Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

w1z

macrumors 6502a
Aug 20, 2013
692
481
The Dumper got updated to 10-7-2023.

Bootxxxx, BootOrder, OCBtxxx, OCBtOrder,
dumping with Efichecker for 2013+ Macs added

are some key features


I'm having trouble with the dmg - corrupted on both mirrors, previous version loads fine.

Screen Shot 2023-07-15 at 10.01.51 AM.png
 

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
I'm having trouble with the dmg - corrupted on both mirrors, previous version loads fine.

View attachment 2232671

I have tried both with Safari and they are fine. Maybe a malware removement what got triggered by included Flashrom?

To not bloat this thread we better discuss this privately until we get the solution.

...

another user reported: ClamXAV via Osx.Malware.Agent-6543462-0 indicates Flashrom.

That's the same issue DosDude has with his RomTool, we both user the same version of Flashrom. That's the reason he encrypted it, until now... a .dmg is ok with spreading the Dumper.
 
Last edited:

splifingate

macrumors 68000
Nov 27, 2013
1,922
1,711
ATL
I tried both aforementioned DL (GMX and DB), and (running from the DMG) each failed (FFx, Safari). same as you w1z

Copying the contents to a New Folder, I was then successfully able to 'xattr -cr' the .app, and run it.

It may be somewhat informative to explore the folder structure of test_nvram ;)

Unfortunately, I'm not quite in a time-wise position to go the hoops to disable SIP.
 
  • Like
Reactions: w1z

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
I tried both aforementioned DL (GMX and DB), and (running from the DMG) each failed (FFx, Safari). same as you w1z

Copying the contents to a New Folder, I was then successfully able to 'xattr -cr' the .app, and run it.

It may be somewhat informative to explore the folder structure of test_nvram ;)

Unfortunately, I'm not quite in a time-wise position to go the hoops to disable SIP.

Starting the .app with ctrl-click - open gives the dialog for macOS cannot verify the developer of.

Then you can allow the OS to run the app.

But thanks for the hint with xattr -cr :)
 
  • Like
Reactions: splifingate

splifingate

macrumors 68000
Nov 27, 2013
1,922
1,711
ATL
Starting the .app with ctrl-click - open gives the dialog for macOS cannot verify the developer of.

Then you can allow the OS to run the app.

But thanks for the hint with xattr -cr :)

Man, I sure am slow to get with these things 🙄

Think I'll get myself re-booted, today <smile>

btw, it was Macsonic, that clued me to the osxdaily xattr hint (my last usage of this was multiple turns of the Sun ago) ;)
 

w1z

macrumors 6502a
Aug 20, 2013
692
481
I have tried both with Safari and they are fine. Maybe a malware removement what got triggered by included Flashrom?

To not bloat this thread we better discuss this privately until we get the solution.

...

another user reported: ClamXAV via Osx.Malware.Agent-6543462-0 indicates Flashrom.

That's the same issue DosDude has with his RomTool, we both user the same version of Flashrom. That's the reason he encrypted it, until now... a .dmg is ok with spreading the Dumper.

Thanks for the reply - no malware or antivirus probs installed.

I downloaded the latest DMG by using Brave. Work flawlessly on my cMP (in Monterey 12.6.7).

Brave is my default browser and I've experienced the same issue with all browsers.

@w1z Tried downloading the dmg and worked fine with Google Chrome. Using Catalina and also worked in Mojave. Maybe you can try clearing your browser cache. Then close and re-open your browser. You may also check this article.
https://osxdaily.com/2019/02/13/fix-app-damaged-cant-be-opened-trash-error-mac/

Did that as well thinking there might be remnants of a previous failed download.

I tried both aforementioned DL (GMX and DB), and (running from the DMG) each failed (FFx, Safari). same as you w1z

Copying the contents to a New Folder, I was then successfully able to 'xattr -cr' the .app, and run it.

It may be somewhat informative to explore the folder structure of test_nvram ;)

Unfortunately, I'm not quite in a time-wise position to go the hoops to disable SIP.

This was it! Thank you.
 
  • Like
Reactions: splifingate

haralds

macrumors 68030
Jan 3, 2014
2,994
1,259
Silicon Valley, CA
My Mojave install is fine and rarely used, it is fully updated. So there should be no future payload handling with it. I also have Catalina (patched and also boots with OCLP,) but I don't really use i It also is out of any updates.
I am using OCLP with Monterey and Ventura. Does anybody know, how it handles NVRAM exactly or point me to a discussion? I did not see it on their website.
I might pull up the config plist from the EFI partition and refer to the OpernCore website. But I would rather save the time if somebody knows.
 

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
Thanks for the reply - no malware or antivirus probs installed.



Brave is my default browser and I've experienced the same issue with all browsers.



Did that as well thinking there might be remnants of a previous failed download.



This was it! Thank you.

did you try just to citrl-open it?


how is your setting in the security pane in Allow apps downloaded from?

Screenshot 2023-07-17 at 20.01.21.png


normally it's just citrl-open the .app or the scripts and allow it.
The next time it can be opened as every other .app by double clicking.
 
  • Like
Reactions: splifingate

haralds

macrumors 68030
Jan 3, 2014
2,994
1,259
Silicon Valley, CA
I used Macscrauber, interesting. I am not just running the internal script from Fastscripts, had trouble with loading the app.

1st check: 07-17-23: 9614 bytes
2nd check 7-18 - no reboot: 9614 bytes - no surpise
3rd check 7-18 - reboot: 1564 bytes - warning from Macschrauber that the next reboot should garbage collect
4th check 7-18 - reboot: 40520 bytes free space of 65464 - looks like all is working!!!

I will keep checking this periodically, especially before updates. This is not effected by OCLP.
 

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
1st check: 07-17-23: 9614 bytes
2nd check 7-18 - no reboot: 9614 bytes - no surpise
3rd check 7-18 - reboot: 1564 bytes - warning from Macschrauber that the next reboot should garbage collect
4th check 7-18 - reboot: 40520 bytes free space of 65464 - looks like all is working!!!

I will keep checking this periodically, especially before updates. This is not effected by OCLP.

yes, before starting an update or installation of an unsupported OS you should have free NVRAM space.

The installers write a lot in NVRAM these days so its better to be prepared. Its just a moment to run the Dumper and to restart 2 or 3 times if free space is below, say 10,000 bytes.


No problem with supported systems, they write what the firmware accepts.
 

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
I had the (false) damaged app warning for myself:

Screenshot 2023-07-21 at 19.23.32.png


Solution:

copy the .app into Utilities (for example)

For Utilities type or copy/paste this line in the Terminal app:

Code:
xattr -cr /Applications/Utilities/RomDump\ Macschrauber.app


need to check out what's going wrong there, never had this before.
 
  • Like
Reactions: splifingate

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
Update from 23-7-2023

What's new in the latest version:

-> the shell script now can dump with Flashrom and with Eficheck (for compatible units, not Mac Pro 4,1/5,1).

so there is a little installer script for deploying the shell script and the used tools. This is optional, the Dumper works like before. With this shell script things can be automated, like checking the NVRAM free space after every reboot.

Take care to keep the serials and IDs very private, it could be a serious security issue publishing them.



to bypass the issue with the quarantine flag I made a downloader, if the download fails due to change of the dropbox link it directs to this thread for a new downloader / dropbox link

thanks to @startergo for the help

https://forums.macrumors.com/thread...es.2333460/page-4?post=32055801#post-32055801
 

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany

Update from 12-8-2023

-> Bootvars show where the System / Bootloader / Recovery / ... is physically stored.

Gives, when possible, the actual path, the product name of the drive and the position.

Like: Boot001: OpenCore |EFI|disk0s1 (PCI External:APPLE SSD SM0256G) /EFI/OC/OpenCore.efi


 

w1z

macrumors 6502a
Aug 20, 2013
692
481
Update from 27-8-2023

-> no real new functions, polishing and error corrections.

-> polished the ESP tools to work in old systems what do not work with diskutil to mount / unmount


-> added a bunch of scripts to add and edit boot-args


https://forums.macrumors.com/thread...es.2333460/page-4?post=32055801#post-32055801

Thanks for this latest release! I noticed a bug whenever I try to flash:

Screen Shot 2023-08-31 at 5.16.32 PM.png


I tried running it directly from the dmg through the alt link and from Application/Utilities ... SIP is disabled, for flashing.

Screen Shot 2023-08-31 at 5.23.27 PM.png
 
  • Like
Reactions: Macschrauber

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
was that the latest release?

had this bug in one release what I pulled very soon.

otherwise send me the log file in a private chat I open.


found the bug in this line:

Code:
global Mac_Pro, spoofing, serial, masked_serial
change to
global Mac_Model, spoofing, serial, masked_serial



I renamed the variable Mac_Pro to Mac_Model due to the tool is no Mac Pro-only tool no more.

But for some reason it has not renamed the definition as a global variable what I overlooked.

This is fixed. As I had some more changes I will publish a new version this evening what includes that change of course.
 
Last edited:

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
fixed,

Version from 31-8-2023

the latest version has improved ESP tools.

One I find quite useful is <Mount ESP from list>

This little tool shows the disk, the model, the position, the interface, the bootloader flavour and version if possible

Screenshot 2023-08-31 at 22.28.04.png
disk0s1: RefindPlus/MyBootMgr with its OpenCore instances plus two OCLP instances I added
disk4s1: MartinLo's OpenCore variant, reading the version out of the config file's firmware spoofing string
disk6s1: Windows 10 ESP, (active) means that the .efii file is loadable, so to take care not to use without firmware protection
disk7s1: OpenCore Legacy Patcher, reading the version out of the config file's comment section
disk9s1: rEFIt


Bildschirmfoto 2023-08-31 um 20.23.22.png


3 different OpenCore Legacy Patcher versions on 3 ESPs.


https://forums.macrumors.com/thread...es.2333460/page-4?post=32055801#post-32055801
 

eikic1

macrumors regular
Feb 20, 2014
106
54
indonesia
I had the (false) damaged app warning for myself:

View attachment 2235498

Solution:

copy the .app into Utilities (for example)

For Utilities type or copy/paste this line in the Terminal app:

Code:
xattr -cr /Applications/Utilities/RomDump\ Macschrauber.app


need to check out what's going wrong there, never had this before.
just right clik and open
if cant, disable gatekeeper and try to open with righ click and open
 

Macschrauber

macrumors 68030
Dec 27, 2015
2,987
1,495
Germany
The Dumper got an update:


Update from 17-9-2023

-> detection for refurbished boards (ssnp present), shows a warning if not serialised (ssnp but no ssn)
-> reporting of u(efi) version where possible and adjust the warning for Windows certificates
-> -scanvss * and -freespace ** arguments for the test_nvram shell script


-> fixed: Model code was not shown before serial number in the GUI tool

* this is for calling Syncretic's ScanVSS cli tool, dynamically loading and unloading the needed DirectHW kernel extension.
** this calls ScanVSS and just report one line with the free space of VSS1. This is useful for some monitoring purposes.

also polished the ESP- and BootArgs tools a bit.

https://forums.macrumors.com/thread...es.2333460/page-4?post=32055801#post-32055801
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.