New Topic
  1. Forum
  2. /
  3. Apple Related
  4. /
  5. MacBook Pro/Air 2009 - 2014
  6. /
  7. reading EFI variables from ubuntu? let's see

reading EFI variables from ubuntu? let's see


Rendering Error in layout Widget/Social: Call to a member function exists() on null. Please enable debug mode for more information.
More
7 years 10 months ago #3730 by reverendalc
reading EFI variables from ubuntu? let's see was created by reverendalc
here is what i see when probing apple efi from ubuntu:

ubuntu@ubuntu:/sys/firmware/efi/vars$ ls
AAPL,PathProperties0000-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
AcpiGlobalVariable-af9ffd67-ec10-488a-9dfc-6cbf5ee22c2e
backlight-level-7c436110-ab2a-4bbb-a880-fe41995c9f82
bluetoothActiveControllerInfo-7c436110-ab2a-4bbb-a880-fe41995c9f82
bluetoothInternalControllerInfo-7c436110-ab2a-4bbb-a880-fe41995c9f82
Boot0080-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0081-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0082-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootCampHD-7c436110-ab2a-4bbb-a880-fe41995c9f82
BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootFFFF-8be4df61-93ca-11d2-aa0d-00e098032b8c
boot-gamma-7c436110-ab2a-4bbb-a880-fe41995c9f82
BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
boot-perf-record-data-size-7c436110-ab2a-4bbb-a880-fe41995c9f82
ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
current-network-36c28ab5-6566-4c50-9ebd-cbb920f83843
del_var
efi-apple-payload0-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-apple-payload0-data-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-apple-recovery-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-device-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-device-data-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-next-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-next-data-7c436110-ab2a-4bbb-a880-fe41995c9f82
epid_provisioned-8be4df61-93ca-11d2-aa0d-00e098032b8c
ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
FirmwareFeatures-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
FirmwareFeaturesMask-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
fmm-computer-name-7c436110-ab2a-4bbb-a880-fe41995c9f82
fmm-mobileme-token-FMM-7c436110-ab2a-4bbb-a880-fe41995c9f82
gfx-saved-config-restore-status-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
good-samaritan-message-7c436110-ab2a-4bbb-a880-fe41995c9f82
Lang-8be4df61-93ca-11d2-aa0d-00e098032b8c
LangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
last-oslogin-ident-8d63d4fe-bd3c-4aad-881d-86fd974bc1df
LocationServicesEnabled-7c436110-ab2a-4bbb-a880-fe41995c9f82
lock_mch_s3-8be4df61-93ca-11d2-aa0d-00e098032b8c
MemoryConfig-8be4df61-93ca-11d2-aa0d-00e098032b8c
MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23
MTC-eb704011-1402-11d3-8e77-00a0c969723b
new_var
PchInit-e6c2f70a-b604-4877-85ba-deec89e117eb
PchS3Peim-e6c2f70a-b604-4877-85ba-deec89e117eb
preferred-count-36c28ab5-6566-4c50-9ebd-cbb920f83843
preferred-networks-36c28ab5-6566-4c50-9ebd-cbb920f83843
PreviousBoot-36d08fa7-cf0b-42f5-8f14-68df73ed3740
prev-lang:kbd-7c436110-ab2a-4bbb-a880-fe41995c9f82
Setup-4dfbbaab-1392-4fde-abb8-c41cc5ad7d5d
SetupDefaults-05299c28-3953-4a5f-b7d8-f6c6a7150b2a
SmcFlasherResult-7c436110-ab2a-4bbb-a880-fe41995c9f82
SystemAudioVolume-7c436110-ab2a-4bbb-a880-fe41995c9f82
SystemAudioVolumeDB-7c436110-ab2a-4bbb-a880-fe41995c9f82
tbt-options-7c436110-ab2a-4bbb-a880-fe41995c9f82
Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c


going to iCloud lock and post again
If i gave to you, you can give back here

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago #3731 by reverendalc
Replied by reverendalc on topic reading EFI variables from ubuntu? let's see
ICLOUD LOCKED:

ubuntu@ubuntu:/sys/firmware/efi/vars$ ls
AAPL,PathProperties0000-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
AcpiGlobalVariable-af9ffd67-ec10-488a-9dfc-6cbf5ee22c2e
backlight-level-7c436110-ab2a-4bbb-a880-fe41995c9f82
bluetoothActiveControllerInfo-7c436110-ab2a-4bbb-a880-fe41995c9f82
bluetoothInternalControllerInfo-7c436110-ab2a-4bbb-a880-fe41995c9f82
Boot0080-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0081-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0082-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootCampHD-7c436110-ab2a-4bbb-a880-fe41995c9f82
BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootFFFF-8be4df61-93ca-11d2-aa0d-00e098032b8c
boot-gamma-7c436110-ab2a-4bbb-a880-fe41995c9f82
BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
boot-perf-record-data-size-7c436110-ab2a-4bbb-a880-fe41995c9f82
ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
current-network-36c28ab5-6566-4c50-9ebd-cbb920f83843
del_var
efi-apple-payload0-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-apple-payload0-data-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-apple-recovery-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-device-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-device-data-7c436110-ab2a-4bbb-a880-fe41995c9f82
epid_provisioned-8be4df61-93ca-11d2-aa0d-00e098032b8c
ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
FirmwareFeatures-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
FirmwareFeaturesMask-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
fmm-computer-name-7c436110-ab2a-4bbb-a880-fe41995c9f82
fmm-mobileme-token-FMM-7c436110-ab2a-4bbb-a880-fe41995c9f82
gfx-saved-config-restore-status-4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14
good-samaritan-message-7c436110-ab2a-4bbb-a880-fe41995c9f82
Lang-8be4df61-93ca-11d2-aa0d-00e098032b8c
LangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
last-oslogin-ident-8d63d4fe-bd3c-4aad-881d-86fd974bc1df
LocationServicesEnabled-7c436110-ab2a-4bbb-a880-fe41995c9f82
lock_mch_s3-8be4df61-93ca-11d2-aa0d-00e098032b8c
MemoryConfig-8be4df61-93ca-11d2-aa0d-00e098032b8c
MokListRT-605dab50-e046-4300-abb6-3dd810dd8b23
MTC-eb704011-1402-11d3-8e77-00a0c969723b
new_var
PchInit-e6c2f70a-b604-4877-85ba-deec89e117eb
PchS3Peim-e6c2f70a-b604-4877-85ba-deec89e117eb
preferred-count-36c28ab5-6566-4c50-9ebd-cbb920f83843
preferred-networks-36c28ab5-6566-4c50-9ebd-cbb920f83843
PreviousBoot-36d08fa7-cf0b-42f5-8f14-68df73ed3740
prev-lang:kbd-7c436110-ab2a-4bbb-a880-fe41995c9f82
recovery-boot-mode-7c436110-ab2a-4bbb-a880-fe41995c9f82
security-pinType-7c436110-ab2a-4bbb-a880-fe41995c9f82
Setup-4dfbbaab-1392-4fde-abb8-c41cc5ad7d5d
SetupDefaults-05299c28-3953-4a5f-b7d8-f6c6a7150b2a
SmcFlasherResult-7c436110-ab2a-4bbb-a880-fe41995c9f82
SystemAudioVolume-7c436110-ab2a-4bbb-a880-fe41995c9f82
SystemAudioVolumeDB-7c436110-ab2a-4bbb-a880-fe41995c9f82
tbt-options-7c436110-ab2a-4bbb-a880-fe41995c9f82
Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c
If i gave to you, you can give back here

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago - 7 years 10 months ago #3732 by reverendalc
Replied by reverendalc on topic reading EFI variables from ubuntu? let's see
comparing with kaleidoscope:

lines 25&26 on the UNLOCKED probe:
efi-boot-next-7c436110-ab2a-4bbb-a880-fe41995c9f82
efi-boot-next-data-7c436110-ab2a-4bbb-a880-fe41995c9f82
*NOTE: i was in the middle of installing windows via bootcamp while doing this, this may be the call to boot from USB

these lines are omitted from the iCloud locked read

lines 48&49 on the LOCKED probe:
recovery-boot-mode-7c436110-ab2a-4bbb-a880-fe41995c9f82
security-pinType-7c436110-ab2a-4bbb-a880-fe41995c9f82

in /sys/firmware/efi/vars/security-bla-bla-bla/raw_var is:
s^@e^@c^@u^@r^@i^@t^@y^@-^@p^@i^@n^@T^@y^@p^@e^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^$
all efi variable attributes read:
EFI_VARIABLE_NON_VOLATILE
EFI_VARIABLE_BOOTSERVICE_ACCESS
EFI_VARIABLE_RUNTIME_ACCESS

the good samaritan message is NOT obfuscated, nor are known network SSIDs. thankfully wifi passwords are.

/sys/firmware/efi/vars/recovery-boot-mode-blabla/data reads:
locked
If i gave to you, you can give back here
Last edit: 7 years 10 months ago by reverendalc.

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago #3747 by thaGH05T
Replied by thaGH05T on topic reading EFI variables from ubuntu? let's see
Nice job, now see if you can write back to it :)
If I helped you, buy me a beer!!! Happy Hunting...

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago #3749 by reverendalc
Replied by reverendalc on topic reading EFI variables from ubuntu? let's see
i can't write back to it per se, but..

i have found a scripts which intercept EFI communication at the kernel level and propagate changes...

now i simply have to understand how to use them
If i gave to you, you can give back here

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago #3756 by KingBonecrusher
Replied by KingBonecrusher on topic reading EFI variables from ubuntu? let's see
Maybe you don`t kow this little helper ;-)

RU.EFI

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago #3757 by reverendalc
Replied by reverendalc on topic reading EFI variables from ubuntu? let's see
no i don't! but i'm going to learn more right now! thanks
If i gave to you, you can give back here

Please Log in or Create an account to join the conversation.

More
7 years 10 months ago #3775 by reverendalc
Replied by reverendalc on topic reading EFI variables from ubuntu? let's see
this is a very promising looking tool, however i cannot get my macbook air to load it. it's currently iCloud locked for development reasons, that my have something to do with it.

do you have experience with it?
If i gave to you, you can give back here

Please Log in or Create an account to join the conversation.

  1. Forum
  2. /
  3. Apple Related
  4. /
  5. MacBook Pro/Air 2009 - 2014
  6. /
  7. reading EFI variables from ubuntu? let's see

Main Menu

Trending

jailbreak osx password smartphone therealjayvi metasploit nexus iphone efi windows ipad, kali, hacking tutorial bios

Who's Online

We have 163 guests and no members online

N00BZ

  • ljamal
  • ljamal74
  • mikeg2atest
  • ducchinhbui
  • anjarezt

Cookies