Hey everyone,
I'm trying to get a better grasp on a part of a script I'm working with, and I also need some advice on how to modify it for a different output. Here's the snippet I'm looking at:
p=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' | tr '[A-Z]' '[K-ZA-J]' | tr 0-9 4-90-3 | base64`
This script is part of an Intune macOS setup that creates a temporary admin account by generating a password from the device's serial number. However, I've hit a snag — newer MacBooks' serials lack numbers, which conflicts with our password policy that requires at least two numbers and one non-alphanumeric character.
I'm pretty clear about what's happening until the tr and base64 commands. It seems like tr is used to translate some characters but I'm not exactly sure what K-ZA-J and 4-90-3 translate to. After that, I assume base64 is encoding everything into a different format.
If anyone has ideas on how to extract numeric values from a character-based serial number or how to implement a more complex password in the script, I'd greatly appreciate your insights! Also, here's the [GitHub link](https://github.com/microsoft/shell-intune-samples/tree/master/macOS/Config/Manage%20Accounts) for the scripts I'm working with.
Thanks!
6 Answers
Looking at your update, I think a good option for your situation could be:
```bash
p=`system_profiler SPHardwareDataType | awk '/Serial/ {print $4}' | md5sum | cut -c1-10 | sed 's/$/a0/`
The `tr '[A-Z]' '[K-ZA-J]'` is doing a type of rotational cipher called ROT13. This means that letters are cycled through a set range. For example:
```
> tr '[A-Z]' '[K-ZA-J]' << tr 0-9 4-90-3 <<< "123456"
567890
```
Then `base64` takes that final result and encodes it. Keep in mind that the output may not always give you a secure password since it could still end up without numbers or special characters. You might want to append a string like "Aa01!" to ensure it meets your policy requirements!
Have you tried testing these commands with specific inputs? It sounds like you’re unsure about their behavior. Running something like `echo abAB | tr ...` can really clarify how it works. Also, LLMS can be super helpful for these queries. Have you checked with one of them? They can guide you fairly quickly on this. And as for adding numbers, you could use `bash`'s random number generators to incorporate those into the output.
Thanks for the tip! I’ll give it a try after I reinstall WSL. Really appreciate the help!
Just a heads up, this method of generating passwords isn't very secure. Anyone who knows how the process works could easily hack in using the serial number. Consider using `uuidgen` for a unique 36-character hex string instead!
Totally get the security risks. I’m just trying to create a workaround until we can implement macOS LAPS with Intune. I appreciate the suggestion!
The arguments for `tr` you’re using are correct for character translation. Just run each command bit by bit to see their effects clearly. For example, check out what happens when you run `system_profiler SPHardwareDataType`. Then keep adding commands like `| awk '...` to see how it all builds up. It’s a great way to learn what each section does in the overall process!
For better security, consider this approach:
```bash
PASS=$(openssl rand -base64 12);
echo -e "Password: ${PASS}n"
```
But keep in mind you'll need a way to retrieve the password if you're linking it to the serial number. I saw you made a mention of a dual script; that should work too!
Thank you, I’ll implement this and run some tests. I’ll keep you posted on how it goes!