Jump to content
  • Announcements

    • Allan

      Forum Rules   04/13/2018

      Hello folks! As some things are being fixed, we'll keep you updated. Per hour the Forum Rules don't have a dedicated "Tab", so here is the place that we have our Rules back. New Users Lounge > [READ] - InsanelyMac Forum Rules - The InsanelyMac Staff Team. 
Andy Vandijck

ReadSMC for EFI, a tool to enter read SMC keys from EFI shell on real Macs

63 posts in this topic

Recommended Posts

I wrote a little EFI tool to read SMC keys from real Macs from an EFI shell running on the real Macs.

I made 32bit and 64bit versions.

It also reads the SMC Signature out and shows it.

 

Usage example:

ReadSMC.efi OSK 31

 

It show:

OSK0: [ 6f 75 72 68 61 72 64 77 6f 72 6b 62 79 74 68 65 73 65 77 6f 72 64 73 67 75 61 72 64 65 64 70 6c ]

 

Have fun :D

 

EDIT: Upload restored, github repo created.

 

Github repo URL:

https://github.com/andyvand/ReadSMC

ReadSMC.zip

Share this post


Link to post
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

Share this post


Link to post
Share on other sites

Can it dump the whole thing, not just the keys?

Reason for asking I have a dead SMC on MBP81, ordered 3 times on ebay(China/Taiwan) and each time they sent me chips for MBP83(dumb idiots).

Works with it but gave errors since MBP83 has 2 fans while MBP81 has one...

SMC chips are identical so what I want is to dump the damn thing from a good MBP81 and flash on devective MBP81 with SMC chip from MBP83.

Doable?

 

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

MBP81_SMC.zip

SMC_disass.zip

rej09b0350_h8s2117hm.pdf.zip

Share this post


Link to post
Share on other sites

Thanks!

Is the 13 inch version.

I'm in vacation now, I will read/try when back, but already tried the -force flashing the *.smc update file from apple, that pass me the fan error but still gave errors on CPU voltages/amps(when on battery is stuck on lowest speed)

That is why I asked for a way of dumping all stuff(like EPM)

BTW attached a pdf for collection ;)

 

 

D1_02_Alex_Ninjas_and_Harry_Potter.zip

Share this post


Link to post
Share on other sites

Hey, I have a MBP8,1 13" with apparently a busted SMC... PLEASE say you can dump the whole thing (with EPM) and perhaps help me...

I cannot reset the SMC via keyboard and if I try to do SmcFlasher.efi -reset 1, the computer shuts down immediately. I cannot boot other than by bypassing the POST/SMC.

Share this post


Link to post
Share on other sites

Hi, 

 

I have a question : i try to force flash a MBP81 with the correct SMC (i have a prototype with a old SMC) and the program search for a "emp" file. Can you help me ?

Share this post


Link to post
Share on other sites

You're in luck... I already did some research on the SMC chips.

I have a solution that will allow you to force flash that chip.

I don't know if it's the 13", 15" or 17" model but I've compiled up some files to flash those...

I've also thrown in some info on hacking SMC chips.

You can flash from within EFI shell using this command:

SmcFlasher.efi -force -update <filename.smc>

This is a version of SmcFlasher.efi with the capsule header removed so it can run directly from EFI shell... (SmcFlasher.efi is also known as SmcUtil.efi)

After flash your chip will be updated and it will be just fine ;)

Have fun :D

EDIT: Added SMC binary disassembly, for the curious people ;)

 

Hello,

 

long time ago...........

 

Which commands are necessary to save the smc as a file?

Can you/someone send me the attached files, downloads via forum isn't possible yet :(

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Share this post


Link to post
Share on other sites

Anyone have an updated link for ReadSMC? I need to read the whole SMC firmware of a 2009 Xserve to remove some CRC checks (I modified the firmware to add microcode support for 5600-series Xeons, but I need to modify the SMC too to remove the checks or otherwise it will brick).

Yes people, please reattach as I no longer have the sources.

Work should not go lost... (yet lots of stuff have been gone since the forum went down a while ago).

Somebody upload the zip file please and I'll create a new Github repo as backup ;)

Please...

Share this post


Link to post
Share on other sites

 

Hope can helps attachicon.gifReadSMC.zip

 

btw @Andy .. I have a little archive of your project, if you need and the internet back to normal I'll upload.

attachicon.gifAnV-dev.jpg

 

Sure, upload all :D

Thx!

Share this post


Link to post
Share on other sites

Yeah, I am wondering how to dump the complete SMC with this. Apple hasn't released any SMC updates for the Xserve3,1, so it's the only way I can get a copy of it.

Check Apple's update site.

There is an EFI firmware update.

Check it, it might contain SMC too.

 

https://support.apple.com/kb/DL990?locale=nl_NL

 

All updates:

https://support.apple.com/en-us/HT201518

Share this post


Link to post
Share on other sites

Hi,

smcflasher.efi get error:

Image type IA32 is not supported by this 64bit shell

i install refit and boot shell and try to flash smc

thanks

I had to extract the SmcFlasher.efi from http://support.apple.com/kb/DL1731 in order to get things working

 

the SmcFlasher.efi that was included in the firmware update for my PowerBook Pro would not run from an EFI shell

Share this post


Link to post
Share on other sites
Dear all,

 

To be synthetic:

 

I had kernel_task running over 300% with my HDD WD Blue

 

I replaced it with a SSD and the problem was still here...

 

I looked up into settings and found that i didn"t had the correct SMC and EFI version: see below:

 

Nom du modèle : MacBook Pro

  Identifiant du modèle : MacBookPro8,1

  Nom du processeur : Intel Core i5

  Vitesse du processeur : 2,4 GHz

  Nombre de processeurs : 1

  Nombre total de cœurs : 2

  Cache de niveau 2 (par cœur) : 256 Ko

  Cache de niveau 3 : 3 Mo

  Mémoire : 4 Go

  Version de la ROM de démarrage : MBP81.0047.B2C

  Version SMC (système) : 1.68f99

 

141028version.jpg

 

As you can see i dont have the correct SMC installed, and have an unknow EFI ...  I dont know how i have the wrong SMC and EFI ..

 

I tried to install the correct SMC and EFI from el capitan but it said that i needed 10.9.5 version, so i moved on and downgraded to mavericks and when i tried to install i got a message that i can't upgrade the version ... (or it was not needed )

 

 

I tried to flash the SMC with rEFIt and it has succeed:

I used the 201MBP13.smc which is located on the .pkg of the  MBP late 2011 update here:


 

585599FullSizeRender1.jpg

 

Ofc i have a blackscreen so can't do anything..

 

Tried SMC, PRAM reset, nothing

Now when i'm booting, the fans starting at full speed 10 second after the boot, then turns about 6-7 seconds and then the mbp shut down ..

 

The mbp is out of waranty

 

Thanks for the help!

 

MacBook Pro, OS X Mavericks (10.9.5), 8,1 late 2011

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

Share this post


Link to post
Share on other sites

Congratulations. You bricked your mac, for no reason at all. The kernel_task error was in no way related to the SMC version, and that site is not really entirely reliable because there are some versions that are not shown on it. Not to mention, most osx updates come with bundled efi/smc upgrades that are applied automatically or not according to need. You forced install of an incorrect SMC, because your EFI version was newer than what the site said.

 

The only possible solution I can think of other than replacing the chip is to perhaps reinstall el capitan or Yosemite on SMC Bypass mode.

 

How do i reinstall the capitan or yosemite on SMC bypass mode? i cant boot the comp, the fan runs at full speeds and after 6-7 seconds it turns off.. Should i try a remote distance access? but i dont think it will work ?

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

Share this post


Link to post
Share on other sites

You really shouldn't have messed with something you didn't understand. You need to open the mac, disconnect the battery and magsafe, hold power button pressed for 30 seconds or so, and with it still pressed connect the magsafe, let go of power and press it again once. The computer should boot but without sensors and fans at full speed.

 

Ok it works, what to do now?

 

Thanks for trick!! :) :) :) :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.

×