- Posts: 4
- Thank you received: 1
Forum Login
MBA A1369 EMC2392 No boot efter reflash
Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
8 years 1 month ago - 8 years 1 month ago #2614 by mang0s
MBA A1369 EMC2392 No boot efter reflash was created by mang0s
Hi
This is my first try on EFI unlock. So not sure if i am doing it right.
I have the two clips but not sure to use the red or black (Whats the difference) tried looking at the pinouts but not sure witch is witch.
I only managed to read out the EFI with POMONA clip. Looked at the file and it looks ok. Find the EFI password spot and the serial number (Just to check if i manage to read the file)
Modified the file and programmed it back. No boot. Only Fan is running.
Tried to program original locked EFI but no differense.
Verified the programming after each step but no luck.
And i could not find any clean EFI here either.
Any suggestions? Attached locked and unlocked EFI.
After some more tests i manager to reflash the locket EFI.
And after some more searching shuldnt this be unlockade by decrypt tool? But i cant find the string that the guide is refererar to..
This is my first try on EFI unlock. So not sure if i am doing it right.
I have the two clips but not sure to use the red or black (Whats the difference) tried looking at the pinouts but not sure witch is witch.
I only managed to read out the EFI with POMONA clip. Looked at the file and it looks ok. Find the EFI password spot and the serial number (Just to check if i manage to read the file)
Modified the file and programmed it back. No boot. Only Fan is running.
Tried to program original locked EFI but no differense.
Verified the programming after each step but no luck.
And i could not find any clean EFI here either.
Any suggestions? Attached locked and unlocked EFI.
After some more tests i manager to reflash the locket EFI.
And after some more searching shuldnt this be unlockade by decrypt tool? But i cant find the string that the guide is refererar to..
Last edit: 8 years 1 month ago by mang0s. Reason: Added info abort more tests
Please Log in or Create an account to join the conversation.
8 years 1 month ago - 8 years 1 month ago #2617 by cyber16
Replied by cyber16 on topic MBA A1369 EMC2392 No boot efter reflash
Take a look at this picture, you need to remove that $SVS as well
Here try this one, it is yours now clean
Here try this one, it is yours now clean
Last edit: 8 years 1 month ago by cyber16.
The following user(s) said Thank You: mang0s
Please Log in or Create an account to join the conversation.
8 years 1 month ago - 8 years 1 month ago #2619 by CygnusX1
If I helped you buy me a latte!
Replied by CygnusX1 on topic MBA A1369 EMC2392 No boot efter reflash
That is the second "$SVS" that should not be removed?! Look at the offset location. 
If I helped you buy me a latte!
Last edit: 8 years 1 month ago by CygnusX1.
Please Log in or Create an account to join the conversation.
8 years 1 month ago - 8 years 1 month ago #2622 by mang0s
Replied by mang0s on topic MBA A1369 EMC2392 No boot efter reflash
Yes i thought so to. Its only the first one that should be removed together witch the rest. Right?
EDIT
But so happens it works. Thanks alot..
But why..I could not find that the second SVS shuld be removed. Or am i missing something?
EDIT
But so happens it works. Thanks alot..
But why..I could not find that the second SVS shuld be removed. Or am i missing something?
Last edit: 8 years 1 month ago by mang0s. Reason: Add info after testing
Please Log in or Create an account to join the conversation.
8 years 1 month ago - 8 years 1 month ago #2623 by cyber16
Replied by cyber16 on topic MBA A1369 EMC2392 No boot efter reflash
Enjoy
I did it my way
btw: I don't recall doing anything special here, just took your untouched efi dump, searched for the $SVS and removed the password.
I did it my way
btw: I don't recall doing anything special here, just took your untouched efi dump, searched for the $SVS and removed the password.
Last edit: 8 years 1 month ago by cyber16.
Please Log in or Create an account to join the conversation.
8 years 1 month ago #2660 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic MBA A1369 EMC2392 No boot efter reflash
I really need to do an updated tutorial on all this. Spoiler alert, I will be using a much cheaper tool in the new tutorial as well as an upcoming project.
If I helped you, buy me a beer!!! Happy Hunting...
The following user(s) said Thank You: mang0s
Please Log in or Create an account to join the conversation.
8 years 1 month ago #2727 by mang0s
Replied by mang0s on topic MBA A1369 EMC2392 No boot efter reflash
I made a diff on the two files and it looks like i was missing one ÿ. But still the file size was the same.
What is the differense on the two Easy flash tools Red and black? Did not manage to use them for this MBA.
What is the differense on the two Easy flash tools Red and black? Did not manage to use them for this MBA.
Please Log in or Create an account to join the conversation.
8 years 1 month ago #2736 by thaGH05T
If I helped you, buy me a beer!!! Happy Hunting...
Replied by thaGH05T on topic MBA A1369 EMC2392 No boot efter reflash
The Red and Black are the same, but are no longer available. The new Universal easy flash is replacing them.
If I helped you, buy me a beer!!! Happy Hunting...
Please Log in or Create an account to join the conversation.
- neighborhoodguy
-
- Offline
- Haxor
-
Less More
- Posts: 40
- Thank you received: 4
7 years 7 months ago #4624 by neighborhoodguy
Replied by neighborhoodguy on topic MBA A1369 EMC2392 No boot efter reflash
Hi, I just had this same problem today - I had 2 units with consecutive serials from an area utility provider - the first I ended up downloading a dump and changing the chip from an atmel to mxic in order to sucessfully program it. (With the chip off the board! fused? too much heat?)
The second unit - i used its own dump and when rebooted after install it had the companies info in the apple setup screens! So I searched the dump but couldnt find the strings i saw during setup. Must have been in compressed part, or encoded.
In both case - I dumped, hexed, and flashed, and the fans spin, but nothing else. So, first i think my dump corrupted so I found one on google and worked it. Then first was working... but during flash I kept losing connection to chip - I hit 'detect' but it doesn't detect chip type (I always detect before other activities to verify). So I took chip off board to program. On number two, I experimented a bit - To get a successful erase and blank check I had to connect ac and battery, then click erase. Then unplug ac but leave battery plugged in, and then I check blank - it passed. Then with ac unplugged and battery still plugged I program it successfully. But have to disconnect battery and then connect AC to power-on - it didnt want to until unplugged both ac and batt, then plugged back in..
There is something about power-cycle after erase in the datasheet of MX25L064....
I have attached the one I downloaded. Would Admin please add it to the repo as there is no file for emc 2392 (820-2838-A).
The second unit - i used its own dump and when rebooted after install it had the companies info in the apple setup screens! So I searched the dump but couldnt find the strings i saw during setup. Must have been in compressed part, or encoded.
In both case - I dumped, hexed, and flashed, and the fans spin, but nothing else. So, first i think my dump corrupted so I found one on google and worked it. Then first was working... but during flash I kept losing connection to chip - I hit 'detect' but it doesn't detect chip type (I always detect before other activities to verify). So I took chip off board to program. On number two, I experimented a bit - To get a successful erase and blank check I had to connect ac and battery, then click erase. Then unplug ac but leave battery plugged in, and then I check blank - it passed. Then with ac unplugged and battery still plugged I program it successfully. But have to disconnect battery and then connect AC to power-on - it didnt want to until unplugged both ac and batt, then plugged back in..
There is something about power-cycle after erase in the datasheet of MX25L064....
I have attached the one I downloaded. Would Admin please add it to the repo as there is no file for emc 2392 (820-2838-A).
Please Log in or Create an account to join the conversation.
- neighborhoodguy
-
- Offline
- Haxor
-
Less More
- Posts: 40
- Thank you received: 4
7 years 7 months ago #4625 by neighborhoodguy
Replied by neighborhoodguy on topic MBA A1369 EMC2392 No boot efter reflash
I have a green one with a switch. it works sometimes. A lot of times I have to supply power to chip. Also, looking at pinouts for some models - does the switch move connections for spi miso and mosi between pins? What about spi_use_mlb. I have already built one with the smaller 12x2 connector, but had the same issue - its difficult to get the sequence right to keep the chip accessible and powered. what am i missing?
Please Log in or Create an account to join the conversation.
7 years 7 months ago #4626 by CygnusX1
If this was for a 2010 model you didn't need to flash the chip. All you had to do was change the memory size or use the tool we have online here.
If I helped you buy me a latte!
Replied by CygnusX1 on topic MBA A1369 EMC2392 No boot efter reflash
neighborhoodguy wrote: Hi, I just had this same problem today - I had 2 units with consecutive serials from an area utility provider - the first I ended up downloading a dump and changing the chip from an atmel to mxic in order to sucessfully program it. (With the chip off the board! fused? too much heat?)
The second unit - i used its own dump and when rebooted after install it had the companies info in the apple setup screens! So I searched the dump but couldnt find the strings i saw during setup. Must have been in compressed part, or encoded.
In both case - I dumped, hexed, and flashed, and the fans spin, but nothing else. So, first i think my dump corrupted so I found one on google and worked it. Then first was working... but during flash I kept losing connection to chip - I hit 'detect' but it doesn't detect chip type (I always detect before other activities to verify). So I took chip off board to program. On number two, I experimented a bit - To get a successful erase and blank check I had to connect ac and battery, then click erase. Then unplug ac but leave battery plugged in, and then I check blank - it passed. Then with ac unplugged and battery still plugged I program it successfully. But have to disconnect battery and then connect AC to power-on - it didnt want to until unplugged both ac and batt, then plugged back in..
There is something about power-cycle after erase in the datasheet of MX25L064....
I have attached the one I downloaded. Would Admin please add it to the repo as there is no file for emc 2392 (820-2838-A).
If this was for a 2010 model you didn't need to flash the chip. All you had to do was change the memory size or use the tool we have online here.
If I helped you buy me a latte!
Please Log in or Create an account to join the conversation.
- neighborhoodguy
-
- Offline
- Haxor
-
Less More
- Posts: 40
- Thank you received: 4
7 years 7 months ago - 7 years 7 months ago #4627 by neighborhoodguy
Replied by neighborhoodguy on topic MBA A1369 EMC2392 No boot efter reflash
Well, its a Macbook Air with onboard memory, so I can't easily change the memory size (short an address line? lol), so what is the tool? Are you referring to the scan'n'patch tool?
Last edit: 7 years 7 months ago by neighborhoodguy.
Please Log in or Create an account to join the conversation.
7 years 7 months ago #4628 by CygnusX1
Check this blog out.
ghostlyhaks.com/blog/apple-efi/23-efi-deobfuscate
If I helped you buy me a latte!
Replied by CygnusX1 on topic MBA A1369 EMC2392 No boot efter reflash
neighborhoodguy wrote: Well, its a Macbook Air with onboard memory, so I can't easily change the memory size (short an address line? lol), so what is the tool? Are you referring to the scan'n'patch tool?
Check this blog out.
ghostlyhaks.com/blog/apple-efi/23-efi-deobfuscate
If I helped you buy me a latte!
Please Log in or Create an account to join the conversation.
- neighborhoodguy
-
- Offline
- Haxor
-
Less More
- Posts: 40
- Thank you received: 4
7 years 7 months ago #4632 by neighborhoodguy
Ok, I've read that before.
I just checked my late-2010 dump. String isn't there.
Suppose I have a macbook air locked with efi and icloud. If I change the internal hard disk, will the machine boot from the new disk?
(Does osx verify disk signature?)
If yes then i could swap in my own drive to get admin access, then dump rom and look for code and use deobfuscator.
If no, then I still need to pop efi lock to boot other media etc.
Replied by neighborhoodguy on topic MBA A1369 EMC2392 No boot efter reflash
CygnusX1 wrote: Check this blog out.
ghostlyhaks.com/blog/apple-efi/23-efi-deobfuscate
Ok, I've read that before.
I just checked my late-2010 dump. String isn't there.
Suppose I have a macbook air locked with efi and icloud. If I change the internal hard disk, will the machine boot from the new disk?
(Does osx verify disk signature?)
If yes then i could swap in my own drive to get admin access, then dump rom and look for code and use deobfuscator.
If no, then I still need to pop efi lock to boot other media etc.
Please Log in or Create an account to join the conversation.
- reverendalc
-
- Offline
- Haxor God
-
- This isn't Monaco... This is Baghdad
Less More
- Posts: 760
- Karma: 23
- Thank you received: 137
7 years 6 months ago #4662 by reverendalc
Replied by reverendalc on topic MBA A1369 EMC2392 No boot efter reflash
you cannot boot another drive. alt-boot is disabled with EFI lock, and the iCloud lock prevents loading any other ssd.
it's worth looking into though, how iCloud locks identify the ssd, and if that information could be spoofed
it's worth looking into though, how iCloud locks identify the ssd, and if that information could be spoofed
Please Log in or Create an account to join the conversation.
Who's Online
We have 820 guests and no members online
N00BZ
- ljamal
- ljamal74
- mikeg2atest
- ducchinhbui
- anjarezt
Cookies
EU e-Privacy Directive
This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.
You have declined cookies. This decision can be reversed.
You have allowed cookies to be placed on your computer. This decision can be reversed.