Exclusive Report: EFI-X Mac Booter, A Scam?

This happens to be the situation with a little known company called Art Studios Entertainment Media, or ASEM for short. The company is most famous for making a module called the EFI-X, which it claims to allow simplistic booting and running of Apple's Mac OS X. And that, it really did. Several media outlets, including us, last year received a batch of EFI-X modules and it certainly did what it claimed to be able to do.

Quite simply, one need only connect the EFI-X module onto a motherboard's USB header, boot the system, set the module as the default booting device, and go. Have a retail Mac OS X Leopard disc handy? Insert, and boot. Install, reboot and you're running OS X on a PC (using compatible hardware of course) almost perfectly--and this is where the problems really began.

Back last year when the modules were selling like hotcakes, people were thrilled that they didn't have to hack their own way to using OS X on their custom build PC. This was considered as the ultimate solution. At the time, the OSX86 community was already in full force with its own software solutions, namely Chameleon (based on PC EFI10) and Boot-132. While considerably much more difficult to put together, Chameleon and Boot-132 offer significantly more configuration options than EFI-X. Those who didn't know how to, or couldn't be bothered to spend time figuring out how, could cough up roughly $280 for an EFI-X module and be on their way.

When we tested our module, everything did work as claimed. However, not all users were able to get a 100-percent working system. Eventually, ASEM released a new firmware, but then things started breaking. For example, our onboard LAN no longer worked with Apple's Bonjour protocol. This meant that it couldn't see other Macs on the network (unless you directly connect), and iTunes couldn't share music. This problem, existed for a considerably long time. While there were solutions around it (like obtaining another standalone network card), it was frustrating.

As time went on, more problems were introduced while others were fixed. ASEM customers grew increasingly frustrated and voiced their concerns onto the forums. Unfortunately, many forums posts ended up being removed by the ASEM moderator team. Many users, also complained that their EFI-X 1.0 modules were dying after some time of use. Some customers were experiencing intermittent booting problems. Sometimes the module would be detected by the system BIOS, other times it wouldn't. After a while, the modules themselves would no longer be detected at all. Unfortunately, this also happened to three of our modules.

We, and everyone else, were told not to worry, as version 1.1 of the module would be able to address all these issues. Version 1.1 would include higher quality components, be gold plated, and include several other features to ensure compatibility and longevity. Why wasn't 1.0 made to higher quality standards to begin with? Some people were having dying modules. Then many. Then a whole lot. Eventually, customers were banned from voicing their concerns on ASEM's forums.

On the other side of the net, members of the OSX86 community suspected that the EFI-X module was nothing more than a repackaged Chameleon/Boot-132 bootloader placed onto a USB stick with DRM to prevent reverse engineering. Telltale signs included problems that also existed with the software bootloaders, as well as the same compatibility charts. Coincidentally, issues that were patched up in the OSX86 community became available on the EFI-X modules shortly after. Throughout all this, ASEM still denied any connection to Chameleon or Boot-132.

Until this:

Several people in the community have decided to take it upon themselves to dissect the EFI-X modules.

Taking one apart though, isn't easy. Once the outer casing is removed, you'll find the PCB covered in a thick coating of black epoxy. This is obviously done to shield prying eyes away from what really lurks beneath--nothing more than a USB stick with a DRM module on board. One user by the name of AsereBLN, has even written about his grueling frustrations with ASEM and his modules, went to lengths to open the unit up. His findings:

"I could find out which microcontroller is used for the EFI-X™. It was not that difficult. Searching for a microcontroller:

  1. with a 64-Pin TQFP package
  2. and USB support
  3. an oscillator connected to pins 5 & 6
  4. USB D-/D+ connected to pins 44 & 45

... gave me very quickly a Cortex™ M3 from STMicroelectronics. A test with a spectrum analyser ruled out, that the microcontroller runs very likely at 72Mhz. Got a peak at 8Mhz (the resonator frequency), a small peak at 36Mhz, a strong peak at 72Mhz and another small peak at 108Mhz (72+36). So the microcontroller must be a STM32F103Rx. To figure out the exact model one must connect a JTAG debugger. The pads to do so are there."

(Photos courtesy: AsereBLN)

Very first analysis: The EFI-X module is made of nothing special at all. The module uses only one USB-port. The second USB-port of the mainboard connector is unused and not connected (See the backside photos). There are a microcontroller (64pin TQFP package, maybe it's a CPLD/FPGA), a 8 MHz ceramic resonator, a 5V to 3.3V DC-DC converter and a flash memory (presumably 256MB). The PCB seems to be a 4 layer.

The above information is from AsereBLN's blog, detailing his long term experience with the EFI-X module. What's most alarming is that based on talks with manufacturers in Taiwan, this module, with the exact components, would cost no more than $10 to produce under volumes of 1000.

AsereBLN went ahead and attempted to read the OS X Syslogs and kextstat output revealing some details of the firmware used on the EFI-X module. His findings? EFI-X uses code taken straight from the OSX86 community, without attribution. In fact, it was discovered that the .kexts (kernel extensions) files used by the EFI-X modules were nothing more than community made patches that were patched up to conceal their origin.

Another user who felt burned by ASEM, looked into the whole situation between EFI-X 1.0 modules and 1.1 modules. His conclusion, 1.1 modules are designed to increase sales. One source close to the firm even told Tom's Hardware that "EFI-X 1.1 modules were simply made to get more money from the same folks that bought into 1.0 modules--they're basically reworked versions of unsold 1.0 units."

(Above: images of early builds of EFI-X 1.1 modules. Our 1.1 modules were built later and did not have hand soldered wiring.)

"Our altruistic friends at ASEM (who never, ever do anything just to make a buck) have just announced on their forum that revision 1.0 of the EFi-X will never run Snow Leopard. Anyone that wants to run Snow Leopard has to buy a new EFi-X dongle (version 1.1, which was supposed to differ from 1.0 only in that it was physically less susceptible to power spikes)," wrote the customer.

Last year, we were told the same thing by ASEM: EFI-X 1.0 modules were only higher quality 1.0 modules and both would be fully future proof for Snow Leopard and beyond. In fact, we were told that the new firmware being released for all EFI-X modules would assure guarantee this. Alas, ASEM made an about-face with its promise. However, from our use and sourcing, we believe both 1.0 and 1.1 modules are incompatible with Snow Leopard at this point in time. To boot Snow Leopard, the bootloader requires a DSDT.aml file which is essentially a custom configuration of the machine. The software used on the EFI-X modules at this point do not support handling a DSDT file.

From the sources we have spoken to, it seems as though EFI-X 1.1 modules are sent from factory with "1.1" encoded into the firmware, so that the firmware updating utility will only update 1.1 modules to be compatible with Apple's newly released Snow Leopard. Customers who purchased 1.0 modules will not be allowed to use the new Snow Leopard-compatible firmware, and instead be directed to a crippled firmware that supports only Leopard. If you're an EFI-X 1.0 users who wants to install Snow Leopard, you've got yourself two options: Spend another $300 for an EFI-X 1.1 (which is really a 1.0 that's been tweaked), or move over to the open source (and open community) Chameleon or Boot-132 solutions.

There is now hard coded evidence that even the firmware updating utility used by the EFI-X module steals code under the GNU Public License without proper attribution, and in fact, replaces all refrences to the original libary with its own name.

Many users are switching.

A community of disgruntled EFI-X customers have setup an open forum to discuss their issues here. On this forum, customers are able to exchange their solutions and detail their problems that they've had or are having with ASEM.

We contacted Davide Rutigliano to get his word on what's going on with ASEM, despite leaving the firm. Davide had this statement to give:

It saddens me to see so much hatred going on about EFI-X and ASEM. I am no longer working for the firm since June, but I tried to keep a friendly relation with anyone I had the pleasure to deal with, and I'm glad that I didn't fail in this. One of the reasons why I left ASEM is because I was never allowed in the development, which is something that perhaps presumptuously I think I could have been involved with. Other reasons are irreconcilable views on how to run the company. I was never the owner of the company and although having been given a title of CEO I never wanted to interfere with someone else's dreams and directives for a matter of personal respect, even though I profoundly disagree with many of the choices that have been made,All in all, I feel tremendously upset about all that is happening, and I hope for a swift solution where justice will prevail. All the people I dealt with during my work at ASEM, be them customers or distributors know that I have put all myself into the project, and that I was in good faith. I never had sufficient involvement in the hardware and software development to agree or disagree with the claims being made, so all I can hope for is that the situation will swiftly solve in the best way for everyone. I did not abandon EFI-X customers, that can contact me anytime, I'll always be there for them.--Davide Rutigliano

What will become of ASEM? At this point, no one is sure, but the forum moderators have all but left and what is left are mounting customer complaints (registration required). One forum moderator who went by the forum name of Amantheboy, even left and set up his own website to show how to do it all using freely available resources.

[Update 09/08/09] AsereBLN now indicates that ASEM wants to sue him for opening up and attempting to decode the EFI-X module.

  • jellico
    It seems pretty obvious that ASEM is perpetrating a fraud. I truely hope they get everything they deserve.
  • warmon6
    AsereBLN now indicates that ASEM wants to sue him for opening up and attempting to decude the EFI-X module.

    Hmm.. something tells me that that wont work to well.
  • an0n
    A company that helps you violate the EULA of a software package is not on the level?! What has this world come to. The next thing you know, drug dealers will be short changing their customers.
  • zak_mckraken
    Very bad news for the users who got burned. Very good news for Apple and their fanbois.
  • jellico
    warmon6Hmm.. something tells me that that wont work to well.Oh, I'm sure some slick lawyer will be able to find something in that onerous piece of crap law known as the DMCA (Digital Millennium Copyright Act) that they can use to harass the poor guy (i.e. force him to spend a lot of money defending himself against baseless accusations).
  • jincongz
    Class action suit anyone?
  • Uncle Meat
    This is obviously done to shield prying eyes away from what really lurks beneath--nothing more than a USB stick with a DRM module on board.

    Did anyone ever think it was anything else?
  • Major7up
    I think that this is a great example of why Apple so ferociously protects its IP. I had once considered buying one of these modules but now I am glad I didn't. I kind of hope they do sue the guy who opened up his module just so more of their dirty secrets come out and then maybe the gov't can jump in too.
  • christop
    I thought this was a piece of poo.. Get off you lazy butt and hack your way to osx if you want it.. WHAT A BIG SCAM!!! You blow efix-rippoff
  • SAL-e
    jellicoOh, I'm sure some slick lawyer will be able to find something in that onerous piece of crap law known as the DMCA (Digital Millennium Copyright Act) that they can use to harass the poor guy (i.e. force him to spend a lot of money defending himself against baseless accusations).Actually DMCA has second provision: Removing the copyright notice is violation. This case ASEM has violated DMCA by removing the GNU GLP license. I guess FSF will have all their lawyers working against ASEM and they could be very persistent also.
    If I am ASEM, I will find plastic surgeon and disappear and stay away from any authority institution.