Announcement

**Stephen** · 11-11-2024, 12:47 PM

Hey Muerto, question. Is this program capable of reading information SUCH as serial off a MacBook with T2 chip without the need to desolder the SOCROM chip and reading it? Is there a way to read via DFU? Just curious , or do you have a method or if not is there method in development?

**MuertoGB** · 11-11-2024, 02:49 PM

Originally posted by Stephen View Post

In order to bypass an MDM it would be ran with software, however when trying to REMOVE the MDM lock permanently, one would need to change the serial to the device. If you can change the serial number on the device without the need to desolder the chip that retains the information of the board such as EFI lock/FIRMWARE LOCK, Serial number of the board then that would be pretty awesome. But in order to remove the MDM lock on T2 machines one has to desolder the SOCROM chip next to the T2 chip. Reprogram with ASPROGRAMMER, and then change the serial with WinHex. Find the serial, DO NOT change any of the code but the serial so it can still normally boot. That is how its done.

Good to know, I've added this functionality to version 2. It is able to change the serial in the SPIROM dump.

**MuertoGB** · 11-11-2024, 02:51 PM

Originally posted by Stephen View Post

Hey Muerto, question. Is this program capable of reading information SUCH as serial off a MacBook with T2 chip without the need to desolder the SOCROM chip and reading it? Is there a way to read via DFU? Just curious , or do you have a method or if not is there method in development?

No it cannot, it requires a SOCROM dump. Only the T2 has access to the SOCROM, it must come off to be reprogrammed.

**Stephen** · 11-11-2024, 03:12 PM

Originally posted by MuertoGB View Post

No it cannot, it requires a SOCROM dump. Only the T2 has access to the SOCROM, it must come off to be reprogrammed.

I see so I am essentially doing the same thing still. This program is good, working progress. Might be a good idea to find a way to get the program to read serials on M1 devices and see if we can find a way to change serial on M series laptops, a good start would be an M1 for now and see if we can get dumps on that and be able to read the serial. If we can manage to do that, MDM removal would be viable for off set devices that companies get rid of and forget to remove their MDM. Very common in this industry at scale.

**PITERPENY** · 11-11-2024, 05:17 PM

Wow! THANK YOU! A big human thank you for your work! I am shocked by this simply incredible tool! Now I can quickly see why I have a bunch of files on my computer and also see why the chips are lying on my desk! Thank you!

**PITERPENY** · 11-11-2024, 05:23 PM

Originally posted by Stephen View Post

In order to bypass an MDM it would be ran with software, however when trying to REMOVE the MDM lock permanently, one would need to change the serial to the device. If you can change the serial number on the device without the need to desolder the chip that retains the information of the board such as EFI lock/FIRMWARE LOCK, Serial number of the board then that would be pretty awesome. But in order to remove the MDM lock on T2 machines one has to desolder the SOCROM chip next to the T2 chip. Reprogram with ASPROGRAMMER, and then change the serial with WinHex. Find the serial, DO NOT change any of the code but the serial so it can still normally boot. That is how its done.

to unlock EFIROM i use this device ! can i use it to read SOCROM T2?

Attached Files

**MuertoGB** · 11-12-2024, 01:52 PM

Originally posted by Stephen View Post

I see so I am essentially doing the same thing still. This program is good, working progress. Might be a good idea to find a way to get the program to read serials on M1 devices and see if we can find a way to change serial on M series laptops, a good start would be an M1 for now and see if we can get dumps on that and be able to read the serial. If we can manage to do that, MDM removal would be viable for off set devices that companies get rid of and forget to remove their MDM. Very common in this industry at scale.

The SOCROM is a rather simple structure. We have the header, followed by two endoded sections (possibly DER ASN.1 objects?), then the System Config store (SCfg) and then NVRAM (May be some other small blips of data around the place).

On Apple Silicone devices, the Scfg in the SOCROM has been either completely removed, or moved into an encoded section. There's not much I can do here at the moment, unfortunately. However, I continue to pull apart and find what I can.

**MuertoGB** · 11-12-2024, 01:56 PM

Originally posted by PITERPENY View Post

Wow! THANK YOU! A big human thank you for your work! I am shocked by this simply incredible tool! Now I can quickly see why I have a bunch of files on my computer and also see why the chips are lying on my desk! Thank you!

Thank you, I appreciate the kind words.

For SOCROM dumps from the SPIROM, the IC is 1.8v 8-USON (or USON8) 4x3mm.

1. Does EZP support 1.8v? If not you need a 1.8v adapter.
2. USON8 4x3 adapter here on AliExpress: https://www.aliexpress.com/item/1005007137888078.html (Choose Color: USON8-4X3-XG)

More information I wrote here:
https://logi.wiki/index.php/T2_Diagn...OM_Programming

**MuertoGB** · 11-14-2024, 09:23 PM

Version 2.0.0 released:
https://github.com/MuertoGB/MacEfiTo...leases/tag/200

Any issues, please get in touch.

**PITERPENY** · 11-15-2024, 07:06 AM

Originally posted by MuertoGB View Post

Thank you, I appreciate the kind words.

For SOCROM dumps from the SPIROM, the IC is 1.8v 8-USON (or USON8) 4x3mm.

1. Does EZP support 1.8v? If not you need a 1.8v adapter.
2. USON8 4x3 adapter here on AliExpress: https://www.aliexpress.com/item/1005007137888078.html (Choose Color: USON8-4X3-XG)

More information I wrote here:
https://logi.wiki/index.php/T2_Diagn...OM_Programming

I bought the adapter you recommended, but I have a problem and I hope you can help me solve it.

Attached Files

**PITERPENY** · 11-15-2024, 07:49 AM

Originally posted by PITERPENY View Post

I bought the adapter you recommended, but I have a problem and I hope you can help me solve it.

but I forgot about the 1.8v adapter.

**MuertoGB** · 11-16-2024, 05:10 PM

Originally posted by PITERPENY View Post

but I forgot about the 1.8v adapter.

Purchase a 1.8v adapter and we'll go from there, do not plug the T2 SOCROM into 3v3, there is an extremely high chance it will burn out.

**Kien Pham** · 11-17-2024, 09:56 PM

[QUOTE=MuertoGB;n3505145]

please guide me to unlock icloud from t2 rom chip. i am stuck at this step. model mac mini 2018 A1993 I have the bin file of the chip

I would be grateful for your help

Attached Files

**MuertoGB** · 11-18-2024, 03:19 PM

[QUOTE=Kien Pham;n3509543]

Originally posted by MuertoGB View Post

please guide me to unlock icloud from t2 rom chip. i am stuck at this step. model mac mini 2018 A1993 I have the bin file of the chip

I would be grateful for your help

You cannot "unlock iCloud" with this application.

**MuertoGB** · 11-18-2024, 07:22 PM

Version 2.0.1 released:
https://github.com/MuertoGB/MacEfiTo...leases/tag/201

The manual has been rewritten and added to the project:
https://github.com/MuertoGB/MacEfiTo...ication-manual

**Kien Pham** · 11-19-2024, 09:53 AM

[QUOTE=MuertoGB;n3510142]

Originally posted by Kien Pham View Post

You cannot "unlock iCloud" with this application.

how can i unlock icloud? glad you responded

**MuertoGB** · 11-19-2024, 03:10 PM

[QUOTE=Kien Pham;n3510673]

Originally posted by MuertoGB View Post

how can i unlock icloud? glad you responded

I don't know, make a post in the forum.

**reformatt** · 11-19-2024, 09:32 PM

iCloud activation lock is linked to multiple hardware items on T2 and above, and not just linked to serial number. It was changed years ago by Apple due to some practices that China were using to bypass the locks on iPads.

**Kien Pham** · 11-19-2024, 10:03 PM

i really hope someone can help me how to unlock my mac mini

**PITERPENY** · 11-20-2024, 04:03 PM

HI MuertoGB
I finally got the adapters and built the pyramid! But my programmer does not detect the chips automatically and I still get an error! Please help me determine the chip settings!

Announcement

Mac EFI Toolkit

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment