Kon-boot allows you to bypass passwords for Mac and Windows?

It this for real?? It’s this easy to by-pass login for Mac and Windows?

https://kon-boot.com/

I saw it from this guy…

Well if you think about your hardware without the OS, it’s just a CPU and a storage platform for data. If someone writes a tool that operates like an OS (taking user control actions) and reads the data from the disk, then there is no requirement to enforce user access methods like Windows or MacOS passwords. That is probably what this tool does, but I am unwilling to pay money to find out because it seems pretty sketch.

On the other hand, we have solutions for this. Whole disk encryption will totally prevent this problem. If you don’t know the disk password, you’re not reading the data, and if you can’t read the data, you’re not getting access. (Mind you, nothing stops someone with hardware access from wiping all your data, even if they can’t read it.)

MacOS also has user level encryption, based on the user’s password. I believe it’s called file vault? (As always, I am NOT a Mac user.) So while they could get into your account, without knowing the password, they’re not supposed to be able to get into your file vault.

Windows has whole disk encryption for Pro and Enterprise users called BitLocker.

I think VeraCrypt provides whole disk encryption for many platforms.

3 Likes

Looks pretty cool and might be useful for some. I agree though that if you have physical access to the machine and no full disk encryption then it probably doesn’t give you any more access to data on the device, but it’s a whole lot easier with this.

I think FDE would stop it, but cool nevertheless.

1 Like

Used tools similar to this professionally for years when I was doing field work. Passcape was usually my go-to. Pretty easy to mitigate now though, just encrypt your OS disk.

1 Like

Same here, I used Hirens for a long time for Windows. Still works on local account in Windows 10 but not for Microsoft accounts.
Its remarkably easy to change the password for Windows unless the disk is encrypted then all you can do is wipe it. There are also tools out there that won’t even let you wipe it till you run the HDD manufacturers tools to remove part of the encryption that allows you to even wipe it.

1 Like

Okay, so nothing for me to worry about with this as long as I have the entire disk encrypted, which I do with Filevault. Thanks.

2 Likes