OSX Implant Controlled Actions

Quick guide on how i use my Implant to control my Mac.

There are a lot of different scripts available for PC and Androids to interact with your implants but not many that can use OSX. Using 3 apps i can replicate very similar actions that i can use Tasker with on Android.

My particular use case is 2FA. My company has very strict 2fa protocols in place which require me to login to our systems every 30 min using Google Authenticator. I have switched Auth providors to Authy so this guide will just cover using the IOS app install of authy on my Mac OSX.

Things Needed
1 - Card Reader - You can use an ACR122u I am using currently the ACR1252 but friday im getting the new ACR1552. It doesnt matter what reader you use as long as you can read and write to it
2. Apple Shortcuts.app - this is an Apple Application, at the time of writing i am using V7
3. NFC Ideas - This is what i am using to write the URI to the chip/card. You can use anything you like

Setup Your Hardware

Plug your reader into your computer and run NFC Ideas. Make sure it can read your chip. If it cannot read your chip you might have to stop here. If it can you should be good to move forward

Setup Software

  1. Open up the Shortcuts app.
  2. Click the plus in the Middle Upper Right
  3. This is where we start building the Macro on what we want to do. Shortcuts is basically a macro building application. It has a lot of potiential but in my case i will show how i have it capture the 2FA token of my org. The first action we need it to do is Open the 2FA app Authy. In the top type Open, scroll down to the scripting section and choose Open App
    Screenshot 2024-03-13 at 3.29.03 PM
  4. I had issues with this actually opening so i have this action twice. Repeat step 3.
  5. Next We need to take a screenshot of the open screen. Type Take in the search box, select take screenshot
  6. Search for “Crop” and select the position as “Custom”. Have it crop the screenshot to just the area that the six digit 2FA code is in. It uses x/y values so you can use the screenshot cropping tool to get your exact cropped area.
    Screenshot 2024-03-13 at 3.32.38 PM
  7. Search for Extract Text from Image. Choose “Cropped Image”. Click Image, Choose Variables, Select Cropped Image
    Screenshot 2024-03-13 at 3.35.35 PM
  8. Search for Replace Text. I have it replace " " i leave the next section blank, it says world and after in, right click, and choose “Text from image”. This way if it says something odd i can just remove the word from the pasted 2fa key.
    Screenshot 2024-03-13 at 3.40.37 PM
  9. search for Copy to Clipboard. Right click “text from image” choose Variables, and click “Updated Text”
  10. search for “Get Clipboard”
  11. Search for Stop and Output.

At this point your shortcut should look like this.

You can click the play button in the upper right to test the scenario. if it is successful if you hit paste, it should have a 6 digit code. You can close the window if you are happy, it autosaves.

Autorunning the Shortcut

Now we need to program a URI that calls the Shortcuts app in OSX and runs the “Authy” shortcut. It can be done with this URI. You will replace “Authy” with whatever you named your shortcut


At this point you can write the above code to a test card, or your implant. Now when scanned it will call the shortcut, open Authy, take a screenshot, read the 2FA key, and copy it to your clipboard. If you have NFC Ideas running it will automatically run the URI when scanned. It doesnt work with NFC Tools.

If you have problems writing to your implant with NFC Ideas. as possible work around you can write to a card, copy the card info to a flipper and use the flipper to write to your implant. This works on a Xmagic and a Xsiid.

The Shortcuts application is Very Powerful. You can automate a lot of mundane tasks with OSX using it, however i havent found a way to just take the UUID from the chip and use that for automation yet.


That is some cool automation! I haven’t ever though to OCR an OTP code before.

So here you are essentially using an NTAG to trigger a script, right? I don’t use Macs much anymore, but I think Yubico’s ykman CLI tool is cross-platform (it’s written in Python). With a few adjustments to your automation recipe I think it could use an Apex or Flex Secure to both trigger the automation and to actually generate the OTP code on the chip itself.

Not sure if you have any plans for using the Apex/JavaCard line of chips, but I would recommend the ACS ACR1252U (thanks @StarGate01) over the ACR122u for anything Apex related.

1 Like

Yeah I didn’t have any of the apex line otherwise I’d have other plans.

I am currently using the 1252 but am upgrading to the 1552 that came out in January

The issue with processing the otp on the chip itself is I’ve already registered it with authy. Infact all my 2fa is through authy so it’s a giant pain to switch until I can create a good use case to

1 Like

Just Sayin’

I have 12 different accounts in authy right now, so I’ll have to switch all of them. I’ll get there in just waiting for the next soon release…

1 Like

After VivoKey cloud release the goal is to enable 3rd party saml auth for idps like authy, okta, one login, Google workspace, etc.


This is the “Soon” im talking about!