Mac Firmware Password Hack

| 01-08-2021
[RAND-1-100] Comments

I am a hardware engineer and former employee of a large computer company with that said i can give you a basic understanding that you can hack or reverse any efi password with the proper tools. All you have to do is reprogram the bios chip with a clean firmware that does not have a password on it. For this you will need a couple of things. First you have to identify the bios chip. Here’s how you can bypass firmware password on Mac: Reboot your Mac using the hardware buttons, or if you are already inside the Macintosh being turned on, hit reboot from the Apple icon. Press and hold down Command + R buttons together until the Recovery Mode shows up. Find the Utilities screen and go to Utilities menu bar.

A security engineer who goes by the name of fG!, specialized in Mac security and reverse engineering, has found a way to reset a Mac's firmware password without help from Apple's support team.

Apple allows iMac and MacBook users to set a password for their firmware so that no intruder can go in there and change core device settings.

Apple helps authorized users reset their firmware password

Just like any password, users tend to forget it once in a while. In case this happens, users can call Apple Support, and during boot-up, they're guided through the process of pressing five keys simultaneously [SHIFT + CONTROL + OPTION + COMMAND + S] to make a long code appear on their screen.

Users give this code to Apple's staff, and they receive back an SCBO file, which they can then put on a USB flash drive they insert into their device, and they can thus remove the password.

This is all fine and dandy, but only if you can prove ownership of your device with the original sales receipt. If you can't, then you're left on your own.

Crooks are selling SCBO files online for $100

fG! says he discovered shady online services that were providing SCBO files, but for a fee of $100. Since trusting this kind of services and running mysterious code on his laptop did seem like a good idea, the researcher set out to find out how SCBO and Apple's EFI (Extensible Firmware Interface) worked, and if he could find a way to bypass this process.

You can read the step-by-step reverse engineering process on fG!'s personal blog, but the good news is that he managed to find a way to do it. Below are the researcher's findings:

My work helped me determine that the EFI variable that contains the firmware password information is 'CBF2CC32.'

If you have a SPI flasher and want to remove an Apple EFI firmware password, what you need to do is to dump the flash contents, remove the 'CBF2CC32' variable (you just need to flip a single bit on its name for example), and reflash the modified firmware. Or just locate the variable and erase or modify it directly without reflashing the whole contents.

There is also another way to do this. The '3E6D568B' variable is special because if you remove it, the NVRAM will be reset to a default state where the firmware password is not set anymore.

Is Apple Support compromised?

Mac Firmware Password Hack Download

Furthermore, the researchers also discovered that there was no way to generate an SBCO file without having access to Apple's private encryption keys.

Mac Firmware Password Hack Tool

The online services that were selling SBCO files were obviously fake, or downright illegal.

So what is happening with all those videos and people claiming they were able to buy SCBO files from websites? My bet is that these guys somehow are able to submit illegitimate requests to Apple’s support system and then sell the SCBO files they receive for some nice fat profit. These could be insiders working at Apple support centers or even Apple itself. Only Apple has a real chance to investigate and track the source of these files.

Remember that story from February? When the press discovered that hackers were offering Apple employees in Ireland thousands of euros for their enterprise passwords? We now may know why crooks are willing to pay so much for Apple employee credentials.

Warning: If it ever gets to the point of having to reset your firmware password, please consult a specialist before attempting any of the advice described in this article.

Don't let anyone use your computer including your friend. It's easy enough to change a password in single-user mode. Just put a master password - firmware password - on your computer to prevent that kind of access. Better yet change friends.


Boot to the Recovery HD:


Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.

Mac Firmware Password Hack Free

Macbook pro firmware password hack 2020


When the menubar appears select Firmware Password from the Utilities menu.

Macbook Pro Firmware Password Hack 2020

and follow instructions.

How To Bypass Macbook Pro Firmware Password

Nov 10, 2013 7:03 PM