OK, I found a quick way to pull serial info from locked boards. Going to go through and pull more M1 ROM dumps later this week to check for emails; I still haven't found any in the dumps I've checked (over 25 checked now--including 2 more A2442 boards), but going to play with different scenarios (will take time).

Could you please share the used method

Could you please share the used method

One way for bypass M1 will be patching ipsw file, eg. UniversalMac_11.0.1_20B29_Restore.ipsw\022-10604-034\3_Apple_APFS

KRAActivationAuthViewController



Similar work has been successfully performed for iphone:

1. Download the iPSW file you need from the official website: IPSW.
2. Secondly, convert the iPSW file into a ZIP file by changing the extension and extract it.
3. Now open the extracted file folder, and you will see 3 different .dmg files in there.
4. Look for the biggest file and drag it to your desktop. You will notice that the .dmg files will not be able to open in one click. It's because these files are encrypted.
5. You would need a firmware key to open this file. For this purpose, direct to “The iPhone WiKi” and find your firmware key.
6. Once you have the key, it's time to use ???iDecrypt that is already on your Mac. Simply launch the software and open your .dmg file with it.
7. You will see a warning message on your screen. Simply click on the “OK” button and select your output folder and paste your key for “RootFilesystem."
8. Now, you need to click on “Decrypt DMG," and when the process is finished, you will see a success message.
9. Open the iPSW file that is decrypted and go to the Applications folder. Here, you need to delete the “Setup” file.
10. Then, exit this folder and right-click on your decrypted file and click on “Eject."
11. When the file is successfully saved, delete the original file and rename the new decrypted file matching the original file. Then, paste this file into the extracted folder again.
12. The last step is to compress the folder back to the IPSW format.

Hello, a day ago I found a video where they indicate that it can already be unlocked, if someone knows how we can do it, share it with them.

Hello, a day ago I found a video where they indicate that it can already be unlocked, if someone knows how we can do it, share it with them.

Do not post links to videos when the user is offering paid services.The user in question was banned from here for his bullshit.Don`t post it again.

a thousand apologies I had no idea that it was prohibited I will not do it again.

That 'method' in the video is just little-known Apple IT stuff that's been online for years. (shift control option command right period)
You're entering recoverydiagnose for debugging.
Fun to play with, but not exactly secret.

https://derflounder.wordpress.com/20...acos-recovery/

Hi. maybe someone knows from the diagnostics section (where safari is available) you can somehow start the terminal? or perhaps there is another way to enable the terminal?

hey @Mario1241 pongoOs can be booted on m1 but is useless. if you can't pwn m1 processor (like t2). On m1 we need to understand if 1TR or recovery, when locked can boot other os, and if yes what we can mount without aes engine. if you have another mac i can send you a ways for boot linux and check what we can do. Just a remember we need a full patch or mobileactivationd and a dump of t2 macbook bypassed with minacriss can be the key.

Hello genhack , I share with you.

I currently have two m1(A2338) macs, they don't have the T2 chip.
Through DFU I have been able to reverse the firmware of the locked mac I have installed the UniversalMac_11.0.1_20B29_Restore.ipsw even so I have not been able to skip the icloud step.

I have tried to start with linux but the operating system does not recognize me or it does not show me the memory or at least I do not know how to boot the operating system that is already combatable.

I have also experimented opening the hidden menu in the diagnostics but still I can't open the terminal because it doesn't recognize it.

The hidden diagnostic menu lets me store all the scans on a usb stick.

I have also tried to use an external disk with the operating system installed to be able to use it and it does not allow it.

The hidden diagnostic system allows me to store all the analysis on a usb stick.

Tell me how I can experiment with the locked computer, or can you think of any other option.

best regards

Hello Mario,
In order:

You can't edit and flash this ipsw, Bootchain will refuse any mod. so this try is usless untill m1 is pwn (*Like t2* with checkm8).

Ok i think you need to check how boot m1m1 by usb. Just a Ps: M1 will refuse to boot other os in activation, secure state is enbaled but you can try.

About diagnostic, i check myself and i think there is no way to use external drive for boot something or open app. Diagnostic is designed for just save do that and can't be the skip part of the process, you need to sign binary inside the other volume and make full bypass, this mean if i press activate you go on this flow and do all things you need for boot proper. if mobileactivationd don't make the necessary cert of the devices i think you will never boot inside the real os.