First off I’d like to say that none of this information is intended for illicit activity. This guide is simply to help those who have locked themselves out of their Mac, or have purchased a Mac from someone who did not give them the password.
The initial method of hacking EFI Firmware / iCloud Locked Macs is with a device called the Teensy. This device costs about $30 on eBay and plugs into the USB port on your mac. The Teensy works by brute force attacking the 4 digit pin code, trying every combination of 4 digits. Apple circumvented this by enabling a 6 digit code. Later revisions of the Teensy now cost more and also do 6 digit brute force attacks. The real hitch I ran into with the Teensy is that it only works to unlock iCloud locked Macs. If you have a locked EFI Firmware Password, and can not boot into the iCloud login, for all intents and purposes you are yet again stuck.
The final two methods require a lot more technical proficiency, but have both worked with proven success. The first method is to reprogram the EFI with a Raspberry Pi, or SPI Programmer and and SOIC 8 Pin clip.
EFI Chip Free Removal Unlock Tool (30 pins) Locate the power supply pin of EFI chip. Solder the power supply wire. Locate the pin 1 of SAM socket on the logic board. Then, buckle the unlock tool correspondingly. Connect with the programmer and then supply power to EFI chip at 3.3V from DC Power Supply. Connect the unlock tool with PC. Effectively remove Apple ID or iCloud account on iOS device without password. Instantly remove all kinds of lock screen from iPhone or iPad. No technical skills required to use this iCloud removal tool, making it ideal even for the beginner. Fully compatible with all iOS devices including the latest iPhone 12, 11/11 Pro, iPhone XR/XS, etc. Click ‘Read ’ to read EFI chip data. Click ‘Save’ to save the EFI data. Once done, erase the EFI password. Then, locate the password removed file on the computer. Click ‘Write’ to write the free password EFI data to the EFI chip. Tips: only the original EFI data works with the clearance of data password. Once done, detach the unlock tool.
via these instructions (from Ghostlyhaks):
Step 1 – Buy a SPI Programmer and 8 pin SOIC clip with F-F wires.
Step 2 – Read the chip three times and verify MD5 check-sum to ensure you have a good backup if things go wrong.
Efi Password Removal
Step 3 – Make a copy of the dump and open it in a hex editor. I use Notepad ++. Picture converter software.
Step 4 – Search for “$SVS” in the dump and you should find 2 instances. The first instance is what you will need to clear out making sure to keep the file length the same. It is safe to replace it with an empty value such as “ÿ”. The string including the $SVS should be 128 characters long and will all need to be replaced with 128 ÿ’s. You can copy and paste it from below.
![Tool Tool](https://i.ebayimg.com/images/g/OnkAAOSwvK9baFY~/s-l400.jpg)
Componente apple quicktime mpeg 2 playback. 128 bit string – ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
Step 4 Alt. – Get a clean dump that is not firmware locked from the community making sure you use the correct EMC and processor architecture. Make absolutely sure it is the same size as your original dump which is usually 8 MB. If you go this route then you will need to replace the serial of the donated dump with your own serial in order to not register over their Mac. You can do this my simply searching for “override-version” and on that same line there will be an 11 digit serial number that you will replace with your own.
Step 5 – Hook your programmer back up to the chip, erase the chip, write the new dump and verify it.
Step 6 – Remove the clip and turn your Mac over to turn it on and test. You will immediately use the hot-keys to get to single user mode to test.
Efi Password Mac
Step 7 – If you do not get to SU mode or the Mac does not boot right you will need to erase the chip and write the old dump back to it. You then can exhaust other options.
Step 7 Alt. – If you do get to SU mode turn the Mac back off and use the hot-keys to clear the PRAM. This will get rid of the 4 digit lock at OS load. Or you can simply re-install at this point. Remember to register the Mac to a new iCloud account to avoid future lock downs. Sound editing software for mac os x.
The other more solid method that I have found is to replace the EFI itself. In fact if you look at most Apple EFI chipsets they are actually raised up off of the circuit board and held up by their 8 leads (4 on each side). If you take either a soldering iron or Micro Air Torch and cut off the leads you can easily replace this chip with one found on eBay and reprogrammed to your board ID and Serial #.
Again none of these methods should be used illicitly. This Article is for educational purposes only.
Efi Password Unlock Usb Tool
If you need any help with this operation please contact the Apple Surgeon at [email protected] or visit http://inspectyourgadget.us