The answer would be 'not here'. Apple are known to be litigatious, so posting any links to third party sites hosting (c) Apple firmware could make trouble for our host (EEVblog Dave). Also, as we have absolutely no way to confirm (A) your friend's legitimate ownership, and (B), that all subsequent readers of this thread legitimately own any Apple hardware in their possession, leading you by the hand to a site that cracks Macs would be stupid, unethical and again could make trouble for Dave.
.dmg files can be extracted under Windows (as 2 minutes googling dmg file would tell you), so if you have access to legitimate binaries, don't let the lack of a Mac stop you.
However it is highly likely that the official firmware updates DO NOT overwrite critical data like the machine serial number or firmware password, so I doubt you'll find anything to help in them.