Jump to content

Bypass/Erase Open Firmware Password

Chuck Waggon
 Share
16 posts in this topic

Recommended Posts

Chuck Waggon
Chuck Waggon
Posted
Posted

Hi all,

 

I work for a non-profit organization for the blind, we accept donation computers and refurbish them for sale. Most of the gear is PC based from businesses, but we got a load of eMac G4 machines from an art school. They are loaded with software and setup with user and administrator accounts. Legally we are contracted to wipe these drives before we can scrap or refurbish them.

 

The machines have been set with Open Firmware password, we've tried every key command known to man, none of them work. Clearing PRAM, Single User Mode, boot to CD, none of it works. We don't have an OSX disc, and since the password is set, that only leaves me with the labor intensive process of removing each drive manually from the machine and wiping it, then replacing the drive and rebuilding the machine. A process I do not look forward to since it's something none of my visually impaired co-workers can help with.

 

Inquiries made at the local Apple Store were met with haughty dismissals and sales attempts. When we finally got through to the pierced and gelled young man that we needed an answer, not a new MacBook, the resident 'genius' could only tell us we needed to hold C to boot to a disc. And then tried to sell us a new Mac.

 

Any help you can give would be appreciated. Is there any way to make that boot time lock disappear so I can boot to CD? Is there any way to wipe the drives without having to remove them physically? The thought of physically dismantling and reassembling 20 emacs is not pleasant...

 

 

Thanks!

Link to comment
Share on other sites
Chuck Waggon
Chuck Waggon
Posted
  • Author
Posted

Thanks for the quick reply! However, I also found this solution about a week ago, plus a variant which called for erasing the PRAM (command option p r). This still isn't working. I went from 256MB ram, booted, shut down, installed another 256MB of ram, still the dreaded lock appears when trying to choose startup disk. Can't erase PRAM, you can hold command option p r and it will ignore, and just boot to the desktop.

 

Any other thoughts?

Link to comment
Share on other sites
SticMAC™
SticMAC™
Posted
Posted

 

For those to lazy to read:

"This password is deadly serious and unhackable, and there's no back door. If you forget the Open Firmware password, you can't change the startup disk ever again. Even Apple can't help you out of that situation."

 

reply:

"The Open Firmware Password will be reset if a user changes the amount of the physical memory in the machine and reboots." So, the big scawy password can be reset by swapping out some RAM? Not exactly "deadly serious and unhackable" for anyone armed with a screwdriver."

 

 

 

 

:):D:P:hysterical::hysterical:

 

 

Glad to see some Techies have a sense of humor!

Link to comment
Share on other sites
U.C.
U.C.
Posted
Posted

The Open Firmware Password will be reset if a user changes the amount of the physical memory in the machine and reboots.

 

IE Change the amount of RAM (Memory) in the machine

Link to comment
Share on other sites
U.C.
U.C.
Posted
Posted

This is supposed to work. It is from the Apple Support website.

 

Here are a few other solutions.

# Reduce the amount of memory your computer uses, or “remove” a RAM stick in software by editing what Open Firmware sees on the logic board.

# Reset Open Firmware to resolve general hardware issues. Enter Open Firmware with CMD-OPT-O-F after a restart and then type in reset-nvram then set-defaults and, finally, reset-all to restart the computer.

# Disabling the password protection can be done with Apple's provided utility or by booting into Open Firmware (as before), typing setenv security-mode none, entering your password, and then rebooting the computer with reset-all.

 

Also the password is stored in NVRAM, so removing the battery/power wont have any effect.

 

If you can boot the machine, there is a simple OSX way to decode the password.

Link to comment
Share on other sites
Chuck Waggon
Chuck Waggon
Posted
  • Author
Posted

I can boot into the command line if I hold the power button down through boot up process. But you need to know the password to change security or do anything. I also tried FWSucker, which gives a long text with the passwords obscured, there may be a way to decode from this, but I don't know how.

 

Thanks for all your help guys!

Link to comment
Share on other sites
U.C.
U.C.
Posted
Posted

If you can boot into command line, then it is simple.

 

Type in this.

 

sudo nvram security-mode="none"

 

 

Though I am sure FWSucker should work. I dont have a OpenFW Mac so I cant test it for ya, but I doubt it can be too tough.

Link to comment
Share on other sites
Chuck Waggon
Chuck Waggon
Posted
  • Author
Posted

Yeah Fwsucker won't work on this version of OSX 10.4.10. I've been changing the memory up and down in size, nothing's working. I can't do anything in open firmware because I don't know the password.

 

What was the OSX method you referred to in your last post, I can boot the machine no problem.

Link to comment
Share on other sites
U.C.
U.C.
Posted
Posted

Start terminal

 

type in

 

sudo nvram -p

 

and save the output to a text file n send it to me. I will decrypt password n send back to you.

Link to comment
Share on other sites
Chuck Waggon
Chuck Waggon
Posted
  • Author
Posted

Still getting challenged for the password when trying the sudo commands from booting into the command line, and also when booted into the OS, using Terminal.

 

I'm about to use this big crowbar we keep around here to fix the problem for good...

Link to comment
Share on other sites
  • 3 weeks later...
Chuck Waggon
Chuck Waggon
Posted
  • Author
Posted

Fixed it. The trick is to use the command and option keys on the right side of the keyboard. That's the only thing I'm doing different and now it's working. Unbelievable. So, here's the process I am using now:

 

1. Take a stick of ram out of the machine.

 

2. Start up the machine holding command option p r on the right side of the keyboard.

 

3. Let the machine reboot 3 times. You can tell because the mouse will light up with each boot cycle. You should not see anything on the display, the power light was solid for me the whole time.

 

4. After a few boot cycles, hold the Option key only. Now you should get the boot menu, not the lock! Hit eject, pop in your boot CD and you are off. You can also reboot and go into Single User mode and use the admin hack to make a new account.

 

Hope this works for you!

Link to comment
Share on other sites
hjay
hjay
Posted
Posted
4. After a few boot cycles, hold the Option key only. Now you should get the boot menu, not the lock! Hit eject, pop in your boot CD and you are off. You can also reboot and go into Single User mode and use the admin hack to make a new account.

 

Hope this works for you!

 

Almost.....

 

But after doing the cycles and then starting up with option key, I get a screen with two buttons - a kind of refresh symbol? (curvy arrow), and a straight right arrow. Unfortunately I can't click either of them as a wristwatch pointer is just clocking round endlessly.

 

Is this the 'boot' screen?

 

I couldn't just 'pop in' a boot CD as I don't know how to hit EJECT on the keyboard. There doesn't seem to be an eject button anywhere? But I opened the tray by restarting holding down the mouse, and then when inserted, tried restarting holding down (first try) the C key, and then (second try) the option key.

 

Neither appear to give me any boot screen, but then I don't know what a boot screen should look like? Restart + C does nothing. Restart + option gets the two arrows and the endless clocking watch again.

 

A step forward....I have at least got rid of the padlock! But no idea where to go next.

 

oh...G5 1.6, trying to install Panther.

 

Hugh

Link to comment
Share on other sites
  • 2 weeks later...
 Share
Go to topic listing
×
×
  • Create New...