These days the de facto debugger in macOS is LLDB.
The pain wasn’t big since this was a couple of days project and it was quite fun to write.
I never tried them to see if they contained an interactive debugger like I wanted. After I wrote the blogpost some people directed me to some emulators ( TianoCore EmulatorPkg and efiperun).
At the time I was working a lot with Unicorn so it was natural to use it to solve this problem (“if all you have is a hammer, everything looks like a nail”). My solution was to create an emulator and debugger based on Unicorn. (U)EFI debuggers can be found in the market but they are usually quite expensive (a couple thousand USD). Reading disassembly listings for long periods is tiring. I love debuggers because they allow you to quickly test ideas and cut corners while reversing a target. I made good reversing progress with static analysis, but dynamic analysis with a debugger would make the job much easier. That post is available at Apple EFI firmware passwords and the SCBO myth.Īll the interesting computing action happened at the EFI execution level. There was an old rumor that these files were able to unlock firmware password locked Macs (and even a sketchy video about a universal SCBO able to unlock any Mac).
In 2016 I reversed Apple’s EFI firmware password reset scheme using SCBO files. SHA1(MSJ2009#5.zip)= d658112201949386f025725f1582bf3ef5f73e6aįrom HAWKE (someone left the link in the comments, I haven’t tried them yet but the code seems safe): Send them to me if you have new ones to add!
0 kommentar(er)
