-
-
Re: Macbook M1 bypass FMM / EFI Unlock
If you have a t2 bypassed make a zip with a password of this folder and upload:
I'm working on T2 latest bridgeOS, can be pwn and i think is possible to bypass!Code:/usr/libexec/
You can't just edit ipsw like iphone/ipad, devices will refuse the flash. I need an m1 locked and see where we can play around.Last edited by genhack; 10-27-2022, 11:36 AM.Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
When you start diagnostics there is dmg image (FieldServiceDiskImagePersonalized) downloded via internet, which contains another dmg image (like 012-94675-003.dmg). That last dmg contains apps, libs, lua scripts and so on, for running diagnostics, but this image is trustcache protected, so if you have control over network it is not possible to change... almost.
assume, you've found a way to change on this image whatever you want, what would you do?Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
I've got a couple of bypassed T2s and one that won't unlock due to it having Monteray on it.
I also have a water-damaged M1 that won't charge its battery, and it doesn't seem to have sound but other than that, it's running fine and an identical locked M1 that someone could probably make an easy repair of.Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
actually you can get kernel privileges, bypass the FileVault, mount main partition and do whatever you want. I'm on this stage now, and have already booted linux with success. But my goal is to bypass activation lock and install normal macos.Last edited by fshadow; 11-02-2022, 09:30 AM.Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
Oh, interesting. Can you update us with how you've managed to boot Linux?Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
i'm not gonna expose it right now, because it is huge hole in macos security and seems like nobody know it. at first i'll post a vidio next week with poc without ditails, next i'll contact apple bug bounty(i know it's weak) , next... anyway i'll get profit and then i'll tell uComment
-
Re: Macbook M1 bypass FMM / EFI Unlock
Hi guys thank you for sharing your findings and questions.
BTW, has anyone managed to install/run a linux or any other OS on a locked M1 MAC PRO? Could you share how you did it?
Thanks.Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
I'm working on, i can't find the original mobileactivationd version for understand where they make the patch. But, i have an idea and in the free time i work on python program, i think this can work easy with a macbook just bypassed. So just for proof of t2 can be pwn:
J40aap key latest bridgeos.
IBSS:
IV: 120402A7168E7AAAC1F94C6A5D58F8F1,
key: 5C1E07A0EA5A8F48D09FA568182172CA74880896761CFA6992006558CDD9981D
IBEC:
IV: 6909A0A0D9675B5BAEFB9ECFAA00386C,
key: C7DA39AF1DB80189C27F5D3A39C01F13D4FD7C7B6453DAADE018DC6188BAD24A
About diagnostic i have no idea how you can boot m1n1 with security on. If you wonna make this a bit of sense send me a pvt thanks.Comment
-
Re: Macbook M1 bypass FMM / EFI Unlock
Hello every one,
i want to thank you all for effort and contribution,
I was wondring if any one had tried to replace the ssd nand ships and reset the mac from dfu mode using Apple configurator App ? like replacing a normal ssd would that bypass FMM ? i am new so forgive me if iam saying bullshits.
Regards.Comment
-
1. RESET MACOS WITH IPSW
a. Power off MacBook, press and hold the power button to enter Recovery
b. Open Disk Utility, remove Macintosh HD
c. Reboot, connect to the network to Activate Mac.
d. Plug the C cord in the first port of the MacBook into the other Mac, then power off the MacBook
d. Hold down the Control (L) + Option (L) + Shift (R) + Power key combination for 10 seconds
e. Release the other keys, but keep holding the Power key for another 10 seconds
f. MacBook is returned to DFU, open Apple Configurator 2 on the other Mac, right-click... -
Hi everyone hope all are well
I need a little expert advice on a issue I have and seeing as this forum is full of clever people I thought ask here as you never know.
I recently repaired a logic board 820-01700 which belongs to a 16" 2019 Macbook Pro, however I seem to be missing a component near the T2 Rom chip and is U4730.
The schematics say this chip is (M34128-FCS6_P/T) and it also says there is a bypass for it wondered if anyone come across either the IC or the bypass method.
I suppose it's worth noting googling the part package brings up various... -
I was hoping someone could point me to a tutorial on MDM unlock. Basically, I picked up a Macbook (A1989) from someone which did not have OS installed. The guy said it started software update and but did not finish. Long story short, the touchbar on this device has some kind of a short, so after unplugging it, I was able to install the OS on it, when I found out that it is also MDM locked by his company. I tried changing the serial number on the ROM by only changing a couple of digits of the original serial number. Now after installing the ROM back, the Macbook appears dead = DFU mode. When I... -
Hi everyone!
I have a 2018 MacBook Pro (with Sequoia OS) that I've been using for years with no problem. I recently received an M2 MacBook Pro so I'm mostly using it and not the 2018 one, but since a friend of mine needs a computer, I thought I could restore my 2018 and give it brand-new-like to my friend.
I tried using the built-in tool to restore the MacBook (Settings > General > Transfer or restore > Delete) but it got stuck when trying to remove the Find Device configuration (it asked me for the password for my old Apple ID -now I use the same account but...06-27-2025, 08:54 AM -
Hello everyone hope you all are doing well, I'm posting here since no was interested in my post on "MacBook unlocked!" Topic, so In short I have found a way to test every possible key combination to try and find the combination to open the terminal on fmm/EFI locked M1/M2 machines, the person who found this still refuses to give info, but if hasn't lied about it being a key combination there's a chance we might find it, so to try Evey key combination I've got a digispark attiny 85 which is a small μController, I've written as script to emulate a keyboard and go thru every possible key...
Comment