Jump to content

Pattern of MLB (Main Logic Board)

holyfield

By holyfield,
in Tutorials (The Genius Bar)

 Share
573 posts in this topic

Recommended Posts

Tetonne
Tetonne
Posted
Posted

MLBGen17 v3

Its Last From Me

Hope its batter way to create Fake MLB

 

---------------- END OF MLB Gen (From:Me)----------------

 

Hope this thread will open when Something new coming to iMessage

 

For More News Of iMessage meet jaymonkey (He is working person with iMessage)

Every Mac Logic Board has MLB with Barcode .

In Factory After attaching barcode it register to the Apple white list...

Thanks for that i'll test when i'll back home in 1week :( I should have taken my hack :(

Merry Christmas  

Link to comment
Share on other sites
AGuyWhoIsBored
AGuyWhoIsBored
Posted
Posted

nvram 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM

and

nvram 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:MLB

Thanks for the commands, although I'm aware that there's another way to obtain ROM / MLB? Maybe through IOReg? As i heard that obtaining these values from NVRAM sometimes doesn't work, as when I ran the nvram ROM command it gave me a bunch of garbled {censored} and nothing resembling the ROM I set, although using iMessage_Debug it shows the ROM that I set using Clover Configurator ... Hmm...

Link to comment
Share on other sites
Rankrotten
Rankrotten
Posted
Posted

I have managed to extract a bunch of 13 character MLB/ROM values from older macs and some of the ROM results are a bit garbled, however they are all based on the Firewire address with the middle hex pairs removed. Run this command in terminal to get all the MAC values of the network adapters, the ROM will be the Firewire one.

 

networksetup -listallhardwareports

  • Like 1
Link to comment
Share on other sites
fusion71au
fusion71au
Posted
Posted

@AGuyWhoIsBored,

 

The garbled output is from ASCII characters that need to be converted to Hex values as described by @darkvoid in post #134.

 

"Each %XX is already hex, other characters need to be converted from their ASCII character to hexadecimal value."

 

I can confirm @Rankrotten's finding about the ROM often being the fw MAC address with the 2 middle bytes removed (for Mac Mini late 2012, MBP 6,2 2010).  Some have also reported that it can be their Mac's ethernet MAC address.

 

It would be interesting if someone with a newer Mac without firewire or ethernet eg MacBook Air or retina MBP reports what their ROM corresponds to:  MAC of Bluetooth?  Thunderbolt?

Link to comment
Share on other sites
AGuyWhoIsBored
AGuyWhoIsBored
Posted
Posted

I have managed to extract a bunch of 13 character MLB/ROM values from older macs and some of the ROM results are a bit garbled, however they are all based on the Firewire address with the middle hex pairs removed. Run this command in terminal to get all the MAC values of the network adapters, the ROM will be the Firewire one.

 

networksetup -listallhardwareports

Nice find! I have a couple ?'s however:

 

-Are these for Mac's w/ 13 char MLB?

-Is this the same for Mac's w/ 17 char MLB?

 

If both of those ?'s hold true, we could use that as another base to calculate random ROM that matches Apple's ROM syntax ... 

@AGuyWhoIsBored,

 

The garbled output is from ASCII characters that need to be converted to Hex values as described by @darkvoid in post #134.

 

"Each %XX is already hex, other characters need to be converted from their ASCII character to hexadecimal value."

 

I can confirm @Rankrotten's finding about the ROM often being the fw MAC address with the 2 middle bytes removed (for Mac Mini late 2012, MBP 6,2 2010).  Some have also reported that it can be their Mac's ethernet MAC address.

 

It would be interesting if someone with a newer Mac without firewire or ethernet eg MacBook Air or retina MBP reports what their ROM corresponds to:  MAC of Bluetooth?  Thunderbolt?

Yes, I know that (however thank you for the clarification, my knowledge on it was getting a little foggy  :D ), but I don't really know what to make of this:

4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM h%ae V1w

 

That's my output for the NVRAM command, and AFAIK, it's supposed to turn up with a value something similar to this:

 

%XX%XX%XX%XX%XX%XX, the XX's being the hex bytes of ROM...

 

Yes, I would be interested in that as well, what the ROM corresponds to in new Mac's... Hmm ...

 

​EDIT: When I acquire ROM from iMessage_Debug I get accurate ROM from what I set as last 6 bytes of smUUID in Clover Configurator, so I'm not really sure what to make of what I get running the NVRAM command ... 

 

EDIT2: I was wrong about the garbled {censored} thing, I figured it out...  :D Now I just need to figure out how to automate this ASCII > Hex conversion...

Link to comment
Share on other sites
Rankrotten
Rankrotten
Posted
Posted

I can confirm @Rankrotten's finding about the ROM often being the fw MAC address with the 2 middle bytes removed (for Mac Mini late 2012, MBP 6,2 2010).  Some have also reported that it can be their Mac's ethernet MAC address.

 

It would be interesting if someone with a newer Mac without firewire or ethernet eg MacBook Air or retina MBP reports what their ROM corresponds to:  MAC of Bluetooth?  Thunderbolt?

I'm typing this on the wife's MacBook Air 6,2 and can confirm that the ROM on this machine bears no relation to any of the network interfaces: WiFi, Bluetooth PAN or Thunderbolt.

Link to comment
Share on other sites
AGuyWhoIsBored
AGuyWhoIsBored
Posted
Posted

I'm typing this on the wife's MacBook Air 6,2 and can confirm that the ROM on this machine bears no relation to any of the network interfaces: WiFi, Bluetooth PAN or Thunderbolt.

That's really good to know ...  :)

 

So what I'm thinking is that on Mac's that were made <2010, the ROM should match FireWire MAC address with middle 2 bytes removed, and on Mac's that were made >2010, the ROM is random / determined by something else. Maybe we could implement a check to make sure they match when a random ROM is generated? Hmm ......

Link to comment
Share on other sites
Happypetsy
Happypetsy
Posted
Posted

Hi guys, I just checked my brother's iMac 13,2. ROM is partly taken from thunderbolt.
 

Thunderbolt  Mac Address:

xx:xx:x|7:bd:2d:c|x

 

ROM:
xx:xx:xx:7b:d2:dc

 

I couldn't find anything from networksetup -listallhardwareports

that comprises first 3 groups of the ROM, though

  • Like 1
Link to comment
Share on other sites
Happypetsy
Happypetsy
Posted
Posted

Yeah, u're right Pike, the first 3 bytes are Apple's. 

So, when creating our ROM,  can we just put any value listed in http://hwaddress.com/?q=Apple as the prefix?

Now, if the ROM's suffix from iMac 13,2 is taken from thunderbolt, then for hacks using iMac 13,2 sysdef (or any Mac's using thunderbolt as part of the ROM) also needs a thunderbolt card, to create a proper fake ROM.

Is this correct? 

 

Link to comment
Share on other sites
wagonfixin
wagonfixin
Posted
Posted

On this real MBP;

$ nvram 4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM
Returned (last 3 anonymized) :

  4D1EDE05-38C7-4A6A-9CC6-4BCCA8B38C14:ROM    %c8*%14%hhA%hh

Google (and then this thread!) revealed that this nvram ROM string may be formatted as partial hex (%hh) and partial ASCII (A).

Deciphering the entire string into the expected hex octets, where: ROM value is %hhA%hh%hhA%hh and was therefore "decoded" as:

Hex  "%c8" = c8
ASCII  "*" = 2a
Hex  "%14" = 14
Hex  "%hh" = hh
ASCII  "A" = hh
Hex  "%hh" = hh

It then followed that:

$ networksetup -listallhardwareports
Returned (last 3 octets anonymized):

  Hardware Port: Ethernet
  Device: en0
  Ethernet Address: c8:2a:14:zz:zz:zz

  Hardware Port: FireWire
  Device: fw0
  Ethernet Address: c8:2a:14:ff:fe:hh:hh:hh

Interestingly, this indicates (at least in this specific instance), that this [Early-2011 MBP8,3] used the FireWire port (fw0) and not the Ethernet port (en0) as the base for the ROM value, as the last 3 octets of firewire address were an exact match.  There was no correlation between the last 3 octets of the Firewire address and the last 3 octets of the Ethernet's MAC address.

It appears that one of the standard Apple OUI (Organizationally Unique Identifier) prefixes of "c8:2a:14" was used in conjunction with the last 3 octets of hh:hh:hh.  Procedurally, a standard 6 octet "MAC'esque address" was derived from the 8 octet 64-bit FireWire GUID by dropping the middle two octets (normally added to create firewire GUIDs); in this case, the two values of "ff:fe" were "dropped".

So, on this specific MBP8,3, the nvram ROM value is inferred to be derived from the 8 octet 64-bit FireWire GUID of "c8:2a:14:ff:fe:hh:hh:hh", paired down to a 6 octet value of "c8:2a:14:hh:hh:hh" which is then stored as a mixed hex and ASCII string as the funky "hh:A:hh:hh:A:hh".

Hope this MBP example helps!
 

Link to comment
Share on other sites
Pike R. Alpha
Pike R. Alpha
Posted
Posted

Yeah, u're right Pike, the first 3 bytes are Apple's. 

 

So, when creating our ROM,  can we just put any value listed in http://hwaddress.com/?q=Apple as the prefix?

 

Now, if the ROM's suffix from iMac 13,2 is taken from thunderbolt, then for hacks using iMac 13,2 sysdef (or any Mac's using thunderbolt as part of the ROM) also needs a thunderbolt card, to create a proper fake ROM.

 

Is this correct? 

I guess so. I changed the first digits (7c:6d:f8) into (88:63:df) and everything is still Ok here.

 

And no. You don't need a Thunderbolt card to create a proper ROM value.

 

@Hanger1,

 

Sure, but it is Christmas (merry Christmas everyone) so I have other stuff to do ;)

  • Like 2
Link to comment
Share on other sites
Kris404
Kris404
Posted
Posted

Guys, something changed this week.

 

I'm not able to send or receive iMessages from iMac12,2 even with valid MLB/ROM from my MacBookAir6,2. Perhaps they are checking the Serial/SMBIOS now as well?

 

It logs in just fine but messages never get delivered. No issues whatsoever on the iDevices.

Link to comment
Share on other sites
gerard71
gerard71
Posted
Posted

Guys, something changed this week.

 

I'm not able to send or receive iMessages from iMac12,2 even with valid MLB/ROM from my MacBookAir6,2. Perhaps they are checking the Serial/SMBIOS now as well?

 

It logs in just fine but messages never get delivered. No issues whatsoever on the iDevices.

hello no nothing changed I use ROM AND MLB my mac mini for several months and it still works

Link to comment
Share on other sites
teddybearapple
teddybearapple
Posted
Posted

hello no nothing changed I use ROM AND MLB my mac mini for several months and it still works

Been using just a real MLB and my ethernet mac address for very long with no issues. Don't think anything is changed you might want to log out and in again? That only shouldnt be a problem if you have a real MLB n ROM from a real mac
Link to comment
Share on other sites
Kris404
Kris404
Posted
Posted

Been using just a real MLB and my ethernet mac address for very long with no issues. Don't think anything is changed you might want to log out and in again? That only shouldnt be a problem if you have a real MLB n ROM from a real mac

 

Yeah, stopped working. I am using a real MLB/ROM from my MBA.

 

I wiped clean all the plists, history and tried again. It logs in just fine (screenshot below) but the messages never come-in or go out.

post-345338-0-96996000-1419918594_thumb.png

Link to comment
Share on other sites
waxfuzz
waxfuzz
Posted
Posted

Yeah, stopped working. I am using a real MLB/ROM from my MBA.

 

I wiped clean all the plists, history and tried again. It logs in just fine (screenshot below) but the messages never come-in or go out.

 

I have the same issue , something changed.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...