Hi peops well has anyone heard of the news which relates to GOFETCH, apparently this can infiltrate the silicon cpu coding and exploit it.
Now I wonder if this enables serial number extraction and implementation ??
Just my 2 pence
Laters
Oxy
😁👍
-
hello friend i want to unlock icloud from M1 A2338 is model. trasfer M1 cpu + wifi + bt, after thes put in dfu begining install sonoma but after 5 minute giving error 9, any suggest ? please help me, thanks is advanceLeave a comment:
-
dear brother did you find the serial on M1 macbooks? its in rom becuase i finded already in u4700 EEPROM chip but i can't. NEED HELP THANKSOriginally posted by oxonater View PostRe: Unserialized M1 Pro
So this maybe were the serial is I bet, just need a reader of sorts
Leave a comment:
-
Well yes the end goal is to retrieve the serial where ever this may be and then we all can perform the magic, sadly until that time has come we can only surmise !!Leave a comment:
-
If we can find a serial on the M1 boards MDM removal or programming new serial is a cake walk for me. I do not care if it requires soldering or a heat gun. I already remove MDM easily on T2 Macs without issue.Leave a comment:
-
Re: Unserialized M1 Pro
So this maybe were the serial is I bet, just need a reader of sorts
Leave a comment:
-
Re: Unserialized M1 Pro
As I understand, SOCROM is System On Chip ROM.
This is the same as SPIROM on T2 Macs.
I was looking at the schematics and wondered whether anything useful is in the SEPROM (U0500)? It's accessible via I2C.Leave a comment:
-
Re: Unserialized M1 Pro
Don't think that gonna make an iota of a difference, I am just guessing here but I posted months ago about a DFN chip situated left of CPU. Now this is near to the ROM on the underside of board and when looking at schematics it refers to some lines that go to CPU as SOCROM.
Anyone familiar with this abbreviation trying to find a reader as I have removed from a dodge board any points in the right direction will be greatly received !!
OXY
Leave a comment:
-
Re: Unserialized M1 Pro
This would be a good topic. I would easy make a tutorial about removal if we can locate the serial on M1 boards.Leave a comment:
-
Re: Unserialized M1 Pro
Morning all
Ok so the serial is not stored in the ROM as my own tests have confirmed this, removed ROM from MDM M1 and placed on another M1 and after some errors (As need proper DFU mode for M1) device restored although App configurator says it fails nope it doesn't.
The device is booting into Sonoma an activated with the original serial even though it had another ROM from another machine with a supposed serial.
This concludes there must be another ROM chip located elsewhere which contains the info required I am only interested in MDM removal at present !
Any other info would be of great help
Cheers OXYLeave a comment:
-
Re: Unserialized M1 Pro
So is it stored in the usual place but encrypted, as the M1 based on ARM architecture it must use some other method of being able to decrypt the bin to determine the serial. Only interested in the purpose of removing MDM an icloud at the mo
Leave a comment:
-
Leave a comment:
-
Re: Unserialized M1 Pro
Yup, you just did the normal MDM bypass method that many others have done over the past ~4-5 years. That solution still exists--to my knowledge--FOR MDM LOCKED BOARDS ONLY. It is of no use with iCloud-locked boards. It sounds like the critical piece missing from your scenario, is a DFU restore. The ROM chip you reference stores a copy of the serial/firmware that is written to it during a restore. It is not written-to, but only read, during update processes and/or internet recovery (which is not a proper DFU restore). So your experiment didn't really test anything that is unknown, if that makes sense.Originally posted by oxonater View Post
The problem will always be Apple's verification servers.
Leave a comment:
-
Re: Unserialized M1 Pro
Hi again
Thanks for the clarification, I also can confirm boards are unserialized when I get them and have to run the Apple software utility to write serial to refurbed boards (AS THEY NOT NEW LOL)
So with this in mind I believe that there is another location that stores the serial and it connects with Apple over the net and it allows the write process to begin.
A little experiment I tried just recently was removing the ROM chip (winbond) from a refurb board and replaced with another ROM (mx25) which was MDM locked not icloud.
After the replacement the new board went through as normal with the diff ROM it came with passed sys config repair was complete.
So this ROM has no effect on anything which leads me to believe there is more than one which communicates with the M1 CPU and allows the serial to be stored.
Still no closer to getting round this but i'm on the inside looking out so can try other things !Leave a comment:
-
Re: Unserialized M1 Pro
The serial will certainly be written-to and stored-in a writable sector of CPU/memory on the chip. It's not at all unusual that Apple would have a way to provide blank/unserialized chips for their refurbishing facilities, who then write serials as the boards go out the door. But, this one--for whatever reason--was missed. I know the Apple stores used to serialize boards in-house, but unsure if that's still the case. If it is, then it's possible a board sent for an AASP repair wasn't serialized before being sent out the door. Who knows, but it's easily explainable.
The real problem is still a very simple problem with a very difficult solution: All locked Apple serials are stored on Apple servers--confirmed. All locked serials will be compared against Apple's server during any restore/OS install--confirmed. So, the ONLY SOLUTION--again--to dealing with iCloud locked devices, is to somehow REMOVE the locked serial from Apple's servers. Period.
So, if you don't have any ideas for doing this, then I'd instead focus on learning other repairs, because you will end up wasting a ton of time.Leave a comment:
-
Re: Unserialized M1 Pro
Hello
Thanks for the definitive answer makes sense, and yes in agreement with the fact Apple have these special tools at their disposal. And transferring CPU'S across sounds like a proper ball ache !
Still I wonder how a board is not serialised until it is connected to their server, it's like the serial resides somewhere else dormant until copied across. This sounds a little far fetched I know but there is another EEPROM chip located next to the CPU and this is almost directly above the ROM chip on the other side of an M1 pro board U0500.
Having extracted this little bugger it is a DFN style but smaller than the ROM chip and need to find something to read it.
The M2 pro have the same both of these appear in almost similar locations ah well seems like we have hit another brick wall so close but yet so far.
Oxy
Leave a comment:
-
Re: Unserialized M1 Pro
Take 2 working M1/Pro/Max/M2 boards. Swap the CPUs. The serials will be swapped, after you restore them both. So yes, I think it's pretty definitive that the serials are within the CPUs--at least PRIMARY copy, which is the one you're worried about.Originally posted by oxonater View PostHi
Can we categorically confirm that serial is stored in CPU, if so how does a blank board that comes from Apple have the serial written over a network in sys config. Is there not another chip that has this info and works alongside the M1 chip with the additional ROM.
Either way there is a way round this as long as Apple don't know the board eee code or full number of said Logic board !
thanx oxy
That being said, I'm am POSITIVE that Apple has a way to write a serial a very quick and simple way, but they have access to tools/software that we do not. So, we are speaking of two different worlds here, keep in mind.Last edited by ugamazing; 10-08-2023, 03:40 PM.Leave a comment:
-
Re: Unserialized M1 Pro
Hi
Can we categorically confirm that serial is stored in CPU, if so how does a blank board that comes from Apple have the serial written over a network in sys config. Is there not another chip that has this info and works alongside the M1 chip with the additional ROM.
Either way there is a way round this as long as Apple don't know the board eee code or full number of said Logic board !
thanx oxy
Leave a comment:
-
Re: Unserialized M1 Pro
Serial stored in CPU and is linked to WiFi chip, unsure how this even happens. You won't be programming a new serial (don't bother, unless you feel determined to figure out something that nobody else has been able to for years at this point), and if DFU doesn't do anything to resolve, you are out of luck unless you pay Apple to take care of it.Leave a comment:
Leave a comment: