Jump to content

ReadSMC for EFI, a tool to enter read SMC keys from EFI shell on real Macs


Andy Vandijck
 Share

73 posts in this topic

Recommended Posts

I wrote a little EFI tool to read SMC keys from real Macs from an EFI shell running on the real Macs.

I made 32bit and 64bit versions.

It also reads the SMC Signature out and shows it.

 

Usage example:

ReadSMC.efi OSK 31

 

It show:

OSK0: [ 6f 75 72 68 61 72 64 77 6f 72 6b 62 79 74 68 65 73 65 77 6f 72 64 73 67 75 61 72 64 65 64 70 6c ]

 

Have fun :D

 

EDIT: Upload restored, github repo created.

 

Github repo URL:

https://github.com/andyvand/ReadSMC

ReadSMC.zip

  • Like 16
Link to comment
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

Link to comment
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

 

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

MBP81_SMC.zip

SMC_disass.zip

rej09b0350_h8s2117hm.pdf.zip

Link to comment
Share on other sites

Thanks!

Is the 13 inch version.

I'm in vacation now, I will read/try when back, but already tried the -force flashing the *.smc update file from apple, that pass me the fan error but still gave errors on CPU voltages/amps(when on battery is stuck on lowest speed)

That is why I asked for a way of dumping all stuff(like EPM)

BTW attached a pdf for collection ;)

 

 

D1_02_Alex_Ninjas_and_Harry_Potter.zip

  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

Hey, I have a MBP8,1 13" with apparently a busted SMC... PLEASE say you can dump the whole thing (with EPM) and perhaps help me...

I cannot reset the SMC via keyboard and if I try to do SmcFlasher.efi -reset 1, the computer shuts down immediately. I cannot boot other than by bypassing the POST/SMC.

Link to comment
Share on other sites

  • 3 months later...
  • 3 months later...
  • 2 weeks later...

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

 

Hello,

 

long time ago...........

 

Which commands are necessary to save the smc as a file?

Can you/someone send me the attached files, downloads via forum isn't possible yet :(

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Yes people, please reattach as I no longer have the sources.

Work should not go lost... (yet lots of stuff have been gone since the forum went down a while ago).

Somebody upload the zip file please and I'll create a new Github repo as backup ;)

Please...

Link to comment
Share on other sites

 

Hope can helps attachicon.gifReadSMC.zip

 

btw @Andy .. I have a little archive of your project, if you need and the internet back to normal I'll upload.

attachicon.gifAnV-dev.jpg

 

Sure, upload all :D

Thx!

Link to comment
Share on other sites

Yeah, I am wondering how to dump the complete SMC with this. Apple hasn't released any SMC updates for the Xserve3,1, so it's the only way I can get a copy of it.

Check Apple's update site.

There is an EFI firmware update.

Check it, it might contain SMC too.

 

https://support.apple.com/kb/DL990?locale=nl_NL

 

All updates:

https://support.apple.com/en-us/HT201518

Link to comment
Share on other sites

  • 4 weeks later...
  • 5 weeks later...
  • 7 months later...
  • 1 month later...
Dear all,

 

To be synthetic:

 

I had kernel_task running over 300% with my HDD WD Blue

 

I replaced it with a SSD and the problem was still here...

 

I looked up into settings and found that i didn"t had the correct SMC and EFI version: see below:

 

Nom du modèle : MacBook Pro

  Identifiant du modèle : MacBookPro8,1

  Nom du processeur : Intel Core i5

  Vitesse du processeur : 2,4 GHz

  Nombre de processeurs : 1

  Nombre total de cœurs : 2

  Cache de niveau 2 (par cœur) : 256 Ko

  Cache de niveau 3 : 3 Mo

  Mémoire : 4 Go

  Version de la ROM de démarrage : MBP81.0047.B2C

  Version SMC (système) : 1.68f99

 

141028version.jpg

 

As you can see i dont have the correct SMC installed, and have an unknow EFI ...  I dont know how i have the wrong SMC and EFI ..

 

I tried to install the correct SMC and EFI from el capitan but it said that i needed 10.9.5 version, so i moved on and downgraded to mavericks and when i tried to install i got a message that i can't upgrade the version ... (or it was not needed )

 

 

I tried to flash the SMC with rEFIt and it has succeed:

I used the 201MBP13.smc which is located on the .pkg of the  MBP late 2011 update here:


 

585599FullSizeRender1.jpg

 

Ofc i have a blackscreen so can't do anything..

 

Tried SMC, PRAM reset, nothing

Now when i'm booting, the fans starting at full speed 10 second after the boot, then turns about 6-7 seconds and then the mbp shut down ..

 

The mbp is out of waranty

 

Thanks for the help!

 

MacBook Pro, OS X Mavericks (10.9.5), 8,1 late 2011

Link to comment
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

  • Like 3
Link to comment
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

 

How do i reinstall the capitan or yosemite on SMC bypass mode? i cant boot the comp, the fan runs at full speeds and after 6-7 seconds it turns off.. Should i try a remote distance access? but i dont think it will work ?

Link to comment
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

  • Like 1
Link to comment
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

 

Ok it works, what to do now?

 

Thanks for trick!! :) :) :) :)

Link to comment
Share on other sites

 Share

×
×
  • Create New...