netkas.org forum
December 11, 2017, 04:25:17 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Information for registering users http://forum.netkas.org/index.php/topic,2246.0.html
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Apple Firmware hacking.  (Read 293 times)
DarthnVader
Newbie

Offline Offline

Posts: 14


« on: December 01, 2017, 01:02:12 PM »

I'm looking at ways to try and hack Apple's firmware updates to insert a NVME driver into the Firmware of a MacPro so it will boot from NVME drives.

Just taking a quick look at the firmware update for the 5,1 from High Sierra installer, the firmware seems to be locked, I can't insert anything into it with UEFITool. This shouldn't come as a shock, as the file name is: MP51_0084_00B_LOCKED.fd

If others are interested in this project we can look into it more, and see if we can't figure out how to insert a driver into the firmware, but then I'm sure Apple's firmware update tool won't flash a modified firmware unless it has a proper CRC, so we'll have to overcome that too.

Logged
tomtomgps
Newbie

Offline Offline

Posts: 36


« Reply #1 on: December 02, 2017, 10:27:18 AM »

Sounds like a great project!  I suppose the firmware you're talking about is contained on a certain chip in the Mac Pro. How do you know there is enough space on it to contain a driver ?  Is there any way to decompile the firmware ?
Logged
DarthnVader
Newbie

Offline Offline

Posts: 14


« Reply #2 on: December 02, 2017, 02:01:11 PM »

Sounds like a great project!  I suppose the firmware you're talking about is contained on a certain chip in the Mac Pro. How do you know there is enough space on it to contain a driver ?  Is there any way to decompile the firmware ?

There is always room Grin

You can't decompile it, but you can extract it. UEFITool does a fare job, if you know how to use it, used to be a python script that did a better job of it.

Logged
tomtomgps
Newbie

Offline Offline

Posts: 36


« Reply #3 on: December 03, 2017, 07:20:50 AM »

"Anecdotal evidence has indicated that Mac systems also contain a “boot ROM”, which is executed before the EFI firmware and verifies the integrity of the firmware image including its cryptographic signature at the end of the firmware volume. If the firmware image is not deemed to be valid, the system generates the “S.O.S.” beep sound (literally “S O S” in Morse code) and refuses to boot."

http://ho.ax/De_Mysteriis_Dom_Jobsivs_Black_Hat_Paper.pdf
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines
SMFAds for Free Forums
Valid XHTML 1.0! Valid CSS!