rivassec/efi-bruteforce

# 🧬 efi-bruteforce Automated brute-force tool for EFI firmware passwords on legacy MacBook models. Powered by a Teensy microcontroller emulating USB keyboard input. ## ⚙️ Overview Some MacBook models (primarily pre-2018) allow many EFI password attempts at boot time before silent rate-limiting kicks in. This project uses a programmable HID device (Teensy) to simulate a human entering PIN guesses, automating the process in hardware. The sketch handles three failure modes the firmware uses against fast input: 1. **USB poll-rate dropping** — the firmware drops keystrokes sent faster than its polling interval. Fixed via `delay()` calls between `Keyboard.press()` and `Keyboard.release()`. 2. **Per-attempt rate-limiting** — the firmware throttles after each submission. Fixed via a longer delay after Enter. 3. **After-N silent ignore** — after a threshold of consecutive incorrect attempts, the firmware stops processing input until a power cycle. Fixed by power-cycling between batches and persisting the current PIN index across reboots. ## 🔩 Requirements - Basic hardware-hacking familiarity - **Teensy 3.2** or compatible microcontroller (e.g., Teensy LC, Pro Micro with Keyboard library — see community ports below) - Micro USB cable - Target MacBook with EFI password lock (pre-T2, e.g., 2012-2017) - [Teensyduino](https://www.pjrc.com/teensy/teensyduino.html) installed and configured ## 🚀 Setup 1. Clone this repo: git clone https://github.com/rivassec/efi-bruteforce cd efi-bruteforce 2. Open the `.ino` file in the Arduino IDE with Teensyduino enabled. 3. Flash the code to your Teensy 3.2. 4. Plug the Teensy into the locked MacBook and power it on. 5. The Teensy will begin simulating EFI password inputs using PIN-style sequences. ## 📁 Repo Structure efi-bruteforce/ ├── efi_bruteforce.ino # Main Arduino/Teensy script ├── README.md └── docs/ └── wiring_diagram.png # [Optional] Add your own visual guides here ## ⚠️ Legal & Ethical Notice This tool is intended for: - Security research - Digital forensics - Personal device recovery on hardware you own **Unauthorized use is a violation of law.** Only deploy against hardware you own or are explicitly authorized to access. ## 🧭 DevSecOps Perspective While not a traditional software-security project, this repo demonstrates: - Hardware-based attack automation - Rate-limit edge analysis - Cross-domain awareness across firmware, USB HID, and physical security For modern DevSecOps engineers, low-level tooling insight supports broader incident-response and security-architecture work. The same instincts — slow down, instrument, treat layered defenses as observable — port cleanly into cloud and CI/CD security. ## 🔄 Roadmap This project is feature-complete for its target hardware (pre-T2 MacBooks). No further development is planned. The repo is preserved for reference and forensic use cases. If you fork this for a new hardware target or password-prompt screen, please link back so the genealogy stays visible. ## 📜 License This project is released under the [MIT License](LICENSE).