What software can I use to decrypt a Mac OS X password hash?

I recently fired up an old Mac Mini that I haven't used for years, and found that I forgot the admin account password.

I managed to get the password hash, but have hit various snags when following guides on decrypting this. (e.g. zip utility crashes when trying to open the downloaded 'John the Ripper' utility zip file).

Can anyone recommend a hash decrypter? Windows or OS X is fine. The password itself will be some simple short thing that is only slightly better than nothing.

account username: admn password hash: 6646e657f86732f846bb44f66e0add96e2a48c6e

mackenir

Posted 2012-01-31T14:14:23.940

Reputation: 1

This is a 160 bit hash, might be SHA-1. There is no way to decrypt a hash, since its domain (all possible passwords) is larger than its image (the possible hash values). You can only generate the same hash from given input (i.e. brute force it), and hope you get the same result. Which is difficult when the hash is salted. I'd say your approach is flawed. Just boot into single user mode or from an OS X DVD and reset the password.

– Daniel Beck – 2012-01-31T14:23:13.030

Thanks @Daniel - actually I tried following a guide to reset the password, but found that the 'passwd' command simply returned without letting me enter a new password. I no longer have the OSX disk - in extremis I will put out a request for one at work. – mackenir – 2012-01-31T17:18:15.643

"There is no way to decrypt a hash" however it does seem to be possible to brute-force a OSX password hash. If you google doing it, you hit various webpages. Someone wrote a python script to do it, although when I tried that it didnt work either, due to missing imports. – mackenir – 2012-01-31T17:19:51.930

Answers

If you just want to get into your Mac, restart it from the System Restore DVD that should have come with it, or a Mac OS X install DVD (by holding down the C key at startup). Then, one of the options under the 'Utilities' menu should allow you to reset your administrator password. Full, official Apple instructions here

Scott

Posted 2012-01-31T14:14:23.940

Reputation: 5 323

I no longer have the CD/DVD. – mackenir – 2012-01-31T17:20:32.413

Macs are based on Unix. If you are just trying to get a password, why don't you use something like a "System Rescue CD" which will allow you to change passwords of any machines utilizing a linux based kernel? That's how I change all passwords.

You can also try booting into single user mode. Actually, to simplify this, here's a guide that can explain this process:

If you don’t have admin access, boot the computer into Single-User Mode by holding CMD+S on startup, mount the drive, and type the command:
/sbin/mount -uw /
Followed by:
launchctl load
/System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
And finally:
passwd
Then, enter your new root password when prompted twice. After the password has been reset, type:
restart
And hit return/enter.

Ethabelle

Posted 2012-01-31T14:14:23.940

Reputation: 910

Mac OS X is not based on Linux, it's Mach & NeXTSTEP. But either way, you cannot retrieve the passwords themselves, only the hashes, which aren't very useful; it's easier to just change the password as described in the HackMac article. – user1686 – 2012-01-31T14:54:38.627

1... I said it's based on UNIX. You can use a LINUX KERNAL to retrieve the password. Just like on a Windows machine I use a LINUX KERNAL to mount the HD and change passwords, the same can be done for a MAC, which is essentially what you're doing in Single User Mode. – Ethabelle – 2012-01-31T14:55:43.900

While OS X is based on UNIX, it uses a unique format for storing user passwords; unless you have OS X-specific tools on your Linux CD, it won't be very useful. – Gordon Davisson – 2012-01-31T18:49:38.990

Actually that's a guide that I tried using - didnt work due to the 'passwd' command doing nothing.

But I see it mentions a hash cracking tool that might work. – mackenir – 2012-02-01T13:39:24.050

@mackenir Interesting. The only other route I could think to go is to create a new Admin account which would still be way easier than attempting to break a hash ----- Line 1: mount -uw / (there is a space between -uw and the /) Line 2: rm /var/db/.applesetupdone (there is no space between db/.applesetupdone) Line 3: shutdown -h now (reboot will also work) -- source: http://alittlepieceoftech.wordpress.com/2011/04/21/hackbit-hack-a-mac/

– Ethabelle – 2012-02-01T14:49:40.677