Jump to content
About Just Joined group Read more... ×
Andy Vandijck

ReadSMC for EFI, a tool to enter read SMC keys from EFI shell on real Macs

69 posts in this topic

Recommended Posts

I wrote a little EFI tool to read SMC keys from real Macs from an EFI shell running on the real Macs.

I made 32bit and 64bit versions.

It also reads the SMC Signature out and shows it.

 

Usage example:

ReadSMC.efi OSK 31

 

It show:

OSK0: [ 6f 75 72 68 61 72 64 77 6f 72 6b 62 79 74 68 65 73 65 77 6f 72 64 73 67 75 61 72 64 65 64 70 6c ]

 

Have fun :D

 

EDIT: Upload restored, github repo created.

 

Github repo URL:

https://github.com/andyvand/ReadSMC

ReadSMC.zip

Share this post


Link to post
Share on other sites
Advertisement

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

Share this post


Link to post
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

 

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

MBP81_SMC.zip

SMC_disass.zip

rej09b0350_h8s2117hm.pdf.zip

Share this post


Link to post
Share on other sites

Thanks!

Is the 13 inch version.

I'm in vacation now, I will read/try when back, but already tried the -force flashing the *.smc update file from apple, that pass me the fan error but still gave errors on CPU voltages/amps(when on battery is stuck on lowest speed)

That is why I asked for a way of dumping all stuff(like EPM)

BTW attached a pdf for collection ;)

 

 

D1_02_Alex_Ninjas_and_Harry_Potter.zip

Share this post


Link to post
Share on other sites

Hey, I have a MBP8,1 13" with apparently a busted SMC... PLEASE say you can dump the whole thing (with EPM) and perhaps help me...

I cannot reset the SMC via keyboard and if I try to do SmcFlasher.efi -reset 1, the computer shuts down immediately. I cannot boot other than by bypassing the POST/SMC.

Share this post


Link to post
Share on other sites

Hi, 

 

I have a question : i try to force flash a MBP81 with the correct SMC (i have a prototype with a old SMC) and the program search for a "emp" file. Can you help me ?

Share this post


Link to post
Share on other sites

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

 

Hello,

 

long time ago...........

 

Which commands are necessary to save the smc as a file?

Can you/someone send me the attached files, downloads via forum isn't possible yet :(

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Yes people, please reattach as I no longer have the sources.

Work should not go lost... (yet lots of stuff have been gone since the forum went down a while ago).

Somebody upload the zip file please and I'll create a new Github repo as backup ;)

Please...

Share this post


Link to post
Share on other sites

 

Hope can helps attachicon.gifReadSMC.zip

 

btw @Andy .. I have a little archive of your project, if you need and the internet back to normal I'll upload.

attachicon.gifAnV-dev.jpg

 

Sure, upload all :D

Thx!

Share this post


Link to post
Share on other sites

Yeah, I am wondering how to dump the complete SMC with this. Apple hasn't released any SMC updates for the Xserve3,1, so it's the only way I can get a copy of it.

Check Apple's update site.

There is an EFI firmware update.

Check it, it might contain SMC too.

 

https://support.apple.com/kb/DL990?locale=nl_NL

 

All updates:

https://support.apple.com/en-us/HT201518

Share this post


Link to post
Share on other sites

Hi,

smcflasher.efi get error:

Image type IA32 is not supported by this 64bit shell

i install refit and boot shell and try to flash smc

thanks

I had to extract the SmcFlasher.efi from http://support.apple.com/kb/DL1731 in order to get things working

 

the SmcFlasher.efi that was included in the firmware update for my PowerBook Pro would not run from an EFI shell

Share this post


Link to post
Share on other sites
Dear all,

 

To be synthetic:

 

I had kernel_task running over 300% with my HDD WD Blue

 

I replaced it with a SSD and the problem was still here...

 

I looked up into settings and found that i didn"t had the correct SMC and EFI version: see below:

 

Nom du modèle : MacBook Pro

  Identifiant du modèle : MacBookPro8,1

  Nom du processeur : Intel Core i5

  Vitesse du processeur : 2,4 GHz

  Nombre de processeurs : 1

  Nombre total de cœurs : 2

  Cache de niveau 2 (par cœur) : 256 Ko

  Cache de niveau 3 : 3 Mo

  Mémoire : 4 Go

  Version de la ROM de démarrage : MBP81.0047.B2C

  Version SMC (système) : 1.68f99

 

141028version.jpg

 

As you can see i dont have the correct SMC installed, and have an unknow EFI ...  I dont know how i have the wrong SMC and EFI ..

 

I tried to install the correct SMC and EFI from el capitan but it said that i needed 10.9.5 version, so i moved on and downgraded to mavericks and when i tried to install i got a message that i can't upgrade the version ... (or it was not needed )

 

 

I tried to flash the SMC with rEFIt and it has succeed:

I used the 201MBP13.smc which is located on the .pkg of the  MBP late 2011 update here:


 

585599FullSizeRender1.jpg

 

Ofc i have a blackscreen so can't do anything..

 

Tried SMC, PRAM reset, nothing

Now when i'm booting, the fans starting at full speed 10 second after the boot, then turns about 6-7 seconds and then the mbp shut down ..

 

The mbp is out of waranty

 

Thanks for the help!

 

MacBook Pro, OS X Mavericks (10.9.5), 8,1 late 2011

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

 

How do i reinstall the capitan or yosemite on SMC bypass mode? i cant boot the comp, the fan runs at full speeds and after 6-7 seconds it turns off.. Should i try a remote distance access? but i dont think it will work ?

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

 

Ok it works, what to do now?

 

Thanks for trick!! :) :) :) :)

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

Announcements

  • Similar Content

    • By BALDY_MAN
      Hi All.
      Im Happy to share my new EFI file that I put together  18/10/2020. which got me up and running 11.0  Beta(20A5395g) on my hack
      a thanks you to everyone who's work I have use to assemble this EFI File. and the help I have received from this site
      I have used openCore 0.6.3, sound work for me (HDMI) and onboard Ethernet. map the usb ports as you wish.
      the definition to iMac20,2
      hope it helps all who need it
      PS. Please leave a comment if the EFI File is helpful to you
      (No Kexts were Harmed in the making of this EFI)
      THIS EFI. WAS MADE ON A Z490 GIGABYTE MASTER For the Z490 Gigabyte Master ONLY
                                                                                                                     regards
                                                                                                                                         Baldy_man
      GigabyteZ40Master.EFI.(20A539g) .zip
    • By ITzTravelInTime
      Hi guys, this thread is to show you a new and open source app, created by me, that I called TINU:
       
      The name means: TINU Is Not #####, the U refers to a popular software that is used to create macOS hackintosh installers (that for good reasons is banned on this forum), but the aim of the name is to explain that this app is a totally different thing from that software and works in a totally different way.
       
      This app basically is a graphical interface for the createinstallmedia executable that is inside the macOS and Mac OS X installer apps, it is capable to create a bootable installer completely vanilla like what you do using the command line method, and also this method is recommended by apple itself. In addition to this, this app provvides you simplicity and flexybility, and lets you to avoid most of the tedious steps or problems of other simlar apps.
       
      TINU allows you to create easily a bootable macOS installer without messing around with command line stuff and without using disk utility, all you need to do is use the app and then install your bootloader of choiche on the usb (or just leave it as is if you want to use it on a real Mac).
       
      Features:
      - Simple-to-use UI that allows you to easily start the bootable macOS installer creation process.
      - It can work with every macOS installer app that has the createinstallmedia executable inside its resources folder (including also beta and newly released installers).
      - You can use any erasable volume that is at least 7 GB of size (if the volume's drive is not in GUID format, TINU will re-format it accordingly).
      - Can work with the Mac OS recovery system, so you can create a bootable macOS installer from the macOS installer itself or from the macOS recovery partition, and you can use TINU to install macOS, too.
      - 100% clean: The bootable macOS installers created with this tool are vanilla, just as if you created them using the command line "createinstallmedia" method in Terminal.
      - Open Source: You can verify what this program does on your computer and you can create your own version by downloading and playing with the source code.
      - Does not require any special preparations. Just open the program, make sure you have a USB drive plugged in and have a macOS installer app on your disk.
      - No need to use Disk Utility. TINU can format your drive or partition for you.
      - Integrated EFI partition mounter tool.
      - Works using the latest versions of macOS and will also support newer Mac installers out of the box without requiring an update.
      - Offers advanced features to customize your bootable macOS installer.
       
       (To sugegst a new feature please contact me on github)
       
      Requirements:
      - A computer that runs Mac OS X Yosemite or a more recent version (Mac OS X El Capitan is required to use TINU in a macOS recovery or installer).
      - A drive or a free partition (on a drive which already supports GUID) of least 7 GB that you want to turn into a macOS/Mac OS X installer.
      - A copy of a macOS/Mac OS X installer app (Maveriks or newer versions are supported) in the /Applications folder or in the root of any storage drive on your machine (excepted the drive or volume you want to turn into your macOS install media).
       
      Download:
      - All downloads:
      https://github.com/ITzTravelInTime/TINU/releases
      - Reccommended download for Catalina and Big Sur users:
      https://github.com/ITzTravelInTime/TINU/releases/tag/3.0_BETA_4_(82)

      Frequently asked questions:
      https://github.com/ITzTravelInTime/TINU/wiki/FAQs
       
      Useful links:
      Thread (english) on insanelymac.com:
      - http://www.insanelymac.com/forum/topic/326959-tinu-the-macos-installer-creator-app-mac-app/
      Thread (italian) on insanelymac.com:
      - https://www.insanelymac.com/forum/topic/333261-tinu-app-per-creare-chiavette-di-installazione-di-macos-thread-in-italiano/
      Thread (english-german) on hackintosh-forum.de:
      - https://www.hackintosh-forum.de/index.php/Thread/33630-TINU/
      Post on Reddit:
      - https://www.reddit.com/r/hackintosh/comments/a1h61d/tinu_vanilla_bootable_macos_installer_creation/
      Facebook hackintosh help and beta testing (Italian only):
      - https://www.facebook.com/groups/Italia.hackintosh/?fref=ts
      Contact me (project creator):
      - Insanelymac.com profile: http://www.insanelymac.com/forum/user/1390153-itztravelintime/
      - email: piecaruso97@gmail.com
       
      Note that:
      - This software is under GNU GPL v3 license so any new branch/mod/third party release must be open source and under the same license.
      - We (the project creator and othe people involved with active developmment) assume no responsibility for any use of this app and this source code, and also for any kind of hardware and software damage to any computer and any device or peripheral that may come from this app or source code during it's use and outside it's usage
      - We do not guarantee support to you, this is only an open source project, not a product released by a company!
      - This project is born only for educational and demonstrative purposes, it's not intended to be used for commercial purposes and it will never be.
      - This is a no-profit project, born only to let people to create macOS install medias in a more simple way and also to learn how to create this kind of apps.
       
      Credits:
      - Apple for macos and installer apps and scripts
      - People that helped me a lot:
      Francesco Perchiazzi, Nicola Tomarelli, Roberto Sciortino, Raffaele Sonnessa, Ermanno Nicoletti, Tommaso Dimatore, Michele Vitiello Bonaventura, Massimiliano Faralli, Davide Dessì, Giorgio Dall'Aglio, Peter Paul Chato.   
      - Special thanks to Italian Hackintosh group!! for help (https://www.facebook.com/groups/Italia.hackintosh/?fref=ts)
      - Thomas Tempelmann for help with the UI
      - Pietro Caruso (ITzTravelInTime) for creating, maintaing and developing this project
       
      Here are also some screenshots inside this spoiler tab
       
       
       
         
    • By le332313
      Can someone share the dell 5593/5493 EFI ? I try to fit the graphics driver, but it not working please help me thanks
       
    • By rich_mark
      Hi,
      Please let me know if there is any free Mac File recovery software that can recover my 500 MB of data. I already tried Test Disk but unable to understand that tool. Please share any suggestions.
×