Every Mac comes with a firmware password to prevent users from bypassing the OS X security. But if you want to boot to alternative modes, you have to disable to it. The easiest way to recover your Mac’s firmware password would be to launch Apple’s Firmware Password Utility. But if your recovery drive is missing or corrupted, there’s no way you can access this utility.
Mac owners with models from 2011 and later need to have their computers serviced to reclaim their passwords. However, people who own Macs from before 2011 and have admin access are lucky because they can retrieve their password using the pre-installed calculator. Macs manufactured before 2011 store firmware passwords as PRAM and hide them from plain sight.
A PRAM lacks complexity and easy to decipher. It only takes a few steps to break the code and get the firmware password. Three things you will need to retrieve the password include the Terminal utility, OS X calculator, and the text editor.
Remember, you need admin access to retrieve your firmware password. This is a precaution that secures your Mac from people who are trying to access your system.
Launch the Terminal and run the following code. Wait for the output.
The output will appear something like this. Remember, each Mac will have a different output. Count the number of percent (%) symbols on your output. In the example below, there are 8 percent symbols.
The percent symbols separate pairs of hex codes such as “fa” and “cb” in the example above. Each pair of hex codes makes one ASCII text character.
The OS X calculator can only handle 8 ASCII text characters at one time. If you happen to have more than 8 percent symbols, you have to divide the password with the following steps.
1. Copy the security password output and paste it on a text editor.
2. In the text editor, delete the percent symbols.
3. Using space or enter, separate the password in groups of 16 hex characters.
After separating the coded password in groups, launch the OS X calculator and switch to Programmer mode by hitting Command-3 or enabling it under the View menu.
Copy the first section of the coded password and paste it on the OS X calculator. The password’s binary equivalent will show up on the yellow green display below. Over at the bottom left, click the “ASCII” button to see the ASCII-text representation of your coded password.
You need to reverse your binary output starting with the first bit on the bottom left. This is done by clicking on every other bit corresponding 1 or 0. For example, “1010 0101” becomes “0000 1111” with the following clicks. Each click is highlighted as an example.
1010 0101 – click
0010 1101 – output
0010 1101 – click
0000 1111 – output
Every group of eight bits represent one ASCII character of the password and known as a “byte”. Consequently, four bits are collectively known as a “nibble” and represent a pair of hex characters. Each nibble can have 16 possible permutations.
Each time you finish eight bits, an ASCII character will show up on the calculator display. Continue doing this until you finish off a section of the binary output. Repeat Steps 3 to 6 until your entire firmware password is revealed.
There’s an alternative (and easier) method to retrieve your password via the calculator. It still requires administrative access. Because it allows easy retrieval of your firmware password, you should not give other people admin access to your Mac.
1. Input the password hex string on your OS X calculator.
2. Click the XOR button.
3. Consecutively type “A” characters to reveal your password.