A multi-threaded password cracker for Mac OS X Lion.
Does it work on Mountain Lion?
Nope. Mountain Lion uses key stretching (PDKDF2) to increase the amount of time it takes to generate your encrypted password. In my tests, Dave went from about 300,000 guesses per second on Lion to about 30 on Mountain Lion. It's even super easy for Apple to adjust the compute time as computers get faster! So, no... Dave Grohl fears the Mountain Lion.
Keep in mind, this doesn't really make your computer more secure! It just makes it harder for the forces of evil to get your password. Dave has never been a good tool for breaking into user accounts. Brute-force password crackers are good for testing the strength of passwords, not computers. It's always been much easier to just bypass the password, than to crack it.
How do I use it?
Download it and open the Terminal app. cd into the downloaded folder.
If you like, ls to see what's in the DaveGrohl folder. There should be the actual program 'dave' and the 'wordlists' folder. DaveGrohl comes with two wordlists, but you can throw as many "plain text" wordlists in the wordlists folder and dave will run through them all. Here is an excellent wordlist collection.
Type 'sudo ./dave -u username' to do the standard brute-force attack. The username can be any user on your Mac, but the password you type must be your own admin password.
By default, on a dual-core Mac, dave will start a dictionary attack on one processor and an incremental attack on the other. The default character set for the incremental attack is the lower-case alphabet and numbers. You can specify your own custom set with the '-c' flag. If you've seen the person type their password, you can likely narrow down the characters that may be in their password and this will greatly speed up the incremental attack.
Dave Grohl can also extract a user's password hash so that it may be cracked with another popular password cracker like John the Ripper. (Your version of John may not yet support SHA512) Or maybe even your own custom made cracker that perhaps runs different incremental attacks on the CPU & GPU at once?! (if so, please send me a copy)
Why is it named 'Dave Grohl'? Isn't he the singer of Motorhead?
This is why.
Where does my Mac keep my password?
For Lion, it's in your user profile. Your user profile is located at /private/var/db/dslocal/nodes/Default/users/myuser.plist. This is a fancy binary XML file that stores info about your user including your encrypted password. Inside the profile, there is a field called 'ShadowHashData' which is just raw bytes of data that look like:
The password hash is the darker text. The first 4 bytes is the salt. The next 64 bytes is the SHA-512 encryted password. BTW, this is just for a fresh install of Lion. The ShadowHashData for Lion Server or Lion with SMB turned on looks a wee different.
You are stupid and I would like to email you to inform you how stupid you are...
Sure! I love email! youarestupid@davegrohl.org