Mac Efi Password Hacktagever



First off I’d like to say that none of this information is intended for illicit activity. This guide is simply to help those who have locked themselves out of their Mac, or have purchased a Mac from someone who did not give them the password.

The initial method of hacking EFI Firmware / iCloud Locked Macs is with a device called the Teensy. This device costs about $30 on eBay and plugs into the USB port on your mac. The Teensy works by brute force attacking the 4 digit pin code, trying every combination of 4 digits. Apple circumvented this by enabling a 6 digit code. Later revisions of the Teensy now cost more and also do 6 digit brute force attacks. The real hitch I ran into with the Teensy is that it only works to unlock iCloud locked Macs. If you have a locked EFI Firmware Password, and can not boot into the iCloud login, for all intents and purposes you are yet again stuck.

  1. The EFI Card fixes EFI BIOS chip or firmware corruptions and boot loops that may have caused by Clover or similar EFI bootloaders. It also removes and unlocks the Mac (2010 – 2017) EFI BIOS passwords instantly. This is just a special EFI BIOS chip which uses a special connector on the logic board so it doesn’t require soldering.
  2. Weltome to EFI Password. Want to unlock your mac? Unlock from $149.95.

An AASP does by no means 'bypass' the Firmware Password, it is simply removed with a tool specific for that exact machine. A specific Key combination is used on the Firmware Password screen on the Mac that needs it removed, this presents a unique Hash code on the screen of the Mac. There is a site that unlocks EFI and ICloud passwords on all Mac computers. Google EFI and iCloud unlock. IUnlockEFI located in LA Habra,Ca.

The final two methods require a lot more technical proficiency, but have both worked with proven success. The first method is to reprogram the EFI with a Raspberry Pi, or SPI Programmer and and SOIC 8 Pin clip.

via these instructions (from Ghostlyhaks):

Macbook Firmware Password Hack

Mac

Step 1 – Buy a SPI Programmer and 8 pin SOIC clip with F-F wires.

Step 2 – Read the chip three times and verify MD5 check-sum to ensure you have a good backup if things go wrong.

Imac Firmware Password Hack

Step 3 – Make a copy of the dump and open it in a hex editor. I use Notepad ++.

Step 4 – Search for “$SVS” in the dump and you should find 2 instances. The first instance is what you will need to clear out making sure to keep the file length the same. It is safe to replace it with an empty value such as “ÿ”. The string including the $SVS should be 128 characters long and will all need to be replaced with 128 ÿ’s. You can copy and paste it from below.

128 bit string – ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ

Step 4 Alt. – Get a clean dump that is not firmware locked from the community making sure you use the correct EMC and processor architecture. Make absolutely sure it is the same size as your original dump which is usually 8 MB. If you go this route then you will need to replace the serial of the donated dump with your own serial in order to not register over their Mac. You can do this my simply searching for “override-version” and on that same line there will be an 11 digit serial number that you will replace with your own.

Step 5 – Hook your programmer back up to the chip, erase the chip, write the new dump and verify it.

Step 6 – Remove the clip and turn your Mac over to turn it on and test. You will immediately use the hot-keys to get to single user mode to test.

Step 7 – If you do not get to SU mode or the Mac does not boot right you will need to erase the chip and write the old dump back to it. You then can exhaust other options.

Step 7 Alt. – If you do get to SU mode turn the Mac back off and use the hot-keys to clear the PRAM. This will get rid of the 4 digit lock at OS load. Or you can simply re-install at this point. Remember to register the Mac to a new iCloud account to avoid future lock downs.

The other more solid method that I have found is to replace the EFI itself. In fact if you look at most Apple EFI chipsets they are actually raised up off of the circuit board and held up by their 8 leads (4 on each side). If you take either a soldering iron or Micro Air Torch and cut off the leads you can easily replace this chip with one found on eBay and reprogrammed to your board ID and Serial #.

Again none of these methods should be used illicitly. This Article is for educational purposes only.

Macbook Air Firmware Password Hack

If you need any help with this operation please contact the Apple Surgeon at theapplesurgeon@gmail.com or visit http://inspectyourgadget.us