View Single Post
Old 11-23-2021, 12:19 PM   #53
Meow Meow MEOW!
Stephen's Avatar
Join Date: Apr 2020
City & State: USA 🇺🇸
My Country: United States
Line Voltage: 120VAC 60hz
I'm a: Hardcore Geek
Posts: 560
Default Re: T2 Chip Programmer Tool

Originally Posted by unilock01 View Post
"iCloud lock" is synonymous with "activation lock", most of the time.

Your second point is where it gets a bit ambiguous. What really matters is whether "Find My (Mac)" is turned on for the device.
If it is, you can't do much unless you know what to replace in a T2 SPI flash dump, which nobody here seems to want to share
If it's not, then you can simply put the device into DFU mode and use Apple Configurator 2 to wipe everything, then use Internet Recovery to reinstall macOS.

But it's very likely Find My is enabled for the MacBook in question; I think that's the default for any Mac (unless you disable location services during setup? which you'd have to do explicitly)

My question:
What do you have to replace in the T2 flash to "unlock" a Mac tied to an Apple account? Just the serial number? Or the MLB + UUID + ROM as well?
Or is that not possible anymore? I don't see how that could be the case; as far as Apple can tell, it's an entirely different Mac, right?

iCloud lock doesn't mean it was lost/stolen etc. It usually means someone could have reset their computer and then put it off for sale without properly removing their iCloud, WHICH is very common in iPhones these days. Apple purposefully is doing this on purpose so people buy a new device instead of second hand, why do you think the T2 was introduced? It was not just a security measure, it was a measure to force people into NEW MacBooks.

As of late you cannot flash the Winbond Chip on the MacBooks and change the serial to unlock it. Changing the serial is only usueful for MDM locks and you should be able to get in them, but MDM locks are very less common compared to an iCloud locked device. MDM is also iCloud locked but it adds an extra layer of locks due to the serial once you get into the OS install. So changing the serial in theory can unlock a Mac if IT IS MDM locked.

The T2 chip code in the Winbond chip wont have any kind of code to state which is to be removed to unlock the device. I would honestly say that there is more into the actual T2 chip itself that ties into the Activation server.

Until then the only method of removing these locks is Jailbreaking it but that has been recently patched, so for now we wait.

NOTE: I can still get into iCloud locks easily without patching via DFU via hardware method but the only way that is possible is as long as the computer was not patched recently via DFU at all, you would not need to use DFU using the T203 method, this is how you can do it.

1. Remove the Winbond chip.
2. Read the data off of the chip, then save the data to your Desktop (windows pc only)
3. Run WinHex, change the serial MANUALLY that is on Mina that is used to unlock it. (IE: In the T203 tool data it will have the Serial plugged in the UNLOCK CODE. Just run WinHex and look for the serial and copy it and paste it. This is the serial activated for Mina.)
4. Then run the jailbreak, then turn on the computer once its jailbroken and activated, reinstall the OS, complete OS setup. Create user and password. Then shut down computer. Remove board if necessary
5. Remove the chip, read the chip via T203, copy the data from that chip on to the desktop, run WinHex and change to the original serial of the device, save the file as a .BIN then program the file to the chip. IF YOU DO NOT DO THIS the chip will be corrupted and you will have to do it all over again! That includes reinstalling the OS. (DO NOT USE THE MINA SERIAL it will run into issues).
6. Solder chip back on then turn on and verify the serial and model of your computer in ABOUT THIS MAC. Voila unlocked and working. No need to patch with DFU.

Stephen is offline