PDA

View Full Version : EFI password




SeanUk
Mar 2, 2013, 04:16 PM
anyone seen the video on youtube where someone is using the tool that looks to be on the back of the efi chip? i have been in touch with the owner of the video and they offerd to send out the tool to me for $180 dollars any ideas on what it could be or how to make one, maybe it will be worth looking into for us all to find a easy unlocking method??

tB4mEtM7_cY

or is it a trip to the local apple store?



justperry
Mar 4, 2013, 03:15 AM
This works but if it's a stolen laptop and the owner locks it again you again have to enter the password, and if you are lucky you need to enter 10.000 times or less, if it's locked from a mac you may end up entering up to 1.000.000 combinations!:eek:
( Or more if you lost count.;) )

Weaselboy
Mar 4, 2013, 10:50 AM
anyone seen the video on youtube where someone is using the tool that looks to be on the back of the efi chip? i have been in touch with the owner of the video and they offerd to send out the tool to me for $180 dollars any ideas on what it could be or how to make one, maybe it will be worth looking into for us all to find a easy unlocking method??

http://www.youtube.com/watch?v=tB4mEtM7_cY

or is it a trip to the local apple store?

I think what he us doing there is tricking the system into thinking there has been a hardware change, and that resets the PRAM and the EFI PW. On non-Air systems with removable memory chips, you could to the same thing by removing a RAM chip and causing this reset.

This method was blocked starting with 2011 models when they moved the EFI password storage from PRAM to a separate chip (http://reviews.cnet.com/8301-13727_7-57542601-263/efi-firmware-protection-locks-down-newer-macs/).

I would like to know if this is a 2011+ machine he is using for the demo?

Otherwise, yes, a trip to the Apple Store with proof of ownership is the only way to reset the EFI PW.

Edit: I found this article (http://ho.ax/posts/2012/06/unbricking-a-macbook/) showing the same thing as the video. Like I mentioned, I don't believe this will work on 2011+ machines as the EFI PW is not in PRAM.

This works but if it's a stolen laptop and the owner locks it again you again have to enter the password, and if you are lucky you need to enter 10.000 times or less, if it's locked from a mac you may end up entering up to 1.000.000 combinations!:eek:
( Or more if you lost count.;) )

You are thinking of an iCloud system lock that only requires a four digit PIN to reset. Not the same thing as an EFI PW.

justperry
Mar 4, 2013, 10:56 AM
You are thinking of an iCloud system lock that only requires a four digit PIN to reset. Not the same thing as an EFI PW.

Now I am confused, So, when all passwords are set you need to enter three passwords, the Efi, iCloud and your login password.

On older Macs we had the firmware password, is this the same as the efi password, if you don't know the efi password the only way out is service?
(Edit:You answered that question above)

Isn't the iCloud password locking the efi, hardware?

Weaselboy
Mar 4, 2013, 11:29 AM
Now I am confused, So, when all passwords are set you need to enter three passwords, the Efi, iCloud and your login password.

On older Macs we had the firmware password, is this the same as the efi password, if you don't know the efi password the only way out is service?
(Edit:You answered that question above)

Isn't the iCloud password locking the efi, hardware?

To secure your machine you would only use the EFI PW and a login PW (along with Filevault). In normal usage you would never need to enter the four digit iCloud PIN, nor would you ever see or enter the EFI PW.

What that iCloud PIN is for is if your machine is stolen and you login to iCloud from another machine or iOS device and use the Find my Mac utility to lock the stolen machine it will ask you to select a four digit PIN. Now the next time the stolen machine gets on the Internet the machine will get locked down with that PIN. So if you recover the stolen machine you will need to enter that PIN to unlock it. There have been some articles about removing the hard drive from the stolen machine and putting it in another machine to capture that PIN.

The EFI PW Prompt will only come up if, for example, you are trying to boot from another drive. On my machine I have an EFI PW, Filevault2 on, and iCloud Find my Mac running. When I boot all I get is the one login PW.

Yes, EFI PW is the same as firmware PW.

SeanUk
Mar 4, 2013, 11:31 AM
The icloud password is apparently different, and the guy ive spoke to said this method works on any 2010 upwards - newer macs by the looks of it hes using a red and black cable, i think he could be shortinjg the efi chip possibly using negative and positives anyone got any other ideas on what it could be?

Weaselboy
Mar 4, 2013, 11:34 AM
The icloud password is apparently different, and the guy ive spoke to said this method works on any 2010 upwards - newer macs by the looks of it hes using a red and black cable, i think he could be shortinjg the efi chip possibly using negative and positives anyone got any other ideas on what it could be?

I edited my post above to add the below link. I would ask him to post a demo video of a 2011+ machine dong this. I don't believe it can be done.

Edit: I found this article (http://ho.ax/posts/2012/06/unbricking-a-macbook/) showing the same thing as the video. Like I mentioned, I don't believe this will work on 2011+ machines as the EFI PW is not in PRAM.

SeanUk
Mar 4, 2013, 11:36 AM
its actually a service that is being sold on ebay and there is a shop in yorkshire that do it or they come to you for an additional charge so surely it must be able to be accomplished, surely after reading the articly you posted they cant be erasing the chip because it would take to long and apparently it only takes the shop in yorkshire ten minutes to bypass the efi so thats what leads me to believe if they are actually shorting it out?

Weaselboy
Mar 4, 2013, 11:55 AM
its actually a service that is being sold on ebay and there is a shop in yorkshire that do it or they come to you for an additional charge so surely it must be able to be accomplished, surely after reading the articly you posted they cant be erasing the chip because it would take to long and apparently it only takes the shop in yorkshire ten minutes to bypass the efi so thats what leads me to believe if they are actually shorting it out?

There is a company here (http://jerseycityrepair.com/remove-firmware-password-macbook-air/) claiming they can actually replace the chip with a new, blank one and reprogram it without a PW. Note they explain you need to put in a new hard drive and new OS install along with this for it to work. If you read the discussion, even this outfit says a reflash won't work with the 2011+ plus machines.

Like I said, until this guy posts video proof he can do this with a flash on a 2011+ machine with the Atmel chip (http://jerseycityrepair.com/remove-firmware-password-macbook-air/), I'm not convinced.

SeanUk
Mar 4, 2013, 12:18 PM
the shop in yorkshire formats the drive included in the price and puts lion on it and he said he clears the icloud account also it must work ive seen people on ebay who have purchased it for 2011 and new macs and left positive feedback for this service

SeanUk
Mar 4, 2013, 12:52 PM
http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&t=126204&start=all&postdays=0&postorder=asc

scroll down to the bottom thats the tool that is being used in the video where do we get one is the answer hehe

Weaselboy
Mar 4, 2013, 01:34 PM
http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&t=126204&start=all&postdays=0&postorder=asc

scroll down to the bottom thats the tool that is being used in the video where do we get one is the answer hehe

That poster seems to be referring to the device used by this company (http://jerseycityrepair.com/macbook-pro-password-efi-removal-service-ny-nj/) I linked to in my post above. They are specifically saying they don't flash the EFI chip, but use this device to replace your chip with a blank one they have put default firmware on. Nothing at all like we are seeing in your video.

SeanUk
Mar 4, 2013, 06:35 PM
thanks for all your help and feedback buddy its much appreciated the store i spoke to fixes them at your place of residence so they mustnt replace the chip im guessing its just all asumption at this minute because not many people know about this technique

Weaselboy
Mar 4, 2013, 06:46 PM
thanks for all your help and feedback buddy its much appreciated the store i spoke to fixes them at your place of residence so they mustnt replace the chip im guessing its just all asumption at this minute because not many people know about this technique

If you use their service I would really like to hear back from you what they do and how it is done. I am really curious now. :)

Brian Y
Mar 4, 2013, 06:49 PM
You'd rather spend $180 on some gadget than use a free service at the Apple store - providing you can provide them with proof of ownership?

Something doesn't ring true here.

Weaselboy
Mar 4, 2013, 07:01 PM
You'd rather spend $180 on some gadget than use a free service at the Apple store - providing you can provide them with proof of ownership?

Something doesn't ring true here.

I did not want to derail the thread with this because I am genuinely curious about the issue. But yeah... unless the machine is stolen, I am having a hard time coming up with a reason you would need this "service."

SeanUk
Mar 4, 2013, 08:06 PM
sorted it now lads! found my receipt of purchase im gunna shoot into town centre tommorow and pop in the apple store just hoping its not a costlyfix with it been out of warranty, ill let use know how i get on thanks a lot lads for all your time and help :D

justperry
Mar 4, 2013, 09:30 PM
To secure your machine you would only use the EFI PW and a login PW (along with Filevault). In normal usage you would never need to enter the four digit iCloud PIN, nor would you ever see or enter the EFI PW.

What that iCloud PIN is for is if your machine is stolen and you login to iCloud from another machine or iOS device and use the Find my Mac utility to lock the stolen machine it will ask you to select a four digit PIN. Now the next time the stolen machine gets on the Internet the machine will get locked down with that PIN. So if you recover the stolen machine you will need to enter that PIN to unlock it. There have been some articles about removing the hard drive from the stolen machine and putting it in another machine to capture that PIN.

The EFI PW Prompt will only come up if, for example, you are trying to boot from another drive. On my machine I have an EFI PW, Filevault2 on, and iCloud Find my Mac running. When I boot all I get is the one login PW.

Yes, EFI PW is the same as firmware PW.

Thanks for the Info Weaselboy, much appreciated.
It's all clear now.

etrepairsd
Mar 7, 2013, 12:06 AM
The EFI Password will be set as well if owner remote lock mac via iCloud password.

And this video is real, I watch a person use this tool unlock 2012 Macbook Pro in 10 seconds

SeanUk
Mar 8, 2013, 02:14 PM
i managed to sort it out i took it back the mac shop and got it sorted who and where did you see the tecnique in the video used? cheers buddy. sean