Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
EFI chip location on Mac Mini A1347 ( Late 2012 )
- Thread starter kaos42
- Start date
- Sort by reaction score
Flash it to do what? What are you trying to gain by monkeying with the EFI? Sounds like a bricked computer waiting to happen....
my monkeying around on the forums just got me thinking of something else:
- if i can recover the drive info to the way it was before the format maybe i can get the 4 pin password back
- i bought the Teensy and used Overtek's code twice x 2 days and no luck so i think it is not a 4 pin EFI password ( the person told me they formated the drive in another computer than got the lock screen after and can't do anything )
- but now I need to look for gawd damn tool to take apart this little bastard
- if i can recover the drive info to the way it was before the format maybe i can get the 4 pin password back
- i bought the Teensy and used Overtek's code twice x 2 days and no luck so i think it is not a 4 pin EFI password ( the person told me they formated the drive in another computer than got the lock screen after and can't do anything )
- but now I need to look for gawd damn tool to take apart this little bastard
Overtek's code takes about three days, if you were done in two, you did something wrong with the script.
Don't be surprised that you may not find an atmel, it may be a "Micron 25Q064A 13E40" or a "Macronix MX25L6406" With both of these you can not use a pomona clip as the package is different.
Don't be surprised that you may not find an atmel, it may be a "Micron 25Q064A 13E40" or a "Macronix MX25L6406" With both of these you can not use a pomona clip as the package is different.
If you removed and re-formatted a hard drive that had efi protection set.
What was your results? I know if done on an air ssd the drive is still locked.
Why? It is because the efi password is NOT on the storage device, it is stored within the efi chip.
Start over and explain further, why is it you are locked out? what have you done thus far? At this time what can you or can't you do with the unit.
I am trying to understand this a bit further.
I have not looked at the efi chip in the mac mini, it may have a simple SOIC8 package, I know the air does not, yet the MBP's do.
If it does, both devices you stated will read the chip with flashrom, dump it save an original then ff out a few lines will remove the efi password.
As I said, if Overtek's code was done in 48 hours, you may want to look at the script you placed onto the Teensy as the process will take about 72 hours for all 10,000. If that fails, then it likely has more than a four digit pass.
Why is it you don't know it?
If you are the rightful original owner/purchaser on record with apple they will help you via the hash
What was your results? I know if done on an air ssd the drive is still locked.
Why? It is because the efi password is NOT on the storage device, it is stored within the efi chip.
Start over and explain further, why is it you are locked out? what have you done thus far? At this time what can you or can't you do with the unit.
I am trying to understand this a bit further.
I have not looked at the efi chip in the mac mini, it may have a simple SOIC8 package, I know the air does not, yet the MBP's do.
If it does, both devices you stated will read the chip with flashrom, dump it save an original then ff out a few lines will remove the efi password.
As I said, if Overtek's code was done in 48 hours, you may want to look at the script you placed onto the Teensy as the process will take about 72 hours for all 10,000. If that fails, then it likely has more than a four digit pass.
Why is it you don't know it?
If you are the rightful original owner/purchaser on record with apple they will help you via the hash
i got the macmini this way from a person that told me he had formated the drive than he got the question marked folder and the password box ( not boxes ) after holding the Option key.
I was reading the forums and i seen that ppl mention that there is a EFI Firmware partition and xxxxxxxxx.lock files on the main that has files that do something to the password ... so that is why i want to try and do a recovery on the drive maybe i can get it to a state where i have the 4 pin.
i am sorry i said 2 days ... it was closer to 3 ( i was even there by chance when i was looking at the screen when it reached the last number and started flashing rapidly ) and i tested the code in notepad and it was the updated code not the one with the bug in it with the [0] pin.
i want to buy the BusPirate or the BlackCat ... what one is better to get ? Both do the same, what one are people having success/suport with ? I can not find any details / instructions on this yet ... need to dig deeper.
P.S. I am in Moldova ( there is no Apple service here ) and i bought this the way it is ( non working ) without papers because it was a used item.
I was reading the forums and i seen that ppl mention that there is a EFI Firmware partition and xxxxxxxxx.lock files on the main that has files that do something to the password ... so that is why i want to try and do a recovery on the drive maybe i can get it to a state where i have the 4 pin.
i am sorry i said 2 days ... it was closer to 3 ( i was even there by chance when i was looking at the screen when it reached the last number and started flashing rapidly ) and i tested the code in notepad and it was the updated code not the one with the bug in it with the [0] pin.
i want to buy the BusPirate or the BlackCat ... what one is better to get ? Both do the same, what one are people having success/suport with ? I can not find any details / instructions on this yet ... need to dig deeper.
P.S. I am in Moldova ( there is no Apple service here ) and i bought this the way it is ( non working ) without papers because it was a used item.
I would recommend first looking to see what efi chip it is.
If it is a simple SOIC8 package, the clip will work and if you want a GUI interface then use the blackcat. If you are comfortable with command lines, then the bus pirate, I would recommend v3.6 - as it is cheaper in cost over the v4
All you need to do is dump the 8mb rom, be sure to save a spare copy, open it in a hex editor and look for the lines that contain $SVS, there should be two areas within the rom, all you really need to do is FF out that line down to the next block of FF.
Only the first $SVS entry needs to be removed, yet both can be as well.
Be sure you pull the data sheet for the efi chip so you know the pin out.
It may be something like this
Make sure that:
pins 3, 7 & 8 are all connected to 3.3v
pin 4 to ground
pin 1 to CS
pin 6 to CLK
pin 2 to MISO
pin 5 to MOSI
If it is a simple SOIC8 package, the clip will work and if you want a GUI interface then use the blackcat. If you are comfortable with command lines, then the bus pirate, I would recommend v3.6 - as it is cheaper in cost over the v4
All you need to do is dump the 8mb rom, be sure to save a spare copy, open it in a hex editor and look for the lines that contain $SVS, there should be two areas within the rom, all you really need to do is FF out that line down to the next block of FF.
Only the first $SVS entry needs to be removed, yet both can be as well.
Be sure you pull the data sheet for the efi chip so you know the pin out.
It may be something like this
Make sure that:
pins 3, 7 & 8 are all connected to 3.3v
pin 4 to ground
pin 1 to CS
pin 6 to CLK
pin 2 to MISO
pin 5 to MOSI
The bus pirate is a very flexible device. But when it comes to this project of reading the efi/bios. they both can read/write. What other need is there for this project, should be none.
If this is your only goal, purchase which ever device better fits your likes such as working with in a gui or not, then sell off the hardware when done with it.
imo the blackcat may be an easier learning curve.
OR just pay a service to replace the efi chip with a per-programed chip
If this is your only goal, purchase which ever device better fits your likes such as working with in a gui or not, then sell off the hardware when done with it.
imo the blackcat may be an easier learning curve.
OR just pay a service to replace the efi chip with a per-programed chip
Going to order the BlackCat to keep things simple ... and do u know how the guys that sell the toolkits automate the task of reading / writing without the computer ? Do those devices simple change something on the firmware on the chip or do they write from the toolkit a fresh firmware ?
I found a site with the Blackcat ( Flashcat ) that has options for connecting to the flash chip and I do not know what one to pick:
SOIC-8 EIAJ standard 8-lead, 0.200" (5.08mm) wide, 0.05" (1.27mm) pitch
SOIC-8 JEDEC standard 8-lead 0.150" (3.81mm) narrow, 0.05" (1.27mm) pitch
http://www.embeddedcomputers.net/products/SpiAdapter/
Where can I find info on the type of chip on the MacMini A1347 Late 2012 ?
SOIC-8 EIAJ standard 8-lead, 0.200" (5.08mm) wide, 0.05" (1.27mm) pitch
SOIC-8 JEDEC standard 8-lead 0.150" (3.81mm) narrow, 0.05" (1.27mm) pitch
http://www.embeddedcomputers.net/products/SpiAdapter/
Where can I find info on the type of chip on the MacMini A1347 Late 2012 ?
This is probably the best deal
Bus Pirate v3b Universal Interface (1-Wire, I2C, SPI, UART etc)
http://www.ebay.com/itm/111159674083
but there is also this:
Bus Pirate v4 Universal Interface (1-Wire, I2C, SPI, UART etc)
http://www.ebay.com/itm/121050184890
Bus Pirate v3b Universal Interface (1-Wire, I2C, SPI, UART etc)
http://www.ebay.com/itm/111159674083
but there is also this:
Bus Pirate v4 Universal Interface (1-Wire, I2C, SPI, UART etc)
http://www.ebay.com/itm/121050184890
As I said, It is best to open up the mini and see what the efi package is.
I have a 2011 mini and never even looked myself as i had no need.
Then keep in mind that the bus pirate and windows takes a little work to get it going, whereas the bus pirate and other OS's such as linux may interface easier yet it also will be command line only.
You need to know the efi package before you pick out any extras such as probe kits or clips. You may need real tiny clips like these http://www.digikey.com/catalog/en/partgroup/e-z-micro-hook-xkm-series/15783
Here is the BP 3.6
http://www.seeedstudio.com/depot/Bus-Pirate-v36-universal-serial-interface-p-609.html
And the v4, yet it is out of stock, they are working on a v5
http://www.seeedstudio.com/depot/Bus-Pirate-v4-p-740.html
Don't just jump into this, first understand what you are dealing with before you start purchasing
In the end the blackcat interface may be the easiest with gui
I have a 2011 mini and never even looked myself as i had no need.
Then keep in mind that the bus pirate and windows takes a little work to get it going, whereas the bus pirate and other OS's such as linux may interface easier yet it also will be command line only.
You need to know the efi package before you pick out any extras such as probe kits or clips. You may need real tiny clips like these http://www.digikey.com/catalog/en/partgroup/e-z-micro-hook-xkm-series/15783
Here is the BP 3.6
http://www.seeedstudio.com/depot/Bus-Pirate-v36-universal-serial-interface-p-609.html
And the v4, yet it is out of stock, they are working on a v5
http://www.seeedstudio.com/depot/Bus-Pirate-v4-p-740.html
Don't just jump into this, first understand what you are dealing with before you start purchasing
In the end the blackcat interface may be the easiest with gui
i do not have the tools to take it apart yet ... have to go shopping.
here i found pix from ( http://www.ifixit.com/Teardown/Mac+Mini+Late+2012+Teardown/11262 )
here i found pix from ( http://www.ifixit.com/Teardown/Mac+Mini+Late+2012+Teardown/11262 )
Last edited:
MOST of the efi flash chips will have 8 pins, four pins per opposing sides.
Pictures from a tear down may be helpful in determining locations
Yet due to production changes of suppliers, don't necessarily depend on finding the same brand or model of chip in every case.
Pictures from a tear down may be helpful in determining locations
Yet due to production changes of suppliers, don't necessarily depend on finding the same brand or model of chip in every case.
Finally got tools to take it appart
Cyber16 !!!
took it appart ... there is a MX25L6406E in it
will any SOIC 8 clip do ? ( http://www.ebay.com/itm/321381677746 ) ?
I would like to get the FlashCat to make it simple
I have another problem now:
- downloaded the MacMiniEFIfirmware1.7
- opened the DMG with TransMac
- opened the PKG with 7ZIP
- but i do not see a .FD or .SCRAP file in there
- do see a 4.3MB file named PAYLOAD
- when I open it in a hex editor I can not find $SVS
Cyber16 !!!
took it appart ... there is a MX25L6406E in it
will any SOIC 8 clip do ? ( http://www.ebay.com/itm/321381677746 ) ?
I would like to get the FlashCat to make it simple
I have another problem now:
- downloaded the MacMiniEFIfirmware1.7
- opened the DMG with TransMac
- opened the PKG with 7ZIP
- but i do not see a .FD or .SCRAP file in there
- do see a 4.3MB file named PAYLOAD
- when I open it in a hex editor I can not find $SVS
Attachments
Last edited:
Finally got the FlashcatUSB ( http://www.embeddedcomputers.net/products/FlashcatUSB/ )
I need to load the firmware on it before i can use it to access the EFI chip.
What firmware do I need ( NAND / SPI / EJTAG 16K / EJTAG 32K ) ?
I need to load the firmware on it before i can use it to access the EFI chip.
What firmware do I need ( NAND / SPI / EJTAG 16K / EJTAG 32K ) ?
Sorry I did not notice you updated the thread.
Forget about doing anything with the .FD or .SCRAP file
All you need to do is be able to read and dump the current and then search for those entries with $SVS
They will be there, make the edits and then write it back.
What clip did you find/purchase that is working for you?
The chip should imo be supported if you have the jumper/wires set right on the pins
Forget about doing anything with the .FD or .SCRAP file
All you need to do is be able to read and dump the current and then search for those entries with $SVS
They will be there, make the edits and then write it back.
What clip did you find/purchase that is working for you?
The chip should imo be supported if you have the jumper/wires set right on the pins
This is the clip I got ( http://www.ebay.com/itm/321381677746 )
What firmware do i need on the FlashcatUSB ? SPI / NAND / EJTAG 16 or 32 ?
What firmware do i need on the FlashcatUSB ? SPI / NAND / EJTAG 16 or 32 ?
SPI should be the setting you need, I don't own a blackcat and am interested in how it works for you
Also it is important to make sure the jumper wires are correct to take it out of protect mode, maybe that is the not supported part?
If you get a dump, BE SURE TO SAVE A ORIGINAL BACKUP COPY for a just in case need later.
Also it is important to make sure the jumper wires are correct to take it out of protect mode, maybe that is the not supported part?
If you get a dump, BE SURE TO SAVE A ORIGINAL BACKUP COPY for a just in case need later.
I got the FlashcatUSB, connected the way you said ... the software does find a SPI device but tells me it is not supported and in the console i do not get the JEDEC number only 000000
and this is the chip in my mac ( MX25L6406E )
Attachments
Last edited:
I would contact FlashCat and provide your chip model MX25L6406E and ask why you are getting that unsupported error. Maybe they need a different jumper assignment from that used with the Buspirate or maybe they can offer a software override means?
As I said, I have never used that device, yet I am all ears for something with a nice user gui
As I said, I have never used that device, yet I am all ears for something with a nice user gui