Jump to content
Andy Vandijck

ReadSMC for EFI, a tool to enter read SMC keys from EFI shell on real Macs

63 posts in this topic

Recommended Posts

I wrote a little EFI tool to read SMC keys from real Macs from an EFI shell running on the real Macs.

I made 32bit and 64bit versions.

It also reads the SMC Signature out and shows it.

 

Usage example:

ReadSMC.efi OSK 31

 

It show:

OSK0: [ 6f 75 72 68 61 72 64 77 6f 72 6b 62 79 74 68 65 73 65 77 6f 72 64 73 67 75 61 72 64 65 64 70 6c ]

 

Have fun :D

 

EDIT: Upload restored, github repo created.

 

Github repo URL:

https://github.com/andyvand/ReadSMC

ReadSMC.zip

Share this post


Link to post
Share on other sites
Advertisement

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

Share this post


Link to post
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

 

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

MBP81_SMC.zip

SMC_disass.zip

rej09b0350_h8s2117hm.pdf.zip

Share this post


Link to post
Share on other sites

Thanks!

Is the 13 inch version.

I'm in vacation now, I will read/try when back, but already tried the -force flashing the *.smc update file from apple, that pass me the fan error but still gave errors on CPU voltages/amps(when on battery is stuck on lowest speed)

That is why I asked for a way of dumping all stuff(like EPM)

BTW attached a pdf for collection ;)

 

 

D1_02_Alex_Ninjas_and_Harry_Potter.zip

Share this post


Link to post
Share on other sites

Hey, I have a MBP8,1 13" with apparently a busted SMC... PLEASE say you can dump the whole thing (with EPM) and perhaps help me...

I cannot reset the SMC via keyboard and if I try to do SmcFlasher.efi -reset 1, the computer shuts down immediately. I cannot boot other than by bypassing the POST/SMC.

Share this post


Link to post
Share on other sites

Hi, 

 

I have a question : i try to force flash a MBP81 with the correct SMC (i have a prototype with a old SMC) and the program search for a "emp" file. Can you help me ?

Share this post


Link to post
Share on other sites

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

 

Hello,

 

long time ago...........

 

Which commands are necessary to save the smc as a file?

Can you/someone send me the attached files, downloads via forum isn't possible yet :(

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Yes people, please reattach as I no longer have the sources.

Work should not go lost... (yet lots of stuff have been gone since the forum went down a while ago).

Somebody upload the zip file please and I'll create a new Github repo as backup ;)

Please...

Share this post


Link to post
Share on other sites

 

Hope can helps attachicon.gifReadSMC.zip

 

btw @Andy .. I have a little archive of your project, if you need and the internet back to normal I'll upload.

attachicon.gifAnV-dev.jpg

 

Sure, upload all :D

Thx!

Share this post


Link to post
Share on other sites

Yeah, I am wondering how to dump the complete SMC with this. Apple hasn't released any SMC updates for the Xserve3,1, so it's the only way I can get a copy of it.

Check Apple's update site.

There is an EFI firmware update.

Check it, it might contain SMC too.

 

https://support.apple.com/kb/DL990?locale=nl_NL

 

All updates:

https://support.apple.com/en-us/HT201518

Share this post


Link to post
Share on other sites

Hi,

smcflasher.efi get error:

Image type IA32 is not supported by this 64bit shell

i install refit and boot shell and try to flash smc

thanks

I had to extract the SmcFlasher.efi from http://support.apple.com/kb/DL1731 in order to get things working

 

the SmcFlasher.efi that was included in the firmware update for my PowerBook Pro would not run from an EFI shell

Share this post


Link to post
Share on other sites
Dear all,

 

To be synthetic:

 

I had kernel_task running over 300% with my HDD WD Blue

 

I replaced it with a SSD and the problem was still here...

 

I looked up into settings and found that i didn"t had the correct SMC and EFI version: see below:

 

Nom du modèle : MacBook Pro

  Identifiant du modèle : MacBookPro8,1

  Nom du processeur : Intel Core i5

  Vitesse du processeur : 2,4 GHz

  Nombre de processeurs : 1

  Nombre total de cœurs : 2

  Cache de niveau 2 (par cœur) : 256 Ko

  Cache de niveau 3 : 3 Mo

  Mémoire : 4 Go

  Version de la ROM de démarrage : MBP81.0047.B2C

  Version SMC (système) : 1.68f99

 

141028version.jpg

 

As you can see i dont have the correct SMC installed, and have an unknow EFI ...  I dont know how i have the wrong SMC and EFI ..

 

I tried to install the correct SMC and EFI from el capitan but it said that i needed 10.9.5 version, so i moved on and downgraded to mavericks and when i tried to install i got a message that i can't upgrade the version ... (or it was not needed )

 

 

I tried to flash the SMC with rEFIt and it has succeed:

I used the 201MBP13.smc which is located on the .pkg of the  MBP late 2011 update here:


 

585599FullSizeRender1.jpg

 

Ofc i have a blackscreen so can't do anything..

 

Tried SMC, PRAM reset, nothing

Now when i'm booting, the fans starting at full speed 10 second after the boot, then turns about 6-7 seconds and then the mbp shut down ..

 

The mbp is out of waranty

 

Thanks for the help!

 

MacBook Pro, OS X Mavericks (10.9.5), 8,1 late 2011

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

 

How do i reinstall the capitan or yosemite on SMC bypass mode? i cant boot the comp, the fan runs at full speeds and after 6-7 seconds it turns off.. Should i try a remote distance access? but i dont think it will work ?

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

 

Ok it works, what to do now?

 

Thanks for trick!! :) :) :) :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Allan
      That's unbelievable awesome

       
      Link: https://www.macupdate.com/app/mac/61068/clover-theme-manager
    • By ITzTravelInTime
      Hi guys, this thread is to show you a new and open source app, created by me, that I called TINU:
       
      The name means: TINU Is Not #####, the U refers to a popular software that is used to create macOS hackintosh installers (that for good reasons is banned on this forum), but the aim of the name is to explain that this app is a totally different thing from that software and works in a totally different way.
       
      This app basically is a graphical interface for the createinstallmedia executable that is inside the macOS and Mac OS X installer apps, it is capable to create a bootable installer completely vanilla like what you do using the command line method, and also this method is recommended by apple itself. In addition to this, this app provvides to you simplicity and flexybility, and lets you to avoid most of the steps needed with every other app.
       
      TINU allows you to create easily a bootable macOS installer without messing around with command line stuff and without using disk utility, all you need to do is use the app and then install clover on the usb drive once TINU has finished or leave it as is if you want to use it on a real Mac.
       
      Features:
      - Simple-to-use UI that allows you to easily start the bootable macOS installer creation process.
      - It can work with every macOS installer app that has the createinstallmedia executable inside its resources folder (including also beta and newly released installers).
      - You can use any erasable volume that is at least 7 GB of size (if the volume's drive is not in GUID format, TINU will re-format it accordingly).
      - Can work with the Mac OS recovery system, so you can create a bootable macOS installer from the macOS installer itself or from the macOS recovery partition, and you can use TINU to install macOS, too.
      - 100% clean: The bootable macOS installers created with this tool are vanilla, just as if you created them using the command line "createinstallmedia" method in Terminal.
      - Open Source: You can verify what this program does on your computer and you can create your own version by downloading and playing with the source code.
      - Does not require any special preparations. Just open the program, make sure you have a USB drive plugged in and have a macOS installer app on your disk.
      - No need to use Disk Utility. TINU can format your drive or partition for you.
      - Integrated EFI partition mounter tool.
      - Uses recent, modern, APIs and SDKs and the Swift 3 language.
      - Transparent graphics style available (type alt-S or choose from the menu bar: View -> Use transparent style).
      - Works using the latest versions of macOS and will also support newer Mac installers out of the box without requiring an update.
      - Offers advanced features to customize your bootable macOS installer.
       
      Features that are planned for future versions:
      - Install and configure [Clover](https://sourceforge.net/projects/cloverefiboot/).
      - Install kexts into Clover's kexts folder.
      - Clover drivers customization
      - Use custom DSDT in Clover
      - Integrated pre-made Clover config templates database from a remote and open repository.
      - Support for other languages, at least Italian.
       
      # Requirements:
      - A computer that runs Mac OS X Yosemite or a more recent version (Mac OS X El Capitan is required to use TINU in a macOS recovery or installer).
      - A drive or a free partition (on a drive which already supports GUID) of least 7 GB that you want to turn into a macOS/Mac OS X installer.
      - A copy of a macOS/Mac OS X installer app (Maveriks or newer versions are supported) in the /Applications folder or in the root of any storage drive on your machine (excepted the drive or volume you want to turn into your macOS install media).
       
      Download:
      https://github.com/ITzTravelInTime/TINU/releases

      Frequently asked questions:
      https://github.com/ITzTravelInTime/TINU/wiki/FAQs
       
      Useful links:
      Thread (english) on insanelymac.com:
      - http://www.insanelymac.com/forum/topic/326959-tinu-the-macos-installer-creator-app-mac-app/
      Thread (italian) on insanelymac.com:
      - https://www.insanelymac.com/forum/topic/333261-tinu-app-per-creare-chiavette-di-installazione-di-macos-thread-in-italiano/
      Thread (english-german) on hackintosh-forum.de:
      - https://www.hackintosh-forum.de/index.php/Thread/33630-TINU/
      Post on Reddit:
      - https://www.reddit.com/r/hackintosh/comments/a1h61d/tinu_vanilla_bootable_macos_installer_creation/
      Facebook hackintosh help and beta testing (Italian only):
      - https://www.facebook.com/groups/Italia.hackintosh/?fref=ts
      Contact me (project creator):
      - Insanelymac.com profile: http://www.insanelymac.com/forum/user/1390153-itztravelintime/
      - email: piecaruso97@gmail.com
       
      Note that:
      - This software is under GNU GPL v3 license so any new branch/mod/third party release must be open source and under the same license
      - I (project creator) assume no responsibility for any use of this app and this source code, and also for any kind of hardware and software damage to any computer and any device or peripheral that may come from this app or source code during it's use and outside it's usage
      - I (project creator) do not guarantee support to you, this is only an open source project, not a product released by a company!
      - This project is born only for educational and demonstrative purposes, it's not intended to be used for commercial purposes and it will never be, don't use source code from this project to create apps or software for that aim.
      - This is a no-profit project, born only to let people to create macOS install medias in a more simple way and also to learn how to create this kind of apps.
       
      Credits:
      - Apple for macos and installer apps and scripts
      - People that helped me a lot:
      Francesco Perchiazzi, Nicola Tomarelli, Roberto Sciortino, Raffaele Sonnessa, Ermanno Nicoletti, Tommaso Dimatore, Michele Vitiello Bonaventura, Massimiliano Faralli, Davide Dessì, Giorgio Dall'Aglio, Peter Paul Chato.   
      - Special thanks to Italian Hackintosh group!! for help (https://www.facebook.com/groups/Italia.hackintosh/?fref=ts)
      - Thomas Tempelmann for help with the UI
      - Pietro Caruso (ITzTravelInTime) for creating, maintaing and developing this project
       
       
         
    • By spec3
      ciao ragazzi, vorrei comprare la suddetta scheda madre per una nuova configurazione, ma ho dei dubbi..
       
      1.  la pci (non express) e' fattibile farla funzionare con mojave o high sierra?
       
      altra domanda conviene installare mac su M2 o conviene evitare e rimanere su SSD classico da 2,5"?
       
      grazie in anticipo
    • By ITzTravelInTime
      So apple has presented a new and updated mac mini a few days ago, and the great news seems to be the use of desktop processors in it, in fact, all the specs seems to match a typical desktop socket 1151 v2 coffeelake system without a dedicated gpu, so i am wondering if the smbios of this machine could be our new smbios of preference for coffeelake desktop machines. So i have created this new topic to discuss about it. Of course we will have to wait to do tests using the first public version of mac os which integrates this smbios, because when every new mac is released it's smbios is available initialy just in a purpose made mac os build and then it's added for all the os builds in the following releases.
       
      So what do you think about the possibility of using this new smbios for desktop coffeelake machines instead of the imac 18.3/18.2 ones?
       
       
      https://www.apple.com/mac-mini/specs/
       
       

    • By marianopela
      Hi, I'm an Hackintosh user on my HP ProDesk and I'd like to try getting Mojave on my HP 250 G6
      Could anybody help me with the EFI folder?
       
      Thanks in advance
×