- Posts: 5
- Karma: 1
- Thank you received: 1
Forum Login
THANK YOU!!!!!!!!!!!!!!!!!!!!!
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
8 years 2 months ago - 8 years 2 months ago #2575 by modemer
THANK YOU!!!!!!!!!!!!!!!!!!!!! was created by modemer
I just wanted to register and say thank you so MUCH!!!! And to share my success.... I recently purchased a used macbook pro (A1398 2512) and it turned out to be locked down;
"Your computer is disabled, try again in 60 minutes"
When I then tried to boot (with key combos) for other (advanced) options, I was greeted with a nice big pad lock and password field. So I did some research and came across this LOVELY place.
. . . . . . . I have never even touched a turned on macbook(pro) before today. But I have a LOT of experience reading/writing to soic spi chips, on embedded dev's.. These mostly had MX/Winbond, 25L/25FL, 8/16 pin spi chips, and I have read/wrote to so many. So I was hoping the process was similar. .....
I opened up my MBP today and was VERY happy to see an 8 spi chip. So I immediately wired it up (using single pin/leg grabber clips) and was able to detect and read/dump a perfect 8MB image from the efi chip, using my usbjtagNT!!!! I simply set the "jtagNT" to developer mode and chose 25L064(my chip is a 25Q064) as the target chip and hit detect, got a good detect, so I proceeded to dump it. After I read the chip and saved the dump (I took 4 more to be sure and compared them lol) I was able to then open the dump up in a hex editor (HxD) and replace the $SVS info with ff's (as described in the tutorial here step 4.1)
Note: I used my usbTTL's 5v and ground wires, in order to power the MBP's spi chip. I put the power line to pin 8 of the spi (of course) and grounded the ttl on one of the push pins
I flashed the modified efi dump back to my mac, cleared the nvram and was able to boot into disk utility and all that other good stuff. From here I was able to wipe the drive and restore it to lion and then upgraded to elcapitan. This process was made so simple for me, by the amazing, well written, detailed tutorials from this site. My first attempt at this was a 100% success. Thank you so much!!!!!!
Used the info from this thread:
ghostlyhaks.com/blog/blog/hacking/18-apple-efi-bypass
Again, THANK YOU SO MUCH for providing such well written tutorials.
some pics (if interested):
"Your computer is disabled, try again in 60 minutes"
When I then tried to boot (with key combos) for other (advanced) options, I was greeted with a nice big pad lock and password field. So I did some research and came across this LOVELY place.
. . . . . . . I have never even touched a turned on macbook(pro) before today. But I have a LOT of experience reading/writing to soic spi chips, on embedded dev's.. These mostly had MX/Winbond, 25L/25FL, 8/16 pin spi chips, and I have read/wrote to so many. So I was hoping the process was similar. .....I opened up my MBP today and was VERY happy to see an 8 spi chip. So I immediately wired it up (using single pin/leg grabber clips) and was able to detect and read/dump a perfect 8MB image from the efi chip, using my usbjtagNT!!!! I simply set the "jtagNT" to developer mode and chose 25L064(my chip is a 25Q064) as the target chip and hit detect, got a good detect, so I proceeded to dump it. After I read the chip and saved the dump (I took 4 more to be sure and compared them lol) I was able to then open the dump up in a hex editor (HxD) and replace the $SVS info with ff's (as described in the tutorial here step 4.1)
Note: I used my usbTTL's 5v and ground wires, in order to power the MBP's spi chip. I put the power line to pin 8 of the spi (of course) and grounded the ttl on one of the push pins
I flashed the modified efi dump back to my mac, cleared the nvram and was able to boot into disk utility and all that other good stuff. From here I was able to wipe the drive and restore it to lion and then upgraded to elcapitan. This process was made so simple for me, by the amazing, well written, detailed tutorials from this site. My first attempt at this was a 100% success. Thank you so much!!!!!!
Used the info from this thread:
ghostlyhaks.com/blog/blog/hacking/18-apple-efi-bypass
Again, THANK YOU SO MUCH for providing such well written tutorials.
some pics (if interested):
Please Log in or Create an account to join the conversation.
8 years 2 months ago - 8 years 2 months ago #2594 by modemer
As for the chip...Not sure, but I have honestly read/flashed dozen's, if not a 100 spi chips (mostly modems) and if I cannot locate the ISP pin, I start with 3.3v and if that doesn't work I use 5.v.. Never had an issue frying a chip, ever with this method. Lucky I guess.. I did however, fry a chip one time, forgetting that I still had the spi chip directly powered and plugged the device in-to it's PSU lol......*ssssss-POP!*
Replied by modemer on topic THANK YOU!!!!!!!!!!!!!!!!!!!!!
Any time!Thanks for providing your feedback, and I am glad to have helped you with the process. Just wondering though, how did you not fry your chip providing 5v to it? it is only tolerant up to 4.6v without completely flipping out and/or burning out pins..
As for the chip...Not sure, but I have honestly read/flashed dozen's, if not a 100 spi chips (mostly modems) and if I cannot locate the ISP pin, I start with 3.3v and if that doesn't work I use 5.v.. Never had an issue frying a chip, ever with this method. Lucky I guess.. I did however, fry a chip one time, forgetting that I still had the spi chip directly powered and plugged the device in-to it's PSU lol......*ssssss-POP!*
Please Log in or Create an account to join the conversation.
