If you need to set it programmatically
Originally reverse-engineered by Gavin Brock in 2007 (original website is down, but copy preserved in archive.org), and then repeated multiple times, most recently in tart MacOS sequoia image. Cheers to backwards-compatible XOR security!
Here's my attempt at making it into a perl oneliner:
PASS=newpassword
perl -e '$a=$ARGV[0]; use POSIX; $l=ceil(length($a)/12)*12; $s=unpack("u","+?8E2(]*\\W>JCN1\\`"); $k=substr($s x $l,0,$l); print $a ^. $k' "$PASS" | sudo tee -a /etc/kcpassword
In more readable format:
use POSIX
$a=$ARGV[0]
$l=ceil(length($a)/12)*12
$s=unpack("u","+?8E2(]*\\W>JCN1\\`")
$k=substr($s x $l,0,$l)
print $a ^. $k
-
$a
is your password, taken from first argument -
$l
is its length, padded to nearest multiple of 12 (11->12, 12->12, 13->24, 14->24, etc) -
$s
is Apple's secret string -
$k
is encryption key - secret string, repeated as necessary and truncated to length$l
-
Last line performs bitwise XOR between your password
$a
and encryption key$k
Note that according to perlop, ^.
operator, when applied to strings,
implicitly appends zero characters to it.
If it's not good enough for you, you can always append zero bytes to the end of $a
,
like this: $a=pack("Z" . $l, $a)
.
However note that in order for autologin to work, your user isn't required to have password set!
To autologin a user without password set,
simply write this string to /etc/kcpassword
file:
}-1-2-3-4-5-
First character is zero character XORed with first character of the Apple secret string, follower by any 11 characters