Mac - Trammell Hudson's Projects

<!doctype html> <html lang="en" class="no-js"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="description" content="Collection of my projects and hacks."> <link rel="canonical" href="https://trmm.net/Category%3AMac/"> <link rel="prev" href="../Category%3ATeensy/"> <link rel="next" href="../Category%3APhotography/"> <link rel="icon" href="../assets/images/favicon.png"> <meta name="generator" content="mkdocs-1.4.2, mkdocs-material-9.0.6"> <meta property="og:title" content="Mac"> <meta property="og:site_name" content="Trammell Hudson's Projects"> <meta property="og:url" content="https://trmm.net/Category%3AMac/"> <meta property="og:description" content="Collection of my projects and hacks."> <meta property="og:image" content="https://trmm.net/images/logo.png"> <title>Mac - Trammell Hudson's Projects</title> <link rel="stylesheet" href="../assets/stylesheets/main.558e4712.min.css"> <link rel="stylesheet" href="../assets/stylesheets/palette.2505c338.min.css">  <link href="https://fonts.gstatic.com" rel="preconnect" crossorigin /> <link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=IBM+Plex+Serif:300,400,400i,700%7CIBM+Plex+Sans:500,600,700%7CIBM+Plex+Mono&display=fallback" /> <style> body, input { font-family: "IBM Plex Serif", "Helvetica Neue", Helvetica, Arial, sans-serif; } pre, code, kbd { font-family: "IBM Plex Mono", "Courier New", Courier, monospace; } h1, h2, h3, h4, h5, h6 { font-family: "IBM Plex Sans", sans-serif; font-weight: 700 !important; } </style> <link rel="stylesheet" href="../extra.css"> <script>__md_scope=new URL("..",location),__md_hash=e=>[...e].reduce((e,_)=>(e<<5)-e+_.charCodeAt(0),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script> </head> <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="black" data-md-color-accent="purple"> <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off"> <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off"> <label class="md-overlay" for="__drawer"></label> <div data-md-component="skip"> <a href="#macintosh-hacking" class="md-skip"> Skip to content </a> </div> <div data-md-component="announce"> </div> <header class="md-header" data-md-component="header"> <nav class="md-header__inner md-grid" aria-label="Header"> <a href=".." title="Trammell Hudson's Projects" class="md-header__button md-logo" aria-label="Trammell Hudson's Projects" data-md-component="logo"> <img src="../images/logo.png" alt="logo"> </a> <label class="md-header__button md-icon" for="__drawer"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2Z"/></svg> </label> <div class="md-header__title" data-md-component="header-title"> <div class="md-header__ellipsis"> <div class="md-header__topic"> <span class="md-ellipsis"> Trammell Hudson's Projects </span> </div> <div class="md-header__topic" data-md-component="header-topic"> <span class="md-ellipsis"> Mac </span> </div> </div> </div> <label class="md-header__button md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> </label> <div class="md-search" data-md-component="search" role="dialog"> <label class="md-search__overlay" for="__search"></label> <div class="md-search__inner" role="search"> <form class="md-search__form" name="search"> <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required> <label class="md-search__icon md-icon" for="__search"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5Z"/></svg> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg> </label> <nav class="md-search__options" aria-label="Search"> <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41Z"/></svg> </button> </nav> </form> <div class="md-search__output"> <div class="md-search__scrollwrap" data-md-scrollfix> <div class="md-search-result" data-md-component="search-result"> <div class="md-search-result__meta"> Initializing search </div> <ol class="md-search-result__list" role="presentation"></ol> </div> </div> </div> </div> </div> <div class="md-header__source"> <a href="https://github.com/osresearch/" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class="md-source__repository"> GitHub </div> </a> </div> </nav> </header> <div class="md-container" data-md-component="container"> <main class="md-main" data-md-component="main"> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0"> <label class="md-nav__title" for="__drawer"> <a href=".." title="Trammell Hudson's Projects" class="md-nav__button md-logo" aria-label="Trammell Hudson's Projects" data-md-component="logo"> <img src="../images/logo.png" alt="logo"> </a> Trammell Hudson's Projects </label> <div class="md-nav__source"> <a href="https://github.com/osresearch/" title="Go to repository" class="md-source" data-md-component="source"> <div class="md-source__icon md-icon"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z"/></svg> </div> <div class="md-source__repository"> GitHub </div> </a> </div> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item md-nav__item--active md-nav__item--nested"> <input class="md-nav__toggle md-toggle " data-md-toggle="__nav_1" type="checkbox" id="__nav_1" checked> <label class="md-nav__link" for="__nav_1" tabindex="0" aria-expanded="true"> Categories <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Categories" data-md-level="1"> <label class="md-nav__title" for="__nav_1"> <span class="md-nav__icon md-icon"></span> Categories </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../Category%3ARetrocomputing/" class="md-nav__link"> Retrocomputing </a> </li> <li class="md-nav__item"> <a href="../Category%3AVector_display/" class="md-nav__link"> Vector display </a> </li> <li class="md-nav__item"> <a href="../Category%3ARobots/" class="md-nav__link"> Robots </a> </li> <li class="md-nav__item"> <a href="../Category%3AClocks/" class="md-nav__link"> Clocks </a> </li> <li class="md-nav__item"> <a href="../Category%3A3D_Printing/" class="md-nav__link"> 3D Printing </a> </li> <li class="md-nav__item"> <a href="../Category%3ALaser_cutter/" class="md-nav__link"> Laser cutter </a> </li> <li class="md-nav__item"> <a href="../Category%3ATeensy/" class="md-nav__link"> Teensy </a> </li> <li class="md-nav__item md-nav__item--active"> <input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc"> <label class="md-nav__link md-nav__link--active" for="__toc"> Mac <span class="md-nav__icon md-icon"></span> </label> <a href="./" class="md-nav__link md-nav__link--active"> Mac </a> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#macintosh-hacking" class="md-nav__link"> Macintosh Hacking </a> <nav class="md-nav" aria-label="Macintosh Hacking"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#macintosh-se-video-interface" class="md-nav__link"> Macintosh SE Video interface </a> </li> <li class="md-nav__item"> <a href="#adb-to-usb-adapter" class="md-nav__link"> ADB to USB adapter </a> </li> <li class="md-nav__item"> <a href="#mac-se-easter-egg" class="md-nav__link"> Mac SE Easter Egg </a> </li> <li class="md-nav__item"> <a href="#mac-efi-firmware" class="md-nav__link"> Mac EFI firmware </a> </li> <li class="md-nav__item"> <a href="#vulnerability-status" class="md-nav__link"> Vulnerability status </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#list-of-pages" class="md-nav__link"> List of pages </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="../Category%3APhotography/" class="md-nav__link"> Photography </a> </li> <li class="md-nav__item"> <a href="../Category%3AHobbies/" class="md-nav__link"> Hobbies </a> </li> <li class="md-nav__item"> <a href="../Category%3ALED/" class="md-nav__link"> LED </a> </li> <li class="md-nav__item"> <a href="../Category%3ALEDscape/" class="md-nav__link"> LEDscape </a> </li> <li class="md-nav__item"> <a href="../Category%3AReverse_engineering/" class="md-nav__link"> Reverse engineering </a> </li> <li class="md-nav__item"> <a href="../Category%3ATalks/" class="md-nav__link"> Talks </a> </li> <li class="md-nav__item"> <a href="../Category%3AHacks/" class="md-nav__link"> Hacks </a> </li> <li class="md-nav__item"> <a href="../Category%3ASecurity/" class="md-nav__link"> Security </a> </li> <li class="md-nav__item"> <a href="../Category%3AAircraft/" class="md-nav__link"> Aircraft </a> </li> <li class="md-nav__item"> <a href="../Category%3AArt/" class="md-nav__link"> Art </a> </li> <li class="md-nav__item"> <a href="../Category%3ABiking/" class="md-nav__link"> Biking </a> </li> <li class="md-nav__item"> <a href="../Category%3ALED/" class="md-nav__link"> Blinky </a> </li> <li class="md-nav__item"> <a href="../Category%3ABurning_Man/" class="md-nav__link"> Burning Man </a> </li> <li class="md-nav__item"> <a href="../Category%3AClasses/" class="md-nav__link"> Classes </a> </li> <li class="md-nav__item"> <a href="../Category%3ACoffee/" class="md-nav__link"> Coffee </a> </li> <li class="md-nav__item"> <a href="../Category%3AESP/" class="md-nav__link"> ESP </a> </li> <li class="md-nav__item"> <a href="../Category%3AFont/" class="md-nav__link"> Font </a> </li> <li class="md-nav__item"> <a href="../Category%3AGames/" class="md-nav__link"> Games </a> </li> <li class="md-nav__item"> <a href="../Category%3AInteractive_Show/" class="md-nav__link"> Interactive Show </a> </li> <li class="md-nav__item"> <a href="../Category%3ABeagleBone/" class="md-nav__link"> BeagleBone </a> </li> <li class="md-nav__item"> <a href="../Category%3APRU/" class="md-nav__link"> PRU </a> </li> <li class="md-nav__item"> <a href="../Category%3AMakerfaire/" class="md-nav__link"> Makerfaire </a> </li> <li class="md-nav__item"> <a href="../Category%3ANYCR/" class="md-nav__link"> NYCR </a> </li> <li class="md-nav__item"> <a href="../Category%3AOctober_First/" class="md-nav__link"> October First </a> </li> <li class="md-nav__item"> <a href="../Category%3AOscilloscope/" class="md-nav__link"> Oscilloscope </a> </li> <li class="md-nav__item"> <a href="../Category%3AROM/" class="md-nav__link"> ROM </a> </li> <li class="md-nav__item"> <a href="../Category%3ARadio/" class="md-nav__link"> Radio </a> </li> <li class="md-nav__item"> <a href="../Category%3ARaspberry_Pi/" class="md-nav__link"> Raspberry Pi </a> </li> <li class="md-nav__item"> <a href="../Category%3AShopbot/" class="md-nav__link"> Shopbot </a> </li> <li class="md-nav__item"> <a href="../Category%3ASoftware/" class="md-nav__link"> Software </a> </li> <li class="md-nav__item"> <a href="../Category%3ASparkCore/" class="md-nav__link"> SparkCore </a> </li> <li class="md-nav__item"> <a href="../Category%3AThingiverse/" class="md-nav__link"> Thingiverse </a> </li> <li class="md-nav__item"> <a href="../Category%3AUSB_Devices/" class="md-nav__link"> USB Devices </a> </li> <li class="md-nav__item"> <a href="../Category%3AVideo/" class="md-nav__link"> Video </a> </li> <li class="md-nav__item"> <a href="../Category%3AWearables/" class="md-nav__link"> Wearables </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " data-md-toggle="__nav_2" type="checkbox" id="__nav_2" > <label class="md-nav__link" for="__nav_2" tabindex="0" aria-expanded="false"> Chronological <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="Chronological" data-md-level="1"> <label class="md-nav__title" for="__nav_2"> <span class="md-nav__icon md-icon"></span> Chronological </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../Category%3A2010/" class="md-nav__link"> 2010 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2011/" class="md-nav__link"> 2011 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2012/" class="md-nav__link"> 2012 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2013/" class="md-nav__link"> 2013 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2014/" class="md-nav__link"> 2014 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2015/" class="md-nav__link"> 2015 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2016/" class="md-nav__link"> 2016 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2017/" class="md-nav__link"> 2017 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2018/" class="md-nav__link"> 2018 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2019/" class="md-nav__link"> 2019 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2020/" class="md-nav__link"> 2020 </a> </li> <li class="md-nav__item"> <a href="../Category%3A2021/" class="md-nav__link"> 2021 </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle " data-md-toggle="__nav_3" type="checkbox" id="__nav_3" > <label class="md-nav__link" for="__nav_3" tabindex="0" aria-expanded="false"> About <span class="md-nav__icon md-icon"></span> </label> <nav class="md-nav" aria-label="About" data-md-level="1"> <label class="md-nav__title" for="__nav_3"> <span class="md-nav__icon md-icon"></span> About </label> <ul class="md-nav__list" data-md-scrollfix> <li class="md-nav__item"> <a href="../About/" class="md-nav__link"> About Me </a> </li> <li class="md-nav__item"> <a href="../PGP/" class="md-nav__link"> Contact </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" > <div class="md-sidebar__scrollwrap"> <div class="md-sidebar__inner"> <nav class="md-nav md-nav--secondary" aria-label="Table of contents"> <label class="md-nav__title" for="__toc"> <span class="md-nav__icon md-icon"></span> Table of contents </label> <ul class="md-nav__list" data-md-component="toc" data-md-scrollfix> <li class="md-nav__item"> <a href="#macintosh-hacking" class="md-nav__link"> Macintosh Hacking </a> <nav class="md-nav" aria-label="Macintosh Hacking"> <ul class="md-nav__list"> <li class="md-nav__item"> <a href="#macintosh-se-video-interface" class="md-nav__link"> Macintosh SE Video interface </a> </li> <li class="md-nav__item"> <a href="#adb-to-usb-adapter" class="md-nav__link"> ADB to USB adapter </a> </li> <li class="md-nav__item"> <a href="#mac-se-easter-egg" class="md-nav__link"> Mac SE Easter Egg </a> </li> <li class="md-nav__item"> <a href="#mac-efi-firmware" class="md-nav__link"> Mac EFI firmware </a> </li> <li class="md-nav__item"> <a href="#vulnerability-status" class="md-nav__link"> Vulnerability status </a> </li> </ul> </nav> </li> <li class="md-nav__item"> <a href="#list-of-pages" class="md-nav__link"> List of pages </a> </li> </ul> </nav> </div> </div> </div> <div class="md-content" data-md-component="content"> <article class="md-content__inner md-typeset"> <h1>Mac</h1> <h2 id="macintosh-hacking">Macintosh Hacking</h2> <h3 id="macintosh-se-video-interface">Macintosh SE Video interface</h3> <table class="gallery"> <tbody markdown='1'> <tr> <td class="gallery-image col-1" width="50.0%"><a href="https://www.flickr.com/photos/osr/12137818294/lightbox"><img src="https://live.staticflickr.com/3764/12137818294_a70f3d67c6_b.jpg" srcset="https://live.staticflickr.com/3764/12137818294_a70f3d67c6_b.jpg 1024w, https://live.staticflickr.com/3764/12137818294_a70f3d67c6.jpg 400w" /></a></td> <td class="gallery-image col-2" width="50.0%"><a href="https://www.flickr.com/photos/osr/12144563936/lightbox"><img src="https://live.staticflickr.com/7314/12144563936_0a1b80746d_b.jpg" srcset="https://live.staticflickr.com/7314/12144563936_0a1b80746d_b.jpg 1024w, https://live.staticflickr.com/7314/12144563936_0a1b80746d.jpg 400w" /></a></td> </tr> <tr markdown='1' class='gallery-caption-row'> <td class="gallery-caption col-1" width="50.0%"></td> <td class="gallery-caption col-2" width="50.0%"></td> <p></tr> </tbody></p> </table> <p>Rather than let an old <a href="/Mac-SE_Easter_Egg">Mac SE</a> with dead drives go to waste, I built a video card interface to the BeagleBone Black to drive the 512x342x1 display using the PRU. <a href="/Mac-SE_video"><strong>Read on for more info...</strong></a></p> <h3 id="adb-to-usb-adapter">ADB to USB adapter</h3> <p><a href="https://www.flickr.com/photos/osr/12398938953/lightbox"><img src="https://live.staticflickr.com/2858/12398938953_459ec90bd6_b.jpg" srcset="https://live.staticflickr.com/2858/12398938953_459ec90bd6_b.jpg 1024w, https://live.staticflickr.com/2858/12398938953_459ec90bd6.jpg 400w" /></a> Older Macintosh computers used the <a href="/En:Apple_Desktop_Bus">Apple Desktop Bus</a> protocol to communicate with keyboards and mice. It is a one-wire, bidirectional multi-drop protocol. <a href="/ADB_to_USB">More information on my adapter design</a></p> <h3 id="mac-se-easter-egg">Mac SE Easter Egg</h3> <table class="gallery"> <tbody markdown='1'> <tr> <td class="gallery-image col-1" width="50.0%"><a href="https://www.flickr.com/photos/osr/7828783992/lightbox"><img src="https://live.staticflickr.com/7136/7828783992_c4dd21906b.jpg" srcset="https://live.staticflickr.com/7136/7828783992_c4dd21906b.jpg 1024w, https://live.staticflickr.com/7136/7828783992_c4dd21906b.jpg 400w" /></a></td> <td class="gallery-image col-2" width="50.0%"><a href="https://www.flickr.com/photos/osr/7695518136/lightbox"><img src="https://live.staticflickr.com/8432/7695518136_7f918b08a0.jpg" srcset="https://live.staticflickr.com/8432/7695518136_7f918b08a0_b.jpg 1024w, https://live.staticflickr.com/8432/7695518136_7f918b08a0.jpg 400w" /></a></td> </tr> <tr markdown='1' class='gallery-caption-row'> <td class="gallery-caption col-1" width="50.0%"></td> <td class="gallery-caption col-2" width="50.0%"></td> <p></tr> </tbody></p> </table> <p>Using my PROMdate generic EPROM reader, I extracted the Mac SE boot ROMs from a machine I found on the side of the road. We then reverse engineered the easter egg photographs of the development team hidden in the extra space. <a href="/Mac-SE_Easter_Egg"><strong>Read on for more details...</strong></a></p> <h3 id="mac-efi-firmware">Mac EFI firmware</h3> <p><a href="https://www.flickr.com/photos/osr/16011972486/lightbox"><img src="https://live.staticflickr.com/7532/16011972486_e1b9982f76_b.jpg" srcset="https://live.staticflickr.com/7532/16011972486_e1b9982f76_b.jpg 1024w, https://live.staticflickr.com/7532/16011972486_e1b9982f76.jpg 400w" /></a> <strong>Thunderstrike</strong> is the name for a class of Apple EFI firmware security vulnerabilities that allow malicious software or Thunderbolt devices to flash untrusted code to the boot ROM and propagate via shared devices. It was <a href="https://events.ccc.de/congress/2014/Fahrplan/events/6128.html">presented at 31C3</a>. Read on for more info on <a href="/Thunderstrike"><strong>Thunderstrike</strong></a> or <a href="/Thunderstrike_2"><strong>Thunderstrike 2</strong></a>, a software-only extension. <a href="https://www.flickr.com/photos/osr/19649541333/lightbox"><img src="https://live.staticflickr.com/391/19649541333_1598fbda3d_b.jpg" srcset="https://live.staticflickr.com/391/19649541333_1598fbda3d_b.jpg 1024w, https://live.staticflickr.com/391/19649541333_1598fbda3d.jpg 400w" /></a> Thunderstrike 2 was presented at DefCon 23 / BlackHat 2015 and the <a href="/Thunderstrike2_details">annotated presentation</a> is available with significantly more details, as well as <a href="/Thunderstrike2_demo">a demo video</a> of the proof-of-concept in action. Thunderstrike 2 is a continuation of my security research on <a href="/Thunderstrike">Thunderstrike</a>, in collaboration with Xeno Kovah and Corey Kallenberg of <a href="http://www.legbacore.com/">LegbaCore</a>. I've also collected <a href="/Thunderstrike_2_media">Thunderstrike 2 news coverage</a>.</p> <h3 id="vulnerability-status">Vulnerability status</h3> <p><a href="https://www.flickr.com/photos/osr/19140497399/lightbox"><img src="https://live.staticflickr.com/479/19140497399_dc01891234_b.jpg" srcset="https://live.staticflickr.com/479/19140497399_dc01891234_b.jpg 1024w, https://live.staticflickr.com/479/19140497399_dc01891234.jpg 400w" /></a> Thunderstrike 2 was partialy fixed as part of <a href="https://support.apple.com/en-us/HT204934">Mac EFI Security Update 2015-001</a> in June 2015 (<a href="http://www.kb.cert.org/vuls/id/577140">VU#577140</a>, CVE-2015-3692). Systems running OS X 10.10.4 and higher are no longer trivially vulnerable. "Partially patched" means that the Protected Range Registers (PRR) are locked before the S3 script is run, which prevents a Darth Venamis "Dark Jedi" attack on the boot flash, but it does not fix several other issues. We have disclosed the following remaining problems to Apple's product firmware security team:</p> <ul> <li>Option ROMs are still loaded during normal boots. Snare's 2012 Option ROM attack still works and could be extended to other Option ROMs built into the system's WiFi or video card.</li> <li>The S3 resume bootscript is still unprotected and executes code from RAM, allowing code injection into PEI from either a software attack or an Option ROM attack.</li> <li><code>BIOS_CNTL.BLE</code> and <code>BIOS_CNTL.SMM_SWP</code> are not locked, allowing the NVRAM to be corrupted (and leaving open possible attacks on the PRR).</li> <li><code>TSEGMB</code> is left unlocked, allowing DMA into SMRAM and code injection into SMM.</li> <li>And there some other issues that we haven't fully tested.</li> </ul> <p>Even with the patch applied, it is still possible for Thunderstrike 2 to write to Option ROMs and continue to spread to new machines, to persist in the S3 resume script until the next full reboot, to hide in System Management mode and evade detection from software scanning, and to <a href="https://www.youtube.com/watch?v=LEEEazuc8Dg&feature=youtu.be">"irrevocably" brick systems</a> by corrupting NVRAM.</p> <p><a href="/Category:2015"><span style='color:white; background-color:red'>2015</a> <a href="/Category:Security"><span style='color:white; background-color:red'>Security</a> <a href="/Category:Reverse_engineering"><span style='color:white; background-color:red'>Reverse engineering</a></p> <hr> <h2 id="list-of-pages">List of pages</h2> <ul> <li><a href="/ADB_to_USB/">ADB to USB</a></li> <li><a href="/Mac-SE_Easter_Egg/">Mac SE Easter Egg</a></li> <li><a href="/Mac-SE_video/">Mac-SE/30 video interface</a></li> </ul> <hr> <hr> <div class="md-source-file"> <small> Last update: <span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">November 8, 2020</span> </small> </div> </article> </div> </div> </main> <footer class="md-footer"> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class="md-copyright"> Made with <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener"> Material for MkDocs </a> </div> <div class="md-social"> <a href="https://twitter.com/qrs" target="_blank" rel="noopener" title="twitter.com" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M459.37 151.716c.325 4.548.325 9.097.325 13.645 0 138.72-105.583 298.558-298.558 298.558-59.452 0-114.68-17.219-161.137-47.106 8.447.974 16.568 1.299 25.34 1.299 49.055 0 94.213-16.568 130.274-44.832-46.132-.975-84.792-31.188-98.112-72.772 6.498.974 12.995 1.624 19.818 1.624 9.421 0 18.843-1.3 27.614-3.573-48.081-9.747-84.143-51.98-84.143-102.985v-1.299c13.969 7.797 30.214 12.67 47.431 13.319-28.264-18.843-46.781-51.005-46.781-87.391 0-19.492 5.197-37.36 14.294-52.954 51.655 63.675 129.3 105.258 216.365 109.807-1.624-7.797-2.599-15.918-2.599-24.04 0-57.828 46.782-104.934 104.934-104.934 30.213 0 57.502 12.67 76.67 33.137 23.715-4.548 46.456-13.32 66.599-25.34-7.798 24.366-24.366 44.833-46.132 57.827 21.117-2.273 41.584-8.122 60.426-16.243-14.292 20.791-32.161 39.308-52.628 54.253z"/></svg> </a> <a href="https://flickr.com/osr" target="_blank" rel="noopener" title="flickr.com" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48zM144.5 319c-35.1 0-63.5-28.4-63.5-63.5s28.4-63.5 63.5-63.5 63.5 28.4 63.5 63.5-28.4 63.5-63.5 63.5zm159 0c-35.1 0-63.5-28.4-63.5-63.5s28.4-63.5 63.5-63.5 63.5 28.4 63.5 63.5-28.4 63.5-63.5 63.5z"/></svg> </a> <a href="https://github.com/osresearch" target="_blank" rel="noopener" title="github.com" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg> </a> <a href="https://social.v.st/@th" target="_blank" rel="noopener" title="social.v.st" class="md-social__link"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><path d="M433 179.11c0-97.2-63.71-125.7-63.71-125.7-62.52-28.7-228.56-28.4-290.48 0 0 0-63.72 28.5-63.72 125.7 0 115.7-6.6 259.4 105.63 289.1 40.51 10.7 75.32 13 103.33 11.4 50.81-2.8 79.32-18.1 79.32-18.1l-1.7-36.9s-36.31 11.4-77.12 10.1c-40.41-1.4-83-4.4-89.63-54a102.54 102.54 0 0 1-.9-13.9c85.63 20.9 158.65 9.1 178.75 6.7 56.12-6.7 105-41.3 111.23-72.9 9.8-49.8 9-121.5 9-121.5zm-75.12 125.2h-46.63v-114.2c0-49.7-64-51.6-64 6.9v62.5h-46.33V197c0-58.5-64-56.6-64-6.9v114.2H90.19c0-122.1-5.2-147.9 18.41-175 25.9-28.9 79.82-30.8 103.83 6.1l11.6 19.5 11.6-19.5c24.11-37.1 78.12-34.8 103.83-6.1 23.71 27.3 18.4 53 18.4 175z"/></svg> </a> </div> </div> </div> </footer> </div> <div class="md-dialog" data-md-component="dialog"> <div class="md-dialog__inner md-typeset"></div> </div> <script id="__config" type="application/json">{"base": "..", "features": [], "search": "../assets/javascripts/workers/search.e5c33ebb.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script> <script src="../assets/javascripts/bundle.51d95adb.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-MML-AM_CHTML"></script> </body> </html>

CINXE.COM

Mac - Trammell Hudson's Projects