Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Hello,

I recently acquired a MPB 2017 13' function key - ( non touchbar) from Craigslist from a Shady character.

I suspect it to be hacked for many reasons.
I have reinstalled big sur and still feel the machine is compromised.

How do I reinstall/ flash the firmware ?

I suspect the firmware efi code has been tampered with. Or rootkit of some kind or potentially hardware hacked :|
 
You can't flash the firmware - Apple doesn't make this available. Take your machine to an Apple Store if you think it's been tampered with.

It's extremely unlikely that your firmware has been compromised. You're talking nation-state level hacking to do that.

What symptoms is your machine showing? Why do you think the firmware has been hacked?
 
Hello,

I recently acquired a MPB 2017 13' function key - ( non touchbar) from Craigslist from a Shady character.

I suspect it to be hacked for many reasons.
I have reinstalled big sur and still feel the machine is compromised.

How do I reinstall/ flash the firmware ?

I suspect the firmware efi code has been tampered with. Or rootkit of some kind or potentially hardware hacked :|
This may sound stupid, but if you were concerned the person you brought the MacBook from was shady, and were going to have this issue, why did you buy it?

What makes you think they hacked the firmware, it’s not something the everyday user would be able to do.
 
Reinstall the OS and turn on FileVault. Go into recovery mode and erase the drive and reinstall the OS and set up as new. No worries moving forward about the computer being hacked, which I don't believe happened.
 
  • Like
Reactions: hg.wells
It’s extremely unlikely the computer was hacked, but if it was - there is no safe way to restore it. Computers that are actually firmware hacked should not be used and should be replaced.
 
  • Like
Reactions: Lamenito
It’s extremely unlikely the computer was hacked, but if it was - there is no safe way to restore it. Computers that are actually firmware hacked should not be used and should be replaced.
Why can the firmware not be reflashed , what if I resolder the bios chip ?
 
You can't flash the firmware - Apple doesn't make this available. Take your machine to an Apple Store if you think it's been tampered with.

It's extremely unlikely that your firmware has been compromised. You're talking nation-state level hacking to do that.

What symptoms is your machine showing? Why do you think the firmware has been hacked?
Lol... "Nation state" any things possible.
 
  • Like
Reactions: Surne
So if corrupt memory has been soldered onto the logic board its basically garbage now
 

And if you install Monterey, it'll update your EFI firmware to 447.40.12.0.0.
This looks interesting has anyone else used this software ? WordPress site ?

I will give that a try
 
So if corrupt memory has been soldered onto the logic board its basically garbage now

Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
 
  • Like
Reactions: Lamenito
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Yeah you are 110% right !
 
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
What other parts are flashable ? , is it possible to corrupt the ssd and ram / would installing the new upgrade from big Sur via USB change the firmware ? To montarery or whatever its called or would that not make a difference. Curious how this firmware hack works exactly ????
 
I have yet to see any evidence that the Mac in question has had its hardware tampered with. Are you just being paranoid or do you have real evidence?
Yes I have "evidence". Now I'm just wondering how " they" did it.
 
interface with a header on the board. remove the board, scratch back traces, and solder directly to them = hacked efi
 
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Hi goMac do you know how to verify an apple signature of the current firmware installed ?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.