Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hacked MBP - reinstall firmware

L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Hello,

I recently acquired a MPB 2017 13' function key - ( non touchbar) from Craigslist from a Shady character.

I suspect it to be hacked for many reasons.
I have reinstalled big sur and still feel the machine is compromised.

How do I reinstall/ flash the firmware ?

I suspect the firmware efi code has been tampered with. Or rootkit of some kind or potentially hardware hacked :|
 
T

tormac21

macrumors member
Jan 24, 2021
37
105
You can't flash the firmware - Apple doesn't make this available. Take your machine to an Apple Store if you think it's been tampered with.

It's extremely unlikely that your firmware has been compromised. You're talking nation-state level hacking to do that.

What symptoms is your machine showing? Why do you think the firmware has been hacked?
 
H

hg.wells

macrumors 65816
Apr 1, 2013
1,034
750
Lamenito said:
Hello,

I recently acquired a MPB 2017 13' function key - ( non touchbar) from Craigslist from a Shady character.

I suspect it to be hacked for many reasons.
I have reinstalled big sur and still feel the machine is compromised.

How do I reinstall/ flash the firmware ?

I suspect the firmware efi code has been tampered with. Or rootkit of some kind or potentially hardware hacked :|
Click to expand...
This may sound stupid, but if you were concerned the person you brought the MacBook from was shady, and were going to have this issue, why did you buy it?

What makes you think they hacked the firmware, it’s not something the everyday user would be able to do.
 
  • Like
Reactions: sparkie1984 and haruhiko
G

goMac

Contributor
Apr 15, 2004
7,662
1,694
It’s extremely unlikely the computer was hacked, but if it was - there is no safe way to restore it. Computers that are actually firmware hacked should not be used and should be replaced.
 
  • Like
Reactions: Lamenito
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
goMac said:
It’s extremely unlikely the computer was hacked, but if it was - there is no safe way to restore it. Computers that are actually firmware hacked should not be used and should be replaced.
Click to expand...
Why can the firmware not be reflashed , what if I resolder the bios chip ?
 
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
tormac21 said:
You can't flash the firmware - Apple doesn't make this available. Take your machine to an Apple Store if you think it's been tampered with.

It's extremely unlikely that your firmware has been compromised. You're talking nation-state level hacking to do that.

What symptoms is your machine showing? Why do you think the firmware has been hacked?
Click to expand...
Lol... "Nation state" any things possible.
 
  • Like
Reactions: Surne
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
So if corrupt memory has been soldered onto the logic board its basically garbage now
 
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
JPack said:
eclecticlight.co

SilentKnight, Skint, silnite, LockRattler, SystHist & Scrub

Skint – a watchful eye on security settings Updated! Checks key security settings and features including SIP, SSV, Gatekeeper, XProtect, XProtect Remediator and macOS security updates. Runs a…
eclecticlight.co eclecticlight.co

And if you install Monterey, it'll update your EFI firmware to 447.40.12.0.0.
Click to expand...
This looks interesting has anyone else used this software ? WordPress site ?

I will give that a try
 
G

goMac

Contributor
Apr 15, 2004
7,662
1,694
Lamenito said:
So if corrupt memory has been soldered onto the logic board its basically garbage now
Click to expand...

Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
 
  • Like
Reactions: Lamenito
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
goMac said:
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Click to expand...
Yeah you are 110% right !
 
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
goMac said:
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Click to expand...
What other parts are flashable ? , is it possible to corrupt the ssd and ram / would installing the new upgrade from big Sur via USB change the firmware ? To montarery or whatever its called or would that not make a difference. Curious how this firmware hack works exactly ????
 
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
Apple_Robert said:
I have yet to see any evidence that the Mac in question has had its hardware tampered with. Are you just being paranoid or do you have real evidence?
Click to expand...
Yes I have "evidence". Now I'm just wondering how " they" did it.
 
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
interface with a header on the board. remove the board, scratch back traces, and solder directly to them = hacked efi
 
L

Lamenito

macrumors newbie
Original poster
Oct 26, 2021
16
1
goMac said:
Once the firmware is controlled, you're basically pwned. You can't trust the firmware even actually refreshed because the entire machine is compromised. Any firmware state could be a lie, and it can just pretend to flash. There is not status that machine can give that is trustworthy.

Yeah, technically you can solder a new chip, but there's a lot of flashable parts and storage on the machine.

Like I said, highly unlikely the machine was hacked. But if you are actually concerned, the place that machine goes is a trash can. If this was a business machine and there was concern if would never be allowed to connect to the business network or access business information ever again.

(Don't literally belong in the trash though. E-waste is bad.)
Click to expand...
Hi goMac do you know how to verify an apple signature of the current firmware installed ?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom