How to: Unlock System Lock PIN Code

Discussion in 'MacBook Pro' started by ExciteWalk, Sep 12, 2012.

Thread Status:
Not open for further replies.
  1. djollie macrumors newbie

    Joined:
    Jan 23, 2013
    Location:
    uk scotland
    #176
    some stuff contained in these threads also

    http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&t=126204&highlight=

    http://ho.ax/posts/2012/09/ida-pro-scripts-for-efi-reversing/

    http://ho.ax/posts/2012/06/unbricking-a-macbook/

    i'll be sending u data from my macbook pro asap
     
  2. lamnguyen macrumors newbie

    Joined:
    Feb 3, 2013
    #177
    I have a mid 2012 macbookpro 13inch.
    i was able to access the hard drive using my pc but i couldnt find the .lock files.
    is there any other way to find these files cause i did the full hard drive search and didnt see anything.
    or is there any other solution for this issue?
    thank you
     
  3. vladichimescu, Feb 4, 2013
    Last edited: Feb 4, 2013

    vladichimescu macrumors newbie

    Joined:
    Jan 29, 2013
    #179
    change

    It looks like I don't have the luck with the Apple products, so I decided to buy myself the new and greatest config of the Lenovo IdeaPad Y500. however I will help if feedback is received by e-mail vladichimescu@gmail.com with the Subject: Apple PinCode ! (we are trying to figure out a software way to crack this! available to anyone without hardware intervention)

    There are still some unknown 'variables' but I can find out on what is based the hash key generated (until now we know it's the machine model++), and in order to break the ice... again feedback needed from someone who has an unlocked, still working as good, apple product (testing each step on different machine gives us better perspective);
    Someone who has a working apple product must do ALL these steps in order to give us a HUGE boost in development of a decrypting tools:

    Someone who has a working apple product must do ALL these steps in order to give us a HUGE boost in development of a decrypting tools:

    FIRST COMBINATION
    using A user and B icloud account on C machine:
    lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud)

    after unlock, restart a few times, shutdown... then do the process again:
    using A user and B icloud account on C machine:
    lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

    after unlock, restart a few times, shutdown... then do the process again:
    using A user and B icloud account on C machine:
    lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use another PIN

    AFTER ONE DAY (at least 24hours), do it again:
    using A user and B icloud account on C machine:
    lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use one of the two PIN recently used


    SECOND COMBINATION
    using A, X user and B icloud account on both A, X users, on C machine:
    lock the device C, using account A, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

    using A, X user and B icloud account on both A, X users, on C machine:
    lock the device C, using account A, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

    using A, X user and B icloud account on both A, X users, on C machine:
    lock the device C, using account X, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN


    THIRD COMBINATION
    using A, X user and B icloud for account A, and Y icloud for account X, on C machine:
    lock the device C, using account A, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

    using A, X user and B icloud for account A, and Y icloud for account X, on C machine:
    lock the device C, using account X, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN


    all info saved into a file should contain (at each step):
    -name of the username (open terminal and you have the username there - not the one from UI)
    -name of the machine (open terminal and you have the machine name there - not the one from UI)
    -icloud username (the e-email)
    -the time when the locking request is sent on iCloud (YYYY-MM-DD HH-MM)
    -PIN code used to lock the device
    -your apple product model [ macbook/air/pro/imac/ 2,1, 5,2 late2006/mid2012 ]
    -your apple serial number
    -files .lock (you can find these in \Users\username\Library\Application Support\iCloud\)
    -generated hash key (start your locked mac and save the code displayed by pressing "Command-Option-Control-Shift-S" keys)

    I KNOW THIS IS A TIME-CONSUMING JOB ! (if I get my hands on a macbook, I will check these as well)
    PLEASE PROVIDE ALL INFO !

    AFTER ALL THIS INFO, I should be able to tell other developers and work on what is the hash based (less variables means less data, so faster decrypting)

    THANKS, appreciation and credits will be given for this to all who give feedback !

    DISCLAIMER: I take the responsability that the information provided to me it will be use for development purposes only ! privacy guaranteed !
    I have no personal interests in gaining such a tool but my desire to help is enough... so please help me/us to help you
     
  4. torontomac macrumors newbie

    Joined:
    Nov 16, 2011
    #180
    here is the device

    it is battery operated

    they are currently selling the device for $50

    $250 for 5 unlocks then the price drops to $400 for 10 unlocks

    They seem to have built a counter in to device to know how many credits you have left im going to try to dump what ever I can out of it its seems to me it has all model firmwares stored on the device

    I personally dont own the device but will order one to reverse engineer it

    I will post updates as soon as I get the unit

    Attached are pictures and the instruction manual that comes with the unit
     

    Attached Files:

  5. djollie, Feb 4, 2013
    Last edited: Feb 4, 2013

    djollie macrumors newbie

    Joined:
    Jan 23, 2013
    Location:
    uk scotland
  6. ExciteWalk thread starter macrumors member

    ExciteWalk

    Joined:
    Sep 11, 2012
    #182
    @torontomac, shouldn't be too hard, right? :cool:
    Though it does kinda feel like stealing.. :p
     
  7. J602 macrumors newbie

    Joined:
    Jan 28, 2013
    #183
    @torontomac


    Is that the same unit from the ebay link you posted :confused:
     
  8. Wheeliest macrumors newbie

    Joined:
    Feb 12, 2013
    #184
    below is the correct way to remove the firmware password, i have the scbo file, i am not aware if the scbo is unique to each machine and password. i can provide my scbo file to whom ever to help figure out how to bypass apples security. also, if you send me a pm i can get you the correct scbo file for you machine, just send me a pm.

    Format a Flash drive GUID partition scheme and Mac OS Extended format. Name it Firmware.
    Drag the binary file named “SCBO” to your Desktop.
    Open Terminal.
    Execute this command in Terminal:
    cp ~/Desktop/SCBO /Volumes/Firmware/.SCBO
    You should get a new line, no errors.
    Execute this command in Terminal:
    cp ~/Desktop/SCBO /Volumes/Firmware/._SCBO
    You should get a new line, no errors.
    Eject the Flash drive.
    Turn off the customer’s computer.
    Insert the Flash drive into the customer’s computer.
    Turn on the customer’s computer while pressing and holding the Option key.
    You should see the lock symbol for a moment, and then the computer should restart to the Startup Manager.
    If you still see a four-digit passcode lock after these steps at startup, reset the NVRAM by holding down Command-Option-P-R while restarting the computer.
    The EFI password is now removed.
     
  9. J602 macrumors newbie

    Joined:
    Jan 28, 2013
    #185
    Wheeliest Thanx for info :D !! I am not able to private message you ?? I would be so greatful if ya could hit me up @ jcdws602@aol.com much appreciated

    Macbook pro late 2011 model A1286
     
  10. kamisama macrumors newbie

    Joined:
    Feb 12, 2013
    #186
    help

    Wheeliest Thanx for info !! I am not able to private message you ?? I would be so greatful if ya could hit me up @ kamisama12345@gmail.com much appreciated

    Macbook air 13inch mid 2011 model
     
  11. kliffte macrumors newbie

    Joined:
    Feb 13, 2013
    #187
  12. Dyvurcz macrumors newbie

    Joined:
    Nov 27, 2012
  13. superMDMArio, Feb 13, 2013
    Last edited: Feb 17, 2013

    superMDMArio macrumors newbie

    Joined:
    Feb 12, 2013
    #189
  14. naBs macrumors newbie

    Joined:
    Feb 13, 2013
    #190
    I don't think anyone is able to PM you as I can't either! Anyway if you need my SCBO code please let me know, I don't know how to get the file, maybe you could give us instructions or something here as it would be of great help so that not everyone has to get you to do it. But seeing as you're the only one at the moment, I would appreciate the help!

    I've got a Macbook Air mid 2011 model 13"

    Also hit me up on this email sniperwolf_leb@live.co.uk (my gaming email :rolleyes:)
    Thanks dude, look forward to hearing from you :)
     
  15. wbeard6142 macrumors newbie

    Joined:
    Feb 13, 2013
    #191
    Cant PM....Please Email me



    Hey Wheeliest...I can not send PM, but please email me. I need help with this giggthis@gmail.com
    Thank you so much
     
  16. torontomac macrumors newbie

    Joined:
    Nov 16, 2011
    #192
    You have for your machine or altered for all machines

    For the MacBook Air (Late 2010) and later, MacBook Pro (Early 2011) and later, iMac (Mid 2011) and later, and Mac mini (Mid 2011):

    Use the new Firmware Password Reset scheme:

    Start up the computer to the password entry screen by pressing and holding the Option key.
    Press the key sequence Shift + Control + Command + Option + S at this screen. A one-time use "Hash" code will appear. The code is case-sensitive, so provide TSPS with the Hash exactly as it appears on the customer's screen.
    Shut down the customer's computer.
    Contact TSPS via chat. Select Yes for the pre-chat question regarding firmware reset and provide the Hash to the advisor assisting you.
    TSPS will provide a signed binary file to be copied to a USB storage device (such as a flash formatted FAT or a USB hard drive with Mac OS Extended with GUID partition table).
    Insert the drive into the computer while it is off.
    Start up the computer while pressing and holding the Option key. Continue holding the Option key until the boot picker in EFI appears and confirm the password has been removed.
    Note: If the computer does not start up without the password prompt after following these steps and while you are holding down the Option key, either the Hash was provided incorrectly to TSPS or the file did not read off the drive successfully. The file may have been read correctly but confirmed it does not belong in the computer. Work with TSPS to troubleshoot these issues if necessary.
    This process is completely non-destructive to data or settings on the target computer.

    Note: If a customer has multiple computers with this issue, TSPS can handle up to 500 in one file. To escalate multiple computers, follow the steps above with the following additional step:

    Provide all the Hash keys in a new-line delimited text file (not RTF, but pure plain text) with no new line at the end. These files can be produced in TextEdit on Mac OS X, or files with multiple entries using vim on the command line.
    For example:
    V400300C1231MED144431A4F414420DDE5F1
    C455300Z555ABJ1118713148F413390ACE341
    C891200J18334D1099A3B6DD004E3F1A0122
    (No new line after the last entry.)

    After you receive the signed binary file from TSPS, use this procedure to reset the EFI firmware password

    Format a Flash drive GUID partition scheme and Mac OS Extended format. Name it Firmware.
    Drag the binary file named "SCBO" to your Desktop.
    Open Terminal.
    Execute this command in Terminal:
    cp ~ / Desktop / SCBO / Volumes / Firmware / .SCBO
    You should get a new line, no errors.
    Execute this command in Terminal:
    cp ~ / Desktop / SCBO / Volumes / Firmware / ._SCBO
    You should get a new line, no errors.
    Eject the Flash drive.
    Turn off the customer's computer.
    Insert the Flash drive into the customer's computer.
    Turn on the customer's computer while pressing and holding the Option key.
    You should see the lock symbol for a moment, and then the computer should restart to the Startup Manager.
    If you still see a four-digit passcode lock after these steps at startup, reset the NVRAM by holding down Command-Option-PR while restarting the computer.
    The EFI password is now removed.
     
  17. darb37 macrumors newbie

    Joined:
    Feb 13, 2013
    #193
    Tsps

    Sorry for the question.
    I'm new here. What is TSPS.
     
  18. torontomac macrumors newbie

    Joined:
    Nov 16, 2011
    #194
    Apple's short form for Technical Service Provider Support you can request to speak to one after calling applecare/tech support
     
  19. naBs macrumors newbie

    Joined:
    Feb 13, 2013
    #196
    I can't seem to find a way to contact them via chat, would anyone mind providing me with a link or will I have to resort to ringing them instead + would they still be able to send me the binary file if I ring them?

    Thanks
     
  20. evlloyd macrumors newbie

    Joined:
    Feb 14, 2013
    #197
     
  21. macbeginer macrumors newbie

    Joined:
    Feb 15, 2013
    #198
    hi wheeliest,can you please sent me scbo file to this email: goldenwater223@gmail.com.i really appreciate for your help.
    i need help for macbook pro early 2011 15 inch.thanks.
     
  22. naBs macrumors newbie

    Joined:
    Feb 13, 2013
    #199
    Just out of curiosity, has anyone received an email or heard back from Wheeliest? So far I've been going through with the 'Brute force' technique until I can get my hands on a SCBO file ^^
     
  23. J602 macrumors newbie

    Joined:
    Jan 28, 2013
Thread Status:
Not open for further replies.

Share This Page