netkas.org forum
November 27, 2020, 01:39:37 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Information for registering users http://forum.netkas.org/index.php/topic,2246.0.html
 
   Home   Help Search Login Register  
Pages: 1 [2] 3 4 ... 10
  Print  
Author Topic: Mac Mini Firmware Upgrade Utility Needed (help request).  (Read 734479 times)
MacEFIRom
Not Newbie
*
Offline Offline

Posts: 19


« Reply #15 on: September 02, 2011, 06:38:08 AM »

I'll look into this, it sounds very interesting. This could also be used before running the firmware update tool to save the current firmware version, which would be useful for those people who have firmware versions more recent than the downloadable updates. This situation happens more often than you might think. Also, to repeat, it would be very useful to have someone pull the rom file from their MacMini2,1 and provide a link for download.
Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #16 on: September 02, 2011, 08:01:47 AM »

It is very easy to get a good looking .fd file from ROM. I did a small tutorial on this board but my post is under moderation due to spam likeliness (l should have attached my files instead of link them to another website ...).

  • Install rEFIt 1.4
  • Plug a Flashdrive
  • Reboot twice to get the rEFIt bootloader
  • Select "Run EFI Shell"
  • Get the name of the flashdrive (mine was "fs2:")
  • Type :
    • dumpfv
    • cp fs0:\firmware.fd fs2:\
    • exit
  • Boot on MacOSX
  • Get the .fd file from the Flashdrive
  • Uninstall rEFIt


You can find the same tutorial in french here and you can PM me for the files I get ...
« Last Edit: September 22, 2011, 09:31:53 PM by Sebinouse » Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #17 on: September 06, 2011, 04:25:16 PM »

@MacEFIRom

Can you make a custom app for MacMini to upgrade a generic "firmware.fd" or restore "MM11.0055.B08.fd" like you did for the MacPro ... ?

I would like to test the restoration of my firmware to see if it fits !

« Last Edit: September 06, 2011, 04:48:56 PM by Sebinouse » Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #18 on: September 12, 2011, 03:06:43 PM »

@MacEFIRom

I now have a MM21_009A_B00.fd file created with a dump from a genuine MacMini2,1 (Courtesy of Alexcooltranquille). Grin

I made two modification to preserve Alexcooltranquille's personal data : Serial number and UUID.

I can send you the file by PM if you want !

And do you think you can now make custom app for Mac Mini ?  Roll Eyes

Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #19 on: September 13, 2011, 08:38:11 AM »

@MacEFIRom

We do have a MM21.009.B00.fd file created from a dump (courtesy of AlexCoolTranquille).

We noticed that there were personal datas inside the .fd file : we changed the Serial Number with one spoted on the web, the UUID ....

Do you think we have to make a custom firmware for each mac with the right UUID ?
« Last Edit: September 19, 2011, 03:13:23 PM by Sebinouse » Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #20 on: September 19, 2011, 09:55:24 AM »

You can boot your Core2Duo MacMini1,1 on 64bit and make MacOSX believe it is a MacMini2,1 by using Chameleon like they did for the mac pro .

This is not prefect but it is the beginning !

Moreover here is the MM21.009.B00.fd if somebody wants to give a try !
« Last Edit: September 19, 2011, 03:12:50 PM by Sebinouse » Logged
MacEFIRom
Not Newbie
*
Offline Offline

Posts: 19


« Reply #21 on: September 19, 2011, 09:53:31 PM »

I've looked into this via comparing the downloaded firmware file and extracted firmware file on my 2007 Mac Pro, as I don't have a Mac Mini. The files differ by hundreds and hundreds of bytes. It appears that Macs are using a portion of the firmware image to store hardcoded data like the SN and UUID as well as NVRAM parameters like boot volume, audio level, etc. My guess is that the firmware installer extracts this data from the machine and then inserts it into the new firmware image, and then flashes it, or the image is flashed and then this data is written. In any case, there's no way to tell if this would work correctly, and it it doesn't the result will be a bricked Mac Mini. If some brave soul wants to try it out, I can edit the updater file and scripts, and someone can try it out using the uploaded MacMini2,1 file posted previously.
Logged
girafe
Newbie

Offline Offline

Posts: 3


« Reply #22 on: September 19, 2011, 10:56:01 PM »

MacEFIRom , excuse-me for my bad English. Sad

You write:  "Inside the EfiUpdaterApp2.efi program are a list of firmware version strings from different releases of the 2010 Mac Pro, along with the CRC32 checksum of the firmware image file."

Did you made a copy/paste with the existing strings?
We, we do not have a file coming from Apple. There never was of update of the firmware of the minis 2007. We are obliged to rebuild it.
I tested all the techniques which I knew to rebuild the strings. I did not arrive.
Are you sure that it's a CRC32, as in MM11.88Z.0055.B05.0607191735?

Thank you.

I will like to see the code of the patcher.
« Last Edit: September 22, 2011, 12:21:54 PM by girafe » Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #23 on: September 20, 2011, 10:16:43 PM »

The files differ by hundreds and hundreds of bytes. It appears that Macs are using a portion of the firmware image to store hardcoded data like the SN and UUID as well as NVRAM parameters like boot volume, audio level, etc. My guess is that the firmware installer extracts this data from the machine and then inserts it into the new firmware image, and then flashes it, or the image is flashed and then this data is written. In any case, there's no way to tell if this would work correctly, and it it doesn't the result will be a bricked Mac Mini. If some brave soul wants to try it out, I can edit the updater file and scripts, and someone can try it out using the uploaded MacMini2,1 file posted previously.

If you give a closer look there are not so many differences between the dumped firmware and the original version from Apple (I did this with the MM11.0055..B08 and my dump) ... 2 or 3 blocks of several bytes which are "FF" in the original firmware.

Do you think we can modify the dumped MM2.1... to look like a virgin one ?
Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #24 on: September 21, 2011, 11:19:39 AM »

I tested all the techniques which I knew to rebuild the strings. I did not arrive.
Are you sure that it's a CRC32, as in MM11.88Z.0055.B05.0607191735?

I think these are not CRC32 but just dates : YYMMDDHHMM ! (Year Month Day Hours Minutes : see attached file)
By the way where did you get a MM11.88Z.0055.B05 ?

* CRC32 vs DATE.txt (0.64 KB - downloaded 614 times.)
« Last Edit: September 21, 2011, 11:22:27 AM by Sebinouse » Logged
girafe
Newbie

Offline Offline

Posts: 3


« Reply #25 on: September 21, 2011, 05:42:22 PM »

Sebinouse, You are right.
« Last Edit: September 22, 2011, 12:21:06 PM by girafe » Logged
growner
Not Newbie
*
Offline Offline

Posts: 7


« Reply #26 on: September 22, 2011, 12:58:13 AM »

Hi! I've been looking at this independently for a month or so, now (trying to find where the board-id comes from, for instance).  My tools have been 'flashrom' (http://www.flashrom.org/Flashrom), DirectHW (http://www.coreboot.org/DirectHW) and 'xxd' (part of the ViM package and already on my Mac OS X 10.6.8 system).  With these I can interactively get the 2MiB flash contents of a Macmini1,1, and view the combined hex/ascii dump using 'xxd' (with the potential to modify that dump with 'vi' and reassemble using 'xxd -r').

My experience indicates that there are 3-4 key 2k byte sections that relate to identity (offsets from 'xxd'):
01d0000: (possible)
01d8000: Labeled 'Fsys' and clearly where the serial number plus some other info is stored (this section has an integer value at the far end of the 2k).
01d8800: Labeled 'Gaid'.
01f3800: Seems to have some other versioning information in addition to the firmware revision number itself.

My question relates to the firmware dump from the Macmini2,1 posted above. What was changed to handle the "personal" information?  The 'Fsys' section seems particularly mangled compared to the clean, less-than 64 byte, entry my system has. At least on my system, the last three characters of the serial number was stored in two places in the Fsys section.  There's some website, can't find the bookmark now, that maps those last three characters to various Mac models.

I agree the user who observed that the 2MiB flash seems to be used for at least a version of the NVRAM, and also held for mine some of the values from various "bless" experiments I did.
« Last Edit: September 22, 2011, 01:00:32 AM by growner » Logged
lolof
Guest
« Reply #27 on: September 22, 2011, 05:07:17 PM »

I have access to a macmini 2007 saturday evening. If you could give more details on how you exctracted your firmware, I could exctract the one from the macmini 2007 and send it to you to compare. One dump is not enough to start something...

Update : After few hours of compiling problem, I had the flashrom working on my mac. I will extract the 2007 model firmware this weekend. But from my experience now, the dump can easily lightly change from one dump to another (on the same computer) because of memory change. This afternoon, I have done some experience patching the firmware update from Apple, I could start it and start the update in effi mode but without sucess to write the rom. I can see some trace of this in y extracted rom with flashrom.

By the way, did you manage to use dmidecode with flashrom Huh
« Last Edit: September 23, 2011, 12:28:09 AM by lolof » Logged
growner
Not Newbie
*
Offline Offline

Posts: 7


« Reply #28 on: September 23, 2011, 02:59:52 AM »

...
Update : After few hours of compiling problem, I had the flashrom working on my mac. I will extract the 2007 model firmware this weekend. But from my experience now, the dump can easily lightly change from one dump to another (on the same computer) because of memory change. This afternoon, I have done some experience patching the firmware update from Apple, I could start it and start the update in effi mode but without sucess to write the rom. I can see some trace of this in y extracted rom with flashrom.

By the way, did you manage to use dmidecode with flashrom Huh
Hi!

Quick progress!  No, dmidecode doesn't work with DirectHW, as under Mac OS X, there is no real DMI, as such, IIRC.  When a Mac boots Windows, for example, the Mac EFI presents an emulated BIOS, My best guess is that this is like the BIOS mirroring that many PC motherboards allow, and the Mac EFI builds this emulated BIOS prior to a non-Mac OS bootup (unless it's an EFI bootup, like some of the more recent Linux elilo implementations).

Regarding the changes, this is one reason why I like 'xxd'.  Once one has the combined hex/ascii dump of the 2MiB flash contents, it's easy to use the 'diff' utility to highlight the changes, especially with the '-d' flag (or '--minimal' i.e. fewer, and fewer false positive, differences show up). One can then modify the 'hex' area and use the '-r' flag to rebuild a modified original (which you can verify with 'cmp -l' if it's a small change).
Logged
Sebinouse
Jr. Member
**
Offline Offline

Posts: 65



« Reply #29 on: September 23, 2011, 10:06:36 AM »

My experience indicates that there are 3-4 key 2k byte sections that relate to identity (offsets from 'xxd'):
01d0000: (possible)
01d8000: Labeled 'Fsys' and clearly where the serial number plus some other info is stored (this section has an integer value at the far end of the 2k).
01d8800: Labeled 'Gaid'.
01f3800: Seems to have some other versioning information in addition to the firmware revision number itself.

My question relates to the firmware dump from the Macmini2,1 posted above. What was changed to handle the "personal" information?  The 'Fsys' section seems particularly mangled compared to the clean, less-than 64 byte, entry my system has.

I also looked for the differences between my dump and the official firmware.
These parts may content personal data (they are blank, "FF", in the official file):
  • 0x4 bytes offset 0x1B004C
  • 0x38D6 bytes offset 0x1B0058
  • 0x244 bytes offset 0x1D0018
  • 0x2000 bytes offset 0x1D8000
  • 0x80 bytes offset 0x1FFF00
Another part is more problematic, it is present in the official firmware and *NOT* in the dump :
  • 0x4000 bytes offset 0x1DA000

*BUT* with more investigation this part is the same for MM11_004B_00B.fd, MM11_0055_02B.fd and MM11_0055_03B.fd. It only differs in the MM11_0055_08B.fd.


About the modification I made for the firmware posted above : I carefully replaced the Serial with another one found on the net (MacMini2,1), I also carefully change the UUID with another one. I might have made a mistake, I will look into this ...
Logged
Pages: 1 [2] 3 4 ... 10
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!