So I've run the script on a MacBook that was not iCloud locked, it came back with password looks clean and password set 0 times. It didn't give me a modified .bin and I'm assuming this was because there was no password to patch.
Does this mean there is no iCloud associated with the MacBook or it could be linked to an iCloud but it's just not activated?
Ok, it's the rom_scan scratch n patch script on this site. My brother got a 2013 mbp retina on eBay. Said it was a fresh OS X but it wasn't so I did a fresh OS X install for him. After doing this I wondered if it might have a efi lock associated with iCloud or the machine, which at some point could potentially be activated and lock the Mac. So dumped the efi x3, verified with flash rom, then used the script to remove/patch any efi password.
The script ran fine on the dump but when it finished it said that password area looked clean, password was set 0 times (script was ran in SCANONLY=1 mode) and it didn't give a new patched bin which I assume is because there's no password on the machine. So would this indicate that the seller has not set up an efi password and therefore can not lock the Mac at a later date for example.
Hope I've explained it clearly lol
Also it's an EMC2673 2.4 which I see there is no clean bin in the efi repository, so would like to add a clean dump (once I'm 100% that this one is clean) to it for others to use.
How would I go about uploading the dump to the repo please? (Or do I post it and you add it)
The Mac needs to be registered with your brother in this case with Apple as well as iCloud to be absolutely sure, but I think you are safe. You can upload your binary here and we will throw it in the repos after we clean it. The scan and patch script looks for multiple signatures and has determined your EFI lock had never been set, so there would be no need for you to modify anything.
Thanks for the reply Ghost. I opened the dump in a hex editor and it had a $svs area so i FF'd it like i would normally just incase then flashed back.
Here is the dump (which includes $svs and serial) appreciate it if you could delete this one from the post once you've cleaned and uploaded the new one
Last edit: 8 years 3 months ago by thaGH05T. Reason: I removed the original file uploaded and replaced it with a file that has the password removed and the serial number was replaced with "SerialNumber".
So I removed the $svs area and reflashed the dump back, did a fresh install. After he set up the MacBook for the first time and signed into icloud all was fine. After restarting the machine he got a pop up asking if he wanted to setup the device using device enrolment (it gave the name of a company).
He's messaged the guy he bought from but not got any replies.
Does anyone know where this info is stored as the ssd has been formatted and a fresh install done. Could it be linked to serial number or something that's picked up by iTunes?heres a link I've found that states it can't be removed and I wonder if its stored in the efi as says it can only be used on machines after 2011. If so, the dump in this post would contain that info www.krcs.co.uk/device-enrolment-programme
So after some more research I now think it's linked to serial or something stored in the efi as Apple states the DEP enrolment is only interrupted by replacement of the motherboard.
Is anyone able to see anything unusual in the dump? Or if it's serial related can I just edit the serial or does this cause it's own issues?
Here's the apple page regarding DEP with logic board support.apple.com/en-gb/HT203016
I think you should try just removing the serial number and replacing it with a variation of the model you have. I am not sure how the serial number is constructed, but I do know that it is made up of at least 3 different parts to uniquely identifying the Mac, the model, and the revision. I may not be using the correct verbiage, but I am sure it is enough to get you going. Please post your serial number here (hidden from guests) and I will try to see what i can come up with. I also think this is loaded into PRAM and used by iTunes, so clearing your PRAM is needed after reflashing the EFI chip.
OK, maybe you guys can expand on this and do some research reporting it back here, but I just verified that the serial number does consist of 3 4 part sections. The first and last section I have not done any research on yet, but they do identify the actual device. The four characters in the middle section are what identifies your device specifically and can be replaced with anything you really want as long as it is alphanumerical.
You can test this theory by replacing your serial number with something like this "c02k0000drvc", and running it against any site that looks up devices by serial numbers such as www.everymac.com
. I suggest you use what I have just given you and replace your serial number, clear NVRAM/PRAM, and see how that DEP holds up.
Is that even possible?
Lets say efi lock and iCloud lock on device.
But we cleared the Efi by eprom and pram so iCloud also doesn't come up. After that a fresh install.
Is it than still possible by the previous iCloud user to lock the device?
Thanks for the input ghost. I was guessing it may be serial related and had figured out the 4 digits that are pretty much changeable to any combination (I used Everymac to check them). So I re flashed the efi with an edited serial, reset smc and pram, formatted and re installed OS X and no DEP pop ups after signing into iCloud/iTunes etc.
So it seems that apples DEP uses serial as udid.
Appreciate all the help on this post guys and hopefully this'll help someone else out if they encounter the same problem
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.