Automated brute-force tool for EFI firmware passwords on legacy MacBook models. Powered by a Teensy microcontroller emulating USB keyboard input.
Some MacBook models (primarily pre-2018) allow unlimited EFI password attempts at boot time. This project uses a programmable HID device (Teensy) to simulate a human entering PIN guesses, automating the process in hardware.
- 🧠 Basic hardware hacking familiarity
- 🧱 Teensy 3.2 or compatible microcontroller (e.g., Teensy LC)
- 🔌 Micro USB cable
- 💻 Target MacBook with EFI password lock (pre-T2 chip, e.g., 2012–2017)
- 🧰 Teensyduino installed and configured
-
Clone this repo:
git clone https://github.com/rivassec/efi-bruteforce cd efi-bruteforce -
Open the
.inofile in the Arduino IDE with Teensyduino enabled. -
Flash the code to your Teensy 3.2.
-
Plug the Teensy into the locked MacBook and power it on.
-
The Teensy will begin simulating EFI password inputs using PIN-style sequences.
🕒 Brute-force speed and feasibility vary by device and firmware version.
efi-bruteforce/
├── efi_bruteforce.ino # Main Arduino/Teensy script
├── README.md
└── docs/
└── wiring_diagram.png # [Optional] Add your own visual guides here
This tool is intended for:
- Security research
- Digital forensics
- Personal device recovery
Unauthorized use is a violation of law.
Only deploy against hardware you own or are explicitly authorized to access.
While not a traditional software security project, this repo demonstrates:
- Hardware-based attack automation
- Brute-force detection testing methodology
- Cross-domain awareness (firmware, USB HID, and physical security)
For modern DevSecOps engineers, low-level tooling insight supports broader incident response and security architecture awareness.
- Add delay tuning to bypass boot timers
- Modularize input sequence logic
- Include rotary encoder / display feedback
- Document MacBook compatibility matrix
This project is released under the MIT License.
Coming soon: a short clip of the Teensy cycling through PINs on a locked MacBook Air.
This project was inspired by a real-world recovery scenario involving a locked MacBook Pro. The original research detailed the motivation, hardware decisions, and methodology behind this automation.
It documents:
- Why Teensy was chosen over Arduino
- How firmware behavior influenced delay tuning
- Ethical motivations for use on personally owned hardware
This script emerged from that exploratory work and was refined through open source contributions and testing.
This project was featured on Hackaday in 2013 for its exploration of EFI PIN brute-force mechanics on locked Apple hardware. While the original goal was personal data recovery, the write-up sparked discussion in the hardware and security research community.