teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 Yeah you are right but i think the latest fix is just to get MLB from a real mac that's all. That worked for me. Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 Yeah you are right but i think the latest fix is just to get MLB from a real mac that's all. That worked for me. Only MLB? Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 That's was the only thing I actually changed. That worked for me all the other Ids were generated Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 That's was the only thing I actually changed. That worked for me all the other Ids were generated Ok, thank you for response. But it's not very informative. Please can you explain "That worked". Did you called to Apple support too or activation went without any issues? Whats the length of used MLB and also Mac model you used? Please can you explain your procedure step by step? Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 Yes I called apple and told them I recently updated to 10.10.1 and when I try to log in my iMessage it gave a customer and then gave them the code. I tried same procedure with any MLB from a real Mac but that didn't work Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 Yes I called apple and told them I recently updated to 10.10.1 and when I try to log in my iMessage it gave a customer and then gave them the code. I tried same procedure with any MLB from a real Mac but that didn't work Whats the length of used MLB and also Mac model you used? Did your Mac models match on genuine mac and hack? Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 I used 13 character MLB of a MacBook Pro 5,5 n my hack is MacBook Pro 8,1 Link to comment Share on other sites More sharing options...
leodaniel Posted December 2, 2014 Author Share Posted December 2, 2014 Whats the length of used MLB and also Mac model you used? Did your Mac models match on genuine mac and hack? I can only tell you what worked for myself. I used the MLB and ROM from my old macbook pro (2008 or 2009 model) on my Hack (MacPro 6.1 SmBios, all IDs generated). And it worked. What I don't know and will try this weekend (not home, don't have access to my hack) is with just the MLB. Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 I can only tell you what worked for myself. I used the MLB and ROM from my old macbook pro (2008 or 2009 model) on my Hack (MacPro 6.1 SmBios, all IDs generated). And it worked. What I don't know and will try this weekend (not home, don't have access to my hack) is with just the MLB. Cool, thank you Seems that, if you have genuine MLB/ROM pair, iMessage activates without any issues. If you have genuine MLB (or, which follows certain pattern) you can still use Apple Support to activate the iMessage. Otherwise you are out of game. Whats the length of MLB? Which version of OS X? Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 Cool, thank you Seems that, if you have genuine MLB/ROM pair, iMessage activates without any issues. If you have genuine MLB (or, which follows certain pattern) you can still use Apple Support to activate the iMessage. Otherwise you are out of game. Whats the length of MLB? Which version of OS X? Oh yes you figured it out. I already told you I used 13 characters of MLB lol Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 Oh yes you figured it out. I already told you I used 13 characters of MLB lol As I quoted the leodaniel, Ithe question was also addressed to leodaniel teddybearapple, I sent a PM to you. Please check! Thx Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 As I quoted the leodaniel, Ithe question was also addressed to leodaniel teddybearapple, I sent a PM to you. Please check! Thx Already checked will reply that when I am home. 1 Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 Already checked will reply that when I am home. Cool! Thank you! Link to comment Share on other sites More sharing options...
leodaniel Posted December 2, 2014 Author Share Posted December 2, 2014 Cool, thank you Seems that, if you have genuine MLB/ROM pair, iMessage activates without any issues. If you have genuine MLB (or, which follows certain pattern) you can still use Apple Support to activate the iMessage. Otherwise you are out of game. Whats the length of MLB? Which version of OS X? OSX 10.10.1 (actually the OS version has nothing to do with it. The Problem is across all versions starting by Mavericks.) and I don't remember the length. Like I said before, I'm not home and don't have access to my hack before this weekend. Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 OSX 10.10.1 (actually the OS version has nothing to do with it. The Problem is across all versions starting by Mavericks.) and I don't remember the length. Like I said before, I'm not home and don't have access to my hack before this weekend. Thank you! I suspect there is a certain pattern in MLB. I have compared several values and seems there is a certain pattern in MLB. I suspect that MLB is reversible as Serial Number. Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 Actually it's not reversible I remember only the first 4 numbers of the serial number and ROM were the same but they are not reversible Sorry first 4 characters of Serial number and MLB are the same in the case on a real Mac but that's nothing I guess it looks totally different on my hack Link to comment Share on other sites More sharing options...
leodaniel Posted December 2, 2014 Author Share Posted December 2, 2014 Actually it's not reversible I remember only the first 4 numbers of the serial number and ROM were the same but they are not reversible Sorry first 4 characters of Serial number and MLB are the same in the case on a real Mac but that's nothing I guess it looks totally different on my hack Yes I agree with you, they are not reversible in any way, just checked my MBPr and they have nothing in common. Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 Actually it's not reversible I remember only the first 4 numbers of the serial number and ROM were the same but they are not reversible Sorry first 4 characters of Serial number and MLB are the same in the case on a real Mac but that's nothing I guess it looks totally different on my hack Thx! But do you have a proof? Plenty of product ids / serials etc are reversible on certain way. It's my hypothesis thats MLB is reversible. Even MD5 hash is "reversible" by using brute-forcing. After examination of several values, I can see there is a certain common pattern. There is some sort of algorithm used to generate MLB's. if there is algorithm, it's reversible on certain way. I' have hypothesis, that if you generate proper MLB based on algorithm, you will get iMessage still activated trough Apple support. Link to comment Share on other sites More sharing options...
leodaniel Posted December 2, 2014 Author Share Posted December 2, 2014 Thx! But do you have a proof? Plenty of product ids / serials etc are reversible on certain way. It's my hypothesis thats MLB is reversible. Even MD5 hash is "reversible" by using brute-forcing. After examination of several values, I can see there is a certain common pattern. There is some sort of algorithm used to generate MLB's. if there is algorithm, it's reversible on certain way. I' have hypothesis, that if you generate proper MLB based on algorithm, you will get iMessage still activated trough Apple support. MD5 is in no way reversible! EVERY MD5 has the same length, this means that there are an infinite inputs that result in the same hash. Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 MD5 is in no way reversible! EVERY MD5 has the same length, this means that there are an infinite inputs that result in the same hash. I said: "Even MD5 hash is "reversible" by using brute-forcing." Common use of quotation marks is to indicate or call attention to the word itself rather than its associated concept. So, I hoped you notice the irony here. Of course cryptography is a science, and each cryptographic method have its own principles. I used brute-forced MD5 just as an example in this context. If I have time and appropriate tools, I can brute-force weak password from MD5 hash. So, it's "reversible". PERIOD. But Apple's MLB isn't hash for sure, maybe only some part of it. But I see, that there is a pattern used for MLB. Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 It didn't take me even more than a minute or so to run iMessage debug on a friends MacBook Pro lol. Don't you think that's easier than trying to figure out the pattern of MLB ? Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 It didn't take me even more than a minute or so to run iMessage debug on a friends MacBook Pro lol. Don't you think that's easier than trying to figure out the pattern of MLB ? teddybearapple, I suspect you have missed the entire point of hacking Hacker is a person who enjoys exploring the limits of what is possible, in a spirit of playful cleverness. Copying some values from somewhere isn't hacking. Of course i can steal the bread from shop. But if I have a recipe, I can bake it. Link to comment Share on other sites More sharing options...
teddybearapple Posted December 2, 2014 Share Posted December 2, 2014 teddybearapple, I suspect you have missed the entire point of hacking Hacker is a person who enjoys exploring the limits of what is possible, in a spirit of playful cleverness. Copying some values from somewhere isn't hacking. Of course i can steal the bread from shop. But if I have a recipe, I can bake it. Oh I get your point now. You're right anyway, that's all about hacking it's good to come out the right pattern to understand how these Ids are generated by apple and stuff Link to comment Share on other sites More sharing options...
holyfield Posted December 2, 2014 Share Posted December 2, 2014 (edited) Pattern of MLB (Main Logic Board) Edited December 6, 2014 by holyfield Link to comment Share on other sites More sharing options...
fusion71au Posted December 2, 2014 Share Posted December 2, 2014 How to Extract MLB/ROM from older Macs running OSX Lion or Snow Leopard A few of you may have older Macs running Snow Leopard or Lion that have been "retired" from service. These make good candidates for borrowing their MLB and ROM for the purpose of activating iMessage on your own hacks.Notes iMessage was introduced in "beta" phase on OSX Lion and only officially supported from Mountain Lion onwards Older Macs had shorter MLBs eg MBP 6,2 has 13 character MLB (still 12 character ROM) Macs as old as a 2006 MBP 2,2 have been used for MLB/ROM to validate iMessage ElNono_'s iMessage_debug tool only works on systems running Mountain Lion or later so how to extract MLB/ROM without upgrading to ML or later? On Lion, MLB and ROM were introduced as NVRAM variables so can be extracted from your real Mac's NVRAM using Darwin Dumper by @BlackOSX:Run Darwin Dumper and tick the following dumps - DMI Tables (SMBIOS), I/O Kit Registry, NVRAM. Make sure that "Make Dumps Private" is unticked. The following are EXAMPLES only from my hack using GENERATED serials but give you an idea on what to look for on a real Mac....under the section NVRAM/uefi_firmware_vars/4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM &4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:MLB ------------------------------------------------------------------------------ 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM ------------------------------------------------------------------------------ 000000: 34 4f c0 d5 6c 38 |..&T.n| ------------------------------------------------------------------------------ 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:MLB ------------------------------------------------------------------------------ 000000: 43 4b 39 34 38 34 32 37 31 47 30 31 32 |CK9484271G012| On Snow Leopard, MLB and ROM don't exist in NVRAM so the values must be extracted from the DMI Tables and I/O Kit Registry...MLB=Main Logic Board Serial Number found in the section DMI Tables/DMI type 2: Base Board/Serial Number Handle 0x0200, DMI type 2, 16 bytes 0000: 02 10 00 02 01 02 03 04 05 09 06 00 03 0a 00 00 0010: Base Board Information Manufacturer: Apple Computer, Inc. Product Name: Mac-F42D86C8 Version: MacBookPro5,1 Serial Number: CK9484271G012 Asset Tag: Features: Board is a hosting board Board is replaceable Location In Chassis: Part Component Chassis Handle: 0x0300 Type: Motherboard Contained Object Handles: 0 In the section IORegistry/IOService:ROM=Firewire IOMACAddress (format xxxxxxyyyyxxxxxx) 8 bytes with the middle 2 bytes removed to leave 6 byte/12 character serial: xxxxxxxxxxxx eg search for "Firewire" fw IOMACAddress = 344fc00035d56c38ROM = 344fc0d56c38 or on other Macs, ROM is sometimes reported as the Ethernet IOMACAddress so in this case, search for "Ethernet". You can also determine the MAC addresses of all your Mac's network interfaces by running the following command in OSX terminal: networksetup -listallhardwareports Alternative if DDumper doesn't work: procedure from post#171: 1. Boot your Mac in single user verbose mode (Command-S) with a Mavericks or Yosemite Installer USB created with "createinstallmedia" method 2. After the white text has finished scrolling type the following lines (pressing <Enter> after each) /sbin/fsck -fy /sbin/mount -uw / nvram 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:MLB nvram 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM 3. Record the output. Note the ROM value shown with the NVRAM command can be a mix of HEX and ASCII: '%xx' values are HEX-Values, the other characters have to be converted from ASCII to HEX to get the right ROM value. 6 Link to comment Share on other sites More sharing options...
Recommended Posts