Jump to content
Andy Vandijck

ReadSMC for EFI, a tool to enter read SMC keys from EFI shell on real Macs

64 posts in this topic

Recommended Posts

I wrote a little EFI tool to read SMC keys from real Macs from an EFI shell running on the real Macs.

I made 32bit and 64bit versions.

It also reads the SMC Signature out and shows it.

 

Usage example:

ReadSMC.efi OSK 31

 

It show:

OSK0: [ 6f 75 72 68 61 72 64 77 6f 72 6b 62 79 74 68 65 73 65 77 6f 72 64 73 67 75 61 72 64 65 64 70 6c ]

 

Have fun :D

 

EDIT: Upload restored, github repo created.

 

Github repo URL:

https://github.com/andyvand/ReadSMC

ReadSMC.zip

Share this post


Link to post
Share on other sites
Advertisement

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

Share this post


Link to post
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

 

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

MBP81_SMC.zip

SMC_disass.zip

rej09b0350_h8s2117hm.pdf.zip

Share this post


Link to post
Share on other sites

Thanks!

Is the 13 inch version.

I'm in vacation now, I will read/try when back, but already tried the -force flashing the *.smc update file from apple, that pass me the fan error but still gave errors on CPU voltages/amps(when on battery is stuck on lowest speed)

That is why I asked for a way of dumping all stuff(like EPM)

BTW attached a pdf for collection ;)

 

 

D1_02_Alex_Ninjas_and_Harry_Potter.zip

Share this post


Link to post
Share on other sites

Hey, I have a MBP8,1 13" with apparently a busted SMC... PLEASE say you can dump the whole thing (with EPM) and perhaps help me...

I cannot reset the SMC via keyboard and if I try to do SmcFlasher.efi -reset 1, the computer shuts down immediately. I cannot boot other than by bypassing the POST/SMC.

Share this post


Link to post
Share on other sites

Hi, 

 

I have a question : i try to force flash a MBP81 with the correct SMC (i have a prototype with a old SMC) and the program search for a "emp" file. Can you help me ?

Share this post


Link to post
Share on other sites

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

 

Hello,

 

long time ago...........

 

Which commands are necessary to save the smc as a file?

Can you/someone send me the attached files, downloads via forum isn't possible yet :(

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Yes people, please reattach as I no longer have the sources.

Work should not go lost... (yet lots of stuff have been gone since the forum went down a while ago).

Somebody upload the zip file please and I'll create a new Github repo as backup ;)

Please...

Share this post


Link to post
Share on other sites

 

Hope can helps attachicon.gifReadSMC.zip

 

btw @Andy .. I have a little archive of your project, if you need and the internet back to normal I'll upload.

attachicon.gifAnV-dev.jpg

 

Sure, upload all :D

Thx!

Share this post


Link to post
Share on other sites

Yeah, I am wondering how to dump the complete SMC with this. Apple hasn't released any SMC updates for the Xserve3,1, so it's the only way I can get a copy of it.

Check Apple's update site.

There is an EFI firmware update.

Check it, it might contain SMC too.

 

https://support.apple.com/kb/DL990?locale=nl_NL

 

All updates:

https://support.apple.com/en-us/HT201518

Share this post


Link to post
Share on other sites

Hi,

smcflasher.efi get error:

Image type IA32 is not supported by this 64bit shell

i install refit and boot shell and try to flash smc

thanks

I had to extract the SmcFlasher.efi from http://support.apple.com/kb/DL1731 in order to get things working

 

the SmcFlasher.efi that was included in the firmware update for my PowerBook Pro would not run from an EFI shell

Share this post


Link to post
Share on other sites
Dear all,

 

To be synthetic:

 

I had kernel_task running over 300% with my HDD WD Blue

 

I replaced it with a SSD and the problem was still here...

 

I looked up into settings and found that i didn"t had the correct SMC and EFI version: see below:

 

Nom du modèle : MacBook Pro

  Identifiant du modèle : MacBookPro8,1

  Nom du processeur : Intel Core i5

  Vitesse du processeur : 2,4 GHz

  Nombre de processeurs : 1

  Nombre total de cœurs : 2

  Cache de niveau 2 (par cœur) : 256 Ko

  Cache de niveau 3 : 3 Mo

  Mémoire : 4 Go

  Version de la ROM de démarrage : MBP81.0047.B2C

  Version SMC (système) : 1.68f99

 

141028version.jpg

 

As you can see i dont have the correct SMC installed, and have an unknow EFI ...  I dont know how i have the wrong SMC and EFI ..

 

I tried to install the correct SMC and EFI from el capitan but it said that i needed 10.9.5 version, so i moved on and downgraded to mavericks and when i tried to install i got a message that i can't upgrade the version ... (or it was not needed )

 

 

I tried to flash the SMC with rEFIt and it has succeed:

I used the 201MBP13.smc which is located on the .pkg of the  MBP late 2011 update here:


 

585599FullSizeRender1.jpg

 

Ofc i have a blackscreen so can't do anything..

 

Tried SMC, PRAM reset, nothing

Now when i'm booting, the fans starting at full speed 10 second after the boot, then turns about 6-7 seconds and then the mbp shut down ..

 

The mbp is out of waranty

 

Thanks for the help!

 

MacBook Pro, OS X Mavericks (10.9.5), 8,1 late 2011

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

 

How do i reinstall the capitan or yosemite on SMC bypass mode? i cant boot the comp, the fan runs at full speeds and after 6-7 seconds it turns off.. Should i try a remote distance access? but i dont think it will work ?

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

 

Ok it works, what to do now?

 

Thanks for trick!! :) :) :) :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By AppleBytes
      OK, I've searching for days trying to gather up the tools to make my current install work correctly. I'm well on my way. But all the links to the things I currently must have were apparently nuked "during a forum upgrade". :(
      As far as EFI Studio goes; I can find many links to it. But for Insanelymac, they're broken (due to the upgrade), or for the Netkas site, they're links to either Rapidshare, or Mediafire that also no linger exist. I see many users here indicating that they used it to tweak their DSDT. But the web (google/duckduckgo), Instanelymac, and Netkas seem to have no idea where it's gone.
      Could some kind soul please share a copy, or a link? I'm a loooong time hacker, and would love to bring it back to life. In fact, I'd love to improve it -- or at least bring it up to current times. If only I knew where it was.
      Thank you for all your time, and consideration.
       
      --Chris
       
    • By SoThOr
      This was spurred on from a discussion in the Clover General thread. Where there was a debate on bcdedit being able create/read/edit (U)EFI Boot entries. I didn't think it appropriate to post all this information there and somebody may want to make use of this and its likely to get lost in that massive thread.
       
      Out of curiosity I decided to see if I could create an EFI entry using bcdedit. What can I say I like a challenge.  Whilst is not a documented method by Microsoft, as it turns out in a round about way it IS possible to create an EFI entry using bcdedit and these are the steps I went through to add UEFI Shell located on a USB stick to the EFI entries. 
       
      Third party software is available that can create and edit UEFI entries from Windows with better support and more features. I'm just making this information available in case those options are unavailable. 
       
      DISCLAIMER - This is not a supported method. Use at your own risk. I recommend backing up your BCD/Firmware variables/settings beforehand.
       
      1) Copy {bootmgr} entry.
      C:\Windows\System32>bcdedit /copy {bootmgr} /d "UEFI Shell" The entry was successfully copied to {34e8383c-73a7-11e9-9cb0-94de8078a7b5}. 2) Edit the new entry using the new GUID bcdedit generated in the copy step.
        a) Set the device and path for UEFI shell on my USB stick.
      bcdedit /set {34e8383d-73a7-11e9-9cb0-94de8078a7b5} device partition=G: bcdedit /set {34e8383d-73a7-11e9-9cb0-94de8078a7b5} path \EFI\SHELL\SHELLX64.efi   b) Clean up some of the stuff that was copied from {bootmgr} (optional as far as I can tell, just makes things tidier in bcdedit)
      3) Put the new EFI entry first in boot order. (optional)
       
      After completing the steps above, here is what "bcdedit /enum firmware" shows:
       
      I shutdown my computer and when I turned my computer back on it booted up into UEFI Shell. After exiting the shell my PC went on to boot Windows.
      Here is the resulting dump using "bcfg boot dump -v" from that shell:
       
      You may notice that the shell shows as "Windows Boot Manager" in the bcdedit output. This I believe is because of the "WINDOWS" at the beginning of the option data that bcdedit added to the EFI Boot entry. I also believe this why bcdedit shows my Windows 8 installation as "Firmware Application" because it has no option data. I don't know how to remove this data using bcdedit nor do I know how the option data, that bcdedit adds, will affect other EFI applications.

      There might be a way to create the EFI entry without copying the Windows entry but if there is I'm unable to find any documentation on how one would do so. If you use the create command then it just puts it in the BCD and I'm unaware of a way to tell it to create it in EFI instead, other than by doing the above.
    • By outdoormagic
      Short Version:
      I have two drives with the exact same EFI folder (and I can boot into Clover from either one), shouldn't I be able to boot into MacOS from either one?
       
      More Detail:
      I've done a few hacks so far and this never happened. (Gigabyte z370 / 8700k / Vega, Asus z390 / i5-9600k / 1080). Now, I'm setting up a ThinkPad X1 Gen 6. (Yes, I do expect problems on laptops, but that's not the question).
       
      Mojave 10.14.4 now boots from the internal SSD. So far, so good. Here's the problem.
       
      I installed Mojave on a USB drive (for backup / rescue) and copied the entire EFI partition of my boot drive to the EFI partition on the USB drive. So... I should be able to boot from the USB drive, right? Wrong. Ran Clover installer on the USB itself. Same outcome.
       
      With F12, I can boot from the USB into Clover and select the OS on the USB. The boot sequence hangs on End Random Seed, but before the usual '++++++++' line.
      So, boot into Clover on internal boot drive, then select OS on USB. Same thing.
       
      Read the forums, I saw the posts about AptioMemoryFix, so I tried the various other drivers on the USB. No go.
       
      I haven't found the solution yet to the USB boot issue, but what puzzles me is that if I have two drives with the exact same EFI folder (and I can boot into Clover from either one), shouldn't I be able to boot into MacOS from either one?
       
       
    • By AllIsDust
      Salve, vorrei fare un Hackintosh come da titolo, solo che avendo poco budget volevo chiedere se la mia attuale postazione fosse buona e ci fossero componenti compatibili per mac:
      i5 4590
      h97 pro4
      amd r9 280x
      ram 2x4 1600
      alu 620w
       
      Se non erro però la gru non dovrebbe esserlo dato che è amd. Grazie in anticipo
    • By karthiksh1989
      can somebody walkthrough with the mojave installation guide?
      i have a mac high sierra 13.6 version on my macbook pro and want to install mojave on my desktop
      Exact config is Gigabyte gaming wifi 7 motherboard amy ryzen 7 2nd gen 2700X processor Gigabyte G1 8GB grapgic card VEGA 64
      running 2 nvme Samsung 256gb cards and 1 intel 180gb ssd internal and 1tb WD HDD, with 64 GB 3200Mhz Ram
       
      https://wa.me/919611736534 (whatsapp)
×