EFI ICLOUD BYPASS DONE RIGHT
This is a series created to help anyone interested in learning how to remove an EFI lock from any MacBook (Air, Pro, etc.). My goal is to make this as thorough and easy to understand as possible by giving you all the tools you'll need to get the job Done Right. These videos have been procured from an OS X point-of-view. If you prefer to use Linux or Windows then use the links for your given OS that I have provided as well.
As some of you may know, on Mac's prior to 2011 the EFI passcode is actually obfuscated and stored in PRAM (NVRAM). On those models you can actually dump the hex variable of the EFI passcode if you have admin rights on the system. This could then be simply reversed by converting the hex (without the % delimiters) to binary, doing a bit flip on every other bit starting with the first, and converting the result back to ASCII. Now if you didn't have admin rights you wouldn't have been able to dump the PRAM at all. Since then Apple has stopped using this method, which is why we have come up with a couple other ways to get around the EFI lock.
The general idea taken from thaGH05T's tutorial. You should read the chip into the firmware dump file and process it with the 'scan-n-patch' script which replaces a SVS area and creates a cleaned firmware file. With modified firmware you can flash a chip, but not entire. Actually you need remove password only and you can do it with 'flashrom'. The 'scan-n-patch' script will create a layout file and prints a command-line arguments for partial chip flashing. It is more safe approach because you will touch only small piece of the chip content, firmware itself and your settings will unchanged.
There has been much controversy on removing the firmware lock on a MBP, MBA, or similar Mac’s. The MBA is a bit more complicated without a specialty tool to interface with a header on the board. We use to have to remove the board, scratch back traces, and solder directly to them which can be seen in EX-1.1. This is just short of replacing the entire chip, which is what we are all trying to avoid right? I also have a project I have been forking on called the iFLRT (Firmware Lock Removal Tool) that can be found HERE. Donate what you can to keep my development process alive, every little red cent helps.
First you need to understand what the firmware lock is and how removing it will affect you. Then maybe you will be able to decide if this procedure is for you. In most cases a MBP has been purchased from a third party who may have stolen it or simply forgotten to remove their iCloud account. In this case the symptoms would be a four digit pin lock when the OS loads. When you try to do a re-install you are met with a lock screen shown in EX-1. This is the result of the Mac being most definitely locked from the cloud. There are two options from this point which are explained below.
Hacking, is a term widely used in a terroristic sense. But is this a misconception of the real meaning? The definition of hacking in this sense is: To use a computer to gain unauthorized access to data in a system. This can be considered hacking, yes. But the reality of the matter is that hacking is not always a negative thing. Quite frankly it in an insult to any hacker. First thing's first. There are three major categories in hacking: White Hat, Black Hat, and Grey Hat. These categories are really based on the motive of a hacker. If you have malicious intentions and deliberately break past security to steal data then you are considered a Black Hat. If you are breaking into an authorized network to secure any possible weaknesses then you are a White Hat. And if you do illegal things for knowledge or just to prove that you can without receiving any confidential or otherwise protected data you are a Grey Hat. In my opinion these are pretty limited categorizations considering the limitless possibilities of hacking.
In this short guide I will be explaining the five fundamentals of basic hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Covering Your Tracks. All of the knowledge provided in this write-up is my own and has been acquired over a period of years. While it's not very in depth and may be rather redundant for some of you; I just wanted target the newly interested souls out there. With that being said lets have some fun and start with a discussion about what each of the fundamentals of penetration testing are all about. Ill apologize in advance for being so brief, but this guide is intended for users who have some basic knowledge of computers and networking. While that may be contradictory to my above statement, let me explain. You can know a great deal about computers and even networking but have little to no knowledge on the art of breaking into them. It’s important that you give me feedback, ask questions, and submit requests. After I received them I will append this article, create new revision for advanced users, create videos, and do everything in my power to enlighten you.