GhostlyHaks is proud to introduce the absolute latest and greatest in EFI removal technology. The EFIDL is a compilation of all the information found on the interwebs condensed into a little automated tool. Never before has there been a tool released quite like the EFIDL. Supplies are currently limited while currently in this initial release phase of operations, so if you would like to be part of an underground Elite Team of EFI Destroyers unlike any the world has ever seen before then I recommend you follow this link to the shop.
This is a series created to help anyone interested in learning how to remove an EFI lock from any MacBook (Air, Pro, etc.). My goal is to make this as thorough and easy to understand as possible by giving you all the tools you'll need to get the job Done Right. These videos have been procured from an OS X point-of-view. If you prefer to use Linux or Windows then use the links for your given OS that I have provided as well.
As some of you may know, on Mac's prior to 2011 the EFI passcode is actually obfuscated and stored in PRAM (NVRAM). On those models you can actually dump the hex variable of the EFI passcode if you have admin rights on the system. This could then be simply reversed by converting the hex (without the % delimiters) to binary, doing a bit flip on every other bit starting with the first, and converting the result back to ASCII. Now if you didn't have admin rights you wouldn't have been able to dump the PRAM at all. Since then Apple has stopped using this method, which is why we have come up with a couple other ways to get around the EFI lock.
Process description:
The general idea taken from thaGH05T's tutorial. You should read the chip into the firmware dump file and process it with the 'scan-n-patch' script which replaces a SVS area and creates a cleaned firmware file. With modified firmware you can flash a chip, but not entire. Actually you need remove password only and you can do it with 'flashrom'. The 'scan-n-patch' script will create a layout file and prints a command-line arguments for partial chip flashing. It is more safe approach because you will touch only small piece of the chip content, firmware itself and your settings will unchanged.
There has been much controversy on removing the firmware lock on a MBP, MBA, or similar Mac’s. The MBA is a bit more complicated without a specialty tool to interface with a header on the board. We use to have to remove the board, scratch back traces, and solder directly to them which can be seen in EX-1.1. This is just short of replacing the entire chip, which is what we are all trying to avoid right? I also have a project I have been forking on called the iFLRT (Firmware Lock Removal Tool) that can be found HERE. Donate what you can to keep my development process alive, every little red cent helps.
First you need to understand what the firmware lock is and how removing it will affect you. Then maybe you will be able to decide if this procedure is for you. In most cases a MBP has been purchased from a third party who may have stolen it or simply forgotten to remove their iCloud account. In this case the symptoms would be a four digit pin lock when the OS loads. When you try to do a re-install you are met with a lock screen shown in EX-1. This is the result of the Mac being most definitely locked from the cloud. There are two options from this point which are explained below.
Hacking, is a term widely used in a terroristic sense. But is this a misconception of the real meaning? The definition of hacking in this sense is: To use a computer to gain unauthorized access to data in a system. This can be considered hacking, yes. But the reality of the matter is that hacking is not always a negative thing. Quite frankly it in an insult to any hacker. First thing's first. There are three major categories in hacking: White Hat, Black Hat, and Grey Hat. These categories are really based on the motive of a hacker. If you have malicious intentions and deliberately break past security to steal data then you are considered a Black Hat. If you are breaking into an authorized network to secure any possible weaknesses then you are a White Hat. And if you do illegal things for knowledge or just to prove that you can without receiving any confidential or otherwise protected data you are a Grey Hat. In my opinion these are pretty limited categorizations considering the limitless possibilities of hacking.
In this short guide I will be explaining the five fundamentals of basic hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Your Tracks. All of the knowledge provided in this write-up is my own and has been acquired over a period of years. While it's not very in depth and may be rather redundant for some of you; I just wanted target the newly interested souls out there. With that being said lets have some fun and start with a discussion about what each of the fundamentals of penetration testing are all about. Ill apologize in advance for being so brief, but this guide is intended for users who have some basic knowledge of computers and networking. While that may be contradictory to my above statement, let me explain. You can know a great deal about computers and even networking but have little to no knowledge on the art of breaking into them. It’s important that you give me feedback, ask questions, and submit requests. After I received them I will append this article, create new revision for advanced users, create videos, and do everything in my power to enlighten you.
Earlier today I discovered a nifty little trick involving the use of the Swype keyboard to bypass a Galaxy Note 5 and posted the video showcasing the methods. Well shortly after I finished that video I tried the same trick on another device I have, and turns out that it works for it too!
This video shows you how to use the Swype keyboard trick to bypass a Google Account FRP Lock on a Samsung Galaxy S6 Edge+ running Android 6.0.1 Marshmallow!
This video demonstrates the usage of the Linux kernel privilege escalation exploit "dirty-c0w" on an Android device. Using the exploit I show you just how powerful it can be when used against FRP on a Nexus 6P running the October 5th, 2016 security patch. I do not claim to have made any of the tools used in this bypass.
This method works universally between all android phones and works on every Android version including the most recent 7.1.1. The only devices that cannot use this method are ones that have been updated to support the most recent December 5, 2016 security patches, so as long as your device does NOT say December 5, 2016 under security patches then you qualify!
The apks I use for this video can be found at this link...
https://ghostlyhaks.com/$downloads/APKs.zip
That's right, the new method I discovered for bypassing FRP lock on the newest Nexus 6P updates also works for Google's newest bread and butter, the Google Pixel! The steps are almost identical to the ones used for the Nexus 6P video, though the time it takes is far less!
----YOU WILL NEED----
USB-C OTG Adapter
USB drive formatted to FAT32
Keyboard - optional, just for easier typing
The apks I use for this video can be downloaded via the following link:
https://ghostlyhaks.com/$downloads/APKs.zip
This method will NOT work if you are on the latest December 5 2016 security patch unfortunately... All previous updates are supported.