New style of AppleHDA.kext patching for Yosemite

In Januari I blogged about a New style of AppleHDA.kext patching (take III) for Mavericks, and today I changed AppleHDA8Series.sh for Yosemite – tested with 14A261i.

Download

AppleHDA8Series.sh v2.8 is now available for download and here is a one liner how-to:

curl -o AppleHDA8Series.sh https://raw.githubusercontent.com/Piker-Alpha/AppleHDA8Series.sh/master/AppleHDA8Series.sh

Bugs

Please report bugs here: https://github.com/Piker-Alpha/AppleHDA8Series.sh/issues
Not here. Thank you!

Edit

HDMI audio is not yet functional, but I am working on a new update that should, hopefully, eliminate manual patching altogether. At least for people who use my AppleHDA8Series.sh script. And you know what. It may even be better than what Clover offers today, because with Clover you still need to know the exact data pattern that you want to alter. Not something you should have to deal with, with every OS update, and that is why I like to introduce something new. Something so simple that it makes me wonder why nobody, including me, ever thought about it.

Advertisement

iMac14,4 Geekbench result / SMBIOS data

Here is the Geekbench score of the brand new entry-level iMac with the Intel Core i5-4260U processor running @ 1.40 GHz.

New model identifier

The new iMac has a new Mac model identifier (iMac14,4) so now we have these four:

iMac14,1
iMac14,2
iMac14,3 (Build-to-order)
iMac14,4

New board-id

The new iMac also uses one of the previously discovered board-id’s and thus now we have these:

Mac-031B6874CF7F642A (iMac14,1)
Mac-27ADBB7B4CEE8E61 (iMac14,2)
Mac-77EB7D7DAF985301 (Build-to-order iMac14,3)
Mac-81E3E92DD6088272 (iMac14,4)

RevoBoot SMBIOS data

Here is the new SMBIOS data for RevoBoot, but you can easily adapt it to Chameleon, Chimera or Clover.

#define SMB_BIOS_VERSION	"IM144.88Z.0179.B03.1405241029"
#define SMB_PRODUCT_NAME	"iMac14,4"
#define SMB_BOARD_PRODUCT	"Mac-81E3E92DD6088272"
#define EFI_MODEL_NAME		{ 'i', 'M', 'a', 'c', '1', '4', ',', '4' }

Serial numbers

And to make the data complete… here are some serial numbers for you 😉

G56K – iMac (21.5-inch, Mid 2014)
G56J – iMac (21.5-inch, Mid 2014)

The page is not there right now, but should soon be made (Edit: Done. Available right now).

OS X v10.10 Yosemite Update 1 (Build 14A261i)

Update 1 of the OS X Yosemite Beta was released to developers earlier today. The first update using the new name. This to me is only a logical move, to stop confusion among future OS X Beta Seed Program members – interested end-users without a (paid) Mac developer membership.

CatalogURL

You may have used this command

defaults read /Library/Preferences/com.apple.SoftwareUpdate CatalogURL

From a previous blog article about the CatalogURL, but this one errors out on Yosemite with:

The domain/default pair of (/Library/Preferences/com.apple.SoftwareUpdate, CatalogURL) does not exist.

Luckily we have this file: /private/var/db/SUPrefOverrides.plist

And that leads to the following URL:

https://swscan.apple.com/content/catalogs/others/index-10.10seed-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz

Add this in front of the URL and you are ready to receive Yosemite updates. Even without SUPrefOverrides.plist

sudo /usr/sbin/softwareupdate --set-catalog

Yosemite DP1 Includes new EFI images/sound files

Sam’s efires-xtract (Perl script) was already a handy tool, but it needed a few tweaks here and there. For example. Version 0.5 adds support for Yosemite. In fact. It should support all future version of OS X, this because it no longer use hard-coded filenames. Nope. Now it reads: /use/standalone/i386/EfiLoginUI/ and get the target file names automatically. No more tweaking. Ok. Let’s run ./efires-xtract and see what we get:

1) appleLogo.efires (4 images) NEW
– appleLogo_apple.png (84 x 103 pixels)
– appleLogo_apple@2x.png (168 x 206 pixels)
– appleLogo_apple_gray.png (90 x 95 pixels)
– appleLogo_apple_gray@2x.png (160 x 190 pixels)

2) battery.efires (430 images)

3) disk_passwordUI.efires (20 images)

4) flag_picker.efires (698 images)

5) guest_userUI.efires (20 images)

6) loginui.efires (116 images)

7) Lucida13.efires (892 images)

8) recovery_user.efires (2 images)

9) recoveryUI.efires (10 images)

10) sound.efires (6 images) NEW

– sound_SCREFIAudio.Beep
– sound_SCREFIAudio.Password
– sound_SCREFIAudio.Username
– sound_SCREFIAudio.UsernameOrPasswordIncorrect
– sound_SCREFIAudio.VoiceOverOff
– sound_SCREFIAudio.VoiceOverOn

11) unknown_userUI.efires (22 images)

Ok. So the Yosemite Developer Preview 1 includes two new files called: appleLogo.efires and sound.efires Wait what. Sound?

Let’s have a look at the header data. For this we use: xxd -l 144 sound_SCREFIAudio.caf

0000000: 6361 6666 0001 0000 6465 7363 0000 0000 caff....desc....
0000010: 0000 0020 40e5 8880 0000 0000 696d 6134 ... @.......ima4
0000020: 0000 0000 0000 0022 0000 0040 0000 0001 ......."...@....
0000030: 0000 0000 696e 666f 0000 0000 0000 003f ....info.......?
0000040: 0000 0002 6170 7072 6f78 696d 6174 6520 ....approximate
0000050: 6475 7261 7469 6f6e 2069 6e20 7365 636f duration in seco
0000060: 6e64 7300 302e 3034 3600 736f 7572 6365 nds.0.046.source
0000070: 2062 6974 2064 6570 7468 0049 3136 0070 bit depth.I16.p
0000080: 616b 7400 0000 0000 0000 1800 0000 0000 akt.............

Cool. So this is actually a file in Apple Core Audio Format. And adding a .caf file extension should change the icon and then we should be able to play it with the QuickTime Player. Yup. That worked. Perfect.

Note: run sudo chmod +x efires-xtract before running it.

Expect an update after my coffee break!

Edit

Crap. I used an old HDD for my Yosemite installation and it started to make funny noises. Like tick tick tick. Won’t boot up anymore. Had to re-install Yosemite and get stuff going again, which was why my coffee break went on forever.

I now also added the PNG image sizes, and here is a cool new find. Add “meter=0” under ‘Kernel Flags’ in /Library/Preferences/SystemConfiguration/com.Apple.Boot.plist and the good old throbber is back. This setting also removes IODeviceTree:/chosen/IOProgressColorTheme (Number) 01.

I also changed RevoBoot, in my local repository, and now it loads: /usr/standalone/appleLogo.efires to get the Apple logos – gray or white, and scaling (1x or 2x) also works. Just like Boot.efi does.

For your info. The new BlackMode loads the white Apple logo, instead of the gray Apple logo, on a black background.

Update

Here is a proof of concept, showing you how to load and show the new Apple logo images in Yosemite.

//==============================================================================

typedef struct
{
	uint16_t	revision;
	uint16_t	imageCount;
} __attribute__((packed)) EFIRES_HEADER;

typedef struct
{
	char		filename[64];
	uint32_t	offset;
	uint32_t	imageSize;
} __attribute__((packed)) EFIRES_IMAGE_HEADER;

//==============================================================================

void showBootLogo()
{
	setVideoMode(GRAPHICS_MODE);

	long backGroundColor = 0xbfbfbf;

	char targetLogoName[30] = "appleLogo_apple";

	// bootArgs->flags |= kBootArgsFlagBlack is set by boot.efi (EFI var 'BlackMode')
	if (bootArgs->flags & kBootArgsFlagBlack)
	{
		backGroundColor = 0x030000;
	}
	else
	{
		sprintf(targetLogoName, "%s%s", targetLogoName, "_gray");
	}

	// bootArgs->flags |= kBootArgsFlagHiDPI is set by boot.efi (EFI var 'UIScale')
	sprintf(targetLogoName, "%s%s.png", targetLogoName, (bootArgs->flags & kBootArgsFlagHiDPI) ? "@2x" : "");

	setBackgroundColor(backGroundColor);
	
	void *imageLoadBuffer = (void *)kLoadAddr;

	int EFIResourceFile = open("/usr/standalone/i386/EfiLoginUI/appleLogo.efires", 0);
	
	if (EFIResourceFile >= 0)
	{
		int filesize = file_size(EFIResourceFile);
		
		if (read(EFIResourceFile, (char *) kLoadAddr, filesize) == filesize)
		{
			EFIRES_HEADER * header = (EFIRES_HEADER *) imageLoadBuffer;
#if DEBUG
			printf("\nheader->revision..: %d\n", header->revision);
			printf("header->imageCount: %d\n", header->imageCount);
#endif
			int pos = sizeof(header);

			for (int index = 0; index < header->imageCount; index++)
			{
				EFIRES_IMAGE_HEADER * imageHeader = (EFIRES_IMAGE_HEADER *) (imageLoadBuffer + pos);
#if DEBUG
				printf("imageHeader->filename.: %s\n", imageHeader->filename);
				printf("imageHeader->offset...: %d\n", imageHeader->offset);
				printf("imageHeader->imageSize: %d\n", imageHeader->imageSize);
#endif
				if (strncmp((char *)imageHeader->filename, targetLogoName, strlen(targetLogoName)) == 0)
				{
					PNG_info_t *info = PNG_decode((imageLoadBuffer + imageHeader->offset), imageHeader->imageSize);
#if DEBUG
					printf("Apple logo image found!\n");
					printf("Image width...........: %d\n", info->width);
					printf("Image height..........: %d\n", info->height);
					sleep(3);
#endif
					uint8_t *bootImage = malloc((info->width * 4) * info->height);
					memcpy(bootImage, info->image->data, ((info->width * 4) * info->height));
	
					uint16_t x = (VIDEO(width) - MIN(info->width, VIDEO(width)) ) / 2;
					uint16_t y = (VIDEO(height) - MIN(info->height, VIDEO(height)) ) / 2;
	
					blendImage(x, y, info->width, info->height, bootImage);
					png_alloc_free_all();
					free(bootImage);
					close(EFIResourceFile);
					return;
				}
				else
				{
					pos += sizeof(EFIRES_IMAGE_HEADER);
				}
			}
		}

		close(EFIResourceFile);
	}
	else
	{
		setVideoMode(FB_TEXT_MODE);
		error("showBootLogo(Error)");
	}
}

It should be fairly easy to port the code to Chameleon/Chimera.

Edit Typo fixed in logo scaling (@2X -> @2x).

Edit 2 The same (efires) image files can be found on the Recovery HD partition in the directory: com.apple.boot.P/usr/standalone/i386/EfiLoginUI/

OS X Mavericks 10.9.4 (Build 13E16) Seeded

Apple seeded Build 13E16 of OS X 10.9.4 to developers. Made available through their Software Update mechanism in the Mac App Store, as well as through the Mac Dev Center. An almost forgotten update due to our focus on the first developer preview of OS X 10.10 (Yosemite). Sorry about that.

Anyway. I blogged about newly discovered power management resource files in the first developer preview of 10.9.4 like two weeks ago but things have changed a little since then.

Changes

Apple removed these two files:

Mac-42FD25EABCABB274.plist / iMac15,n (IGPU/GFX0/Apple display with id 0xAE03)
Mac-FA842E06C61E91C5.plist / iMac15,n (IGPU/GFX0/Apple Retina display with id 0xAE03)

But this one is still there.

Mac-81E3E92DD6088272.plist / iMac14,4 (IGPU only)

We’ve learned that the latest MacBook Air is using the same board-id as the previous model, it was after all only a minor spec-bumb, so guess what. The new iMacs may also be using the same board-id, because only a minor spec-bumb is to be expected. That is if the rumours are true. Which unfortunately also means that the new Retina iMac won’t make it before Q4. Sounds plausible to me.

The IGPU only power management resource file could either be used for a new iMac, or for a new Mac mini. Whatever happens, happens, but my guess is that Apple will drop the price for non-retina iMacs and add a new Retina iMac for few hundred dollar more. Add a new Mac mini and a lot of people will be happy. Very happy indeed.

Changes

Config2 with the EDID data has also been removed from:
AppleGraphicsControl.kext/C*/P*/AppleGraphicsDevicePolicy.kext/C*/

New

/usr/libexec/gkbisd
/System/Library/LaunchDaemons/com.apple.gkbisd.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>com.apple.gkbisd</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/libexec/gkbisd</string>
	</array>
	<key>Umask</key>
	<integer>54</integer>
	<key>ProcessType</key>
	<string>Background</string>
	<key>LowPriorityIO</key>
	<true/>
	<key>MachServices</key>
	<dict>
		<key>com.apple.gkbisd</key>
		<true/>
	</dict>
	<key>LaunchEvents</key>
	<dict>
		<key>com.apple.xpc.activity</key>
		<dict>
			<key>com.apple.gkbisd.worker</key>
			<dict>
				<key>Delay</key>
				<integer>86400</integer>
				<key>GracePeriod</key>
				<integer>3600</integer>
				<key>Priority</key>
				<string>Maintenance</string>
				<key>Repeating</key>
				<true/>
			</dict>
		</dict>
	</dict>
</dict>
</plist>

Ok. These are the SQlite3 statements I found in this daemon:

BEGIN EXCLUSIVE
SELECT id, path FROM object WHERE collected = 0 ORDER BY id ASC LIMIT 1
DELETE FROM object WHERE id = ?
COMMIT
ROLLBACK
SELECT 1 FROM object WHERE path = ? AND collected = 0
SELECT 1 FROM object WHERE current_cdhash = ?
INSERT INTO object (path, collected, identifier, signature_version, current_cdhash, opaque_cdhash) VALUES (?, ?, ?, ?, ?, ?)
CREATE TABLE IF NOT EXISTS object (id INTEGER PRIMARY KEY AUTOINCREMENT, path TEXT NOT NULL, collected INTEGER, identifier TEXT, signature_version INTEGER, current_cdhash TEXT UNIQUE ON CONFLICT REPLACE, opaque_cdhash TEXT)

Data stored in: /private/var/db/gkbis.db

Yosemite DP1 Removes SystemStarter

This was to be expected, but Yosemite DP1 no longer includes:

/System/Library/LaunchDaemons/com.apple.SystemStarter.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>KeepAlive</key>
	<dict>
		<key>PathState</key>
		<dict>
			<key>/etc/rc.local</key>
			<true/>
			<key>/etc/rc.shutdown.local</key>
			<true/>
		</dict>
	</dict>
	<key>Label</key>
	<string>com.apple.SystemStarter</string>
	<key>Program</key>
	<string>/sbin/SystemStarter</string>
	<key>QueueDirectories</key>
	<array>
		<string>/Library/StartupItems</string>
		<string>/System/Library/StartupItems</string>
	</array>
</dict>
</plist>

The executable /sbin/SystemStarter is also removed, of course, and thus now you have to write LaunchAgents (per-user session) or LaunchDaemons (system-wide) scripts/applications because /etc/rc.local and /etc/rc.shutdown.local are no longer executed. I like this cleanup. Fully in line with Apple’s plan to depreciate StartupItems:

Deprecation Note: Startup items are a deprecated technology. Launching of daemons through this process may be removed or eliminated in a future release of OS X.

Maybe this is just a start and can we expect more cleanups, but for now… let’s just wait and see what the next developer preview brings. At least now you know why your rc.local and/or rc.shutdown.local scripts aren’t working anymore. Time to write that plist.

Tip
See man launchd and man launchctl for tips like where to put your plist.

~/Library/LaunchAgents Per-user agents provided by the user.
/Library/LaunchAgents Per-user agents provided by the administrator.
/Library/LaunchDaemons System wide daemons provided by the administrator.
/System/Library/LaunchAgents Mac OS X Per-user agents.
/System/Library/LaunchDaemons Mac OS X System wide daemons.

Yosemite DP1 adds AppleMobileFileIntegrity.kext to OS X

Crap. This might be bad news. AppleMobileFileIntegrity.kext aka AMFI a sworn enemy of Jailbreakers on this planet… is now also part of OS X 10.10 Yosemite. I have no idea what Apple is up to, but it might mean trouble is ahead of us. More trouble that is.

Edit: I also found /System/Library/LaunchDaemons/com.apple.MobileFileIntegrity.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>com.apple.MobileFileIntegrity</string>
        <key>MachServices</key>
        <dict>
                <key>com.apple.MobileFileIntegrity</key>
                <dict>
                    <key>HostSpecialPort</key>
                    <integer>18</integer>
                </dict>
        </dict>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/libexec/amfid</string>
        </array>
        <key>POSIXSpawnType</key>
        <string>Interactive</string>
</dict>
</plist>

The daemon is there already: /usr/libexec/amfid but it may require some sort of argument, which may be added in a future developer preview/release.

Update

I checked: /var/log/system.log in Yosemite Update 1 and found an interesting piece of text:

calling mpo_policy_init for AMFI
Security policy loaded: Apple Mobile File Integrity (AMFI)

Seems like the new security scrutiny went life in DP2. Time to debug this…

Ok. Code signing debug data can be enabled by setting a boot argument called cs_debug=[value] where value can be 0x1 up to 0xb.

With 0x1 I got two lines. One for each instance (file/process):

AMFI: <key><com.apple.security.get-task-allow> not found
AMFI: <key><com.apple.rootless.installer> not found

With 0xb you get a lot more data. Here are a few examples:

AMFI: in mmap but not enforcing library validation
[deny-mmap] mapped file has no team identifier and is not a platform binary
[deny-mmap] mapped process has no team identifier and is not a platform binary
AMFI: failed to get file path
[deny-mmap] mapped process is a platform binary, but mapped file is not
[deny-mmap] mapped file does not have a matching team identifier
[deny-mmap] mapped process has team identifier %s
[deny-mmap] mapped file has team identifier %s

Another interesting boot argument is amfi=[value] where value can be used to disable certain parts, like 0x2, 0x4 and 0x80 – or a combination of the values.

kern_return_t _initializeAppleMobileFileIntegrity(): signature enforcement disabled by boot-arg
kern_return_t _initializeAppleMobileFileIntegrity(): signature enforcement disabled by boot-arg
kern_return_t _initializeAppleMobileFileIntegrity(): library validation will not mark external binaries as platform

I may be wrong, but it looks like there are two more new boot arguments: amfi_allow_any_signature and amfi_get_out_of_my_way
Let me verify this after a cup of coffee…

Yes. Setting amfi_get_out_of_my_way=0x1 also gives me the:

kern_return_t _initializeAppleMobileFileIntegrity(): signature enforcement disabled by boot-arg

Adding cs_enforcement_disable=0x1 to the boot arguments gave me one more line:

kern_return_t _initializeAppleMobileFileIntegrity(): cs_enforcement disabled by boot-arg

And there are two more boot arguments that you may want to give a go: cs__enforcement_panic and panic_on_cs_killed

Now I really want my Latte Macchiato 😉

Apple Serial Numbers Ending With G000-GZZZ

Last year I blogged about Apple Serial Numbers Ending With F000-FZZZ but Apple also uses serial numbers ending with G000-GZZZ. Data I check frequently to find new hardware, and while I found a number of 2014 models… there is nothing new. Not yet. Anyway. It was time for a new list so here you have it:

G05T - MacBook Pro (13-inch, Mid 2012)
G083 - MacBook Air (11-inch, Early 2014)
G086 - MacBook Air (13-inch, Early 2014)
G07J -
G07N -
G07K -
G07M -
G085 - MacBook Air (13-inch, Early 2014)
G07L -
G07R - iPhone 5c (8GB)
G07P - iPhone 5c (8GB)
G07T - iPhone 5c (8GB)
G07V - iPhone 5c (8GB)
G07Q - iPhone 5c (8GB)
G084 - MacBook Air (11-inch, Early 2014)
G1HV - Mac mini (Late 2014)
G1HW - Mac mini (Late 2014)
G1J1 - Mac mini (Late 2014)
G1HY - Mac mini (Late 2014)
G1J2 - Mac mini (Late 2014)
G1J0 - Mac mini (Late 2014)
G1LQ - Mac Pro (Late 2013)
G1LM - Mac Pro (Late 2013)
G1LJ - Mac Pro (Late 2013)
G1LT - Mac Pro (Late 2013)
G1LK - Mac Pro (Late 2013)
G1LV - Mac Pro (Late 2013)
G1M0 - Mac Pro (Late 2013)
G1LP - Mac Pro (Late 2013)
G1LR - Mac Pro (Late 2013)
G1LL - Mac Pro (Late 2013)
G1LN - Mac Pro (Late 2013)
G1M1 - Mac Pro (Late 2013)
G1LY - Mac Pro (Late 2013)
G1LW - Mac Pro (Late 2013)
G22T - iPod touch (5th generation)
G22Y - iPod touch (5th generation)
G22V - iPod touch (5th generation)
G22Q - iPod touch (5th generation)
G22W - iPod touch (5th generation)
G22R - iPod touch (5th generation)
G2CD - MacBook Air (13-inch, Early 2014)
G2CF - MacBook Air (11-inch, Early 2014)
G2CC - MacBook Air (13-inch, Early 2014)
G2DK -
G2D6 -
G2D8 -
G2D5 -
G2DL -
G2DM -
G2D7 -
G2D9 -
G2DJ -
G2DN -
G2GL - MacBook Air (13-inch, Early 2014)
G2GK - MacBook Air (13-inch, Early 2014)
G2GN - MacBook Air (13-inch, Early 2014)
G2GM - MacBook Air (13-inch, Early 2014)
G2GH - MacBook Air (11-inch, Early 2014)
G2GJ - MacBook Air (11-inch, Early 2014)
G2PY - MacBook Air (11-inch, Early 2014)
G2Q0 - MacBook Air (11-inch, Early 2014)
G356 - MacBook Air (13-inch, Early 2014)
G354 - MacBook Pro (13-inch, Mid 2012)
G3FY - MacBook Pro (13-inch, Mid 2012)
G3QJ - MacBook Pro (Retina, 13-inch, Mid 2014)
G3QC - MacBook Pro (Retina, 15-inch, Mid 2014)
G3QH - MacBook Pro (Retina, 13-inch, Mid 2014)
G3QN - MacBook Pro (Retina, 15-inch, Mid 2014)
G3QG - MacBook Pro (Retina, 15-inch, Mid 2014)
G3QK - MacBook Pro (Retina, 13-inch, Mid 2014)
G3QL - MacBook Pro (Retina, 13-inch, Mid 2014)
G3QD - MacBook Pro (Retina, 15-inch, Mid 2014)
G3QR - MacBook Pro (Retina, 13-inch, Mid 2014)
G3QT - MacBook Pro (Retina, 13-inch, Mid 2014)
G3QP - MacBook Pro (Retina, 15-inch, Mid 2014)
G3QQ - MacBook Pro (Retina, 13-inch, Mid 2014)
G430 - Mac mini (Late 2012)
G4FY - MacBook Air (11-inch, Early 2014)
G4H2 - MacBook Air (13-inch, Early 2014)
G4HK - MacBook Air (11-inch, Early 2014)
G4H4 - MacBook Air (11-inch, Early 2014)
G4HM - MacBook Air (11-inch, Early 2014)
G4H0 - MacBook Air (11-inch, Early 2014)
G4H1 - MacBook Air (13-inch, Early 2014)
G4H3 - MacBook Air (13-inch, Early 2014)
G4HN - MacBook Air (13-inch, Early 2014)
G4HP - MacBook Air (13-inch, Early 2014)
G4JQ - MacBook Pro (Retina, 15-inch, Late 2013)
G4N7 - MacBook Pro (Retina, 13-inch, Late 2013)
G4N6 - MacBook Pro (Retina, 13-inch, Late 2013)
G56K - iMac (21.5-inch, Mid 2014)
G56J - iMac (21.5-inch, Mid 2014)
G58J - MacBook Air (11-inch, Early 2014)
G584 - MacBook Pro (13-inch, Mid 2012)
G58K - MacBook Air (13-inch, Early 2014)
G5HL - MacBook Pro (Retina, 15-inch, Late 2013)
G5MP - iPhone 6
G5MK - iPhone 6
G5MH - iPhone 6
G5MJ - iPhone 6
G5MG - iPhone 6
G5ML - iPhone 6
G5MM - iPhone 6
G5MN - iPhone 6
G5MD - iPhone 6
G5MC - iPhone 6
G5MF - iPhone 6
G5MQ - iPhone 6
G5MR - iPhone 6
G5MT - iPhone 6
G5MY - iPhone 6
G5MW - iPhone 6
G5N0 - iPhone 6
G5MV - iPhone 6
G5QP - iPhone 6 Plus
G5QR - iPhone 6 Plus
G5QH - iPhone 6 Plus
G5QG - iPhone 6 Plus
G5QT - iPhone 6 Plus
G5QY - iPhone 6 Plus
G5QK - iPhone 6 Plus
G5QV - iPhone 6 Plus
G5QM - iPhone 6 Plus
G5QL - iPhone 6 Plus
G5QJ - iPhone 6 Plus
G5QN - iPhone 6 Plus
G5QQ - iPhone 6 Plus
G5QW - iPhone 6 Plus
G5QF - iPhone 6 Plus
G5RN - MacBook Air (13-inch, Early 2014)
G5RP - MacBook Air (13-inch, Early 2014)
G5RL - MacBook Air (11-inch, Early 2014)
G5R0 - iPhone 6 Plus
G5R2 - iPhone 6 Plus
G5R1 - iPhone 6 Plus
G5RM - MacBook Air (11-inch, Early 2014)
G5RK - MacBook Air (11-inch, Early 2014)
G5RQ - MacBook Air (13-inch, Early 2014)
G5V3 - iPad mini 3
G5V1 - iPad mini 3
G5TM - iPad mini 3 Wi-Fi + Cellular (China)
G5TN - iPad mini 3 Wi-Fi + Cellular (China)
G5TH - iPad mini 3 Wi-Fi + Cellular (China)
G5TG - iPad mini 3 Wi-Fi + Cellular (China)
G5TL - iPad mini 3 Wi-Fi + Cellular (China)
G5V7 - iPad mini 3
G5TP - iPad mini 3 Wi-Fi + Cellular (China)
G5TJ - iPad mini 3 Wi-Fi + Cellular (China)
G5TK - iPad mini 3 Wi-Fi + Cellular (China)
G5TQ - iPad mini 3 Wi-Fi + Cellular (China)
G5V5 - iPad mini 3
G5V6 - iPad mini 3
G5V2 - iPad mini 3
G5V4 - iPad mini 3
G5V9 - iPad mini 3
G5V8 - iPad mini 3
G5W0 - iPad Air 2
G5W2 - iPad Air 2
G5VW - iPad Air 2
G5W1 - iPad Air 2
G5VT - iPad Air 2
G5W8 - iPad mini 3 Wi-Fi + Cellular
G5VV - iPad Air 2
G5W3 - iPad Air 2
G5W5 - iMac (21.5-inch, Mid 2014)
G5VY - iPad Air 2
G5W6 - iMac (21.5-inch, Mid 2014)
G5W4 - iMac (21.5-inch, Mid 2014)
G5VJ - iPad Air 2
G5WQ - iPad Air 2 Wi-Fi + Cellular
G5WR - iPad Air 2 Wi-Fi + Cellular
G5WT - iPad Air 2 Wi-Fi + Cellular
G5Y1 - iPad mini 3 Wi-Fi + Cellular
G5Y2 - iPad mini 3 Wi-Fi + Cellular
G5Y3 - iPad mini 3 Wi-Fi + Cellular
G5Y5 - iPad mini 3 Wi-Fi + Cellular
G5YQ - iPad Air 2 Wi-Fi + Cellular
G5YL - iPad Air 2 Wi-Fi + Cellular
G5YM - iPad Air 2 Wi-Fi + Cellular
G5YR - iPad Air 2 Wi-Fi + Cellular
G5Y4 - iPad mini 3 Wi-Fi + Cellular
G5YJ - iPad mini 3 Wi-Fi + Cellular
G5YN - iPad Air 2 Wi-Fi + Cellular
G5YK - iPad mini 3 Wi-Fi + Cellular
G5YP - iPad Air 2 Wi-Fi + Cellular
G5YH - iPad mini 3 Wi-Fi + Cellular
G6D4 - MacBook Air (13-inch, Early 2014)
G6D5 - MacBook Air (13-inch, Early 2014)
G6D3 - MacBook Air (11-inch, Early 2014)
G6DP - iMac (27-inch, Late 2013)
G6PM - MacBook Air (13-inch, Mid 2013)
G71D - Tour (1st generation)
G711 - Powerbeats (1st generation)
G714 - Wireless (1.5)
G71M - Mixr
G718 - Studio (1st generation)
G712 - Beatbox
G71J - Studio (1st generation)
G71H - Studio (1st generation)
G71N - Mixr
G70Y - Powerbeats (1st generation)
G710 - Powerbeats (1st generation)
G71L - Studio (1st generation)
G716 - Solo HD
G71P - Pro
G71F - Tour (1st generation)
G71K - Mixr
G71G - Studio (1st generation)
G71C - Solo HD
G713 - Wireless (1.5)
G717 - Solo HD
G719 - Studio (1st generation)
G715 - Solo HD
G71Q - Pro
G71R - Pro
G71V - Heartbeats (2nd generation)
G72R - Studio (1st generation)
G723 - Beatbox Portable (3rd generation)
G733 - Studio (1st generation)
G725 - Pill 1.0
G727 - Pill 1.0
G72L - Solo HD
G720 - Studio (1st generation)
G72D - Studio (2nd generation)
G732 - Studio (2nd generation)
G72K - Solo HD
G730 - Solo HD
G72F - urBeats (2nd generation)
G72V - Studio (1st generation)
G72Y - Studio (1st generation)
G72H - Solo HD
G71T - Heartbeats (2nd generation)
G72W - Studio (1st generation)
G728 -
G72J - Studio (2nd generation)
G72N - Beatbox Portable (2nd generation)
G72Q - Studio (1st generation)
G72C -
G722 - Beatbox Portable (1st generation)
G72T - Studio (1st generation)
G721 - Beatbox Portable (1st generation)
G72P - Beatbox Portable (2nd generation)
G726 - Pill 1.0
G72M - urBeats (2nd generation)
G731 - urBeats (2nd generation)
G734 - Pill 1.0
G724 - urBeats (2nd generation)
G71W - Tour (2nd generation)
G729 - Pro
G71Y - Executive
G72G - Solo HD
G737 - Pill 2.0
G73Q - Studio (1st generation)
G736 - Pill 1.0
G73H - Mixr
G73P - urBeats (2nd generation)
G739 - Pill 2.0
G73N - Tour (2nd generation)
G735 - Tour (2nd generation)
G746 - Executive
G73C - Pill XL
G748 - Solo 2
G73R - Studio Wireless
G744 - Powerbeats (1st generation)
G738 - Pill 2.0
G73M - Wireless (1.5)
G743 - Powerbeats (1st generation)
G73J - Mixr
G74J - Pro
G73D - Pill XL
G73F - Pill XL
G74H - Pill 1.0
G74F - Pill 1.0
G747 - Solo 2
G74G - Pill 1.0
G74C - Pill 1.0
G745 - Powerbeats (1st generation)
G74D - Pill 1.0
G73K - Mixr
G73L - Mixr
G749 - Solo 2
G73T - Studio Wireless
G73G - Mixr
G73V - Studio Wireless
G74K - Powerbeats (1st generation)
G74L - Solo HD
G74N - Studio (2nd generation)
G756 - urBeats (2nd generation)
G74T - Solo HD
G755 - Studio (2nd generation)
G74Q - Studio (1st generation)
G758 - urBeats (2nd generation)
G759 - urBeats (2nd generation)
G74Y - Solo HD
G750 - Solo HD
G75F - Wireless (1.5)
G753 - Pill 2.0
G754 - Pill 1.0
G75H - Pill 2.0
G74V - Solo HD
G74W - Solo HD
G75G - Wireless (1.5)
G74M - Solo 2
G75T - Studio Wireless
G757 - urBeats (2nd generation)
G74R - Solo HD
G75K - Pro
G75M - Solo HD
G75C - urBeats (2nd generation)
G75V -
G75Y - Studio (2nd generation)
G75L - Studio (2nd generation)
G752 - Pill 2.0
G75D - Mixr
G751 - Solo HD
G75J - Solo HD
G762 - Studio (2nd generation)
G76L - Studio (2nd generation)
G76J - Solo HD
G764 - Studio Wireless
G761 - Mixr
G777 - Solo 2
G77C - Studio (2nd generation)
G76G - Wireless (1.5)
G766 - Solo HD
G76T - Mixr
G760 - Studio (2nd generation)
G76H - urBeats (2nd generation)
G76C - urBeats (2nd generation)
G76F - urBeats (2nd generation)
G76R - Pill 2.0
G776 - Powerbeats2 Wireless
G768 - Mixr
G76N - Studio (2nd generation)
G76V - Solo HD
G76M - Studio (2nd generation)
G76Q - Pill 2.0
G76P - Pill 2.0
G774 - Powerbeats2 Wireless
G770 - urBeats (2nd generation)
G765 - Studio Wireless
G76K - Solo HD
G778 - Solo 2
G76D - urBeats (2nd generation)
G775 - Powerbeats2 Wireless
G77D - Studio (2nd generation)
G763 - Tour (2nd generation)
G779 - Powerbeats2 Wireless
G77F - Studio (2nd generation)
G77G - Studio (2nd generation)
G77H - Studio (2nd generation)
G77Y - Mixr
G77M - Powerbeats2 Wireless
G78Q -
G77T - Studio (2nd generation)
G77W - Studio (2nd generation)
G783 - Mixr
G786 - Pill XL
G780 - Mixr
G787 - Pill XL
G781 - Mixr
G77N - Pill 2.0
G784 - Mixr
G782 - Mixr
G79M - Studio Wireless
G78W - Pill 2.0
G79N - Studio Wireless
G79P - Pill 2.0
G79C - Pill 2.0
G7CR - Studio (1st generation)
G7CP - Studio (1st generation)
G7CT - Studio (1st generation)
G7CY - Studio (1st generation)
G7D1 - Studio (1st generation)
G7CN - Studio (1st generation)
G7D0 - Studio (1st generation)
G7CV - Studio (1st generation)
G7CQ - Studio (1st generation)
G7D2 - Studio (1st generation)
G7DD - Studio (1st generation)
G7DL - Studio (1st generation)
G7DW - Solo HD
G7DN - Studio (1st generation)
G7DK - Studio (1st generation)
G7DH - Studio (1st generation)
G7D3 - Solo HD
G7DR - Pill 1.0
G7D8 - Studio (1st generation)
G7D6 - Studio (1st generation)
G7D5 - Studio (1st generation)
G7D9 - Studio (1st generation)
G7D4 - Studio (1st generation)
G7DY - Studio (1st generation)
G7DJ - Studio (1st generation)
G7DF - Studio (1st generation)
G7DT - Powerbeats (1st generation)
G7D7 - Studio (1st generation)
G7DV - Studio (1st generation)
G7DQ - Pill 1.0
G7DM - Studio (1st generation)
G7DG - Studio (1st generation)
G7DP - Studio (1st generation)
G7DC - Studio (1st generation)
G7FM - Studio (1st generation)
G7FG - Studio (1st generation)
G7F4 - Pill 1.0
G7FQ - Studio (1st generation)
G7FD - Studio (1st generation)
G7F8 - Pill 1.0
G7F2 - Pill 1.0
G7FP - Studio (1st generation)
G7FT - Studio (1st generation)
G7FJ - Studio (1st generation)
G7F6 - Executive
G7FH - Studio (1st generation)
G7F3 - Pill 1.0
G7FF - Pill 1.0
G7FR - Studio (1st generation)
G7F0 - Executive
G7FK - Studio (1st generation)
G7F7 - Studio (1st generation)
G7FL - Studio (1st generation)
G7F1 - Pill 1.0
G7F5 - Pill 1.0
G7FN - Studio (1st generation)
G7F9 - Studio (1st generation)
G7FC - Studio (1st generation)
G7K3 - Studio (2nd generation)
G7K6 - Pill 2.0
G7K7 - Pro
G7L7 - Heartbeats (1st generation)
G7KV - Solo HD
G7L3 - iBeats
G7L0 - Studio (1st generation)
G7L8 - Heartbeats (1st generation)
G7L2 - iBeats
G7KD - Diddybeats
G7KT - Solo HD
G7KC - Diddybeats
G7LJ - Beatbox
G7KR - Solo (1st generation)
G7KF - Diddybeats
G7LD - Solo (1st generation)
G7L1 - iBeats
G7K8 - Diddybeats
G7LH - Beatbox Portable (1st generation)
G7KQ - Solo (1st generation)
G7K9 - Diddybeats
G7L4 - iBeats
G7L5 - Heartbeats (1st generation)
G7LG - Beatbox Portable (1st generation)
G7LL - Heartbeats (2nd generation)
G7M5 - Studio (1st generation)
G7LN - Mixr
G7LM - Heartbeats (2nd generation)
G7M3 - Solo HD
G7M6 - Studio (1st generation)
G7M9 - Studio (1st generation)
G7MM - Tour (1st generation)
G7MP - Wireless (1.5)
G7LV - Pro
G7M8 - Studio (1st generation)
G7MJ - Studio (1st generation)
G7LW - Pro
G7MN - Wireless (1.5)
G7LT - Powerbeats (1st generation)
G7LY - Solo HD
G7MG - Studio (1st generation)
G7LQ - Powerbeats (1st generation)
G7M7 - Studio (1st generation)
G7MQ - iBeats
G7LP - Mixr
G7M1 - Solo HD
G7ML - Tour (1st generation)
G7MH - Studio (1st generation)
G7LR - Powerbeats (1st generation)
G7MD - Studio (1st generation)
G7RF - MacBook Pro (Retina, 13-inch, Mid 2014)
G7RD - MacBook Pro (Retina, 13-inch, Mid 2014)
G7YR - MacBook Pro (Retina, 13-inch, Mid 2014)
G7YQ - MacBook Pro (Retina, 13-inch, Mid 2014)
G829 - MacBook Air (13-inch, Early 2014)
G86R - MacBook Pro (Retina, 15-inch, Mid 2014)
G85Y - MacBook Pro (Retina, 15-inch, Mid 2014)
G86P - MacBook Pro (Retina, 15-inch, Mid 2014)
G86Q - MacBook Pro (Retina, 15-inch, Mid 2014)
G8F4 - MacBook Pro (Retina, 15-inch, Mid 2014)
G8GD - Mac Pro (Late 2013)
G8GC - Mac Pro (Late 2013)
G8J7 - MacBook Pro (Retina, 15-inch, Mid 2014)
G8J1 - MacBook Air (13-inch, Early 2014)
G8L1 - MacBook Pro (Retina, 15-inch, Mid 2014)
G8L2 - iMac (21.5-inch, Mid 2014)
G8L0 - MacBook Pro (Retina, 13-inch, Mid 2014)
G8Q3 - Solo 2
G8PQ - Pill 2.0
G8PP -
G8Q5 - Solo 2
G8Q1 - Solo 2
G8Q4 - Solo 2
G8Q2 - Solo 2
G8PN -
G8PR - Studio Wireless
G8PM -
G8PT -
G8WM - MacBook Pro (Retina, 15-inch, Mid 2015)
G8WN - MacBook Pro (Retina, 15-inch, Mid 2015)
G8WL - MacBook Pro (Retina, 15-inch, Mid 2015)
G8WP - MacBook Pro (Retina, 15-inch, Mid 2015)
G8WQ - MacBook Pro (Retina, 15-inch, Mid 2015)
G944 - MacBook Air (13-inch, Early 2015)
G941 - MacBook Air (13-inch, Early 2015)
G940 - MacBook Air (13-inch, Early 2015)
G942 - MacBook Air (13-inch, Early 2015)
G943 - MacBook Air (13-inch, Early 2015)
G970 - MacBook Pro (Retina, 13-inch, Mid 2014)
G96Q - MacBook Pro (Retina, 15-inch, Mid 2014)
G96Y - MacBook Pro (Retina, 13-inch, Mid 2014)
G96N - MacBook Pro (Retina, 15-inch, Mid 2014)
G96M - MacBook Pro (Retina, 15-inch, Mid 2014)
G96P - MacBook Pro (Retina, 15-inch, Mid 2014)
G973 - MacBook Pro (Retina, 15-inch, Mid 2014)
G96L - MacBook Pro (Retina, 15-inch, Mid 2014)
G971 - MacBook Pro (Retina, 13-inch, Mid 2014)
G96K - MacBook Pro (Retina, 15-inch, Mid 2014)
G96W - MacBook Pro (Retina, 13-inch, Mid 2014)
G96T - MacBook Pro (Retina, 13-inch, Mid 2014)
G972 - MacBook Pro (Retina, 13-inch, Mid 2014)
G96R - MacBook Pro (Retina, 13-inch, Mid 2014)
G96V - MacBook Pro (Retina, 13-inch, Mid 2014)
G974 - MacBook Pro (Retina, 15-inch, Mid 2014)
G99D - Apple Watch (38mm Aluminum)
G99F - Apple Watch (38mm Aluminum)
G9FR - MacBook Pro (Retina, 13-inch, Mid 2014)
G9FM - MacBook Pro (Retina, 13-inch, Mid 2014)
G9FL - MacBook Pro (Retina, 13-inch, Mid 2014)
G9FT - MacBook Pro (Retina, 15-inch, Mid 2014)
G9FQ - MacBook Pro (Retina, 13-inch, Mid 2014)
G9FN - MacBook Pro (Retina, 13-inch, Mid 2014)
G9FP - MacBook Pro (Retina, 13-inch, Mid 2014)
G9HN - Apple Watch (38mm Stainless Steel)
G9HM - Apple Watch (38mm Stainless Steel)
G9HQ - Apple Watch (38mm Gold)
G9HP - Apple Watch (38mm Gold)
G9JN - MacBook Pro (Retina, 15-inch, Mid 2014)
G9J5 - AppleWatch (42mm Aluminum)
G9J8 - Apple Watch (42mm Stainless Steel)
G9J6 - AppleWatch (42mm Aluminum)
G9JD - Apple Watch (42mm Gold)
G9JC - Apple Watch (42mm Stainless Steel)
G9JF - Apple Watch (42mm Gold)
G9L6 - MacBook Pro (Retina, 15-inch, Mid 2014)
G9LJ - Pill 2.0
G9L9 - MacBook Pro (Retina, 15-inch, Mid 2014)
G9LG - Solo 2
G9L8 - MacBook Pro (Retina, 15-inch, Mid 2014)
G9LH - Solo 2
G9L7 - MacBook Pro (Retina, 15-inch, Mid 2014)
GC22 - Wireless (1st generation)
GC8P - Solo HD
GC8K - Powerbeats (1st generation)
GC8L - Powerbeats (1st generation)
GC8J - Powerbeats (1st generation)
GC8M - urBeats (1st generation)
GC8N - urBeats (1st generation)
GC8Q - Solo HD
GC8R - Wireless (1st generation)
GCLR - Apple Watch (42mm Gold)
GCLT - Apple Watch (38mm Gold)
GCN3 - MacBook (Retina, 12-inch, Early 2015)
GCN4 - MacBook (Retina, 12-inch, Early 2015)
GCNM - Pro
GCNF - Pill 2.0
GCNW - Solo 2
GCN1 - MacBook (Retina, 12-inch, Early 2015)
GCN2 - MacBook (Retina, 12-inch, Early 2015)
GCN6 - Studio Wireless
GCNP - Pro
GCNT - Pro
GCNL - Pro
GCNK - Powerbeats2 Wireless
GCNN - Pro
GCNQ - Pro
GCNR - Pro
GCP0 - Studio Wireless
GCP2 - Studio Wireless
GCP4 - urBeats (2nd generation)
GCP3 - Tour (2nd generation)
GCTM - iMac (Retina 5K, 27-inch, Late 2014)
GCVH - Mac mini (Late 2014)
GCW1 - Mac mini (Late 2014)
GCVN - Mac mini (Late 2014)
GCVG - Mac mini (Late 2014)
GCVJ - Mac mini (Late 2014)
GCVW - Mac mini (Late 2014)
GCVQ - Mac mini (Late 2014)
GCVY - Mac mini (Late 2014)
GCVV - Mac mini (Late 2014)
GCW0 - Mac mini (Late 2014)
GCVP - Mac mini (Late 2014)
GDJL - MacBook Pro (13-inch, Mid 2012)
GDJM - MacBook Pro (Retina, 13-inch, Mid 2014)
GDL2 - MacBook Pro (13-inch, Mid 2012)
GDPP - MacBook Pro (Retina, 15-inch, Mid 2014)
GDR7 - iMac (Retina 5K, 27-inch, Late 2014)
GDR3 - iMac (Retina 5K, 27-inch, Late 2014)
GDQY - iMac (Retina 5K, 27-inch, Late 2014)
GDRC - iMac (Retina 5K, 27-inch, Late 2014)
GDR4 - iMac (Retina 5K, 27-inch, Late 2014)
GDR5 - iMac (Retina 5K, 27-inch, Late 2014)
GDR8 - iMac (Retina 5K, 27-inch, Late 2014)
GDR6 - iMac (Retina 5K, 27-inch, Late 2014)
GDR9 - iMac (Retina 5K, 27-inch, Late 2014)
GF1Q - Mac mini (Late 2014)
GF1J - iMac (21.5-inch, Late 2015)
GF1M - iMac (21.5-inch, Late 2015)
GF1T - Mac mini (Late 2014)
GF1L - iMac (21.5-inch, Late 2015)
GF1K - iMac (21.5-inch, Late 2015)
GF1N - Mac mini (Late 2014)
GF65 - MacBook Pro (13-inch, Mid 2012)
GF83 - MacBook (Retina, 12-inch, Early 2015)
GF84 - MacBook (Retina, 12-inch, Early 2015)
GF85 - MacBook (Retina, 12-inch, Early 2015)
GF82 - MacBook (Retina, 12-inch, Early 2015)
GFFQ - iMac (Retina 5K, 27-inch, Late 2014)
GFJN - urBeats (2nd generation)
GFJM - urBeats (2nd generation)
GFJP - urBeats (2nd generation)
GFWM - MacBook Air (11-inch, Early 2015)
GFWK - MacBook Air (11-inch, Early 2015)
GFWL - MacBook Air (11-inch, Early 2015)
GFWP - MacBook Air (11-inch, Early 2015)
GFWN - MacBook Air (11-inch, Early 2015)
GG7J - iMac (Retina 5K, 27-inch, Late 2015)
GG7R - iMac (Retina 5K, 27-inch, Late 2015)
GG7C - iMac (Retina 4K, 21.5-inch, Late 2015)
GG7N - iMac (Retina 5K, 27-inch, Late 2015)
GG7H - iMac (Retina 4K, 21.5-inch, Late 2015)
GG7Q - iMac (Retina 5K, 27-inch, Late 2015)
GG7D - iMac (21.5-inch, Late 2015)
GG7G - iMac (21.5-inch, Late 2015)
GG7L - iMac (Retina 5K, 27-inch, Late 2015)
GG77 - iMac (21.5-inch, Late 2015)
GG7F - iMac (Retina 4K, 21.5-inch, Late 2015)
GG79 - iMac (21.5-inch, Late 2015)
GG78 - iMac (Retina 4K, 21.5-inch, Late 2015)
GG7V - iMac (Retina 5K, 27-inch, Late 2015)
GG80 - iMac (Retina 5K, 27-inch, Late 2015)
GG7T - iMac (Retina 5K, 27-inch, Late 2015)
GG81 - iMac (Retina 5K, 27-inch, Late 2015)
GG82 - iMac (Retina 5K, 27-inch, Late 2015)
GGK4 - iPod touch (6th generation)
GGK9 - iPod touch (6th generation)
GGK2 - iPod touch (6th generation)
GGK6 - iPod touch (6th generation)
GGK8 - iPod touch (6th generation)
GGK3 - iPod touch (6th generation)
GGK5 - iPod touch (6th generation)
GGK7 - iPod touch (6th generation)
GGNR - iPod touch (6th generation)
GGNP - iPod touch (6th generation)
GGNM - iPod touch (6th generation)
GGNL - iPod touch (6th generation)
GGNW - iPod touch (6th generation)
GGNJ - iPod touch (6th generation)
GGNQ - iPod touch (6th generation)
GGNN - iPod touch (6th generation)
GGNK - iPod touch (6th generation)
GGNT - iPod touch (6th generation)
GH6W - Apple Watch (38mm Gold)
GH83 -
GH84 -
GH82 -
GHFF - iMac (27-inch, Late 2013)
GHJH - iMac (21.5-inch, Late 2013)
GHK9 - iPad mini 4
GHKF - iPad mini 4
GHKJ - iPad mini 4
GHKH - iPad mini 4
GHKL - iPad mini 4
GHKG - iPad mini 4
GHKK - iPad mini 4
GHKD - iPad mini 4
GHKC - iPad mini 4
GHMG - iPad mini 4 Wi-Fi + Cellular
GHMQ - iPad mini 4 Wi-Fi + Cellular
GHMK - iPad mini 4 Wi-Fi + Cellular
GHMH - iPad mini 4 Wi-Fi + Cellular
GHMM - iPad mini 4 Wi-Fi + Cellular
GHMJ - iPad mini 4 Wi-Fi + Cellular
GHML - iPad mini 4 Wi-Fi + Cellular
GHMN - iPad mini 4 Wi-Fi + Cellular
GHMP - iPad mini 4 Wi-Fi + Cellular
GHPC - urBeats (2nd generation)
GHPH - urBeats (2nd generation)
GHPG - urBeats (2nd generation)
GHPF - urBeats (2nd generation)
GHPL - urBeats (2nd generation)
GHPM - urBeats (2nd generation)
GHPJ - urBeats (2nd generation)
GHPK - urBeats (2nd generation)
GHPN - urBeats (2nd generation)
GHRN - Mac mini (Late 2014)
GHV0 - Studio (2nd generation)
GJDC - Mac mini (Late 2014)
GJDN - iMac (Retina 5K, 27-inch, Late 2014)
GJDQ - iMac (Retina 5K, 27-inch, Late 2014)
GJDM - iMac (Retina 5K, 27-inch, Late 2014)
GJDP - iMac (Retina 5K, 27-inch, Late 2014)
GJMF -
GJMG -
GK63 -
GK62 -
GK6D -
GK69 -
GK61 -
GK6F -
GK67 -
GK65 -
GK6C -
GK68 -
GK64 -
GK60 -
GKJG - MacBook Pro (Retina, 13-inch, Early 2015)
GKJM - MacBook Pro (Retina, 13-inch, Early 2015)
GKJQ - MacBook (Retina, 12-inch, Early 2015)
GKJN - MacBook Pro (Retina, 13-inch, Early 2015)
GKJR - MacBook (Retina, 12-inch, Early 2015)
GKJT - MacBook Air (13-inch, Early 2015)
GKJY - MacBook Air (11-inch, Early 2015)
GKJV - MacBook Air (13-inch, Early 2015)
GKK0 - MacBook Air (11-inch, Early 2015)
GKK2 - MacBook (Retina, 12-inch, Early 2015)
GKK4 - MacBook (Retina, 12-inch, Early 2015)
GKK5 - MacBook (Retina, 12-inch, Early 2015)
GKK3 - MacBook (Retina, 12-inch, Early 2015)
GL1V - iMac (Retina 5K, 27-inch, Mid 2015)
GL20 - MacBook Air (13-inch, Early 2015)
GL21 - MacBook Air (13-inch, Early 2015)
GL1T - iMac (Retina 5K, 27-inch, Mid 2015)
GL1Q - iMac (Retina 5K, 27-inch, Mid 2015)
GL1W - iMac (Retina 5K, 27-inch, Mid 2015)
GL1R - iMac (Retina 5K, 27-inch, Mid 2015)
GL25 - MacBook Air (13-inch, Early 2015)
GL27 - MacBook Air (11-inch, Early 2015)
GL26 - MacBook Air (11-inch, Early 2015)
GL24 - MacBook Air (13-inch, Early 2015)
GL23 - MacBook Air (13-inch, Early 2015)
GL22 - MacBook Air (13-inch, Early 2015)
GL2F - MacBook Air (11-inch, Early 2015)
GL28 - MacBook Air (11-inch, Early 2015)
GL2C - MacBook Air (11-inch, Early 2015)
GL29 - MacBook Air (11-inch, Early 2015)
GL2D - MacBook Air (11-inch, Early 2015)
GL2H - MacBook Air (11-inch, Early 2015)
GL37 - MacBook Pro (Retina, 13-inch, Early 2015)
GL34 - MacBook Pro (Retina, 13-inch, Early 2015)
GL36 - MacBook Pro (Retina, 13-inch, Early 2015)
GL35 - MacBook Pro (Retina, 13-inch, Early 2015)
GL5M - Powerbeats2 Wireless
GL5P - Powerbeats2 Wireless
GL5N - Powerbeats2 Wireless
GL5Q - Powerbeats2 Wireless
GL69 - MacBook (Retina, 12-inch, Early 2015)
GL6D - MacBook (Retina, 12-inch, Early 2015)
GL6G - MacBook (Retina, 12-inch, Early 2015)
GL6F - MacBook (Retina, 12-inch, Early 2015)
GL6H - MacBook (Retina, 12-inch, Early 2015)
GL6C - MacBook (Retina, 12-inch, Early 2015)
GL6P -
GL6N -
GL6Q -
GLC4 - Powerbeats2 Wireless
GLC6 - Powerbeats2 Wireless
GLCP - MacBook Air (13-inch, Early 2015)
GLCQ - MacBook Air (11-inch, Early 2015)
GLC5 - Powerbeats2 Wireless
GLC9 -
GLC7 -
GLCN - MacBook Air (13-inch, Early 2015)
GLC8 -
GLK9 - MacBook Air (11-inch, Early 2014)
GLK8 - MacBook Air (13-inch, Early 2014)
GLK7 - MacBook Air (13-inch, Early 2014)
GM16 - iPod touch (6th generation)
GM11 - MacBook Pro (Retina, 13-inch, Early 2015)
GM1D - iPod touch (6th generation)
GM12 - MacBook Pro (Retina, 13-inch, Early 2015)
GM13 - MacBook Pro (Retina, 13-inch, Early 2015)
GM0V - MacBook Pro (Retina, 13-inch, Early 2015)
GM0Y - MacBook Pro (Retina, 13-inch, Early 2015)
GM10 - MacBook Pro (Retina, 13-inch, Early 2015)
GM0W - MacBook Pro (Retina, 13-inch, Early 2015)
GM17 - iPod touch (6th generation)
GM18 - iPod touch (6th generation)
GM15 - MacBook Air (13-inch, Early 2015)
GM1C - iPod touch (6th generation)
GM14 - MacBook Air (13-inch, Early 2015)
GM19 - iPod touch (6th generation)
GM38 - MacBook Air (13-inch, Early 2015)
GM6M - MacBook Air (13-inch, Early 2015)
GM9G - MacBook Air (13-inch, Early 2015)
GMC9 - MacBook Air (11-inch, Early 2015)
GMC8 - MacBook Air (11-inch, Early 2015)
GMC5 - MacBook Air (11-inch, Early 2015)
GMC7 - MacBook Air (11-inch, Early 2015)
GMC3 - MacBook Air (13-inch, Early 2015)
GMC6 - MacBook Air (11-inch, Early 2015)
GMD3 - MacBook Air (13-inch, Early 2015)
GMDF - MacBook Pro (Retina, 13-inch, Early 2015)
GMYY - Studio Wireless
GMYT - Studio Wireless
GMYQ - Studio Wireless
GMYR - Studio Wireless
GMYV - Studio Wireless
GMYW - Studio Wireless
GN02 - Mac mini (Late 2014)
GN24 - MacBook Pro (Retina, 13-inch, Early 2015)
GN8C - MacBook Air (13-inch, Early 2015)
GNJG - MacBook Air (11-inch, Early 2015)
GNJL - MacBook Air (11-inch, Early 2015)
GNJK - MacBook Air (11-inch, Early 2015)
GNJJ - MacBook Air (13-inch, Early 2015)
GNKM - MacBook Air (13-inch, Early 2015)
GNL0 - Mac mini (Late 2014)
GP4P - MacBook Air (11-inch, Early 2014)
GP4J - MacBook Pro (Retina, 15-inch, Mid 2015)
GP4M - MacBook Air (13-inch, Early 2014)
GP4H - MacBook Pro (Retina, 15-inch, Mid 2015)
GP4N - MacBook Air (11-inch, Early 2014)
GP4L - MacBook Air (13-inch, Early 2014)
GPJN - iMac (Retina 5K, 27-inch, Late 2014)
GPLP - MacBook Pro (Retina, 15-inch, Mid 2015)
GPLN - MacBook Pro (Retina, 15-inch, Mid 2015)
GPLM - MacBook Pro (Retina, 15-inch, Mid 2015)
GQ17 - iMac (Retina 5K, 27-inch, Late 2015)
GQ18 - iMac (Retina 5K, 27-inch, Late 2015)
GQ64 - MacBook Pro (Retina, 15-inch, Mid 2015)
GQ62 - MacBook Pro (Retina, 15-inch, Mid 2015)
GQ63 - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCQ - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCP - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCR - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCL - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCT - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCM - MacBook Pro (Retina, 15-inch, Mid 2015)
GQCX - iMac (27-inch, Late 2013)
GQR6 - MacBook Pro (Retina, 13-inch, Early 2015)
GQR4 - MacBook Pro (Retina, 13-inch, Early 2015)
GQR5 - MacBook Pro (Retina, 13-inch, Early 2015)
GR6H - Studio Wireless
GR89 - MacBook (Retina, 12-inch, Early 2015)
GR79 - Apple Watch (38mm Aluminum)
GR7C - Apple Watch (38mm Aluminum)
GR8F - MacBook (Retina, 12-inch, Early 2015)
GR8D - MacBook (Retina, 12-inch, Early 2015)
GR7M - AppleWatch (42mm Aluminum)
GR7N - AppleWatch (42mm Aluminum)
GR8C - MacBook (Retina, 12-inch, Early 2015)
GR8G - MacBook (Retina, 12-inch, Early 2015)
GR88 - MacBook (Retina, 12-inch, Early 2015)
GR7R - Apple Watch (38mm Hermès)
GR81 - Apple Watch (42mm Hermès)
GRTV - iMac (27-inch, Late 2013)
GRT3 - Apple Watch (42mm Gold)
GRWH - iPhone 6s Plus
GRWD - iPhone 6s Plus
GRWJ - iPhone 6s Plus
GRWF - iPhone 6s Plus
GRWL - iPhone 6s Plus
GRWM - iPhone 6s Plus
GRX8 - iPhone 6s Plus
GRXL - iPhone 6s Plus
GRWX - iPhone 6s Plus
GRWQ - iPhone 6s Plus
GRWV - iPhone 6s Plus
GRX5 - iPhone 6s Plus
GRXG - iPhone 6s Plus
GRX1 - iPhone 6s Plus
GRWT - iPhone 6s Plus
GRXC - iPhone 6s Plus
GRXH - iPhone 6s Plus
GRX4 - iPhone 6s Plus
GRXV - iPhone 6s
GRX2 - iPhone 6s Plus
GRWY - iPhone 6s Plus
GRXY - iPhone 6s
GRXX - iPhone 6s
GRXW - iPhone 6s
GRXQ - iPhone 6s
GRXR - iPhone 6s
GRWP - iPhone 6s Plus
GRXD - iPhone 6s Plus
GRX7 - iPhone 6s Plus
GRXT - iPhone 6s
GRXK - iPhone 6s Plus
GRY0 - iPhone 6s
GRY3 - iPhone 6s
GRY5 - iPhone 6s
GRY4 - iPhone 6s
GRY1 - iPhone 6s
GRY7 - iPhone 6s
GRYG - iPhone 6s
GRY2 - iPhone 6s
GRYF - iPhone 6s
GRYD - iPhone 6s
GRYK - iPhone 6s
GRY8 - iPhone 6s
GRYJ - iPhone 6s
GRY6 - iPhone 6s
GRYH - iPhone 6s
GRYC - iPhone 6s
GRY9 - iPhone 6s
GV7V - iMac (Retina 5K, 27-inch, Late 2014)
GW0V - iMac (27-inch, Late 2013)
GW0W - iMac (27-inch, Late 2013)
GWDP - MacBook Pro (Retina, 15-inch, Mid 2015)
GWDN - MacBook Pro (Retina, 15-inch, Mid 2015)


Update

Two new links for the new entry-level iMac (iMac14,4/Mac-81E3E92DD6088272) have been added.

Update, 30 July 2014

I ran the script to collect the data this evening, with many new links. Including links for the new MacBook Pro with Haswell processor refresh series. No Mac mini serial yet.

Update, 17 September 2014

Replaced broken links and added new data. Now includes iPhone 6 and Beats accessories (no technical data yet).

Update, 17 October 2014

Late 2014 iMac (Retina 5K, 27-inch) and Late 2014 Mac mini added.

Update, 23 January 2015

More Late 2014 iMac (Retina 5K, 27-inch) and Late 2014 Mac mini serials added.

Update, 10 March 2015

Sixty-six new MacBook Air (11 and 13 inch) serial numbers added – the total number of links is now 650.

Edit, 18 September 2015

I forgot to mention this previously. The data is cached after it is pulled from the apple server. You can find it here:

~/Library/Preferences/com.apple.SystemProfiler.plist

Edit, 14 October 2015

New iMac models (Late 2015) with Intel Skylake processors added.

OS X 10.10 Yosemite DP1 kernel(cache)

Apple released OS X v10.10 Yosemite Developer Preview 1 (Build 14A238x) to its Mac developers and soon after the release notes showed up on pastebin.com. And no. That wasn’t me. That was someone else. No idea who it was but anyway. The DP1 initiated a lot of (press) coverage about the new (flat) look and feel, and that is great for end-users and the like, but we hackers are far more interested in the boring stuff. Hidden deep under the hood of OS X 10.10 Yosemite DP1 and thus here goes.

mach_kernel

Apple renamed mach_kernel to kernel and also moved it out of the root. Eliminating the need to hide it during the installation process. Which failed a couple of times already, and then people could easily rm the file. Well. Not anymore, because now it is put away in: /System/Library/Kernels making the accidental removal of the kernel virtually impossible. Oh and here is a tip. I found this change by looking at: /usr/standalone/BootCaches.plist and here is a snipped of that file.

<key>Kernelcache v1.3</key>
<dict>
	<key>ExtensionsDir</key>
	<array>
		<string>/System/Library/Extensions</string>
		<string>/Library/Extensions</string>
	</array>
	<key>Path</key>
		<string>/System/Library/Caches/com.apple.kext.caches/Startup/kernelcache</string>
	<key>KernelPath</key>
	<string>/System/Library/Kernels/kernel</string>
	<key>KernelsDir</key>
	<string>/System/Library/Kernels</string>
	<key>Archs</key>
	<array>
		<string>x86_64</string>
	</array>
	<key>Preferred Compression</key>
	<string>lzvn</string>
</dict>

kernelcache

The above snippet also gave away that Apple is still using the same version/name/path for the kernel cache, but hold on. There is also a new property called Preferred Compression. Set to lzvn. Which is new. Overriding the previously used lzss compression method. But looking at the code, I think that you can either remove or rename lzvn to lzss and then kextcache will re-create a new kernelcache with lzss. Which is a must have for legacy boot loaders like Chameleon, Chimera and RevoBoot because without support for lzvn or renamed property value, this piece of code in drivers.c will error out with: “kernel compression is bad!”

if (kernel_header->signature == OSSwapBigToHostConstInt32('comp'))
{
	if (kernel_header->compressType != OSSwapBigToHostConstInt32('lzss'))
	{
		error("kernel compression is bad\n");
		return -1;
	}

Yikes! I love using kernel cache. It makes booting up your Mac/hack so much faster. How do we fix this?

lzvn_decode

I started with a simple grep for lzvn in the extensions directory, resulting in two matches. One in AppleFSCompressionZlib.kext

And one in IOGraphics.kext

Here we also find a reference to lzvn.opcode_table which appears to be a 2KB data table. And since kextcache creates the kernel cache, it had to have the same sort of code. Bingo. Here it is.

The good news is that the source code of both IOGraphics.kext and kextcache should become publicly available. Well. Not right now, because Apple is, as usual, very slow with updating opensource.apple.com. Their reasons are unknown, but it is most likely security related. And even then. I mean. Look at what happened with XCPM in the mach_kernel. No source was ever shared. Why? No idea.

Also. The 2KB opcode tables are not the same. In fact. All three are different. The question now is what to do. Wait or dig deeper and try to write our own lzvn code. The problem is that I don’t even have the time to finish this blog article…

boot.efi

Some of you may wonder why Clover can boot with kernel cache while other, legacy, boot loaders cannot. The answer is rather simple. Clover loads: /usr/standalone/i386/boot.efi and this file adds support for lzvn with yet another (also different) 2 KB opcode.table Oops. I almost forgot it. This is where _lzvn_decode can be found in boot.efi

Support for lzss is still there so we can use both of them.

What is next?

I extracted the 2 KB opcode.table from boot.efi, now also available from dropbox (all four of them) and then I disassembled _lzvn_decode. Well. Here you go. Yup. This the one from boot.efi.

_lzvn_decode:
   19780:	55                   	push   %rbp
   19781:	48 89 e5             	mov    %rsp,%rbp
   19784:	57                   	push   %rdi
   19785:	56                   	push   %rsi
   19786:	48 89 cf             	mov    %rcx,%rdi
   19789:	48 89 d6             	mov    %rdx,%rsi
   1978c:	4c 89 c2             	mov    %r8,%rdx
   1978f:	4c 89 c9             	mov    %r9,%rcx
   19792:	53                   	push   %rbx
   19793:	41 54                	push   %r12
   19795:	48 8d 1d 24 ee 06 00 	lea    0x6ee24(%rip),%rbx        # 0x885c0
   1979c:	48 31 c0             	xor    %rax,%rax
   1979f:	4d 31 e4             	xor    %r12,%r12
   197a2:	48 83 ee 08          	sub    $0x8,%rsi
   197a6:	0f 82 92 02 00 00    	jb     0x19a3e
   197ac:	48 8d 4c 0a f8       	lea    -0x8(%rdx,%rcx,1),%rcx
   197b1:	48 39 ca             	cmp    %rcx,%rdx
   197b4:	0f 87 84 02 00 00    	ja     0x19a3e
   197ba:	4c 0f b6 0a          	movzbq (%rdx),%r9
   197be:	4c 8b 02             	mov    (%rdx),%r8
   197c1:	42 ff 24 cb          	jmpq   *(%rbx,%r9,8)
   197c5:	48 83 c2 01          	add    $0x1,%rdx
   197c9:	48 39 ca             	cmp    %rcx,%rdx
   197cc:	0f 87 6c 02 00 00    	ja     0x19a3e
   197d2:	4c 0f b6 0a          	movzbq (%rdx),%r9
   197d6:	4c 8b 02             	mov    (%rdx),%r8
   197d9:	42 ff 24 cb          	jmpq   *(%rbx,%r9,8)
   197dd:	0f 1f 00             	nopl   (%rax)
   197e0:	49 c1 e9 06          	shr    $0x6,%r9
   197e4:	4a 8d 54 0a 02       	lea    0x2(%rdx,%r9,1),%rdx
   197e9:	48 39 ca             	cmp    %rcx,%rdx
   197ec:	0f 87 4c 02 00 00    	ja     0x19a3e
   197f2:	4d 89 c4             	mov    %r8,%r12
   197f5:	49 0f cc             	bswap  %r12
   197f8:	4d 89 e2             	mov    %r12,%r10
   197fb:	49 c1 e4 05          	shl    $0x5,%r12
   197ff:	49 c1 e2 02          	shl    $0x2,%r10
   19803:	49 c1 ec 35          	shr    $0x35,%r12
   19807:	49 c1 ea 3d          	shr    $0x3d,%r10
   1980b:	49 c1 e8 10          	shr    $0x10,%r8
   1980f:	49 83 c2 03          	add    $0x3,%r10
   19813:	4e 8d 1c 08          	lea    (%rax,%r9,1),%r11
   19817:	4d 01 d3             	add    %r10,%r11
   1981a:	49 39 f3             	cmp    %rsi,%r11
   1981d:	73 3d                	jae    0x1985c
   1981f:	4c 89 04 07          	mov    %r8,(%rdi,%rax,1)
   19823:	4c 01 c8             	add    %r9,%rax
   19826:	49 89 c0             	mov    %rax,%r8
   19829:	4d 29 e0             	sub    %r12,%r8
   1982c:	0f 82 0c 02 00 00    	jb     0x19a3e
   19832:	49 83 fc 08          	cmp    $0x8,%r12
   19836:	72 54                	jb     0x1988c
   19838:	4e 8b 0c 07          	mov    (%rdi,%r8,1),%r9
   1983c:	49 83 c0 08          	add    $0x8,%r8
   19840:	4c 89 0c 07          	mov    %r9,(%rdi,%rax,1)
   19844:	48 83 c0 08          	add    $0x8,%rax
   19848:	49 83 ea 08          	sub    $0x8,%r10
   1984c:	77 ea                	ja     0x19838
   1984e:	4c 01 d0             	add    %r10,%rax
   19851:	4c 0f b6 0a          	movzbq (%rdx),%r9
   19855:	4c 8b 02             	mov    (%rdx),%r8
   19858:	42 ff 24 cb          	jmpq   *(%rbx,%r9,8)
   1985c:	4d 85 c9             	test   %r9,%r9
   1985f:	74 1f                	je     0x19880
   19861:	4c 8d 5e 08          	lea    0x8(%rsi),%r11
   19865:	44 88 04 07          	mov    %r8b,(%rdi,%rax,1)
   19869:	48 83 c0 01          	add    $0x1,%rax
   1986d:	49 39 c3             	cmp    %rax,%r11
   19870:	0f 84 cb 01 00 00    	je     0x19a41
   19876:	49 c1 e8 08          	shr    $0x8,%r8
   1987a:	49 83 e9 01          	sub    $0x1,%r9
   1987e:	75 e5                	jne    0x19865
   19880:	49 89 c0             	mov    %rax,%r8
   19883:	4d 29 e0             	sub    %r12,%r8
   19886:	0f 82 b2 01 00 00    	jb     0x19a3e
   1988c:	4c 8d 5e 08          	lea    0x8(%rsi),%r11
   19890:	4e 0f b6 0c 07       	movzbq (%rdi,%r8,1),%r9
   19895:	49 83 c0 01          	add    $0x1,%r8
   19899:	44 88 0c 07          	mov    %r9b,(%rdi,%rax,1)
   1989d:	48 83 c0 01          	add    $0x1,%rax
   198a1:	49 39 c3             	cmp    %rax,%r11
   198a4:	0f 84 97 01 00 00    	je     0x19a41
   198aa:	49 83 ea 01          	sub    $0x1,%r10
   198ae:	75 e0                	jne    0x19890
   198b0:	4c 0f b6 0a          	movzbq (%rdx),%r9
   198b4:	4c 8b 02             	mov    (%rdx),%r8
   198b7:	42 ff 24 cb          	jmpq   *(%rbx,%r9,8)
   198bb:	49 c1 e9 06          	shr    $0x6,%r9
   198bf:	4a 8d 54 0a 01       	lea    0x1(%rdx,%r9,1),%rdx
   198c4:	48 39 ca             	cmp    %rcx,%rdx
   198c7:	0f 87 71 01 00 00    	ja     0x19a3e
   198cd:	49 c7 c2 38 00 00 00 	mov    $0x38,%r10
   198d4:	4d 21 c2             	and    %r8,%r10
   198d7:	49 c1 e8 08          	shr    $0x8,%r8
   198db:	49 c1 ea 03          	shr    $0x3,%r10
   198df:	49 83 c2 03          	add    $0x3,%r10
   198e3:	e9 2b ff ff ff       	jmpq   0x19813
   198e8:	49 c1 e9 06          	shr    $0x6,%r9
   198ec:	4a 8d 54 0a 03       	lea    0x3(%rdx,%r9,1),%rdx
   198f1:	48 39 ca             	cmp    %rcx,%rdx
   198f4:	0f 87 44 01 00 00    	ja     0x19a3e
   198fa:	49 c7 c2 38 00 00 00 	mov    $0x38,%r10
   19901:	49 c7 c4 ff ff 00 00 	mov    $0xffff,%r12
   19908:	4d 21 c2             	and    %r8,%r10
   1990b:	49 c1 e8 08          	shr    $0x8,%r8
   1990f:	49 c1 ea 03          	shr    $0x3,%r10
   19913:	4d 21 c4             	and    %r8,%r12
   19916:	49 c1 e8 10          	shr    $0x10,%r8
   1991a:	49 83 c2 03          	add    $0x3,%r10
   1991e:	e9 f0 fe ff ff       	jmpq   0x19813
   19923:	49 c1 e9 03          	shr    $0x3,%r9
   19927:	49 83 e1 03          	and    $0x3,%r9
   1992b:	4a 8d 54 0a 03       	lea    0x3(%rdx,%r9,1),%rdx
   19930:	48 39 ca             	cmp    %rcx,%rdx
   19933:	0f 87 05 01 00 00    	ja     0x19a3e
   19939:	4d 89 c2             	mov    %r8,%r10
   1993c:	49 81 e2 07 03 00 00 	and    $0x307,%r10
   19943:	49 c1 e8 0a          	shr    $0xa,%r8
   19947:	4d 0f b6 e2          	movzbq %r10b,%r12
   1994b:	49 c1 ea 08          	shr    $0x8,%r10
   1994f:	49 c1 e4 02          	shl    $0x2,%r12
   19953:	4d 09 e2             	or     %r12,%r10
   19956:	49 c7 c4 ff 3f 00 00 	mov    $0x3fff,%r12
   1995d:	49 83 c2 03          	add    $0x3,%r10
   19961:	4d 21 c4             	and    %r8,%r12
   19964:	49 c1 e8 0e          	shr    $0xe,%r8
   19968:	e9 a6 fe ff ff       	jmpq   0x19813
   1996d:	48 83 c2 01          	add    $0x1,%rdx
   19971:	48 39 ca             	cmp    %rcx,%rdx
   19974:	0f 87 c4 00 00 00    	ja     0x19a3e
   1997a:	4d 89 c2             	mov    %r8,%r10
   1997d:	49 83 e2 0f          	and    $0xf,%r10
   19981:	eb 1f                	jmp    0x199a2
   19983:	48 83 c2 02          	add    $0x2,%rdx
   19987:	48 39 ca             	cmp    %rcx,%rdx
   1998a:	0f 87 ae 00 00 00    	ja     0x19a3e
   19990:	4d 89 c2             	mov    %r8,%r10
   19993:	49 c1 ea 08          	shr    $0x8,%r10
   19997:	49 81 e2 ff 00 00 00 	and    $0xff,%r10
   1999e:	49 83 c2 10          	add    $0x10,%r10
   199a2:	49 89 c0             	mov    %rax,%r8
   199a5:	4d 29 e0             	sub    %r12,%r8
   199a8:	4e 8d 1c 10          	lea    (%rax,%r10,1),%r11
   199ac:	49 39 f3             	cmp    %rsi,%r11
   199af:	0f 83 d7 fe ff ff    	jae    0x1988c
   199b5:	49 83 fc 08          	cmp    $0x8,%r12
   199b9:	0f 83 79 fe ff ff    	jae    0x19838
   199bf:	e9 c8 fe ff ff       	jmpq   0x1988c
   199c4:	49 83 e0 0f          	and    $0xf,%r8
   199c8:	4a 8d 54 02 01       	lea    0x1(%rdx,%r8,1),%rdx
   199cd:	eb 14                	jmp    0x199e3
   199cf:	49 c1 e8 08          	shr    $0x8,%r8
   199d3:	49 81 e0 ff 00 00 00 	and    $0xff,%r8
   199da:	49 83 c0 10          	add    $0x10,%r8
   199de:	4a 8d 54 02 02       	lea    0x2(%rdx,%r8,1),%rdx
   199e3:	48 39 ca             	cmp    %rcx,%rdx
   199e6:	77 56                	ja     0x19a3e
   199e8:	4e 8d 1c 00          	lea    (%rax,%r8,1),%r11
   199ec:	49 f7 d8             	neg    %r8
   199ef:	49 39 f3             	cmp    %rsi,%r11
   199f2:	77 23                	ja     0x19a17
   199f4:	4e 8d 1c 1f          	lea    (%rdi,%r11,1),%r11
   199f8:	4e 8b 0c 02          	mov    (%rdx,%r8,1),%r9
   199fc:	4f 89 0c 03          	mov    %r9,(%r11,%r8,1)
   19a00:	49 83 c0 08          	add    $0x8,%r8
   19a04:	73 f2                	jae    0x199f8
   19a06:	4c 89 d8             	mov    %r11,%rax
   19a09:	48 29 f8             	sub    %rdi,%rax
   19a0c:	4c 0f b6 0a          	movzbq (%rdx),%r9
   19a10:	4c 8b 02             	mov    (%rdx),%r8
   19a13:	42 ff 24 cb          	jmpq   *(%rbx,%r9,8)
   19a17:	4c 8d 5e 08          	lea    0x8(%rsi),%r11
   19a1b:	4e 0f b6 0c 02       	movzbq (%rdx,%r8,1),%r9
   19a20:	44 88 0c 07          	mov    %r9b,(%rdi,%rax,1)
   19a24:	48 83 c0 01          	add    $0x1,%rax
   19a28:	49 39 c3             	cmp    %rax,%r11
   19a2b:	74 14                	je     0x19a41
   19a2d:	49 83 c0 01          	add    $0x1,%r8
   19a31:	75 e8                	jne    0x19a1b
   19a33:	4c 0f b6 0a          	movzbq (%rdx),%r9
   19a37:	4c 8b 02             	mov    (%rdx),%r8
   19a3a:	42 ff 24 cb          	jmpq   *(%rbx,%r9,8)
   19a3e:	48 31 c0             	xor    %rax,%rax
   19a41:	41 5c                	pop    %r12
   19a43:	5b                   	pop    %rbx
   19a44:	5e                   	pop    %rsi
   19a45:	5f                   	pop    %rdi
   19a46:	5d                   	pop    %rbp
   19a47:	c3                   	retq 

Anyone willing to have a go with it? Yes. You will need to convert it and figure out how to get it going, but we are hackers. Right?

Kernelcache header data

I checked the header data of the new kernelcache, a few days ago already, and noticed that it had changed. It used to start with the mach_header_64 data (28 bytes):

struct mach_header_64 {
	uint32_t	magic;		/* mach magic number identifier */
	cpu_type_t	cputype;	/* cpu specifier */
	cpu_subtype_t	cpusubtype;	/* machine specifier */
	uint32_t	filetype;	/* type of file */
	uint32_t	ncmds;		/* number of load commands */
	uint32_t	sizeofcmds;	/* the size of all the load commands */
	uint32_t	flags;		/* flags */
	uint32_t	reserved;	/* reserved */
};

Which is defined in: /usr/include/mach-o/loader.h but now it starts with the pre-linked kernel header:

#define PLATFORM_NAME_LEN  (64)
#define ROOT_PATH_LEN     (256)

// prelinkVersion value >= 1 means KASLR supported
typedef struct prelinked_kernel_header {
    uint32_t  signature;
    uint32_t  compressType;
    uint32_t  adler32;
    uint32_t  uncompressedSize;
    uint32_t  compressedSize;
    uint32_t  prelinkVersion;
    uint32_t  reserved[10];
    char      platformName[PLATFORM_NAME_LEN];	// unused
    char      rootPath[ROOT_PATH_LEN];		// unused
    char      data[0];
} PrelinkedKernelHeader;

This structure is defined in kernelcache.h which is part of kext-tools and it used to come right after the mach_header_64 data, but not anymore. Easily fixed in the boot loader.

Edit:

I was wrong. Only the kernel cache in the BaseSystem.dmg is missing the mach_header_64 data. It’s still there in: /System/Library/Caches/com.apple.kext.caches/Startup/kernelcache
Problem sorted.

Update

I found a new boot argument called kcsuffix in the kextcache binary, which can be used to add… well you’ve guessed it already, add a suffix to the kernelcache.

I also found three references to .development and a strange one called /AppleInternal

I ran a few tests with kcsuffix=.development and that worked, because I noticed that the usual kextcache -Boot -U / at boot time now uses the added suffix.

Also. This bit is something you should know by now, but some people seem to be confused by it. Let’s try one more time. Ok. We already learned that
unsigned or improperly signed kexts will not be loaded in Yosemite, and that this strict checking can be disabled by adding a boot argument (kext-dev-mode=1) but you may not even need it. Not when the unsigned kext is listed in AppleKextExcludeList.kext Then you won’t have to use: kext-dev-mode=1

Quite simple isn’t it 😉

OS X v10.10 Yosemite Developer Preview 1 (Build 14A238x)

Look what I found:

Introduction
OS X v10.10 Developer Preview 1 is pre-release software. Do not use this pre-release software in a commercial operating environment or with important data. You should back up all of your data before installing this software and regularly back up data while using the software.

If an installation of OS X v10.10 Developer Preview 1 fails, try using Disk Utility from a Recovery HD to repair the disk.

Bug Reporting
This build is being provided to you for testing and development purposes. Should you encounter any problems, submit a bug report using the online Bug Reporter at http://bugreporter.apple.com/. Please make sure to include “10.10 (14A238x)” in the bug title and description. This information will ensure that your bug is processed quickly.

When submitting a bug report, make sure to include a Summary, Steps to Reproduce, Expected Results, Actual Results, and the diagnostic output generated by running sudo sysdiagnose in Terminal, or use the special key chord Control-Option-Command-Shift-Period.

For complete instructions on submitting bug reports, visit the Bug Reporting page at http://developer.apple.com/bugreporter/.

Developer Preview System Requirements
The OS X v10.10 Developer Preview supports the following Macs:

iMac (Mid 2007 or newer)
MacBook Air (Late 2008 or newer)
MacBook (Late 2008 Aluminum, or Early 2009 or newer)
Mac mini (Early 2009 or newer)
MacBook Pro (Mid/Late 2007 or newer)
Mac Pro (Early 2008 or newer)
Xserve (Early 2009)

Notes and Known Issues
Installation
Known Issues
Migration Assistant may hang while transferring your information from a Time Machine backup. To proceed with the login, quit the Installer.
Developer Preview 1 may be unable to install over an encrypted volume.
Choosing a later installation from the Software Update notification may fail to install selected updates.
The system may appear to hang if the Login password does not match the OpenDirectory or keychain password. Pressing the Esc key will allow the login to proceed.

Calendar
Known Issue
Some all day events may not be displayed. Navigating to a different day, and back will display the missing events.

Continuity
Known Issues
Some apps that use Handoff will mistakenly show as Safari in the iOS lock screen and OS X Dock.
In some cases, not all devices associated with an Apple ID will pair successfully. These devices will be unable to use Handoff, Phone calls, or Instant HotSpot.
When using a Mac, Handoff may sometimes stop showing icons on other iOS and OS X devices.
Handoff-based Bluetooth connections between devices may stop working after trying to use Handoff.
In some cases, using Handoff with Safari will result in an old URL being resumed instead of the current URL.
Directions and Navigation in Maps does not work with Handoff in Developer Preview 1.
Phone calls to and from the Mac may sometimes not complete or send and receive audio.

Dictation
Known Issues
Dictation shortcut text field is missing from Dictation preferences.
Opening the Customize Commands of the Dictation preference panel may cause System Preferences to hang.

Extensions
Known Issues
ShareKit extensions may crash when the Share sheet is closed.
Finder Sync extensions may not function correctly.

Family Sharing
Known Issues
Shared purchase history page on Mac App Store and iOS App Store are disabled.
Viewing of Family purchases is not available in Developer Preview 1.
Items already owned by family members must be re-downloaded from the Purchased page (not Store pages) to get them free of additional charge. .
Under 13 account creation is disabled in Developer Preview 1.
While using the iTunes Store you may experience a spinner that never completes. Log out and back in to iTunes to correct the issue.
Email invitations are not enabled; members can join using push notifications or via inline password entry flow.
Notifications for “Ask to Buy” are not available on older clients. After parental approval, kids will have to reinitiate the purchase.
You can’t approve an “Ask to Buy” request from the requestor’s iOS device.
Streaming video from iCloud may present a black screen. Downloading the video will allow playback.

Finder
Known Issue
Some graphical corruption may be visible when using Icon View in Finder.

iCloud
Notes
iCloud Documents & Data created with Developer Preview 1 will be deleted from the servers at some point during the beta period. Your devices using Developer Preview 1 will maintain copies of those deleted iCloud Documents & Data. After the server deletes that data, all iCloud Documents & Data you previously used on OS X v10.9 and earlier or iOS 7 and earlier will be copied on the server over to the OS X v10.10/iOS 8 version of iCloud Documents & Data. Your devices using Developer Preview 1 will then re-upload their copies to the servers. If you delete those copies on your Mac before they are uploaded to the servers, and if you don’t have a backup of them, those documents will be lost. Documents and data managed on earlier releases of OS X and iOS will not be affected by any of this.
The Web UI for managing iCloud Documents & Data does not show the documents and data managed by systems running Developer Preview 1. Documents and data synced with previous operating systems will be displayed.
Changes to iCloud Documents & Data in Pages, Numbers, and Keynote on Macs using OS X v10.10 Developer Preview are only available on other devices using OS X v10.10 Developer Preview or iOS 8.0 beta. Any changes from devices using earlier versions of OS X or iOS will not be available. Changes will also not be visible in Pages, Numbers, and Keynote on iCloud.com.

Known Issues
Some account password prompts may request the same login information several times before dismissing.
Finder may spin after adding a large number of items to iCloud Drive.

iPhoto
Known Issues
iCloud settings for My Photo Stream and Shared Streams will be preserved from earlier versions of OS X on upgrade to Developer Preview 1. However, turning off Shared Streams will turn off My Photo Stream, and visa versa.
Turning off My Photo Stream or Shared Streams may not be available in System or Application preferences after upgrading to Developer Preview 1.

Mail
Known Issue
Mail may not be able to set up new Mail accounts within the Mail application.

Markup
Known Issues
The Markup Signature panel may not detect touchpad events.
Markup Annotations cannot be modified after clicking Done.
Markup panel may not display toolbar when invoked.

Messages
Known Issue
Old iMessages stored on your computer are incorrectly deleted when upgrading to OS X v10.10 Developer Preview. Backup your Messages in ~/Library/Messages before upgrading.

QuickTime
Known Issue
Video Recordings of attached iOS devices running iOS 8.0 beta 1 may flicker and have audio/video timing issues.

Remote Desktop
Known Issues
The Remote Desktop Admin Application may be unable to download client installers.
Apple Remote Desktop feature Changing Client Settings is not supported for Developer Preview 1.

Safari
Known Issues
Some panels and buttons may not be accessible or operate as expected.
Subpixel rendering is now on by default for all web content. Web sites or in-app web views with extremely tight design constraints may render differently.
Typing a partial site name and pressing Return can cause navigation to a search engine result page instead of the expected navigation to a commonly visited website identified as a Top Hit.
Typing a multi-word search term and pressing Return can cause inadvertent site-specific searches instead of the expected web search engine search result page.
The selected tab when searching for an iCloud tab from another device may not be the tab opened.
Smart Search Field stop/reload button, one step button, and other smart search field controls are not accessible.
Using Safari Test Drive on multiple systems which are configured to sync Chrome or Firefox bookmarks to Chrome/Firefox cloud-based sync services may cause duplication of bookmarks.
Date & Size limits set in Safari are not enforced in Developer Preview 1.
Safari may stop responding while loading video when playing Netflix content.
When changing languages while playing Netflix content, it may take several seconds for the audio to switch to the new language.
Keystrokes may trigger alert sound when in Netflix full-screen playback mode.

Server
Known Issues
Systems running Developer Preview 1 may be unable to connect to share points over SMB.
Systems with earlier versions of OS X may not be able to connect to a server running Developer Preview 1 over SSL.

Tools
Notes
In Developer Preview 1 unsigned or improperly signed kexts will not be loaded. To use unsigned kexts during development, this strict check can be disabled by adding a “kext-dev-mode=1” boot arg.
AVFoundation changes the way some ID3 metadata values are represented as AVMetadataItems for binaries that are linked with the Developer Preview 1 SDK.

Known Issues
In some cases, multi-word script terminology is not properly mapped to JavaScript identifiers by the runtime, and so the properties supported in the runtime do not always match the properties that are documented.
Installing kernel extensions on systems running Developer Preview 1 may make your system un-bootable. To fix the issue, boot into the Recovery Partition and run the following:
touch /Volumes//System/Library/Extensions
kextcache -u /Volumes/
Some Apple Script Editor toolbar buttons may not enable/disable properly. The menu items can be used instead.
When running JavaScript in the script editor, Boolean evaluations may fail on second execution.

Other
Known Issues
Some text may not be localized to the selected system language.
Some languages may have clipped or misaligned layout.
Some Accessibility features may not function correctly in Developer Preview 1.
Some panels may appear transparent.
The Print panel may not appear in some applications.
Applications that are not compatible with Developer Preview 1 may hang before presenting an incorrect error.
Some 64-bit preference panels may fail to load after restarting System Preferences in 64-bit mode. Relaunching System Preferences resolves the issue.
Netboot may fail to find local drives and shutdown.
Systems without a display attached may experience decreased performance.
PhotoBooth is not included in this developer preview.
Auto-Submission of Diagnostic and Usage Data
By default, OS X v10.10 Developer Preview builds automatically send anonymous diagnostic and usage data back to Apple. This includes information about crashes, freezes, kernel panics, and information about how you use Apple and third-party software, hardware, and services. This information is used to help Apple improve the quality and performance of its products and services. The preference is cleared in this seed. This will allow the collection of anonymous diagnostic and usage data to help deliver a high quality release for our customers. If necessary, this setting can be disabled in the Privacy tab in the Security & Privacy preferences pane.

Legal Notices
The pre-release software identified above is Apple Confidential Information and your use of such software is subject to your Registered Apple Developer Agreement and Mac Developer Program License Agreement. Distributing such pre-release software to anyone other than another Registered Apple Developer who is working for the same entity as you is considered a violation of your agreement with Apple and is damaging to both Apple and those who develop for the Apple platform. We sincerely appreciate your efforts to keep this pre-release software Confidential. You agree that you will not export or reexport any of the software or Confidential Information received from Apple (a) into (or to a national or resident of) any U.S. embargoed countries (currently, Cuba, Iran, North Korea, Sudan, or Syria) without first obtaining proper authorization from the U.S. Government; or (b) to anyone on the U.S. Treasury Department’s list of Specially Designated Nationals or the U.S. Department of Commerce Denied Person’s List or Entity List. You also agree that you will not use said software for any purposes where prohibited by United States law, including, without limitation, the development, design, manufacture, or production of nuclear, missile, chemical, or biological weapons.

Installation tip

Get your download code from the Mac Developer Program

Then start installing your copy of Yosemite