How To Crack A Dmg Password

A dmg file is a compressed file structure, capable of containing folders, files, etc. Dmg files can be used for a variety of purposes, from encrypting a home directory (ie – FileVault) to encrypting a file structure manually. A dmg file can be encrypted fairly simply. From Disk Utility, create a dmg file by clicking on the File menu and selecting New and then Blank Disk Image. This will bring up a screen where you can provide a name for your home folder and a size, then select either AES 128 or AES 256, which is a bit slower.Go ahead and click on Create and then at the resultant password screen go ahead and provide a password to be used. And let’s just go ahead and uncheck the option to create an entry in Keychain for the password.If you would rather do so from the command line I covered how to do so in a previous post.Now let’s download Spartan, a tool built by Ryan Kubasiak. Now download a dictionary file. I just used one of these (and for expedience sake I paired down the contents to only have about 100 possible passwords, one of which was mine). Now go ahead and open Spartan, clicking on Go! at the splash screen.At the Choose a File screen, browse to and then select your password file, clicking Choose once you have done so. At the next Choose a File screen browse to and then select your dmg file which you would like to crack the password for. The password file will then be read into RAM and the password cracking will commence.According to the length of your password this could take a long, long time, but when it’s done you will have your password, assuming it was in the dictionary of passwords you used. Dictionary files can be downloaded from a variety of sources, some collections taking up gigabytes upon gigabytes of space and covering every possible keyboard combination. Therefore, the longer the password that you use and the more complex the password is, the longer it will take to break the encryption.“So, would your holiness care to change her password?” – The PlagueHow can I run a dictionary attack against a password-protected disk image file on OS X?

Feb 09, 2013  Biz & IT — How a security ninja cracked the password guarding his most valued assets What to do when you forget a critical password? Dmg finance and investments private limited. Call in the big guns, of course. Apr 20, 2018  If you don’t see the password hint show up, you should check if you set to show the password hints in the Login Options. To ensure that a password hint shows up in case you forget the password, simply navigate to System Preferences Users & Groups Login Options, then you log in and choose the box saying “show password hints”. Spartan At the Choose a File screen, browse to and then select your password file, clicking Choose once you have done so. At the next Choose a File screen browse to and then select your dmg file which you would like to crack the password for. The password file will then be read into RAM and the password cracking will commence. Jan 15, 2019  1Password DMG Cracked. Download 1Password 7.2.4 latest Mac release of the most powerful password manager application for mac which can create and remember secure passwords due to the integration with the Internet browser.It provides also the ability to store and manage the passwords of different sites and software’s. In fact, using 1Password 7 Full Mac Crack, you do not need to keep.


I created the disk image, but have forgotten the password. I'm pretty certain that the password I used would be short and not terribly fancy, so it should succumb to a brute-force attack pretty quickly, if I knew how to run one against it.
How To Crack A Dmg Passwordposted by alms to Computers & Internet (16 answers total) 1 user marked this as a favorite
you can open disk images with passwords using AppleScript. It won't be terribly quick, but it'll do the job.
posted by bonaldi at 3:04 PM on September 24, 2006

bonaldi, thanks for the pointer. That's very helpful.
The related question is whether there is an optimal way to generate passwords to throw at it. The 26 letters plus 10 digits gives almost three trillion passwords even at just 8 characters.
posted by alms at 3:24 PM on September 24, 2006

It depends on how well you can roughly guess what you made the password. If you only ever use english words, for instance, you can narrow it right down. There are english dictionaries out there you can patch in.
posted by bonaldi at 3:34 PM on September 24, 2006

Bonaldi, are you sure it is possible to open disk images with passwords using AppleScript? I've looked around trying to find out how to do that, and the only scripts I've found just invoke hdiutil, which as far as I can tell, wants to read a password from standard input.
posted by alms at 4:21 PM on September 24, 2006

alms, can't you redirect stdin using the less-than redirector? In other words:
hdiutil [whatever] -stdinpass < filewithpassword
I've not used hdituil from the command line with passwords, but I'm not sure why that wouldn't work. You still have to generate all the passwords, but you can pass 'em to hdiutil that way..
posted by delfuego at 4:28 PM on September 24, 2006

From the hdiutil man page:
-stdinpass
read a null-terminated passphrase from standard input. Ifthe standard input is a tty, the passphrase will be read with readpassphrase(3). -stdinpass replaces -passphrase though the latter is still supported for compatibility. Beware that the password will contain any newlines before the NULL. See the EXAMPLES section.
So you'd want to do something like this:
echo -n password hdiutil attach -mount -encryption -stdinpass - image.dmg
(This syntax may not quite be right, I'm piecing together a few examples.)
posted by Remy at 4:31 PM on September 24, 2006

The best password dictionaries I've seen are here (the specific one you'll probably want is here).
I don't know OS X well myself, but based on Remy's syntax above, once you have a dictionary file, a Bash script to try to find your password would be as follows.
posted by gsteff at 5:31 PM on September 24, 2006

OK, thanks to all for all of these pointers. I'm making progress. I've created a test image ('foobar.dmg') with the password FooBar. The following successfully mounts the image:

echo -n FooBar hdiutil attach -mount required -encryption -stdinpass ~/foobar.dmg

However, when try to use gsteff's shell script, the image does not attach correctly. (I've added another 'echo' to verify that the password FooBar is indeed being pulled out of the file. I also removed what I believe to be a spurious hyphen in the fourth line.)
Here's the script I'm using:

#!/bin/bash
for word in $(cat ~/passwordlist.txt grep -v '#')
do
echo $word
echo -n $word hdiutil attach -mount required -encryption -stdinpass ~/foobar.dmg
if [[ $? = 0 ]]
then
echo 'Password found!'
echo $word
exit 0
fi
done
echo 'password not found :('
exit 1

and the output is:

AGIP-NET
hdiutil: attach failed - Authentication error
AGPS-NET
hdiutil: attach failed - Authentication error
AGPS-WAN
hdiutil: attach failed - Authentication error
AGRI-FER
hdiutil: attach failed - Authentication error
FooBar
hdiutil: attach failed - Authentication error
AlpoCAN
hdiutil: attach failed - Authentication error
^Ccanceling..

Any thoughts?
posted by alms at 11:50 AM on September 25, 2006

I can't explain what you're seeing, because I get no problems at all using your script. I created a test image, I created a file with passwords, and I successfully mount the image as soon as the right password comes up in the iteration through the file.
What is the format of your password file? What are the line endings? Is it possible that you're passing an invisible line-ending character in as the final character of your password? My password file is using LF line endings (not CRLF); that might be the difference.
posted by delfuego at 12:57 PM on September 25, 2006

Yeah, it appears that the dict file I linked to uses DOS style endings. You can convert those on the fly to unix style by changing line 4 to this:
for word in $(cat ~/passwordlist.txt sed -e 's/.$//' grep -v '#')
posted by gsteff at 1:58 PM on September 25, 2006

How To Crack A Password Protected Dmg File

Line 2! Not line 4!
posted by gsteff at 2:00 PM on September 25, 2006

Yay, success!
At least with the test case, that is. So now I get to try running it against my image, with some much larger password files.
Last question: how do I rewrite line 5 to remove the 'echo'. I don't want to take the time for the output. Just removing the 'echo -n' did not work. (of course, I'll kill line 4 altogether).
Thanks again for this group effort. I'll report back about the ultimate success.
posted by alms at 4:10 PM on September 25, 2006

I don't understand -- you want to remove the echo that's providing the password via stdin to hdiutil? You can't, because, well.. it's providing the password to hdiutil.
posted by delfuego at 5:23 PM on September 25, 2006

No, hdiutil spits out an error message of its own each time, alms wants to get rid of that. Try appending '&> /dev/null' onto the end of the hdiutil command.
posted by gsteff at 5:37 PM on September 25, 2006

Try appending '&> /dev/null' onto the end of the hdiutil command.
Yep, that worked, thanks.
posted by alms at 6:17 PM on September 25, 2006

I knew I had to be misreading that, alms -- glad you got it working the way you want!
posted by delfuego at 6:28 PM on September 25, 2006
Crack
« Older Avoiding cross cultural gaffes Good information about plague doctor attire? Newer »
This thread is closed to new comments.

How To Crack A Dmg Password On Iphone


How To Crack Admin Password Hack

Tried to torrent a show, ended up with malware..May 18, 2014
Looking for a community/forum where I can learn..December 18, 2011
New Mac SetupApril 17, 2009
Good emulators for OS X Intel?March 11, 2008
What is the best graphic design freeware/shareware..August 18, 2006
Comments are closed.