{"id":21222325,"url":"https://github.com/evanwieland/brute","last_synced_at":"2025-04-13T23:03:28.375Z","repository":{"id":122491222,"uuid":"330272701","full_name":"EvanWieland/brute","owner":"EvanWieland","description":"🐗    Perform brute force attacks on encrypted HFS+ drives.","archived":false,"fork":false,"pushed_at":"2021-02-09T16:16:43.000Z","size":12,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-27T13:13:03.625Z","etag":null,"topics":["brute-force","encryption","hfs","macos","osx"],"latest_commit_sha":null,"homepage":"https://bitsmithy.io","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EvanWieland.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-16T22:48:02.000Z","updated_at":"2025-01-26T09:57:57.000Z","dependencies_parsed_at":null,"dependency_job_id":"96fd8e1a-c7ba-4091-9125-55a81cf8418d","html_url":"https://github.com/EvanWieland/brute","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvanWieland%2Fbrute","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvanWieland%2Fbrute/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvanWieland%2Fbrute/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EvanWieland%2Fbrute/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EvanWieland","download_url":"https://codeload.github.com/EvanWieland/brute/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248794565,"owners_count":21162614,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brute-force","encryption","hfs","macos","osx"],"created_at":"2024-11-20T22:43:19.361Z","updated_at":"2025-04-13T23:03:28.341Z","avatar_url":"https://github.com/EvanWieland.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003e🐗 Brute\u003c/h1\u003e\n\u003cp align=\"center\"\u003eCommand line tool for performing brute-force attacks on encrypted HFS+ drives. A Mac is required to run.\u003c/p\u003e\n\u003cp align=\"center\"\u003e\u003c/p\u003e\n\u003c/p\u003e\n\n## Installation\n\n### Homebrew\n\n```console\n$ brew tap evanwieland/homebrew-brute\n$ brew install brute\n```\n\n### Manual installation\n\n```console\n$ git clone https://github.com/evanwieland/brute \u0026\u0026 cd brute\n$ export PATH=\"$PATH:/path/to/dir\"\n$ chmod +x brute\n```\n[Crunch](https://sourceforge.net/projects/crunch-wordlist/) and [GNU Parallel](https://www.gnu.org/software/parallel/) are requirements that will also need to be installed manually.\n\n## Usage\n\n```console \n$ sudo brute [drive uuid] [crunch arguments]\n```\n\n\u003e IMPORTANT: sudo is required to run Brute. This is due to the `diskutil coreStorage unlockVolume` command being used. If sudo is not used, only 100 attempts to unlock the drive can be made and the machine will need to be restarted.\n\n### Drive UUID\n\nTo get your drive UUID, mount the drive and run:\n\n```console \n$ diskutil list\n```\n\nThe UUID will have the format: ########-####-####-####-############\n\n### Crunch\n\nBrute uses Crunch to generate a wordlist. You can learn more on how to set the crunch arguments by reading [this tutorial](https://null-byte.wonderhowto.com/how-to/tutorial-create-wordlists-with-crunch-0165931/) or the [Crunch man page](http://manpages.ubuntu.com/manpages/bionic/man1/crunch.1.html).\n\n## Example\n\nBelow demonstrates unlocking a drive with the password \"fun\". Obviously, this is an idealized attack and would usually take many, many more attempts.\n```sh\n$ sudo brute 8A2B552D-1E7F-4089-AA1E-0B709C05D21F 3 3 nfu\n\nCrunch will now generate the following amount of data: 108 bytes\n0 MB\n0 GB\n0 TB\n0 PB\nCrunch will now generate the following number of lines: 27 \n[1] nnn\n[2] nnf\n[3] nnu\n[4] nfn\n[5] nff\n[6] nfu\n[7] nun\n[8] nuf\n[9] nuu\n[10] fnn\n[11] fnf\n[12] fnu\n[13] ffn\n[14] fff\nparallel: This job succeeded:\ncast 16\n[15] ffu\n[16] fun\n[MATCH] fun\n[17] fuf\n[18] fuu\n[19] unn\n************************\nPassword found: fun\n************************\n```\n\n## Making the attack safer and quicker\nTo help reduce I/O overhead and wear and tear on the encrypted drive, it is possible to clone the drive to the local drive in order to perform the attack. The steps are as follows:\n\n1. Mount the encrypted drive drive.\n\n2. Run `$ diskutil list` to get the drive identifier.\n\n3. Clone the drive by running `$ sudo dd if=/dev/disk\u003cYOUR_DRIVE_ID\u003e of=Desktop/victim.dmg  bs=2048 conv=sync,notrunc`.\n\n4. To eject the encrypted drive, run `$ diskutil eject /dev/disk\u003cYOUR_DRIVE_ID\u003e`.\n\n5. Mount the cloned drive by running `$ hdiutil attach -noverify -nomount ~/Desktop/victim.dmg`.\n\n## Citation\n* [Crunch](https://sourceforge.net/projects/crunch-wordlist/) is used for generating wordlists.\n* [GNU Parallel](https://www.gnu.org/software/parallel/) is used for task parallelization.\n\n## Contribution\nIf you would like to contribute, submit an issue and/or send a PR.\n\n## License\nMIT License\n\nCopyright (c) 2021 [Evan Wieland](https://bitsmithy.io)\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevanwieland%2Fbrute","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fevanwieland%2Fbrute","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fevanwieland%2Fbrute/lists"}