rcork Posted January 8, 2013 Share Posted January 8, 2013 good-samaritan-message That sounds interesting. Â rcork can u do that w/ refit please? Â Here's the output generated by DumpUefiCalls.efi (with the variable values removed for security reasons) on my MacBookPro5,4. I can't generate the log on my MacBookPro10,2 as Refit won't load the OS after i load DumpUefiCalls. Â ->StartImage(0xACFD9118, , ) File: \System\Library\CoreServices\boot.efi Image: AA008000 - AA085000 (7D000) Overriding boot services ... Boot services overriden! Overriding runtime services ... ->CalculateCrc32(BFE9EE18, 120, 0xBFE9EE28) = Success Runtime services overriden! STARTING: \System\Library\CoreServices\boot.efi ->LocateProtocol(FFECFFFF-923C-14D2-9E3F-22A0C969563B, 0, AEB868B0/BFE89AA8) = Success ->HandleProtocol(ACFD9118, gEfiLoadedImageProtocolGuid, AD939540) = Success ->GetVariable(efiboot-perf-record, gEfiAppleBootGuid, 0/0, 0, 0) = Not Found ->GetVariable(BackgroundClear, gEfiAppleNvramGuid, 0/0, 4, AA07F248) = Not Found ->LocateProtocol(gEfiConsoleControlProtocolGuid, 0, 0/AEFDFFE8) = Success ->LocateProtocol(C5C5DA95-7D5C-45E6-B2F1-3FD52BB10077, 0, 0/0) = Not Found ->GetVariable(ROM, gEfiAppleNvramGuid, 0/0, 6, AEB86838) = Not Found ->SetVariable(ROM, gEfiAppleNvramGuid, 6, 6, FFFFFF01) = Success ->GetVariable(MLB, gEfiAppleNvramGuid, 0/0, 80, AEB867B0) = Not Found ->SetVariable(MLB, gEfiAppleNvramGuid, 6, D, AEB86760) = Success ->LocateProtocol(gEfiDataHubProtocolGuid, 0, AEB866B0/BF7139B0) = Success -> AllocatePages(AllocateMaxAddress, LoaderCode, 0x1, 0xFFFFFFFF/0xAA57C000) = Success ->GetVariable(boot-switch-vars, gEfiAppleBootGuid, 0/0, 2C, AA082978) = Not Found ->GetVariable(boot-signature, gEfiAppleBootGuid, 0/0, 14, AA082980) = Not Found ->GetVariable(UIScale, gEfiAppleNvramGuid, 0/2D363141, 1, AEB8669B) = Not Found ->LocateProtocol(gEfiAppleFirmwarePasswordProtocolGuid, 0, 2D363141392D3344/AEFABDB0) = Success ->GetVariable(security-mode, gEfiAppleBootGuid, 0/0, 0, AEB86538) = Not Found ->LocateProtocol(AppleBootKeyPressProtocolGuid, 0, 800000000000000E/AEFDA068) = Success ->HandleProtocol(ACFD9118, gEfiLoadedImageProtocolGuid, AD939540) = Success ->HandleProtocol(ACFB7A98, gEfiDevicePathProtocolGuid, ACFB7B18) = Success ->HandleProtocol(ACFB7A98, gEfiSimpleFileSystemProtocolGuid, AE633028) = Success ->GetVariable(recovery-boot-mode, gEfiAppleBootGuid, 0/0, A, AEB86646) = Not Found ->GetVariable(boot-args, gEfiAppleBootGuid, 0/0, 0, 0) = Not Found ->GetVariable(efi-boot-kernelcache-data, gEfiAppleBootGuid, 80000000/80000000, 0, 0) = Not Found ->GetVariable(efi-boot-file-data, gEfiAppleBootGuid, 80000000/80000000, 0, 0) = Not Found ->GetVariable(AAPL,PanicInfo0000, gEfiAppleBootGuid, 0/0, 0, 0) = Not Found ->LocateHandleBuffer(ByProtocol, gEfiBlockIoProtocolGuid, 0, 11, A9FF8718) = Success ->HandleProtocol(ACFBBE18, gEfiDevicePathProtocolGuid, ACFC9018) = Success ->HandleProtocol(AA57DC18, gEfiDevicePathProtocolGuid, ACFBB618) = Success ->HandleProtocol(ACFB7898, gEfiDevicePathProtocolGuid, ACFBB218) = Success ->LocateProtocol(8ECE08D8-A6D4-430B-A7B0-2DF318E7884A, 0, 0/0) = Not Found ->LocateProtocol(03622D6D-362A-4E47-9710-C238B23755C1, 0, 0/0) = Not Found ->GetVariable(gfx-saved-config-restore-status, gEfiAppleNvramGuid, 0/0, 8, AEB86680) = Not Found -> AllocatePages(AllocateAddress, LoaderData, 0x541, 0xFA00000/0xFA00000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0xE3, 0x10000000/0x10000000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x13, 0xF900000/0xF900000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x1, 0x100E3000/0x100E3000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x1, 0x100E4000/0x100E4000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x19, 0x100E5000/0x100E5000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x1DD8, 0x101EA000/0x101EA000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x178, 0x11FC2000/0x11FC2000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0xEC, 0x100FE000/0x100FE000) = Success ->GetVariable(FirmwareFeatures, gEfiAppleNvramGuid, 0/6, 4, AEB8660C) = Success ->GetVariable(FirmwareFeaturesMask, gEfiAppleNvramGuid, 0/6, 4, AEB86608) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x1, 0x1213A000/0x1213A000) = Success ->HandleProtocol(ACFB7A98, AppleNetBootProtocolGuid, 0) = Unsupported ->LocateProtocol(AppleNetBootProtocolGuid, 0, 0/AD494178) = Success ->LocateProtocol(gDevicePropertiesGuid, 0, 7365636976726573/AEFCC930) = Success ->HandleProtocol(AEFEB298, gEfiGraphicsOutputProtocolGuid, AEFDFFA8) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x1, 0x1213B000/0x1213B000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x3, 0x1213C000/0x1213C000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x2, 0x1213F000/0x1213F000) = Success ->GetMemoryMap(0x0/0x2E80, 0, 0x3AC8, 0x30, 0x1) = Buffer Too Small ->GetMemoryMap(0x3080/0x2EB0, A9FE8018, 0x3AC9, 0x30, 0x1) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x45B, 0x12141000/0x12141000) = Success -> AllocatePages(AllocateAddress, LoaderData, 0x4, 0x1259C000/0x1259C000) = Success ->GetMemoryMap(0x0/0x2E80, 0, 0x3ACC, 0x30, 0x1) = Buffer Too Small ->GetMemoryMap(0x4000/0x2E80, 1259C000, 0x3ACC, 0x30, 0x1) = Success ExitBootServices called. Doing some more dumps ... SysTable: BFE9EF18 - FirmwareVendor: AE701498, Apple - FirmwareRevision: 1000A - ConsoleInHandle: AEFEB518, ConIn: AEFDFD40 - ConsoleOutHandle: AEFEB298, ConOut: AEFDFF40 - StandardErrorHandle: 0, StdErr: 0 - RuntimeServices: BFE9EE18, BootServices: AE938780 - ConfigurationTable: BFE93E18 AE9388F0 - gEfiDxeServicesTableGuid BFE94018 - gEfiHobListGuid AE938250 - gEfiMemoryTypeInformationGuid AE938B88 - gEfiDebugImageInfoTableGuid BF0F1730 - F76761DC-FF89-44E4-9C0C-CD0ADA4EF983 BFEEE000 - gEfiAcpi10TableGuid BFEEE014 - gEfiAcpi20TableGuid BFEC3000 - gEfiSmbiosTableGuid - RuntimeServices: BFE9EE18 GetTime: A9F887AD SetTime: A9F8885C GetWakeupTime: A9F888A7 SetWakeupTime: A9F8893D SetVirtualAddressMap: A9F889A8 ConvertPointer: A9F88A58 GetVariable: A9F88AC9 GetNextVariableName: A9F88BCD SetVariable: A9F88C90 GetNextHighMonotonicCount: A9F88D43 ResetSystem: A9F88D92 UpdateCapsule: A9F88E28 QueryCapsuleCapabilities: A9F88E96 QueryVariableInfo: A9F88F2D - RuntimeServices Oiginals: GetTime: BF0EE280 SetTime: BF0EE28C GetWakeupTime: BF0EE2AC SetWakeupTime: BF0EE2CC SetVirtualAddressMap: BF714374 ConvertPointer: BF7142A0 GetVariable: BF20D2C0 GetNextVariableName: BF20D444 SetVariable: BF20D5B0 GetNextHighMonotonicCount: BF1F732C ResetSystem: AEFB542C UpdateCapsule: BF7092E8 QueryCapsuleCapabilities: 986C617470 QueryVariableInfo: 507000003 Variables: 00000007 NV+BS+RT+ 4DFBBAAB-1392-4FDE-ABB8-C41CC5AD7D5D:Setup, DataSize = 146 00000007 NV+BS+RT+ AF9FFD67-EC10-488A-9DFC-6CBF5EE22C2E:AcpiGlobalVariable, DataSize = 8 00000007 NV+BS+RT+ 8983FD2D-113C-4E2B-8F47-0ABFEB20A41A:SmmS3NvsData, DataSize = 4 00000003 NV+BS+ gEfiAppleNvramGuid:security-key, DataSize = 4 00000007 NV+BS+RT+ gEfiGlobalVarGuid:Lang, DataSize = 3 00000007 NV+BS+RT+ FE47349A-7F0D-4641-822B-34BAA28ECDD0:NVPanelData, DataSize = 44 00000007 NV+BS+RT+ gEfiGlobalVarGuid:ConOut, DataSize = 1C 00000007 NV+BS+RT+ gEfiGlobalVarGuid:BootOrder, DataSize = 2 00000007 NV+BS+RT+ gEfiGlobalVarGuid:Boot0081, DataSize = 4E 00000007 NV+BS+RT+ gEfiAppleBootGuid:BootCampHD, DataSize = 20 00000007 NV+BS+RT+ gEfiAppleBootGuid:RemoteDisabled, DataSize = 1 00000007 NV+BS+RT+ gEfiGlobalVarGuid:ConOutDev, DataSize = 1C 00000007 NV+BS+RT+ gEfiGlobalVarGuid:Boot0080, DataSize = 62 00000007 NV+BS+RT+ gEfiAppleBootGuid:efi-boot-device-data, DataSize = 4A 00000007 NV+BS+RT+ gEfiAppleBootGuid:efi-boot-device, DataSize = 109 00000007 NV+BS+RT+ gEfiGlobalVarGuid:Boot0082, DataSize = 52 00000007 NV+BS+RT+ gEfiAppleBootGuid:prev-lang:kbd, DataSize = 9 00000007 NV+BS+RT+ 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-networks, DataSize = C0 00000007 NV+BS+RT+ 36C28AB5-6566-4C50-9EBD-CBB920F83843:preferred-count, DataSize = 8 00000007 NV+BS+RT+ gEfiAppleBootGuid:LocationServicesEnabled, DataSize = 1 00000007 NV+BS+RT+ gEfiAppleBootGuid:boot-image, DataSize = 38 00000003 NV+BS+ gEfiAppleBootGuid:AAPL,PanicInfoLog, DataSize = 5C 00000007 NV+BS+RT+ gEfiAppleBootGuid:AAPL,PanicInfoLog, DataSize = A 00000007 NV+BS+RT+ 36C28AB5-6566-4C50-9EBD-CBB920F83843:current-network, DataSize = C0 00000007 NV+BS+RT+ gEfiAppleBootGuid:fmm-computer-name, DataSize = 12 00000007 NV+BS+RT+ 24A6EDCB-EBB6-490B-A455-FC9E8FAB5366:BluetoothUHEDevices, DataSize = 1E9 00000007 NV+BS+RT+ gEfiAppleBootGuid:SystemAudioVolume, DataSize = 1 00000007 NV+BS+RT+ gEfiGlobalVarGuid:BootFFFF, DataSize = 7C 00000003 NV+BS+ ShellAlias:copy, DataSize = 6 00000003 NV+BS+ ShellAlias:del, DataSize = 6 00000003 NV+BS+ ShellAlias:dir, DataSize = 6 00000003 NV+BS+ ShellAlias:md, DataSize = C 00000003 NV+BS+ ShellAlias:rd, DataSize = 6 00000003 NV+BS+ ShellAlias:cr, DataSize = 54 00000007 NV+BS+RT+ gEfiAppleBootGuid:boot-gamma, DataSize = 6E 00000007 NV+BS+RT+ gEfiAppleBootGuid:backlight-level, DataSize = 2 00000007 NV+BS+RT+ 8D63D4FE-BD3C-4AAD-881D-86FD974BC1DF:last-oslogin-ident, DataSize = 24 00000007 NV+BS+RT+ EB704011-1402-11D3-8E77-00A0C969723B:MTC, DataSize = 4 00000007 NV+BS+RT+ gEfiAppleNvramGuid:AAPL,PathProperties0000, DataSize = 152 00000006 BS+RT+ gEfiAppleNvramGuid:FirmwareFeaturesMask, DataSize = 4 00000002 BS+ gEfiAppleNvramGuid:system-id, DataSize = 10 00000006 BS+RT+ gEfiGlobalVarGuid:LangCodes, DataSize = 6 00000002 BS+ gEfiGlobalVarGuid:LEGACYVGAHANDLE, DataSize = 8 00000006 BS+RT+ gEfiGlobalVarGuid:ErrOutDev, DataSize = 1C 00000006 BS+RT+ gEfiAppleNvramGuid:FirmwareFeatures, DataSize = 4 00000006 BS+RT+ gEfiGlobalVarGuid:BootCurrent, DataSize = 2 00000002 BS+ ShellProtId:DevIo, DataSize = 10 00000002 BS+ ShellProtId:Fs, DataSize = 10 00000002 BS+ ShellProtId:DiskIo, DataSize = 10 00000002 BS+ ShellProtId:BlkIo, DataSize = 10 00000002 BS+ ShellProtId:Txtin, DataSize = 10 00000002 BS+ ShellProtId:Txtout, DataSize = 10 00000002 BS+ ShellProtId:Load, DataSize = 10 00000002 BS+ ShellProtId:Image, DataSize = 10 00000002 BS+ ShellProtId:UnicodeCollation, DataSize = 10 00000002 BS+ ShellProtId:SerialIo, DataSize = 10 00000002 BS+ ShellProtId:Pxebc, DataSize = 10 00000002 BS+ ShellProtId:Tcp, DataSize = 10 00000002 BS+ ShellProtId:Net, DataSize = 10 00000002 BS+ ShellProtId:Nii, DataSize = 10 00000002 BS+ ShellProtId:UgaDraw, DataSize = 10 00000002 BS+ ShellProtId:UgaIo, DataSize = 10 00000002 BS+ ShellProtId:GraphicsOutput, DataSize = 10 00000002 BS+ ShellProtId:EdidDiscovered, DataSize = 10 00000002 BS+ ShellProtId:EdidActive, DataSize = 10 00000002 BS+ ShellProtId:EdidOverride, DataSize = 10 00000002 BS+ ShellProtId:ShellInt, DataSize = 10 00000002 BS+ ShellProtId:SEnv, DataSize = 10 00000002 BS+ ShellProtId:ShellProtId, DataSize = 10 00000002 BS+ ShellProtId:ShellDevPathMap, DataSize = 10 00000002 BS+ ShellProtId:ShellAlias, DataSize = 10 00000002 BS+ ShellProtId:G0, DataSize = 10 00000002 BS+ ShellProtId:Efi, DataSize = 10 00000002 BS+ ShellProtId:GenFileInfo, DataSize = 10 00000002 BS+ ShellProtId:FileSysInfo, DataSize = 10 00000002 BS+ ShellProtId:PcAnsi, DataSize = 10 00000002 BS+ ShellProtId:Vt100, DataSize = 10 00000002 BS+ ShellProtId:Vt100+, DataSize = 10 00000002 BS+ ShellProtId:VtUtf8, DataSize = 10 00000002 BS+ ShellProtId:ESP, DataSize = 10 00000002 BS+ ShellProtId:GPT MBR, DataSize = 10 00000002 BS+ ShellProtId:DriverBinding, DataSize = 10 00000002 BS+ ShellProtId:ComponentName, DataSize = 10 00000002 BS+ ShellProtId:Configuration, DataSize = 10 00000002 BS+ ShellProtId:Diagnostics, DataSize = 10 00000002 BS+ ShellProtId:WinNtThunk, DataSize = 10 00000002 BS+ ShellProtId:WinNtDriverIo, DataSize = 10 00000002 BS+ ShellProtId:SerialPrivate, DataSize = 10 00000002 BS+ ShellProtId:PciRootBridgeIo, DataSize = 10 00000002 BS+ ShellProtId:PciIo, DataSize = 10 00000002 BS+ ShellProtId:IsaIo, DataSize = 10 00000002 BS+ ShellProtId:UsbIo, DataSize = 10 00000002 BS+ ShellProtId:IsaAcpi, DataSize = 10 00000002 BS+ ShellProtId:SimplePointer, DataSize = 10 00000002 BS+ ShellProtId:ConIn, DataSize = 10 00000002 BS+ ShellProtId:ConOut, DataSize = 10 00000002 BS+ ShellProtId:StdErr, DataSize = 10 00000002 BS+ ShellProtId:Decompress, DataSize = 10 00000002 BS+ ShellProtId:DebugPort, DataSize = 10 00000002 BS+ ShellProtId:DebugSupport, DataSize = 10 00000002 BS+ ShellProtId:ScsiPassThru, DataSize = 10 00000002 BS+ ShellProtId:ScsiIo, DataSize = 10 00000002 BS+ ShellProtId:BusSpecificDriverOverride, DataSize = 10 00000002 BS+ ShellProtId:UsbHc, DataSize = 10 00000002 BS+ ShellProtId:UsbHc2, DataSize = 10 00000002 BS+ ShellProtId:ExtScsiPassThru, DataSize = 10 00000002 BS+ ShellProtId:MNPSb, DataSize = 10 00000002 BS+ ShellProtId:MNP, DataSize = 10 00000002 BS+ ShellProtId:ARPSb, DataSize = 10 00000002 BS+ ShellProtId:ARP, DataSize = 10 00000002 BS+ ShellProtId:DHCPv4Sb, DataSize = 10 00000002 BS+ ShellProtId:DHCPv4, DataSize = 10 00000002 BS+ ShellProtId:TCPv4Sb, DataSize = 10 00000002 BS+ ShellProtId:TCPv4, DataSize = 10 00000002 BS+ ShellProtId:IPv4Sb, DataSize = 10 00000002 BS+ ShellProtId:IPv4, DataSize = 10 00000002 BS+ ShellProtId:IPv4Config, DataSize = 10 00000002 BS+ ShellProtId:UDPv4Sb, DataSize = 10 00000002 BS+ ShellProtId:UDPv4, DataSize = 10 00000002 BS+ ShellProtId:MTFTPv4Sb, DataSize = 10 00000002 BS+ ShellProtId:MTFTPv4, DataSize = 10 00000002 BS+ ShellProtId:Dpath, DataSize = 10 00000002 BS+ ShellProtId:Unknown Device, DataSize = 10 00000002 BS+ SEnv:efishellmode, DataSize = C 00000002 BS+ ShellDevPathMap:fs0, DataSize = 4A 00000002 BS+ ShellDevPathMap:fs1, DataSize = 4A 00000002 BS+ ShellDevPathMap:fs2, DataSize = 46 00000002 BS+ ShellDevPathMap:fs3, DataSize = 46 00000002 BS+ ShellDevPathMap:fs4, DataSize = 46 00000002 BS+ ShellDevPathMap:blk0, DataSize = 4A 00000002 BS+ ShellDevPathMap:blk1, DataSize = 4A 00000002 BS+ ShellDevPathMap:blk2, DataSize = 46 00000002 BS+ ShellDevPathMap:blk3, DataSize = 46 00000002 BS+ ShellDevPathMap:blk4, DataSize = 46 00000002 BS+ ShellDevPathMap:blk5, DataSize = 4A 00000002 BS+ ShellDevPathMap:blk6, DataSize = 20 00000002 BS+ ShellDevPathMap:blk7, DataSize = 20 00000002 BS+ ShellDevPathMap:blk8, DataSize = 1C 00000002 BS+ ShellDevPathMap:blk9, DataSize = 1C 00000002 BS+ ShellDevPathMap:blkA, DataSize = 1C 00000002 BS+ ShellDevPathMap:hd30b, DataSize = 4A 00000002 BS+ ShellDevPathMap:hd30d, DataSize = 4A 00000002 BS+ ShellDevPathMap:hd24a0b, DataSize = 46 00000002 BS+ ShellDevPathMap:hd26b0b, DataSize = 46 00000002 BS+ ShellDevPathMap:hd26b0c, DataSize = 46 00000002 BS+ SEnv:path, DataSize = 1C2 00000006 BS+RT+ gEfiAppleNvramGuid:ROM, DataSize = 6 00000006 BS+RT+ gEfiAppleNvramGuid:MLB, DataSize = D Restoring original runtime services ... ->CalculateCrc32(BFE9EE18, 120, 0xBFE9EE28) = Success Runtime services restored! Link to comment Share on other sites More sharing options...
Kabiigon Posted January 8, 2013 Share Posted January 8, 2013 They are only 2 things in common that VM and has besides the obvios. Non apple Mac Addresses and non Apple Serial number it seems like that iMessage is now using Mac address authentication to connect to iCloud. Link to comment Share on other sites More sharing options...
eep357 Posted January 8, 2013 Share Posted January 8, 2013 VMware would fix the bug via a software update to their product rather than instruct on how to fix it inside the system, meaning you'd only get it working through VMs (as would be the only thing they care about). Meaning you'd have a lot of work on your hands regardless of their fix, if only to figure out how they fixed it in the first place.  Right? Depends, if they released an update with no other changes, comparing the releases with FileMerge in Xcode would only take a few seconds. Then it depends on file type involved.  @Kablingon-I wish it was that simple Maybe read the whole thread  @rcork-Regular nvram -xp output on real mac running osx in VM? See if it look like Hack one or not? If so, VM team probably just wait for a Chameleon fix for them to use again Looks like fffeee has "good samaritan" vs "fmm-mobileme-token-FMM"? Link to comment Share on other sites More sharing options...
sekmo Posted January 8, 2013 Share Posted January 8, 2013 sure, it make sense since you need ethernet to connect to app store and icloud... Hoping that apple will not check mac address or whatever even for MAS or icloud... Link to comment Share on other sites More sharing options...
Adam1203 Posted January 8, 2013 Share Posted January 8, 2013 I fooled around with Revogirl's nvramstorage code over the weekend. It needed some tweaks to some hardcoded variables but it does work in loading variables during boot. It does not save variables before shutdown/reboot (which i think was intended) but probably not too hard to modify to do that. She does use sandbox and i'm not sure why she was doing that. I was going to try loading ROM and MBL at boot but didn't have time this weekend, although i don't think that is necessarily the problem. Also, her launcher daemon is pretty far in the boot process so we may need to have these variables loaded by the bootloader (if they are a piece of the puzzle, which i'm not sure they are). It would be good to find the code needed to modify chameleon to include these variables at boot. I don't have any experience with chameleon so if someone else does and knows what needs to be updated to inject nvram variables, feel free to chime in. Â If ya'll are able to fix this issue with her code, that would be a great remembrance to her. Â Would it be useful to try testing using the nvram launchdaemon? It wouldn't load it at boot, but it would at least load it at login. Link to comment Share on other sites More sharing options...
eep357 Posted January 8, 2013 Share Posted January 8, 2013 sure, it make sense since you need ethernet to connect to app store and icloud... Hoping that apple will not check mac address or whatever even for MAS or icloud... Well, using MacBookAir smbios which does not come with any Ethernet port, Ethernet disabled in bios and using Apple OEM Airport Extreme card with it's real apple MAC address=No worky Same method works for other stuffs Link to comment Share on other sites More sharing options...
rcork Posted January 8, 2013 Share Posted January 8, 2013 Depends, if they released an update with no other changes, comparing the releases with FileMerge in Xcode would only take a few seconds. Then it depends on file type involved.  @Kablingon-I wish it was that simple Maybe read the whole thread  @rcork-Regular nvram -xp output on real mac running osx in VM? See if it look like Hack one or not? If so, VM team probably just wait for a Chameleon fix for them to use again Looks like fffeee has "good samaritan" vs "fmm-mobileme-token-FMM"?  nvram from OSX VM running on real mac: <key>SystemAudioVolume</key> <key>bluetoothActiveControllerInfo</key> <key>boot-gamma</key> <key>efi-boot-device</key> <key>efi-boot-device-data</key> <key>fmm-computer-name</key> <key>platform-uuid</key> <key>prev-lang:kbd</key>  nvram from my hack: <key>EFIBluetoothDelay</key> <key>LocationServicesEnabled</key> <key>bluetoothActiveControllerInfo</key> <key>fmm-computer-name</key> Link to comment Share on other sites More sharing options...
p.H Posted January 8, 2013 Share Posted January 8, 2013 nvram from OSX VM running on real mac: <key>SystemAudioVolume</key> <key>bluetoothActiveControllerInfo</key> <key>boot-gamma</key> <key>efi-boot-device</key> <key>efi-boot-device-data</key> <key>fmm-computer-name</key> <key>platform-uuid</key> <key>prev-lang:kbd</key> Â nvram from my hack: <key>EFIBluetoothDelay</key> <key>LocationServicesEnabled</key> <key>bluetoothActiveControllerInfo</key> <key>fmm-computer-name</key> maybe platform-uuid is crucial to the problem, Link to comment Share on other sites More sharing options...
rcork Posted January 8, 2013 Share Posted January 8, 2013 maybe platform-uuid is crucial to the problem, Â I don't think so because it doesn't work in vmware Link to comment Share on other sites More sharing options...
fffeee Posted January 8, 2013 Share Posted January 8, 2013 good-samaritan-message That sounds interesting. Â rcork can u do that w/ refit please? Â good-samaritan-message is the greeting you can put in the login screen. e.g. mine says "$name | +phonenumber reward if found" Â it needs to be in nvram so that the EFI boot environment can display it before filevault is unlocked. Â VMware would fix the bug via a software update to their product rather than instruct on how to fix it inside the system, meaning you'd only get it working through VMs (as would be the only thing they care about). Meaning you'd have a lot of work on your hands regardless of their fix, if only to figure out how they fixed it in the first place. Â Right? Â That depends entirely on what method they use to resolve the issue. If they have to pass something from the host to the guest, yes, but if they have to expose the method used to generate the values for a Guest or via VMWare Tools, no. 1 Link to comment Share on other sites More sharing options...
cosmo1t Posted January 8, 2013 Share Posted January 8, 2013 i'm not entirely sure this an nvram issue.. i think it's going to take some serious dbugging (like replacing functions that are being called to dump the data). will keep trying. Link to comment Share on other sites More sharing options...
flux84 Posted January 8, 2013 Share Posted January 8, 2013 I was able to sign in and register this morning after tinkering with it quite a bit. The thread over on ######## has the details on how to get it working. Link to comment Share on other sites More sharing options...
cosmo1t Posted January 8, 2013 Share Posted January 8, 2013 this is from other site and tflux  Ok! Huge progress to report. I was able to sign into iMessage and register!  Here is what I learned: My serial number is set to a real MacPro 3,1 serial (which is what I'm set up as in SMBIOS) I manually set the NVRAM MLB variable to the board serial of a real MacPro3,1 I manually set the NVRAM ROM variable to my MAC address (Gigabyte onboard NIC, not Apple) My IOPower values for Gq3489ugfi, Fyp98tpgj and kbjfrfpoJU are all set, but do not correspond to what a real MacPro report My MAC address is that of a Gigabyte NIC, not Apple My Hardware UUID is as it always was, and does not correspond to a real MAC The problem was my IOPower values in NVRAM where blank - I tested using real values from a MacPro3,1 by the method described below: oycqAZloTNDm: <00000000 00000000 00000000 00000000 00> abKPld1EcMni: <00000000 00000000 00000000 00000000 00> I did a quick little hack in GDB to set these two values and was able to sign in without an issue. Here is how I did that: Set those 2 values in NVRAM using the nvram command (effectively placing them in IODeviceTree:/options) I put a breakpoints at the instructions 0x39c18 and 0x39c8c from IMDAppleServices (disassemble in Hopper demo to see what these are) Began to sign into iMessage, breakpoint #1 eventually trips Looked at the stack to see what was being placed into %rsi (the value pointing to IODeviceTree:/options) and continued Breakpoint #2 trips moments later, but I've stopped after it has placed the IOPower pointer into %rsi, at which point I replace it with what I found in the previous breakpoint. Effectively making IMDAppleServices pull the values from IODeviceTree:/options (where I can easily set it), as opposed to IOPower. Viola - iMessage signs in! Long story short: IOPower Gq3489ugfi, Fyp98tpgj and kbjfrfpoJU are all used and require values, but the value doesn't seem to matter - whatever is setting them now seems to be doing so appropriately. SMBIOS values I have set include: SMfamily, SMproductname, SMboardproduct, SMserial, SMbiosversion, SMmanufacturer, SMbiosvendor. Based on verbose logging of imagent, the family, product name, board product, and serial are used for sure. Hardware UUID is used, but value doesn't seem to matter ROM and MLB NVRAM values are required and seem to trigger the new authentication method as opposed to the Beta method. The ROM value seems to be happy if it matches your primary network interface. Not sure about MLB - it is definitely the board serial, but whether it must be valid, or further to that - match your platform serial in some way, I'm not sure. IOPower NVRAM values oycqAZloTNDm and abKPld1EcMni must be set - no idea what they are however. 6 Link to comment Share on other sites More sharing options...
rcork Posted January 8, 2013 Share Posted January 8, 2013 Very interesting. Looks like we need to start compiling values for the IOPower variables from different mac models or just use the MacPro3,1 values. Link to comment Share on other sites More sharing options...
flux84 Posted January 8, 2013 Share Posted January 8, 2013 Not necessarily... only 2 of my 5 IOPower variables matched a real MacPro. The first 3 were set at boot time and evidently worked fine. Figuring out what triggers the last 2 to be set (by the kernel maybe?) may be the best option. 1 Link to comment Share on other sites More sharing options...
fffeee Posted January 8, 2013 Share Posted January 8, 2013 It seems likely that these are uniquely identifying but I don't know how easily they can be reversed or if they are a one-way ticket. Â Are people going to be willing to share them? Â or better yet, are they maybe not even validated? (i.e. could they be anything that matches the format?) Link to comment Share on other sites More sharing options...
flux84 Posted January 8, 2013 Share Posted January 8, 2013 or better yet, are they maybe not even validated? (i.e. could they be anything that matches the format?) Â I think this is a logical next step, but having some easy method to set these variables to test them would be incredibly helpful. Overwriting registers somewhat blindly in GDB to trick IMDAppleServices to pull the values from somewhere else is a bit tedious. Link to comment Share on other sites More sharing options...
rcork Posted January 8, 2013 Share Posted January 8, 2013 I think this is a logical next step, but having some easy method to set these variables to test them would be incredibly helpful. Overwriting registers somewhat blindly in GDB to trick IMDAppleServices to pull the values from somewhere else is a bit tedious. Â How can we inspect these variables on real macs? Link to comment Share on other sites More sharing options...
flux84 Posted January 8, 2013 Share Posted January 8, 2013 The code attached (courtesy of ElNono and mdmwii from ######## forum, plus 2 minor corrections from me) will do it. Compile it in XCode as a Foundation console app, needs to link against IOKit.Framework as well. Â Should get output like this: 2013-01-07 16:26:18.736 checkMessages[7937:707] Gq3489ugfi: <value here>2013-01-07 16:26:18.738 checkMessages[7937:707] Fyp98tpgj: <value here> 2013-01-07 16:26:18.739 checkMessages[7937:707] kbjfrfpoJU: <value here> 2013-01-07 16:26:18.739 checkMessages[7937:707] IOPlatformSerialNumber: value here 2013-01-07 16:26:18.740 checkMessages[7937:707] IOPlatformUUID: value here 2013-01-07 16:26:18.740 checkMessages[7937:707] board-id: Mac-F42C88C8 2013-01-07 16:26:18.741 checkMessages[7937:707] product-name: MacPro3,1 2013-01-07 16:26:18.741 checkMessages[7937:707] 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM: <value here> 2013-01-07 16:26:18.742 checkMessages[7937:707] 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:MLB: value here 2013-01-07 16:26:18.742 checkMessages[7937:707] oycqAZloTNDm: <value here> 2013-01-07 16:26:18.743 checkMessages[7937:707] abKPld1EcMni: <value here> checkMessages.zip Link to comment Share on other sites More sharing options...
fffeee Posted January 8, 2013 Share Posted January 8, 2013 I have values for oycqAZloTNDm and abKPld1EcMni that persist across reboots on my MacMini5,3 and MacBookPro10,1, I just don't know the sanest way to share them. Any suggestions? I'm inclined to just leaving them unattributed without the key values as a gist. It looks like the thread on uggc://jjj.gbalznpk86.pbz/ is looking at it from the other end, rather than attempting to reverse the format they're thinking of just finding what happens when it is set? Â This may also provide some clues as to why they have implemented it this way. Link to comment Share on other sites More sharing options...
rcork Posted January 8, 2013 Share Posted January 8, 2013 Anyone know whether Clover lets you configure these IOPower variables? Link to comment Share on other sites More sharing options...
p.H Posted January 9, 2013 Share Posted January 9, 2013 I don't think so because it doesn't work in vmware Message in VM still works fine? Link to comment Share on other sites More sharing options...
Pene Posted January 9, 2013 Share Posted January 9, 2013 Message in VM still works fine? No it does not. Stopped working when it stopped for hacks. 1 Link to comment Share on other sites More sharing options...
Slice Posted January 9, 2013 Share Posted January 9, 2013 Anyone know whether Clover lets you configure these IOPower variables? I can do this if you explain me more carefully what to do. 1 Link to comment Share on other sites More sharing options...
dannymichel Posted January 9, 2013 Share Posted January 9, 2013 Here's my solution: Not perfect and won't work for everyone. You need a jailbroken iOS device. Download and run "Remote Messages" from cydia. I only have iPad it it's iPhone only, had to download from Mac and transfer it via SFTP then use iFile to install. Once installed and enabled in settings, you can use any web browser on your local network to use iMessage. This also lets me use it on my Lion only MacBook and could use it on Windows if I used Windows. Not a fix, but a good enough work around for me at the moment assuming it all works like it should. Argh, even though this is only a workaround, I'm cursing the jailbreak gods. I lost my jailbreak when upgrading to iOS 6 Link to comment Share on other sites More sharing options...
Recommended Posts