blackosx Posted June 5, 2014 Share Posted June 5, 2014 I see the ACPI Tables are no longer in the IORegistry. ioreg | grep "ACPI Tables" IORegistry saved from IORegistryExplorer is 2.6MB from Mavericks, but 2.9MB from Yosemite. All IOPowerManagement Dictionaries now have an additional child property of type Number: CapabilityFlags USB devices now have a property of type Number: bcdUSB Some, but not all, devices under IODeviceTree:/PCI0@0/ have: - a property of type Array: IOReport Legend - a property of type Boolean: IOReportLegendPublic OHIDEventDriver has a new property (Dictionary containing an array of elements): Keyboard AppleACPIPlatformExpert now as a property of type Array: IOPlatformMaxBusDelay AppleACPIPlatformExpert now as a property of type Array: IOPlatformMaxInterruptDelay IODeviceTree:/chosen has a new property of type Data: random-seed (thanks Pike) I'll update this list as I find more differences. 3 Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted June 5, 2014 Share Posted June 5, 2014 We should start a new initiative where people start to collect IORegistryExplorer dumps from real Apple hardware and their hackstosh. I'm sure that this turns out to be very helpful to many. 2 Link to comment Share on other sites More sharing options...
blackosx Posted June 5, 2014 Author Share Posted June 5, 2014 Hi Pike Yes. Good idea. Though some users may not wish to post complete dumps from real macs due to serial numbers etc. Link to comment Share on other sites More sharing options...
RehabMan Posted June 5, 2014 Share Posted June 5, 2014 I see the ACPI Tables are no longer in the IORegistry. Interesting... But no matter... You can still extract ACPI tables with Linux. In fact, you get a more complete dump of ACPI tables from /sys/firmware/acpi/tables on real Macs running Linux compared to what is found in ioreg. 1 Link to comment Share on other sites More sharing options...
jamiethemorris Posted June 5, 2014 Share Posted June 5, 2014 I can get one from my mbp8,1. I don't really care about the serial number, what could someone do with my Mac's serial number? Link to comment Share on other sites More sharing options...
blackosx Posted June 6, 2014 Author Share Posted June 6, 2014 You can still extract ACPI tables with Linux. In fact, you get a more complete dump of ACPI tables from /sys/firmware/acpi/tables on real Macs running Linux compared to what is found in ioreg. Absolutely. This is the best way. Though I have always been intrigued by Slice's kernel memory dumper and out of curiosity wanted to explore that idea further to see if other ACPI tables would be in memory and be read. I can get one from my mbp8,1. I don't really care about the serial number, what could someone do with my Mac's serial number? Thanks for the offer jamiethemorris. Your Registry would be very useful for research purposes. But just know that while your Mac’s IORegistry contains mostly general info it also has some unique information specific to that machine, and if you use features like ‘Find my Mac’ then it will also contain your iCloud user name. Somebody building a hack will want to configure their machine with data so it best resembles a real Mac with similar hardware. They can choose to use the data that’s hardcoded in to a boot loader/manager, they could choose to use an app like champlist to generate this data or they could decide to find information from a real Mac and use that instead. Personally, if I’ve spent my hard earned cash on a real Mac then I would prefer not to make public some of it’s details. Maybe that’s just me, but either way it’s your choice. If you would still like to share your Mac’s registry, then you have options: 1 - A File->Save from IORegistryExplorer (not v3). This file can be loaded back in to IORegistryExplorer for navigating and searching. File is saved as a keyed archive and data cannot be changed/masked. 2 - A File->Save from IOJones. This file can be loaded back in to IOJones for navigating and searching. File is saved as an XML plist and can be edited in a text editor so you can manually change/mask information is you wish. 3 - Send ioreg output from Terminal to a text file. This file cannot be loaded back in to any particular registry viewer app but can be loaded and viewed in any text editor so you can manually change/mask information is you wish. 4 - Use DarwinDumper. The Registry dump combined with the Privacy option will create a set of text files and an IORegFileViewer.html file which can be loaded for viewing in a web browser. The viewing and searching options are not perfect and not as good as using either IORegistryExplorer or IOJones but at least sensitive information will be masked. Thanks Link to comment Share on other sites More sharing options...
jamiethemorris Posted June 6, 2014 Share Posted June 6, 2014 Absolutely. This is the best way. Though I have always been intrigued by Slice's kernel memory dumper and out of curiosity wanted to explore that idea further to see if other ACPI tables would be in memory and be read. Thanks for the offer jamiethemorris. Your Registry would be very useful for research purposes. But just know that while your Mac’s IORegistry contains mostly general info it also has some unique information specific to that machine, and if you use features like ‘Find my Mac’ then it will also contain your iCloud user name. Somebody building a hack will want to configure their machine with data so it best resembles a real Mac with similar hardware. They can choose to use the data that’s hardcoded in to a boot loader/manager, they could choose to use an app like champlist to generate this data or they could decide to find information from a real Mac and use that instead. Personally, if I’ve spent my hard earned cash on a real Mac then I would prefer not to make public some of it’s details. Maybe that’s just me, but either way it’s your choice. If you would still like to share your Mac’s registry, then you have options: 1 - A File->Save from IORegistryExplorer (not v3). This file can be loaded back in to IORegistryExplorer for navigating and searching. File is saved as a keyed archive and data cannot be changed/masked. 2 - A File->Save from IOJones. This file can be loaded back in to IOJones for navigating and searching. File is saved as an XML plist and can be edited in a text editor so you can manually change/mask information is you wish. 3 - Send ioreg output from Terminal to a text file. This file cannot be loaded back in to any particular registry viewer app but can be loaded and viewed in any text editor so you can manually change/mask information is you wish. 4 - Use DarwinDumper. The Registry dump combined with the Privacy option will create a set of text files and an IORegFileViewer.html file which can be loaded for viewing in a web browser. The viewing and searching options are not perfect and not as good as using either IORegistryExplorer or IOJones but at least sensitive information will be masked. Thanks I got the ioreg from my mbp and I'll upload it in a little bit. Do you have any use for ioreg from a hack running 10.10? I was able to boot my Yosemite test drive on both my z68 build and my vivobook, and my guess is that booting it on my xps won't be much of an issue either. Link to comment Share on other sites More sharing options...
blackosx Posted June 6, 2014 Author Share Posted June 6, 2014 Great. Thanks. Sure, you can post for ioreg from your hacks too just for reference, but it's predominantly info from real Mac's that will be useful. Link to comment Share on other sites More sharing options...
jamiethemorris Posted June 7, 2014 Share Posted June 7, 2014 Here's a couple for you. I can also get my GF's Macbook tommorrow or the next day, I think it's pretty much the same as mine though except it's an i5. Edit: sorry about the fakesmc in there, I used the same drive for both. Does that affect anything on a real Mac? MBP81_X202E_IOREG.zip Link to comment Share on other sites More sharing options...
blackosx Posted June 9, 2014 Author Share Posted June 9, 2014 Thank you. I'll take a look at it soon... Link to comment Share on other sites More sharing options...
kyndder Posted July 6, 2014 Share Posted July 6, 2014 Hi blackosx, I still thinking that is interesting to have access to the ACPI Table via OS X for various reasons, and thinking about it, I was doing some research when I I came across this article... > http://www.osxbook.com/book/bonus/chapter8/kma/ It is a very interesting but also very old article, but what caught my attention was the following... As a trivial alternative to the kernel extension described in this document, you can try using the kmem=1 boot-time argument. If your kernel supports this argument (the Apple kernels at the time of this writing do), setting it will reenable the kernel memory device. So, as I use Clover, I just run sudo nvram boot-args="kmem=1" and guess what? After the reboot I could find /dev/kmem and /dev/mem... And apparently it's working as it should... kyndder:~ kyndder$ system_profiler SPSoftwareDataType | awk '/System Version:/' System Version: OS X 10.9.4 (13E28) kyndder:~ kyndder$ ls -l /dev/*mem crw-r----- 1 root kmem 3, 1 Jul 5 23:31 /dev/kmem crw-r----- 1 root kmem 3, 0 Sep 8 -15430 /dev/mem kyndder:~ kyndder$ sudo dd if=/dev/mem of=/dev/stdout bs=1 iseek=5274051 count=4 | od -X 4+0 records in 4+0 records out 4 bytes transferred in 0.000057 secs (70198 bytes/sec) 0000000 e4e62c00 0000004 But why all this? Homebrew have acpica tools and after install it, we will have acpidump and acpixtract... Unfortunately did not work as I expected... kyndder:~ kyndder$ brew sh Your shell has been configured to use Homebrew's build environment: When done, type `exit'. brew ~$ acpidump > ~/Desktop/acpi.dat Cannot open /dev/mem Could not get ACPI tables, AE_ACCESS So, apparently, some more tweaking may be needed... But I don't know if will be possible to use it at all... EDIT Sorry, my previous output was from Mavericks, but, the flag still working in Yosemite... However, only kmem is generated. kyndders-MacPro:~ kyndder$ system_profiler SPSoftwareDataType | awk '/System Version:/' System Version: OS X 10.10 (14A261i) kyndders-MacPro:~ kyndder$ ls -l /dev/*mem crw-r----- 1 root kmem 3, 1 Jul 6 19:09 /dev/kmem Link to comment Share on other sites More sharing options...
Recommended Posts