Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Hello,

I recently acquired a MPB 2017 13' function key - ( non touchbar) from Craigslist from a Shady character.

I suspect it to be hacked for many reasons.
I have reinstalled big sur and still feel the machine is compromised.

How do I reinstall/ flash the firmware ?

I suspect the firmware efi code has been tampered with. Or rootkit of some kind or potentially hardware hacked :|
 

tormac21

macrumors member
Jan 24, 2021
39
107
You can't flash the firmware - Apple doesn't make this available. Take your machine to an Apple Store if you think it's been tampered with.

It's extremely unlikely that your firmware has been compromised. You're talking nation-state level hacking to do that.

What symptoms is your machine showing? Why do you think the firmware has been hacked?
 

hg.wells

macrumors 65816
Apr 1, 2013
1,067
789
Hello,

I recently acquired a MPB 2017 13' function key - ( non touchbar) from Craigslist from a Shady character.

I suspect it to be hacked for many reasons.
I have reinstalled big sur and still feel the machine is compromised.

How do I reinstall/ flash the firmware ?

I suspect the firmware efi code has been tampered with. Or rootkit of some kind or potentially hardware hacked :|
This may sound stupid, but if you were concerned the person you brought the MacBook from was shady, and were going to have this issue, why did you buy it?

What makes you think they hacked the firmware, it’s not something the everyday user would be able to do.
 

Apple_Robert

Contributor
Sep 21, 2012
35,695
52,578
In a van down by the river
Reinstall the OS and turn on FileVault. Go into recovery mode and erase the drive and reinstall the OS and set up as new. No worries moving forward about the computer being hacked, which I don't believe happened.
 
  • Like
Reactions: hg.wells

goMac

macrumors 604
Apr 15, 2004
7,663
1,694
It’s extremely unlikely the computer was hacked, but if it was - there is no safe way to restore it. Computers that are actually firmware hacked should not be used and should be replaced.
 
  • Like
Reactions: Lamenito

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
It’s extremely unlikely the computer was hacked, but if it was - there is no safe way to restore it. Computers that are actually firmware hacked should not be used and should be replaced.
Why can the firmware not be reflashed , what if I resolder the bios chip ?
 

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
You can't flash the firmware - Apple doesn't make this available. Take your machine to an Apple Store if you think it's been tampered with.

It's extremely unlikely that your firmware has been compromised. You're talking nation-state level hacking to do that.

What symptoms is your machine showing? Why do you think the firmware has been hacked?
Lol... "Nation state" any things possible.
 
  • Like
Reactions: Surne

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
So if corrupt memory has been soldered onto the logic board its basically garbage now
 

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1

And if you install Monterey, it'll update your EFI firmware to 447.40.12.0.0.
This looks interesting has anyone else used this software ? WordPress site ?

I will give that a try
 

goMac

macrumors 604
Apr 15, 2004
7,663
1,694
So if corrupt memory has been soldered onto the logic board its basically garbage now

Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
 
  • Like
Reactions: Lamenito

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Yeah you are 110% right !
 

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
What other parts are flashable ? , is it possible to corrupt the ssd and ram / would installing the new upgrade from big Sur via USB change the firmware ? To montarery or whatever its called or would that not make a difference. Curious how this firmware hack works exactly ????
 

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
I have yet to see any evidence that the Mac in question has had its hardware tampered with. Are you just being paranoid or do you have real evidence?
Yes I have "evidence". Now I'm just wondering how " they" did it.
 

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
interface with a header on the board. remove the board, scratch back traces, and solder directly to them = hacked efi
 

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Hi goMac do you know how to verify an apple signature of the current firmware installed ?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.