker is available from http://www.msec.net/software/. Again, Open Firmware password protection must be treated as a tool in protecting your host, not absolute protection.

People who read this also read:

• How to reset admin password on Mac OS X
  If you have just bought a MacBook or iMac from a garage sale or inherited one from a family member and realized that they didn't give you the admin password, or you're just forgetful, this is how you reset the password....
• Reset Forgotten Administrator / User Password in Mac OS X
  Most computer power users have to remember passwords for several different accounts. From time to time, you may even forget something as simple as your OS X login password....
• Change your iPhone default username and password
  If I wanted to hack into your jailbroken or unlocked iPhone I could do so in under 2 seconds. All I have to do is use SSH to attempt to access your phone and enter the username: root and the password: alpine....
• Open iPod Mini
  If you need to learn how to open an iPod Mini you are probably having problems with it. You can save money by opening it yourself. The only other option you have is to send it to Apple, which will cost you money, or simply buy another iPod. Note that...
• Reset iPod Touch Password Code
  Do you want to reset the password code of your iPod touch? Well, iPod touch is an MP3 player which can hold apps, pictures, videos, games and podcasts. You can also access internet from your iPod touch....