Tuesday, June 21, 2016

Apple bricked my MacBook and there's nothing I can do about it

About two months ago my wife tried to use the MacBook Air that we keep in our kitchen and found that it was displaying a screen that neither of us had ever seen before.  It was showing a message that said:
"Locking down temporarily pending investigation.  Please contact the iCloud account the Mac is linked to."
And it was asking for a PIN code.

Many calls to Apple Technical Support and one visit to the Apple Store later it turned out that this Mac had been placed under an iCloud lock.  This is a feature that is normally used by the owner of a Mac to lock it down when it is stolen.  Except that I was the owner of this Mac.   I had bought it from a private party three or four years earlier, I cannot recall exactly.  (But see the postscript below.)

Now, Apple has the ability to remove an iCloud lock, but they refused to do it in my case because I could not prove that I owned the machine.  They wanted to see an "original receipt", which of course I don't have.  I suppose it is possible that the machine I bought was stolen, except that I have to wonder why the rightful owner waited years before locking it.  If the machine is stolen, I would like to see it returned to its rightful owner.  But the cryptic message on the lock screen gives me no way to contact the person who had initiated the lock.  Apple knows who that person is, but they won't tell me, which is understandable.  But they also won't contact this person on my behalf, which is less understandable.

I wrote a letter to Tim Cook to no avail.  He almost certainly never saw it.  I got a call from a lackey who politely but firmly told me that Apple was not going to change their policy.  They will not unlock the machine without a receipt, and they will not contact the person who placed the lock.

So I am hosed.  I have a locked machine, no way to unlock it, and no way to contact whoever placed the lock.  I can't even safely dispose of this machine because there's personal data on the internal drive that I now cannot erase.

FWIW, the machine is a 2010 11-inch MacBook Air, serial number C02DM1GNDDR0.  If you are the person who locked this machine, please get in touch.

Postscript: When I found out that my machine was under an iCloud lock and Apple wanted proof that I was the owner before they would remove it, I went back through my records and found the correspondence I had with the person I remembered buying it from.  I also went through our basement and found the box that it had come in.  I figured if the machine was stolen, the thief would probably not have taken the box, so the fact that I had it would be pretty convincing evidence that it wasn't stolen.

Unfortunately, when I checked the serial number on the box against the locked machine, it turned out that they didn't match (even though the model was an exact match).  What I think happened is that I had bought a second, identical machine at some point and then re-sold it (I have a vague recollection and some sketchy records of this second transaction).  When I sold it I must have used the wrong box.  The serial number on the box is C02DPD69DDQX.  If you own this machine, please contact me.  I have your box, and you may have mine.

Lessons learned:  If you buy a used Mac from a private party, always take it to an Apple store to make sure that it is not bound to an iCloud account.  If you don't do this, you don't really own the machine.  It turns out that the iCloud lock is implemented in the UEFI secure boot ROM.  Wiping the hard drive and doing a clean install of the OS is not enough to disable it.  Make sure you get and keep the sellers contact information.  Check their ID.  And, of course, keep track of the box.  (And check the serial numbers!)

11 comments:

Unknown said...

Lol mate, just wipe the hard drive and start fresh without the previous owner's iCloud on it.

Ron said...

That won't work. As I said in the post, the iCloud lock is in the UEFI boot ROM, not on the hard drive. I did a clean OS install on the machine after I bought it. Even replacing the hard drive won't unbrick the machine.

Unknown said...

Hmm my MacBook was stolen back in February and I issued a lock, but never got the email from Apple that it got locked. Is it the case that it never went online or that they formatted it before I issued the lock (took me a couple of days to realize it was missing)?

Ron said...

> they formatted it before I issued the lock

That wouldn't matter. I did a clean OS install when I bought the machine, and it got locked three years later.

The crucial thing is that you include contact information on the lock message otherwise whoever has the machine can't return it even if they want to (that's the situation I'm in).

Publius said...

Isn't this unacceptable? As you say, it's as if you never owned it at all. Wouldn't the laws of California determine ownership and not Apple Computer Co.?

You could try guessing the most common pins:
http://www.datagenetics.com/blog/september32012/

JZ said...

Did you try and bypass the refi boot record? try rebooting and holding down CMD+R This should take you to a utilities screen. From there you can even change the the boot order so it boots off of sat usb drive in another os. allowing access to the hard drive if all else fails.

Ron said...

That doesn't work. The lock is in the UEFI secure boot flash. Once the lock is in place, you can't boot off external media any more.

Luke said...

This is terrible. Have you seen How To Hack Apple EFI? Not that you really want to go down that route, but if you do I'm glad to help.

Ron said...

Hm, that looks like a bigger commitment than I have time for right now. Maybe after I retire :-) But thanks for the link. This gives me an alternative to just chucking the machine into a landfill.

Luke said...

Given that Slashdot is open to showing the underbelly of Apple—e.g. Apple Patents a Way To Keep People From Filming At Concerts and Movie Theaters–perhaps it would be worth submitting your story? Make sure to emphasize that you've owned the Mac for three or four years. That Apple allows stolen property to be 'seized' that much later is absurd. The law has statutes of limitations for a purpose, and so should Silicon Valley. If they don't want to self-regulate, perhaps the government should step in.

Miles Wolbe said...

A Matt Card should work:

http://www.cmizapper.com/products/mattcard.html

"The Matt Card is the alternative to swapping the EFI ROM chip on your motherboard. It plugs into a tiny connector on the motherboard. As long as the Matt Card is plugged in (it has to stay plugged in...) the ROM on the Matt Card will be the one that is used. Using the Matt Card is simple. Turn off the Mac, plug in the card, turn on the Mac. Just make sure you order for exactly the right model of Mac! The wrong model will never work."

Here it is in action on a locked MacBook Air:

https://www.youtube.com/watch?v=NUxT-k46Lyg

And here is the maker responding to a question about bypassing the PIN:

https://www.youtube.com/watch?v=NUxT-k46Lyg&lc=UgiaVlV_vsKkIXgCoAEC

Gio Flores: "Will this also remove the 4 digit pin?"
CMIzapper: "Yes, that is what it is all about."