Unreasonable Limit on Open Firmware Passwords

Lawrence Person writes "Well, this has to be one of the stranger bugs in recent memory: 'If you used Open Firmware Password utility to create a password that contains the capital letter "U", your password will not be recognized during the startup process.' Straight from the mothership. I'm guessing that not too many people use Open Firmware Passwords, but it's a very nasty bug for those who do. Props to the always great As The Apple Turns for pointing this one out."

Care to speculate?

[Johnny+Mnemonic]

I saw this too. Anyone care to take a stab at why this might possibly be? Something to do with the bytecode of that particular letter?

Re:Care to speculate?

[setzman]

Could it be the following (copied from here),

When turned on, Open Firmware Password Protection:

* blocks the ability to use the "C" key to start up from a CD-ROM disc.
* blocks the ability to use the "N" key to start up from a NetBoot server.
* blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).
* blocks the ability to start up in Verbose mode by pressing the Command-V key combination during startup.
* block the ability to start up a system in Single-user mode by depressing the Command-S key combination during startup.
* blocks a reset of Parameter RAM (PRAM) by pressing the Command-Option-P-R key combination during startup.
* requires the password to use the Startup Manager, accessed by pressing the Option key during startup (Figure 1).
* requires the password to enter commands after starting up in Open Firmware, which is done by depressing the Command-Option-O-F key combination during startup.

Doesn't mention the U key in the features list, but I'm going speculate that something in the keyboard handling code is buggy...

Re:Care to speculate?

[karmavore]

The original specification was probably written with a magic marker on a napkin. After the beer spilled the Command-V could have looked like a blob-U. Try testing the Command-V again.

Re:Care to speculate?

* blocks the ability to use the "C" key to start up from a CD-ROM disc.
* blocks the ability to use the "N" key to start up from a NetBoot server.
* blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).

Hmm... C, N, T .... Insert U somewhere in there, what can you spell? :-)

Re:Care to speculate?

[colinleroy]

U is ASCII 0x55 (85 dec), which is 01010101 in binary. Maybe.

Re:Care to speculate?

[TheRaven64]

What's a 4-letter word for a woman ending in "UNT?" :D

Aunt!

Re:Care to speculate?

[troc]

Hmm, so it blocks C, N and T. Well, add that U and you have a rude word :)

So there you are, that's why it's blocked.

Ok, so I admit that's not really a reason but it's an interesting coincidence :)

Troc

Re:Care to speculate?

Well, if it was ORed with it's similarly-curious opposite 10101010 (0xAA) then that would give 11111111 (0xFF). But then you have to wonder:

1. Why OR against something? Basic encryption?
2. Why didn't someone see this happening, especially when you're already picking something for the sake of it having unique BINARY qualities?
3. Why would 0xFF break things? A terminator of some kind? Shouldn't that be 0x00?

Re:Care to speculate?

[pajamacore]

U = 01010101

It's bound to be the alternating bit pattern.

Re:Care to speculate?

[skinfitz]

Anyone care to take a stab at why this might possibly be?

Probably to stop anyone using YOUSUCK as a password.

Obviously the programmers did not consider "l33t 5p33k"

Re:Care to speculate?

[wirelessbuzzers]

Hmm, so it blocks C, N and T. Well, add that U and you have a rude word :)

So there you are, that's why it's blocked.

One of my friends put a little game in his login script. The computer would give 3 letters, and he had to type a word that began with those letters. Then it would show the other possibilities.

One day, he was logged in from a public computer (in a library or something). The computer gave him CUN. He typed in CUNEIFORM. The computer immediately crashed. Apparently some sysadmin had set a netnanny type filter in it...

Re:Care to speculate?

[MikeXpop]

Aunt, Bunt, Dunt (southern only), Hunt, Punt, Runt, etc...

"Art, Bart, Cart, Dart, e-art... nope, nothing rhymes" - Homer

Enter password:

UR70457

....

Re:Enter password:

[NanoGator]

I don't get it. :(

Re:Enter password:

U=U
R=R
7=T
0=O
4=A
5=S
7=T

Re:Enter password:

[etymxris]

My best guess is:

UR70457 => You Are TOAST
URTOAST

Re:Enter password:

U=YOU
R=ARE

Re:Enter password:

U m34|\|:

URR374rD3d

Re:Enter password:

[NanoGator]

Oh.. duh. I get it now.

Glad I didn't translate that, woulda been charged with a DMCA violation.

hah!

[revmoo]

My trusty password "god" triumphs again!

Re:hah!

[RegularStormy:~] miller% ssh 146.35.3.123 -l revmoo
Enter password: god
Welcome to Darwin!
%

---

Thanks!

Slashdot's running on a Mac, right?

[NanoGator]

Hmm.. this explains why my STFU posts always disappear.

Speculation

[Mikey-San]

It sounds like this isn't a bug in Open Firmware (thankfully), but Apple's OF Password app. If so, we just need to wait for an update to the app, and can still set passwords with "U" manually.

Does anyone have more info regarding where this bug originates?

Re:Speculation

[gaelicwizard]

ummmm..... so how would you do it "manually"?

Re:Speculation

[Mikey-San]

Ask and ye shall receive.

http://www.securemac.com/openfirmwarepasswordpro te ction.php

Um...I figured out why 'U'

Note the linked article How to setup up password protection
Among other things, it:

blocks the ability to use the "C" key to start up from a CD-ROM disc.

blocks the ability to use the "N" key to start up from a NetBoot server.

blocks the ability to use the "T" key to start up in Target Disk Mode (on computers that offer this feature).

Posting this anonymously, since I don't want to be known as the one who figured this out.

I know nothing about Open Firmware, but:

[jazir1979]

Do you need your password to be accepted in order to change the password?

The "solution" in the article is to "change your password if necessary". But how do you change your password when your previous password is not accepted?

Re:I know nothing about Open Firmware, but:

[jazir1979]

My apologies..

The previous post explaining this bug could be in the OF App, and not OF itself probably explains this.

Can't spell 1234 with a "U"

[one9nine]

I pity the fool who has a wife or daughter named Ursila. :-(

Re:Can't spell 1234 with a "U"

[vonFinkelstien]

Or a favorite author named Ursula. "Light and darkness met, and joined, and were one." -- A WIZARD OF EARTHSEA

careful, now

[Tumbleweed]

That may be Praetorian code. I wouldn't mess with it.

Re:careful, now

Great Mozart's Ghost!

Blame SCO.

[FFFish]

They're the ones that want to claim copyright on that letter, so that talking about *nix requires paying a licensing fee.

It also means we can't call them a b*nch of motherf*cking f*ckwits, which is a real shame.

Re:Blame SCO.

[dwightk]

nah... you can call them that as long as you don't call them

"a bUnch of motherfUcking fUckwits"

Re:Alrighty men..

[YouHaveSnail]

No, wait. This is Apple, not Microsoft. Bugs like this are acknowledged, with workarounds and/or patches supplied quickly, and this gives the company character and credibility.

The solution would be

[coolmacdude]

to just reset the password. Easily accomplished.

Re:The solution would be

[coolmacdude]

Why was my post modded overrated? I'm serious. All you have to do is take out or install new ram, (basically just change the amount of ram in the machine) and then reset the PRAM 3 times. That clears the Open Firmware password.

Re:The solution would be

[tuxedobob]

I'm guessing because it wasn't that informative? Eh, I'm seeing it as a score 4 anyway. I think I have a bonus to informative posts, though.

Re:The solution would be

[Oculus+Habent]

You don't even need to do that. You can simply change it with the program, unless you don't know it. The issue is at boot, not from inside the OS.

Re:The solution would be

[coolmacdude]

Right. But if you run into this boot issue you will need to do this, as you won't be able to start up your computer to run the program.

Re:The solution would be

[slyborg]

Is this true? If so, it makes setting the password useful just for keeping out casual interlopers, it's of no use in protecting data in a stolen laptop.

I guess gpg/pgp is the way to go, huh? Actually, I've been using the encrypted disk image idea. I put my sensitive data into one

Here's a good tutorial:

http://osxfaq.com/Tutorials/disk-images/index.ws

Re:The solution would be

[coolmacdude]

s this true? If so, it makes setting the password useful just for keeping out casual interlopers, it's of no use in protecting data in a stolen laptop.

There has never been a solution to prevent that. It is impossible to secure a machine from anyone that has physical access to it.

Re:The solution would be

[Oculus+Habent]

You can still boot, you just can't use any of the normal boot circumvention functions - CD-ROM, NetBoot, Target Disk Mode, Verbose, Single-user, Startup Manager, or Open Firmware.

It's noted in another KB article linked from the one referenced. You also can't reset the PRAM with the password set, though I can't speak to how the changing the RAM might affect that.

Re:The solution would be

[coolmacdude]

Would you expect Apple to post a KB article detailing how to disable the password? No.

Re:The solution would be

[shawnce]

Well you can use strong encryption to protect critical data even in the case of lost physical security (which you are correct about).

In Mac OS X 10.3 you will have the ability to have your home folder encrypted (using AES-128). Other OSes have similar features. ...of course given time even strong encryption will fail you.

Re:The solution would be

There's a mode that requires the password every time you boot. You have to use the OF command line to get into that mode--you can't do it from the GUI or anything--but the securemac.com article referenced above explains it.

Re:Alrighty men..

[HiredMan]

Microsofy story of the day - yet another hole that will get you owned that we're disclosing and patching after years of vulnerability.

Apple story of the day - bug disallows a certain character in little used Openfirmware password.

Slashdot spin - both platforms have bugs. Fair and Balanced - Slashdot News! ;)

=tkk

Re:Alrighty men..

Yeah, a bug in a feature that hardly anybody uses and affects only the local machine is a REAL SHOW-STOPPER.

I better call my mom and tell her to PATCH THAT IMAC ASAP OR THE BLASTER WORM IS GOING TO READ ALL HER APPLE PIE RECIPES!

I'm selling my powerbook RIGHT NOW and getting TEH SW33333T W1ND0WS L4PT()P! WINDOWS IS THE MOST SECURE OS ON TEH PL4NET U CAN USE ANY LETTER IN TEH APHLABLET IN YOU PASSWROD!!#####~!! MY PASSWROD = UUUUUUUU Take that M4C F4|\|B()YZ!

Re:Alrighty men..

[zpok]

I'm with him, this is cute and my machine does have character, don't you boy couchycouchycooooo!

Damn shame can't use my pitchfork on this though, just subscribed and got my whole \. set: tin foil hat, pitchfork, a gazzilion distro's and the SCO phone numbers...

Isn't it obvious?

[the+darn]

This is clear evidence that despite its user-friendly appearance, deep down, Apple hates U.

Re:Alrighty men..

[NanoGator]

"ready PITCHFORKS!"

I hate when satirical expressions on typical slashdotian responses is modded as troll. Lighten up!

Re:Alrighty men..

I think you need to lighten up about troll mods.

Re:Alrighty men..

[NanoGator]

"I think you need to lighten up about troll mods. "

Unfortunately these troll mods deter people from making creative humorous comments. You're supposed to according to the FAQ.

Chalk up another offtopic for me. Never mind that moderation is very much a part of any topic.

*annoyed*

Did anyone see the artnum?

[tuxedobob]

The article number for this was 107666. If that's not clear proof that Microsoft was somehow involved, I don't know what is.

Um, I need something for the 107 part...

Waiting to see if this gets modded flamebait or funny... ;-)

Re:Did anyone see the artnum?

[floydigus]

MS Access 2 had a similar problem with the space character.

Somehow, I wish I didn't know that.

Re:Did anyone see the artnum?

[bhtooefr]

How evil are Realtors(R)? Income Opportunity Realty Trust (IOT) is one choice.

Re:Did anyone see the artnum?

[bhtooefr]

I don't understand this one, but scroll down: apparently this lists some people in the Koran and Bible that are evil.

Re:Did anyone see the artnum?

[bhtooefr]

SHIT! I'm stupid! http://www.jewishpath.org/gematriaevil.html

Props?

[Alan+Partridge]

Are you some kind of fucking idiot savant?

Re:Alrighty men..

[TheRaven64]

ready PITCHFORKS!

You don't need to bother. Being based on FreeBSD, OS X comes with its own pitchforks.

This is why I hate geeks

[oni]

See, why does everything always have to be about U?
huh?

Stupid geeks!

Re:This is why I hate geeks

[DChristensen]

Honey, is that you?

(Or should that be "U"?)

Unicode

[semanticgap]

Somehow I suspect unicode support has something to do with this bug.

Re:Unicode

[Bombcar]

You may be right, according to the Samba Gods, Apple Unicode gargles "The Big One":

See This Thread on samba-technical about it.

Maybe...

[ebcdic]

Maybe control-U is meant to kill the input, but they used shift-U instead?

Obligatory reference

[druxton]

Since UNIX begins with U, all rights to this letter belong to SCO. Soon all your NIX will belong to them as well, and watch out you basketball team!

Re:Alrighty men..

[lullabud]

does "cute" also include the 8 character password limit throughout the rest of os X? because i don't see being unable to use the letter U on boot is nearly so much of a problem as os X only recognizing the first 8 characters of any given password, and neither of them actually are "cute". though, i still love os x the mostest!!!

Wonder about other OF computers

[downix]

I wonder if this problem exists in my Open Firmware based Pegasos machine.

Not just the U character

[rtm1]

This bug happens to other characters too. I once set an open firmware password with the character '{' in it, and OF wouldn't take it at boot time. The lowercase '[' worked fine though.

I think this is a problem with the Open Firmware Password application using a different character set than Open Firmware itself. So some characters you can type in the OF Password app you can't type in OF itself. Or maybe OF just doesn't like the shift key...

Re:Not just the U character

[domninus.DDR]

I dont see how '{' is uppercase and '[' is lowercase. Unless you mean that there is another, smaller version of '['? What's the key combo / unicode for that? ;)

Re:Not just the U character

[bhtooefr]

Press the key next to the P key: [. Now, press it with Shift: {.

Probably an easy solution for this question

The value $AA is used to "encrypt" the password in OF. Every letter in the password is obfusticated via XOR with this value.

'U' = $55 XOR $AA = $FF (and this is probably used as a end-of-password marker).

Re:Alrighty men..

[Anonvmous+Coward]

Asskisser.

Ouch

[Aqua+OS+X]

Ouch... this is a naaaasty little bug.

nreasonable Limit on Open Firmware Passwords

[yet+another+coward]

Just to be safe, I suggest changing the story title.

Re:Alrighty men..

This is mainly in the UNIX portions of X. Apps which use the proper GUI password input (which is the Authorization API in Security.framework) check the entire password.

Regardless of whether it contains a 'U'.

HA... oh, wait.

[c13v3rm0nk3y]

If I'd heard about this a few weeks back, I'd be so ready with the ol' Nelson "HA-HA!".

Unfortunately, I found a real old bug in our app on some UNIX boxes. It turns out that our implemention of getpass() was eating the letter "c" on some platforms.

So, the appropriate Simpson's reference is now:

D'oh!