[SOLVED] Unlock EFI BIOS Password from Macbook

How to remove EFI Password from Macbook from 2010 to 2017?

This has to be done with extreme cautious because it can brick your Macbook if not done properly. Only do this if you have no other choice and are familiar with hardware. 

We are not responsible for any results you get. 

This method works for models from 2010 to 2017.

If you are sure you want to try and remove the password, let’s head on and I will show you exactly what to do. 

You do need some equipment for this:

A BIOS programmer: I use the CH341A for this because it’s cheap and it works fine

An Macbook EFI cable: U can use this to connect the BIOS to the programmer. 

Screwdrivers: To unscrew the bottom plate from the Macbook

A laptop: Where you connect the BIOS programmer to

If you don’t want to buy the Macbook EFI cable you can desolder the chip from the motherboard as shown here but that will make the process much more difficult. 

Here are the steps to remove the EFI password:
1. Verify that there is an EFI password. Duhhh 
2. Open up the bottom of the Macbook and disconnect the battery
3. Connect the BIOS programmer
4. Read the contents of the chip
5. Remove the password section from the content
6. Reprogramming the chip
7. Enjoy the Macbook without password

Are you still confident you can do it? Let’s get started. 

Remove the bottom plate from the Macbook and disconnect the battery

Unscrew the small screws on the bottom plate of the Macbook and pull on the side of the plate. 

Then when the plate is up on the front of the Macbook (where te lid opens), pull it out towards where the lid opens. 

Now disconnect the small cable that is on top of the battery connector. 

Then disconnect the battery itself by unscrewing the flat screw on top of the connector and flip the connector upwards. 

Make sure that the Macbook is not connected to the AC charger.

Connect the BIOS programmer

Now it’s time to connect the BIOS programmer to the Macbook. Here is an image of how it is connected. 
Although I connected it the wrong way, it’s not a big problem as we will find out later when we try to read the chip but without success. 

Connect the BIOS programmer to the laptop and make sure that all the software and drivers from the CH341A programmer are installed on the laptop. Use a quick Google search if you want to figure out how to do that.

Read the contents of the chip

Take your time here and DO NOT RUSH. If not done properly you can brick your Macbook and we don’t want to do that. 
With your cable connected to the Macbook and on the other side connected to the programmer. 
Then with the programmer inserted in the laptop open the CH341A software. 
Find out what BIOS chip the Macbook has or with the CH341A software, just press Detect

If it does not detect any chip then try and turn the cable around because it is probably not able to read the chip. 
I got a list of 2 different chips but you might get a different result. Don’t worry too much here because detecting a chip isn’t very lickely to hurt the Macbook. 

If you get an error like this don’t worry, it might be the software itself. I proceeded anyway. 

If everything went normal and you were able to select a chip (either manually or automatically) you can press the Read button so the contents on the chip gets read. 

After reading it gets verified. 

If everything went according plan you should get a message like Memory and buffer are the same or something in that manner. 

If you get an error DO NOT PROCEED but start over again. 

When the chip is read I like to scroll down and see if there is code, other then FF on the bottom of the file so I know that the content is fully read. 
Now save the file on the laptop and name it to something with LOCKED in it. THIS IS YOUR BACKUP FILE MIGHT ANYTHING GO WRONG so please be careful to have this file securely saved somewhere on your device. 

Remove the password section from the content

Now that we have read the content and securely saved it on our device it is time to remove the actual password. We do this by removing a section from the software that is on the chip. 
Download a HEX editor, I used HxD hex editor. 
Open the file you saved on the laptop with the editor and search (CTRL + F) for $SVS

You should find this somewhere in the HEX code but the exact location differs from the type of Macbook you have. 

If you did not find it there is a possibility that the content is not read right and you should try to read it again. It must be in there somewhere because this is the location of the password. 

When you found the section you see on top of the $SVS there are a lot FF. This means 0 and there is no data there. 
Now we are going to select the entire password section. I start by pressing the mouse button in the FF section and select it all the way until I see another FF section like so. 

Then with the entire section selected press Edit and then Fill
Type FF in the HEX value and press Enter.

The changed content should be all red now.

Okay good so the password is removed from the content but we are not there yet. This content must be on the chip from the Macbook where the password is still on. 

Save this file without a password and name it with something like UNLOCKED but DO NOT OVERRIDE THE ORIGINAL FILE because we still cant be 100% sure that this content is right. 

Reprogram the chip

Now that we have the password removed from the content and our backup file securely stored beside the original file it is time to reprogram the chip and put the content on it without the password. 
We do this by overriding the content on the chip. If you have the programmer still connected to the Macbook then we can start by erasing the chip. If not, connect it again and read the chip to verify that the connection is firm. 
I always get a little bit excited here and if you feel the same, its okay. 
Do you think everything went fine? Then press the Erase button in the software.

Wait a couple of seconds and after the erasure is finished press Read to see if there is nothing left on the chip. It should look like this.

Now open the file that we unlocked.

After the file is opened you see the contents of that file in the HEX display of the software but it is not yet programmed on the chip.

Press Write to program the contents on the chip. 

If everything went well, CONGRATUALATIONS! You removed the password from the chip. 

I hope you liked this post and that your password is removed from the Macbook. 
If so, I would appreciate it if you shared the content anywhere possible. 


Rob Michiels Posted by Rob Michiels