Skip to content
Branch: master
Find file History
russellhancox Update
As pointed out in #55, the non-encrypted case doesn't work on 10.11.
Latest commit 0673547 Mar 8, 2016
Type Name Latest commit message Commit time
Failed to load latest commit information.
Makefile Update Mar 8, 2016
fdeadduser.m Remove testing CFShow calls Nov 14, 2014
postinstall Update macdestroyer for 10.11 Jun 18, 2015


macdestroyer is a simple package that attempts to render the target machine unbootable. It works best with FileVault 2 encrypted volumes.

As OS X 10.9+ removed the ability to add a user to FileVault without providing a password or recovery key, the package includes a tiny utility to add users to the FileVault2-enabled users list. This relies on what is probably a bug in libodfde and so will probably break in future versions of OS X. This has been tested on 10.9-10.11.3


If the machine's local disk is FV2-encrypted:

  1. Adds a new user called fde_locked_user with a random password
  2. Adds this user to the list of users who can unlock the disk
  3. Removes all other users
  4. Shuts down the machine

Otherwise for pre-10.11:

  1. Renames launchd to launchd_disabled
  2. Shuts down the machine

The encrypted case is best when using some sort of FileVault key escrow mechanism, like Cauliflower Vest, as this allows for recovery of the disk's data for, e.g., legal discovery.

The non-FV2 case is, obviously, merely an annoyance to anyone knowledgeable with OS X and doesn't work at all for 10.11, which prevents modification to /sbin/launchd.


In the postflight, the LOCK_USER_NAME and LOCK_USER_HINT could be informative: LOCK_USER_HINT="Contact Helpdesk"

The included Makefile is a simple luggage recipe. You'll have to update the LUGGAGE variable to point to the location of luggage.make in your build environment.

You can’t perform that action at this time.