Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

How to: Unlock System Lock PIN Code

Status
Not open for further replies.

djollie

macrumors newbie
Jan 23, 2013
5
0
uk scotland
I tried buying a locked MacBook Air 2012 but didn't worked out ok so now I'm dealing for a brand new MacBook Air 2012 - hope to get it in one week, and then I will try every thought I have (my free time is up so I'll do this when possible)

some stuff contained in these threads also

http://www.avrfreaks.net/index.php?name=PNphpBB2&file=viewtopic&t=126204&

http://ho.ax/posts/2012/09/ida-pro-scripts-for-efi-reversing/

http://ho.ax/posts/2012/06/unbricking-a-macbook/

i'll be sending u data from my macbook pro asap
 
Comment

lamnguyen

macrumors newbie
Feb 3, 2013
1
0
I have a mid 2012 macbookpro 13inch.
i was able to access the hard drive using my pc but i couldnt find the .lock files.
is there any other way to find these files cause i did the full hard drive search and didnt see anything.
or is there any other solution for this issue?
thank you
 
Comment

vladichimescu

macrumors newbie
Jan 29, 2013
3
0
change

It looks like I don't have the luck with the Apple products, so I decided to buy myself the new and greatest config of the Lenovo IdeaPad Y500. however I will help if feedback is received by e-mail vladichimescu@gmail.com with the Subject: Apple PinCode ! (we are trying to figure out a software way to crack this! available to anyone without hardware intervention)

There are still some unknown 'variables' but I can find out on what is based the hash key generated (until now we know it's the machine model++), and in order to break the ice... again feedback needed from someone who has an unlocked, still working as good, apple product (testing each step on different machine gives us better perspective);
Someone who has a working apple product must do ALL these steps in order to give us a HUGE boost in development of a decrypting tools:

Someone who has a working apple product must do ALL these steps in order to give us a HUGE boost in development of a decrypting tools:

FIRST COMBINATION
using A user and B icloud account on C machine:
lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud)

after unlock, restart a few times, shutdown... then do the process again:
using A user and B icloud account on C machine:
lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

after unlock, restart a few times, shutdown... then do the process again:
using A user and B icloud account on C machine:
lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use another PIN

AFTER ONE DAY (at least 24hours), do it again:
using A user and B icloud account on C machine:
lock the device C, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use one of the two PIN recently used


SECOND COMBINATION
using A, X user and B icloud account on both A, X users, on C machine:
lock the device C, using account A, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

using A, X user and B icloud account on both A, X users, on C machine:
lock the device C, using account A, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

using A, X user and B icloud account on both A, X users, on C machine:
lock the device C, using account X, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN


THIRD COMBINATION
using A, X user and B icloud for account A, and Y icloud for account X, on C machine:
lock the device C, using account A, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN

using A, X user and B icloud for account A, and Y icloud for account X, on C machine:
lock the device C, using account X, get all info saved into a file, then restore to working state(unlock with the pin you've just used to lock on iCloud) - ATTENTION- please use the same PIN


all info saved into a file should contain (at each step):
-name of the username (open terminal and you have the username there - not the one from UI)
-name of the machine (open terminal and you have the machine name there - not the one from UI)
-icloud username (the e-email)
-the time when the locking request is sent on iCloud (YYYY-MM-DD HH-MM)
-PIN code used to lock the device
-your apple product model [ macbook/air/pro/imac/ 2,1, 5,2 late2006/mid2012 ]
-your apple serial number
-files .lock (you can find these in \Users\username\Library\Application Support\iCloud\)
-generated hash key (start your locked mac and save the code displayed by pressing "Command-Option-Control-Shift-S" keys)

I KNOW THIS IS A TIME-CONSUMING JOB ! (if I get my hands on a macbook, I will check these as well)
PLEASE PROVIDE ALL INFO !

AFTER ALL THIS INFO, I should be able to tell other developers and work on what is the hash based (less variables means less data, so faster decrypting)

THANKS, appreciation and credits will be given for this to all who give feedback !

DISCLAIMER: I take the responsability that the information provided to me it will be use for development purposes only ! privacy guaranteed !
I have no personal interests in gaining such a tool but my desire to help is enough... so please help me/us to help you
 
Last edited:
Comment

torontomac

macrumors newbie
Nov 16, 2011
19
0
here is the device

it is battery operated

they are currently selling the device for $50

$250 for 5 unlocks then the price drops to $400 for 10 unlocks

They seem to have built a counter in to device to know how many credits you have left im going to try to dump what ever I can out of it its seems to me it has all model firmwares stored on the device

I personally dont own the device but will order one to reverse engineer it

I will post updates as soon as I get the unit

Attached are pictures and the instruction manual that comes with the unit
 

Attachments

  • USER GUIDE-1.pdf
    357.1 KB · Views: 2,147
  • image.jpeg
    image.jpeg
    1.8 MB · Views: 2,774
  • photo.JPG
    photo.JPG
    1.8 MB · Views: 1,765
  • Screen shot 2013-02-04 at 9.18.00 PM.png
    Screen shot 2013-02-04 at 9.18.00 PM.png
    443.3 KB · Views: 1,439
Comment

ExciteWalk

macrumors member
Original poster
Sep 11, 2012
43
3
@torontomac, shouldn't be too hard, right? :cool:
Though it does kinda feel like stealing.. :p
 
Comment

Wheeliest

macrumors newbie
Feb 12, 2013
1
1
below is the correct way to remove the firmware password, i have the scbo file, i am not aware if the scbo is unique to each machine and password. i can provide my scbo file to whom ever to help figure out how to bypass apples security. also, if you send me a pm i can get you the correct scbo file for you machine, just send me a pm.

Format a Flash drive GUID partition scheme and Mac OS Extended format. Name it Firmware.
Drag the binary file named “SCBO” to your Desktop.
Open Terminal.
Execute this command in Terminal:
cp ~/Desktop/SCBO /Volumes/Firmware/.SCBO
You should get a new line, no errors.
Execute this command in Terminal:
cp ~/Desktop/SCBO /Volumes/Firmware/._SCBO
You should get a new line, no errors.
Eject the Flash drive.
Turn off the customer’s computer.
Insert the Flash drive into the customer’s computer.
Turn on the customer’s computer while pressing and holding the Option key.
You should see the lock symbol for a moment, and then the computer should restart to the Startup Manager.
If you still see a four-digit passcode lock after these steps at startup, reset the NVRAM by holding down Command-Option-P-R while restarting the computer.
The EFI password is now removed.
 
  • Like
Reactions: nZ0Mo
Comment

J602

macrumors newbie
Jan 28, 2013
17
0
Wheeliest Thanx for info :D !! I am not able to private message you ?? I would be so greatful if ya could hit me up @ jcdws602@aol.com much appreciated

Macbook pro late 2011 model A1286
 
Comment

naBs

macrumors newbie
Feb 13, 2013
6
0
below is the correct way to remove the firmware password, i have the scbo file, i am not aware if the scbo is unique to each machine and password. i can provide my scbo file to whom ever to help figure out how to bypass apples security. also, if you send me a pm i can get you the correct scbo file for you machine, just send me a pm.

I don't think anyone is able to PM you as I can't either! Anyway if you need my SCBO code please let me know, I don't know how to get the file, maybe you could give us instructions or something here as it would be of great help so that not everyone has to get you to do it. But seeing as you're the only one at the moment, I would appreciate the help!

I've got a Macbook Air mid 2011 model 13"

Also hit me up on this email sniperwolf_leb@live.co.uk (my gaming email :rolleyes:)
Thanks dude, look forward to hearing from you :)
 
Comment

wbeard6142

macrumors newbie
Feb 13, 2013
1
0
Cant PM....Please Email me

below is the correct way to remove the firmware password, i have the scbo file, i am not aware if the scbo is unique to each machine and password. i can provide my scbo file to whom ever to help figure out how to bypass apples security. also, if you send me a pm i can get you the correct scbo file for you machine, just send me a pm.

Format a Flash drive GUID partition scheme and Mac OS Extended format. Name it Firmware.
Drag the binary file named “SCBO” to your Desktop.
Open Terminal.
Execute this command in Terminal:
cp ~/Desktop/SCBO /Volumes/Firmware/.SCBO
You should get a new line, no errors.
Execute this command in Terminal:
cp ~/Desktop/SCBO /Volumes/Firmware/._SCBO
You should get a new line, no errors.
Eject the Flash drive.
Turn off the customer’s computer.
Insert the Flash drive into the customer’s computer.
Turn on the customer’s computer while pressing and holding the Option key.
You should see the lock symbol for a moment, and then the computer should restart to the Startup Manager.
If you still see a four-digit passcode lock after these steps at startup, reset the NVRAM by holding down Command-Option-P-R while restarting the computer.
The EFI password is now removed.



Hey Wheeliest...I can not send PM, but please email me. I need help with this giggthis@gmail.com
Thank you so much
 
Comment

torontomac

macrumors newbie
Nov 16, 2011
19
0
below is the correct way to remove the firmware password, i have the scbo file, i am not aware if the scbo is unique to each machine and password. i can provide my scbo file to whom ever to help figure out how to bypass apples security. also, if you send me a pm i can get you the correct scbo file for you machine, just send me a pm.

Format a Flash drive GUID partition scheme and Mac OS Extended format. Name it Firmware.
Drag the binary file named “SCBO” to your Desktop.
Open Terminal.
Execute this command in Terminal:
cp ~/Desktop/SCBO /Volumes/Firmware/.SCBO
You should get a new line, no errors.
Execute this command in Terminal:
cp ~/Desktop/SCBO /Volumes/Firmware/._SCBO
You should get a new line, no errors.
Eject the Flash drive.
Turn off the customer’s computer.
Insert the Flash drive into the customer’s computer.
Turn on the customer’s computer while pressing and holding the Option key.
You should see the lock symbol for a moment, and then the computer should restart to the Startup Manager.
If you still see a four-digit passcode lock after these steps at startup, reset the NVRAM by holding down Command-Option-P-R while restarting the computer.
The EFI password is now removed.

You have for your machine or altered for all machines

For the MacBook Air (Late 2010) and later, MacBook Pro (Early 2011) and later, iMac (Mid 2011) and later, and Mac mini (Mid 2011):

Use the new Firmware Password Reset scheme:

Start up the computer to the password entry screen by pressing and holding the Option key.
Press the key sequence Shift + Control + Command + Option + S at this screen. A one-time use "Hash" code will appear. The code is case-sensitive, so provide TSPS with the Hash exactly as it appears on the customer's screen.
Shut down the customer's computer.
Contact TSPS via chat. Select Yes for the pre-chat question regarding firmware reset and provide the Hash to the advisor assisting you.
TSPS will provide a signed binary file to be copied to a USB storage device (such as a flash formatted FAT or a USB hard drive with Mac OS Extended with GUID partition table).
Insert the drive into the computer while it is off.
Start up the computer while pressing and holding the Option key. Continue holding the Option key until the boot picker in EFI appears and confirm the password has been removed.
Note: If the computer does not start up without the password prompt after following these steps and while you are holding down the Option key, either the Hash was provided incorrectly to TSPS or the file did not read off the drive successfully. The file may have been read correctly but confirmed it does not belong in the computer. Work with TSPS to troubleshoot these issues if necessary.
This process is completely non-destructive to data or settings on the target computer.

Note: If a customer has multiple computers with this issue, TSPS can handle up to 500 in one file. To escalate multiple computers, follow the steps above with the following additional step:

Provide all the Hash keys in a new-line delimited text file (not RTF, but pure plain text) with no new line at the end. These files can be produced in TextEdit on Mac OS X, or files with multiple entries using vim on the command line.
For example:
V400300C1231MED144431A4F414420DDE5F1
C455300Z555ABJ1118713148F413390ACE341
C891200J18334D1099A3B6DD004E3F1A0122
(No new line after the last entry.)

After you receive the signed binary file from TSPS, use this procedure to reset the EFI firmware password

Format a Flash drive GUID partition scheme and Mac OS Extended format. Name it Firmware.
Drag the binary file named "SCBO" to your Desktop.
Open Terminal.
Execute this command in Terminal:
cp ~ / Desktop / SCBO / Volumes / Firmware / .SCBO
You should get a new line, no errors.
Execute this command in Terminal:
cp ~ / Desktop / SCBO / Volumes / Firmware / ._SCBO
You should get a new line, no errors.
Eject the Flash drive.
Turn off the customer's computer.
Insert the Flash drive into the customer's computer.
Turn on the customer's computer while pressing and holding the Option key.
You should see the lock symbol for a moment, and then the computer should restart to the Startup Manager.
If you still see a four-digit passcode lock after these steps at startup, reset the NVRAM by holding down Command-Option-PR while restarting the computer.
The EFI password is now removed.
 
Comment

naBs

macrumors newbie
Feb 13, 2013
6
0
Contact TSPS via chat. Select Yes for the pre-chat question regarding firmware reset and provide the Hash to the advisor assisting you.
TSPS will provide a signed binary file to be copied to a USB storage device (such as a flash formatted FAT or a USB hard drive with Mac OS Extended with GUID partition table).

I can't seem to find a way to contact them via chat, would anyone mind providing me with a link or will I have to resort to ringing them instead + would they still be able to send me the binary file if I ring them?

Thanks
 
Comment

evlloyd

macrumors newbie
Feb 14, 2013
1
0
below is the correct way to remove the firmware password, i have the scbo file, i am not aware if the scbo is unique to each machine and password. i can provide my scbo file to whom ever to help figure out how to bypass apples security. also, if you send me a pm i can get you the correct scbo file for you machine, just send me a pm.


Im like the others mate, cant PM .

evlloydphotography@gmail.com, its a late 2010 macbook pro

Cheers
 
Comment

naBs

macrumors newbie
Feb 13, 2013
6
0
Just out of curiosity, has anyone received an email or heard back from Wheeliest? So far I've been going through with the 'Brute force' technique until I can get my hands on a SCBO file ^^
 
Comment
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.