Pavo Posted January 6, 2015 Share Posted January 6, 2015 Was on the phone again today. Still not working. Apple had me install a xml that enables Debug mode in iMessage. Quite interesting. I have options in iMessage to capture debug information now. I am not sure if it is due to the debug mode, but when logging into messages server, i now get a new error stating "INTERNAL: Server Error" Lesson learned for me, don't clone! You mind sharing this xml file? Link to comment Share on other sites More sharing options...
gerard71 Posted January 6, 2015 Share Posted January 6, 2015 Was on the phone again today. Still not working. Apple had me install a xml that enables Debug mode in iMessage. Quite interesting. I have options in iMessage to capture debug information now. I am not sure if it is due to the debug mode, but when logging into messages server, i now get a new error stating "INTERNAL: Server Error" Lesson learned for me, don't clone! my mac mini is delivered to function alone after one week Link to comment Share on other sites More sharing options...
vit9696 Posted January 6, 2015 Share Posted January 6, 2015 Hmmm, as of a debug enabler, iMessage seems to import a function from a private framework: 00000001002C7F10 _SOShouldShowLoggingInfo /System/Library/PrivateFrameworks/SocialAppsCore.framework/Versions/A/SocialAppsCore which is used like this: rax = SOShouldShowLoggingInfo(); if (LOBYTE(rax) != 0x0) { rbx = *objc_msgSend; rax = CFNotificationCenterGetDarwinNotifyCenter(); LODWORD(rcx) = 0x0; LODWORD(r8) = 0x1; CFNotificationCenterPostNotification(rax, @"kMarcoSyncLoggingPrefs", 0x0, rcx, r8); r14 = *objc_ivar_offset_Fezz__collectLogsMenuItem; [*(r12 + r14) setEnabled:0x1]; [*(r12 + r14) setHidden:0x0]; [r12->_diagnosticsModeMenuItem setHidden:0x0]; rdi = r12->_collectLogsMenuSeparatorItem; LODWORD(rdx) = 0x0; [rdi setHidden:rdx]; } Those "INTERNAL" strings can be found in this framework, so this should be the right way… int _SOShouldShowLoggingInfo() { if (*0x3a500 != 0xffffffffffffffff) { dispatch_once(0x3a500, void ^(void * _block) { var_1 = 0x0; rax = CFPreferencesGetAppBooleanValue(@"iMessageDiagnosticsEnabled", **kCFPreferencesAnyApplication, var_1); LOBYTE(rcx) = var_1; if (LOBYTE(rcx) != 0x0) { LOBYTE(rcx) = LOBYTE(rax); } *(int8_t *)0x3a4f8 = LOBYTE(rcx); return; }); } LODWORD(rax) = sign_extend_64(*(int8_t *)0x3a4f8); return rax; } There is a similar func for Facetime, by the way: int _SOShouldShowFaceTimeLoggingInfo() { if (*0x3a510 != 0xffffffffffffffff) { dispatch_once(0x3a510, void ^(void * _block) { var_1 = 0x0; rax = CFPreferencesGetAppBooleanValue(@"FaceTimeDiagnosticsEnabled", **kCFPreferencesAnyApplication, var_1); LOBYTE(rcx) = var_1; if (LOBYTE(rcx) != 0x0) { LOBYTE(rcx) = LOBYTE(rax); } *(int8_t *)0x3a508 = LOBYTE(rcx); return; }); } LODWORD(rax) = sign_extend_64(*(int8_t *)0x3a508); return rax; } There are quite a lot of tricky interesting parts in this framework, you might enjoy exploring. Something like that will do for enabling, I suppose. #import <Foundation/Foundation.h> #include <stdio.h> int main() { CFBooleanRef setting = kCFBooleanTrue; Boolean i = NO, f = NO; CFPreferencesGetAppBooleanValue(CFSTR("iMessageDiagnosticsEnabled"), kCFPreferencesAnyApplication, &i); CFPreferencesGetAppBooleanValue(CFSTR("FaceTimeDiagnosticsEnabled"), kCFPreferencesAnyApplication, &f); printf("iMessage debugging is %d\nFacetime debugging is %d\n", i, f); CFPreferencesSetValue(CFSTR("iMessageDiagnosticsEnabled"), setting, kCFPreferencesAnyApplication, kCFPreferencesCurrentUser, kCFPreferencesCurrentHost); CFPreferencesSetValue(CFSTR("FaceTimeDiagnosticsEnabled"), setting, kCFPreferencesAnyApplication, kCFPreferencesCurrentUser, kCFPreferencesCurrentHost); return 0; } This info may be useless and dated, but perhaps it helps some people here: The above is not all, for example, another logging function subset is MarcoShouldLog*, i.e. 000000000003A8A8 _MarcoShouldLogRegistration /System/Library/PrivateFrameworks/Marco.framework/Versions/A/Marco Which itself is a call to IMShouldLog 00000000000032C8 _IMShouldLog /System/Library/PrivateFrameworks/IMFoundation.framework/Versions/A/IMFoundation This func itself checks for -[iMLockdownManager isInternalInstall], which looks suspicious to me, and general "LogLevel" property (through ___IMCopyCachedStringKey). In addition there are RegistrationLogLevel, MessagesLogLevel, IDSLogLevel, MadridLoggingLevel, etc. properties which are also checked at some time. These properties are taken from com.apple.logging and we can enable them (as one person has already noted a while ago) via defaults command: defaults write com.apple.logging MadridLoggingLevel -int 65535 defaults write com.apple.logging MadridLogging -bool true killall -TERM imagent *goes to have a breakfast* 4 Link to comment Share on other sites More sharing options...
thedubiousdubber Posted January 6, 2015 Share Posted January 6, 2015 It seems there are still a lot of unknowns around here, but hopefully someone can help me out. From what I gather, you no longer need just rom and mlb, but also need matching smUUID? Or at least it needs to be the only smUUID (or hardware UUID? still unclear about which is which) that is registered to the rom and mlb being used. I have an iMac that is not being used for anything other than web surfing and a few applications. iMessages, Facetime, iCloud, etc. are not being used at all. I'm interested to try to clone these values to get my hack working, but not sure of what I need to copy over. Rom and mlb obviously, but would it be best to try using the smUUID as well or the HardwareUUID (I believe one generates the other?). If so, what is the terminal command to run to get this value? I'm using Ozmosis, so I typically use nvram ######etc:Rom=### to change rom and so on, so was hoping to do the same with the other necessary values. Link to comment Share on other sites More sharing options...
bronxteck Posted January 6, 2015 Share Posted January 6, 2015 funny... 0x3a500 = 0000 0000 0011 1010 0101 0000 0000 which = in Ascii 1 Link to comment Share on other sites More sharing options...
Liquid Ice Posted January 6, 2015 Share Posted January 6, 2015 Thank you, HolyField for this amazing thread and everyone who as contributed to it. After reading this entire thread last night (as a bed time story), I decided to see how my MacMini Late 2012 (6,1) ROM and MLB are derived. I can confirm that the ROM = part of FW0 Example: FW0: aa:bb:cc:dd:ee:ff:gg:hh Rom: aa:bb:cc:ff:gg:hh Now the MLB still remains to crack. Anyone know if a iMac 13,2 uses FW as ROM as well ? Thank you, Liquid_ic Edited: This is my MLB: PPP Y WW ### ff F1HC XX ff = ff in the rom. Just an observation. Link to comment Share on other sites More sharing options...
bookooone Posted January 7, 2015 Share Posted January 7, 2015 Thank you, HolyField for this amazing thread and everyone who as contributed to it. After reading this entire thread last night (as a bed time story), I decided to see how my MacMini Late 2012 (6,1) ROM and MLB are derived. I can confirm that the ROM = part of FW0 Example: FW0: aa:bb:cc:dd:ee:ff:gg:hh Rom: aa:bb:cc:ff:gg:hh Now the MLB still remains to crack. Anyone know if a iMac 13,2 uses FW as ROM as well ? Thank you, Liquid_ic Edited: This is my MLB: PPP Y WW ### ff F1HC XX ff = ff in the rom. Just an observation. aa:bb:cc should be in Apples mac address range. Just check it at: http://www.coffer.com/mac_find/ Apple can easily identifiy the hack rom in their database, if it's not in their vendor range. It would be intressting if there is a reverse lookup on the local system. this way apple can check if the rom correlate with the hardware. It's just an idea.... Link to comment Share on other sites More sharing options...
moemedimrtn Posted January 7, 2015 Share Posted January 7, 2015 Hey Guys! Finally, my iMessage are working!! I used my old ROM (Chameleon times) and i create one MLB following @fusion71au's tip. MLB: 13 character. EDIT: I called for Apple Support, and my Apple ID is enabled now. EDIT2: Thank you very much fusion71au and holyfield you are a genius guys! And FaceTime is also working! I called Apple and they asked for my serial no. and they say it is invalid. My PC was not connected to find my iphone as it didn't have Recovery partition. Could this be the reason they say the S/N is invalid. Link to comment Share on other sites More sharing options...
Prasys Posted January 7, 2015 Share Posted January 7, 2015 I called Apple and they asked for my serial no. and they say it is invalid. My PC was not connected to find my iphone as it didn't have Recovery partition. Could this be the reason they say the S/N is invalid. This is why I said in another post and in chat , when Apple validates they would ask for your iCloud Account and your Mac Serial No You need to own a Real Mac and provide them with that Serial No. In my case when I generated the MLB/ROM , I provided them with my MBP serial no which they cross-checked and matches my registered device (I have a couple of Apple devices). I think Apple has started being strict on this , last time you could do that without the need of giving them a serial number Link to comment Share on other sites More sharing options...
thedubiousdubber Posted January 7, 2015 Share Posted January 7, 2015 This is why I said in another post and in chat , when Apple validates they would ask for your iCloud Account and your Mac Serial No You need to own a Real Mac and provide them with that Serial No. In my case when I generated the MLB/ROM , I provided them with my MBP serial no which they cross-checked and matches my registered device (I have a couple of Apple devices). I think Apple has started being strict on this , last time you could do that without the need of giving them a serial number From what I've read, some of which was explained by a former AppleCare Helpcenter employee. When trying to resolve the customer code error you must explain that you have a problem with your Apple ID and proceed from there. The former employee explained that them asking for your serial# is a way of tracking the issue/call. If you present it as an Apple ID problem, they in turn ask you for that and use that to track the issue/call. Maybe this isn't the case with everyone and maybe this has changed, but it is worth a try. 1 Link to comment Share on other sites More sharing options...
pac-man Posted January 8, 2015 Share Posted January 8, 2015 It seems there are still a lot of unknowns around here, but hopefully someone can help me out. From what I gather, you no longer need just rom and mlb, but also need matching smUUID? Or at least it needs to be the only smUUID (or hardware UUID? still unclear about which is which) that is registered to the rom and mlb being used. I have an iMac that is not being used for anything other than web surfing and a few applications. iMessages, Facetime, iCloud, etc. are not being used at all. I'm interested to try to clone these values to get my hack working, but not sure of what I need to copy over. Rom and mlb obviously, but would it be best to try using the smUUID as well or the HardwareUUID (I believe one generates the other?). If so, what is the terminal command to run to get this value? I'm using Ozmosis, so I typically use nvram ######etc:Rom=### to change rom and so on, so was hoping to do the same with the other necessary values. These are my knowing commands to get the important values: Model: ioreg -l -p IOACPIPlane | grep \"model -m1 Board-id: ioreg -l -p IOACPIPlane | grep \"board-id Serial: ioreg -l -p IOACPIPlane | grep \"serial-number Hardware-UUID: ioreg -l -p IOACPIPlane | grep IOPlatformUUID smUUID: ioreg -l -p IODeviceTree | grep \"system-id MLB: nvram 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:MLB ROM: nvram 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:ROM Hardware-Mac Addresses: networksetup -listallhardwareports Note 1: serial-number has to be trimmed and converted from HEX to ASCII Note 2: ROM value is a mix of HEX and ASCII. '%xx' values are HEX-Values, the others have to be converted from ASCII to HEX to get the right ROM value. 2 Link to comment Share on other sites More sharing options...
pokenguyen Posted January 8, 2015 Share Posted January 8, 2015 Or you could use iMessage Debug. 2 Link to comment Share on other sites More sharing options...
sugarface Posted January 8, 2015 Share Posted January 8, 2015 Or you could use iMessage Debug. ^ Whatever he says 1 Link to comment Share on other sites More sharing options...
Pike R. Alpha Posted January 9, 2015 Share Posted January 9, 2015 ^ Whatever he says But don't use iMessage debug in the Apple store :-) 1 Link to comment Share on other sites More sharing options...
gpatpandp Posted January 9, 2015 Share Posted January 9, 2015 Thanks to this individual above ^ ^ my 2006 Apple Mac Pro updated/flashed to a 2,1 boots OS X 10.10.1 flawlessly. And if memory serves correct, it was all basically accomplished in relative short order. If Pike hasn't cracked the proverbial code yet, then this is getting serious in a bad way. Link to comment Share on other sites More sharing options...
Alien::X Posted January 9, 2015 Share Posted January 9, 2015 Thank you, HolyField for this amazing thread and everyone who as contributed to it. After reading this entire thread last night (as a bed time story), I decided to see how my MacMini Late 2012 (6,1) ROM and MLB are derived. I can confirm that the ROM = part of FW0 Example: FW0: aa:bb:cc:dd:ee:ff:gg:hh Rom: aa:bb:cc:ff:gg:hh Now the MLB still remains to crack. Anyone know if a iMac 13,2 uses FW as ROM as well ? Thank you, Liquid_ic Edited: This is my MLB: PPP Y WW ### ff F1HC XX ff = ff in the rom. Just an observation. If any one have real Mac then please check it and post is it right or not.... I also found this in my iMac... PPP Y WW ### FF EEEE XX Still FF and XX not Decoded... Please post your reviews..... Link to comment Share on other sites More sharing options...
jaymonkey Posted January 9, 2015 Share Posted January 9, 2015 If any one have real Mac then please check it and post is it right or not.... I also found this in my iMac... PPP Y WW ### FF EEEE XX Still FF and XX not Decoded... Please post your reviews..... Hanger1, I received several private posts over the holidays with ID dumps from genuine Macs, but am also stuck trying to understand/decode the same two pairs .. I'm currently trying to check if one pair maybe some sort of checksum to a part of the SmUUID ? .... haven't had any success proving it it yet .... and still have a fair number of permutations to try before giving up on this theory. I've not done much on this since xmas as got lots on but will get back on it soon ..... will let you know if i discover anything. Cheers Jay 2 Link to comment Share on other sites More sharing options...
pac-man Posted January 9, 2015 Share Posted January 9, 2015 If any one have real Mac then please check it and post is it right or not.... I also found this in my iMac... PPP Y WW ### FF EEEE XX Still FF and XX not Decoded... Please post your reviews..... I have verified on a genuine iMac 14,1 but value for FF is not part of any mac addresses of any network hardware on this iMac. But value of XX is contained in both Thunderbird mac addresses but could also be coincidence because the value is 'A0' Part of MLB: PPP Y WW ### FF EEEE A0 Part of Thunderbolt 1 MAC-Address: aa:bb:cc:xx:A0:00 Part of Thunderbolt 2 MAC-Address: aa:bb:cc:xx:A0:01 Additional - but this could also be coincidence: On an MacBookPro9,2 the nearly the same behavior but with ascii letters and part of converted hex values and another hardware mac address. Part of MLB: PPP Y WW ### FF EEEE 1J (converted HEX value 31 4A) Part of Wi-Fi MAC-Address: aa:bb:cc:xx:31:9A Part of Bluetooth PAN MAC-Address: aa:bb:cc:xx:31:9B Link to comment Share on other sites More sharing options...
Alien::X Posted January 10, 2015 Share Posted January 10, 2015 Thank You Jaymonkey and pac-man Link to comment Share on other sites More sharing options...
Alien::X Posted January 10, 2015 Share Posted January 10, 2015 Some one said that its 8-bit checksum of Mac Address... Not sure.. Link to comment Share on other sites More sharing options...
Liquid Ice Posted January 10, 2015 Share Posted January 10, 2015 If any one have real Mac then please check it and post is it right or not.... I also found this in my iMac... PPP Y WW ### FF EEEE XX Still FF and XX not Decoded... Please post your reviews..... What version of iMac ? mine was a MacMini 6,1 This coding could change year 2 year. For iMac 14,1 it maybe the second last pair on the thunderbolt port. Link to comment Share on other sites More sharing options...
sulphurlad Posted January 12, 2015 Share Posted January 12, 2015 I've been lurking on this thread for awhile. Not sure how it happened, in my hamfisted way, I got a Mac Pro 6,1 registered with Apple, showed up in my iCloud/Settings. I was shocked. My other macs running 10.10, were listed there, also. My setup I'm working on is 10.10 using Clover, but compiled from source using Clover Grower Pro script. I created a uuid from the command line, used Clover Configurator to generate a Mac Pro 6,1 Profile, and went on my merry way. I did not setup iCloud, just iTunes, to access my ZFS array, to serve my iTunes across the house. What is happening is the serial number generated is cross checked against the MAC Address of something, and computed, HEXed, ASCII, or what ever. It is not Random. Ever time I rebooted, a new serial was there, running iMessageDebug from the command line. Eventually this caused a account lock, hence a 1.5 hour tech support call. I had to reset my AppleID password with Apple Tech Support, claimed ignorance about the Mac Pro on my account, and now have my Main MBP back up and running correctly. I think the RecoveryHD is holding information about the current install. I'm going to experiment, check all the current parameters with iMessageDebug, reinstall without a complete RecoveryHD wipe, check with iMessageDebug again. Use another disk, create a new RecoveryHD, and reinstall, and finally check with iMessageDebug. All without Network access. The system id might be generated based on the install, tying it to the MAC Address of the primary NIC, which means that until you can get a good working system, DSDT and whatnot, no networking. I think I have a Apple USB NIC laying around, with a Apple MAC. I will try it and see. This could solve the issues, with hacking the MAC Address with an Apple assigned MAC. I will update as soon as I get the information compiled. Link to comment Share on other sites More sharing options...
mhaeuser Posted January 12, 2015 Share Posted January 12, 2015 I think the RecoveryHD is holding information about the current install. What would make you think that Recovery HD stores info? Link to comment Share on other sites More sharing options...
frankiee Posted January 12, 2015 Share Posted January 12, 2015 OK, let me sum this up: - Apple tightens up serial checks more and more, esp. with facetime and messages - It is not 100% clear what the correct format for these serials is, esp the MLB right? Well, now I know that my Serial must be wrong, bc it starts with "C02" and is for a nMP 6,1. But I did not use facetime or messages (yet). But I do use the Appstore (and a lot of other registered software, including Adobe CC subscription) So what would be your advice to correct this problem? Change these NOW, or just wait until it is more clear what the values mean? And _if_ I would change these, does anyone know about the potential consequences? I do not care too much about facetime, but a lot about the Appstore and my other Software. So does anyone know if there are problems if you change all your serials. Appstore or other software cease to function? Any insights greatly appreciated! Link to comment Share on other sites More sharing options...
sulphurlad Posted January 12, 2015 Share Posted January 12, 2015 Just a gut feeling. Doing my initial Clover install, creating the RecoveryHD, and then the main install, I then did something stupid, corrupted my install, then booted up and reinstall again, with a clover USB install drive. The thing is, the second time, There was no RecoveryHD creation, as it was already there, and the nvram info was the same. I didn't specify any RT data of SMBios data in any these installs. Right now I'm working in virtualbox, and watching the creation of the nvram. Link to comment Share on other sites More sharing options...
Recommended Posts