EFI (Bios Chip) Password/ iCloud PIN

Discussion in 'MacBook Pro' started by Voca, Nov 12, 2013.

  1. Voca macrumors member


    Nov 3, 2013
    Atlanta, GA
    Before anyone asks, NO, the machine is not stolen or other.
    Simply a test object given to me.

    This Thread is meant, for you to use your brain, not to just run your fingers over the keyboard and waste space.
    Late 2011 MBP 2.4GHZ i5 4GB Ram (original) 500gb hard drive
    HDD wiped clean. EFI password set. NO ACCESS AT ALL!

    Lots of research has been done!

    I know, that PRAM reset with change in RAM size does NOT work(works in the 2009/10 MBP!), just like a lot of other generic Apple forum BS (cant call it anything else)

    I just ordered a new Micronics EFI Bios chip with the bios programmed onto it.
    But, I also was considering, to send it out, to get the chip flashed/ password removed

    Any other suggestions before I reach for my heat gun?

    Attached Files:

  2. 8CoreWhore macrumors 68020


    Jan 17, 2008
    Big D
    Would pulling the little battery out and reinstalling it work?
  3. Voca thread starter macrumors member


    Nov 3, 2013
    Atlanta, GA
    Apple discontinued the CMOS/PRAM battery setup quite some time ago.
    It works on older models like the A1260 MBP silver and A1181.
    Doing a PRAM reset with a change in Memory works in the 2009/2010 MBP's.

    Just not in the 2011 and up....
  4. SVT Amateur macrumors 6502

    Dec 22, 2006
    Tyler, Texas
    I don't know if you saw this, but this guy apparently wrote a script to brute force attack the EFI iCloud PIN lock:


    However, if you are talking about a firmware password - I think you are correct in having to either switch out the chip or having the original owner take it in to Apple for them to bypass it.
  5. Voca thread starter macrumors member


    Nov 3, 2013
    Atlanta, GA
    Yes, I came across this article - great writing piece. I know there is a way to flash the chip/unlock the EFI password. Seen it on uTube and saw some eBay items stating the same thing.
    Now I would like to know, which programmer they are using and what program they are running.
  6. zwarte piet macrumors newbie

    Feb 13, 2014
    Hey, kind of an old thread but hopefully we can help each other.

    I am stuck in a similar situation (non-stolen, late 2011 MBP), and I've got as far as dumping what I think is the EFI flash to disk. I used a bus pirate and a SOIC clip to access the chip in circuit and I successfully got flashrom to dump it. I'm currently attached to an Atmel AT45DB021D and I'm pretty sure the dump I have is good. I can see English text in it relating to the Broadcom NIC.

    My problem is that I'm starting to doubt that the chip that I dumped is the EFI. The AT45DB021D is only 270kB, but the EFI firmware payload from Apple is like 4MB. I'm trying to find resources online as to WHICH chip contains the password, maybe it's still the right one, I'm not sure. There's a few more chips on here.

    Can you tell me if you've made any progress on this? If you know which chip holds the EFI I can tell you how to extract / write the flash.
  7. DmbShn41 macrumors 6502

    Jun 22, 2009
    Also works on Late 08 Aluminum Macbook.

Share This Page