GhostlyHaks is proud to introduce the absolute latest and greatest in EFI removal technology. The EFIDL is a compilation of all the information found on the interwebs condensed into a little automated tool. Never before has there been a tool released quite like the EFIDL. Supplies are currently limited while currently in this initial release phase of operations, so if you would like to be part of an underground Elite Team of EFI Destroyers unlike any the world has ever seen before then I recommend you follow this link to the shop.

EFI ICLOUD BYPASS DONE RIGHT

This is a series created to help anyone interested in learning how to remove an EFI lock from any MacBook (Air, Pro, etc.). My goal is to make this as thorough and easy to understand as possible by giving you all the tools you'll need to get the job Done Right. These videos have been procured from an OS X point-of-view. If you prefer to use Linux or Windows then use the links for your given OS that I have provided as well.

Rundown

As some of you may know, on Mac's prior to 2011 the EFI passcode is actually obfuscated and stored in PRAM (NVRAM). On those models you can actually dump the hex variable of the EFI passcode if you have admin rights on the system. This could then be simply reversed by converting the hex (without the % delimiters) to binary, doing a bit flip on every other bit starting with the first, and converting the result back to ASCII. Now if you didn't have admin rights you wouldn't have been able to dump the PRAM at all. Since then Apple has stopped using this method, which is why we have come up with a couple other ways to get around the EFI lock.

Process description:

The general idea taken from thaGH05T's tutorial. You should read the chip into the firmware dump file and process it with the 'scan-n-patch' script which replaces a SVS area and creates a cleaned firmware file. With modified firmware you can flash a chip, but not entire. Actually you need remove password only and you can do it with 'flashrom'. The 'scan-n-patch' script will create a layout file and prints a command-line arguments for partial chip flashing. It is more safe approach because you will touch only small piece of the chip content, firmware itself and your settings will unchanged.

 

 

 

The Mission

There has been much controversy on removing the firmware lock on a MBP, MBA, or similar Mac’s. The MBA is a bit more complicated without a specialty tool to interface with a header on the board. We use to have to remove the board, scratch back traces, and solder directly to them which can be seen in EX-1.1. This is just short of replacing the entire chip, which is what we are all trying to avoid right? I also have a project I have been forking on called the iFLRT (Firmware Lock Removal Tool) that can be found HERE. Donate what you can to keep my development process alive, every little red cent helps.

First you need to understand what the firmware lock is and how removing it will affect you. Then maybe you will be able to decide if this procedure is for you. In most cases a MBP has been purchased from a third party who may have stolen it or simply forgotten to remove their iCloud account. In this case the symptoms would be a four digit pin lock when the OS loads. When you try to do a re-install you are met with a lock screen shown in EX-1. This is the result of the Mac being most definitely locked from the cloud. There are two options from this point which are explained below.

In this Tutorial i will explain how to prepare a flash file to work with the Apple Blank Board Serializer. That means you can set a MacBook(Air) back to factory. Nice side effect, any passwords should be removed also. You can use this together with my other Tutorial to reset also the Hardware-UUID.

I have tested this with a MacBookAir 4,1.

 

Will it work on my System?

MacBookAir 4,1 -- YES

MacBookPro 11,1 -- NO

 

What you will need?

Why?

Maybe some people have noticed the fact, that if you flash a file from the download section you have a different hardware uuid. And if you flash the same file to different devices you have on both systems the same hardware uuid.

That could be a problem with some applications. But no worry, we can change the hardware uuid to a new random value.

I have tested this with a MacBookAir 4,1.

 

Will it work on my System?

MacBookAir 4,1 -- YES

MacBookPro 11,1 -- NO

Why do you need a clean Management Engine Region?

An Apple MacBook will not run properly or not run at all without a proper management engine. When a new Macbook is turned on for the first time the Bios and the CPU perform a "handshake" allowing them to work together. So in turn, if your management engine gets corrupted,, and you try to copy the efi from another macbook of the same model, it will still not work because the cpu knows its not the original bios. 

Who's Online

We have 461 guests and no members online

N00BZ

  • ljamal
  • ljamal74
  • mikeg2atest
  • ducchinhbui
  • anjarezt

Cookies