Re: Macbook M1 bypass FMM / EFI Unlock
hi guys, has anyone managed to find where the sn is recorded?
After reading through the entire thread I only found information that it is somewhere on the first nand and you can not get to it.
-
-
-
Re: Macbook M1 bypass FMM / EFI Unlock
i'm not gonna expose it right now, because it is huge hole in macos security and seems like nobody know it. at first i'll post a vidio next week with poc without ditails, next i'll contact apple bug bounty(i know it's weak) , next... anyway i'll get profit and then i'll tell uLeave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
Oh, interesting. Can you update us with how you've managed to boot Linux?Leave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
actually you can get kernel privileges, bypass the FileVault, mount main partition and do whatever you want. I'm on this stage now, and have already booted linux with success. But my goal is to bypass activation lock and install normal macos.Last edited by fshadow; 11-02-2022, 09:30 AM.Leave a comment:
-
-
-
-
Re: Macbook M1 bypass FMM / EFI Unlock
I've got a couple of bypassed T2s and one that won't unlock due to it having Monteray on it.
I also have a water-damaged M1 that won't charge its battery, and it doesn't seem to have sound but other than that, it's running fine and an identical locked M1 that someone could probably make an easy repair of.Leave a comment:
-
-
Re: Macbook M1 bypass FMM / EFI Unlock
When you start diagnostics there is dmg image (FieldServiceDiskImagePersonalized) downloded via internet, which contains another dmg image (like 012-94675-003.dmg). That last dmg contains apps, libs, lua scripts and so on, for running diagnostics, but this image is trustcache protected, so if you have control over network it is not possible to change... almost.
assume, you've found a way to change on this image whatever you want, what would you do?Leave a comment:
-
-
Re: Macbook M1 bypass FMM / EFI Unlock
If you have a t2 bypassed make a zip with a password of this folder and upload:
I'm working on T2 latest bridgeOS, can be pwn and i think is possible to bypass!Code:/usr/libexec/
You can't just edit ipsw like iphone/ipad, devices will refuse the flash. I need an m1 locked and see where we can play around.Last edited by genhack; 10-27-2022, 11:36 AM.Leave a comment:
-
-
Re: Macbook M1 bypass FMM / EFI Unlock
@genhack, do you have an idea how I can extract mobileactivationd from a mina-jailbroken t2 mac and how to use it to bypass those with upgraded bridgeOS version?Leave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
hello genhack, thank you for your observations.
I was thinking about the UniversalMac_11.0.1_20B29_Restore.ipsw we can edit it and instead of the diagnostic options we change it to the terminal file what would happen?
Considering that I can load by DFU. I do not know how to edit it but it is an option that occurs to me, what do you think?
Cheers!Leave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
Hello Mario,
In order:
You can't edit and flash this ipsw, Bootchain will refuse any mod. so this try is usless untill m1 is pwn (*Like t2* with checkm8).Code:Through DFU I have been able to reverse the firmware of the locked mac I have installed the UniversalMac_11.0.1_20B29_Restore.ipsw even so I have not been able to skip the icloud step.
Ok i think you need to check how boot m1m1 by usb. Just a Ps: M1 will refuse to boot other os in activation, secure state is enbaled but you can try.Code:I have tried to start with linux but the operating system does not recognize me or it does not show me the memory or at least I do not know how to boot the operating system that is already combatable.
About diagnostic, i check myself and i think there is no way to use external drive for boot something or open app. Diagnostic is designed for just save do that and can't be the skip part of the process, you need to sign binary inside the other volume and make full bypass, this mean if i press activate you go on this flow and do all things you need for boot proper. if mobileactivationd don't make the necessary cert of the devices i think you will never boot inside the real os.Code:The hidden diagnostic system allows me to store all the analysis on a usb stick.
Leave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
Hello genhack , I share with you.
I currently have two m1(A2338) macs, they don't have the T2 chip.
Through DFU I have been able to reverse the firmware of the locked mac I have installed the UniversalMac_11.0.1_20B29_Restore.ipsw even so I have not been able to skip the icloud step.
I have tried to start with linux but the operating system does not recognize me or it does not show me the memory or at least I do not know how to boot the operating system that is already combatable.
I have also experimented opening the hidden menu in the diagnostics but still I can't open the terminal because it doesn't recognize it.
The hidden diagnostic menu lets me store all the scans on a usb stick.
I have also tried to use an external disk with the operating system installed to be able to use it and it does not allow it.
The hidden diagnostic system allows me to store all the analysis on a usb stick.
Tell me how I can experiment with the locked computer, or can you think of any other option.
best regardsLeave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
hey @Mario1241 pongoOs can be booted on m1 but is useless. if you can't pwn m1 processor (like t2). On m1 we need to understand if 1TR or recovery, when locked can boot other os, and if yes what we can mount without aes engine. if you have another mac i can send you a ways for boot linux and check what we can do. Just a remember we need a full patch or mobileactivationd and a dump of t2 macbook bypassed with minacriss can be the key.Leave a comment:
-
1. RESET MACOS WITH IPSW
a. Power off MacBook, press and hold the power button to enter Recovery
b. Open Disk Utility, remove Macintosh HD
c. Reboot, connect to the network to Activate Mac.
d. Plug the C cord in the first port of the MacBook into the other Mac, then power off the MacBook
d. Hold down the Control (L) + Option (L) + Shift (R) + Power key combination for 10 seconds
e. Release the other keys, but keep holding the Power key for another 10 seconds
f. MacBook is returned to DFU, open Apple Configurator 2 on the other Mac, right-click... -
Hi everyone hope all are well
I need a little expert advice on a issue I have and seeing as this forum is full of clever people I thought ask here as you never know.
I recently repaired a logic board 820-01700 which belongs to a 16" 2019 Macbook Pro, however I seem to be missing a component near the T2 Rom chip and is U4730.
The schematics say this chip is (M34128-FCS6_P/T) and it also says there is a bypass for it wondered if anyone come across either the IC or the bypass method.
I suppose it's worth noting googling the part package brings up various... -
I was hoping someone could point me to a tutorial on MDM unlock. Basically, I picked up a Macbook (A1989) from someone which did not have OS installed. The guy said it started software update and but did not finish. Long story short, the touchbar on this device has some kind of a short, so after unplugging it, I was able to install the OS on it, when I found out that it is also MDM locked by his company. I tried changing the serial number on the ROM by only changing a couple of digits of the original serial number. Now after installing the ROM back, the Macbook appears dead = DFU mode. When I... -
Hi everyone!
I have a 2018 MacBook Pro (with Sequoia OS) that I've been using for years with no problem. I recently received an M2 MacBook Pro so I'm mostly using it and not the 2018 one, but since a friend of mine needs a computer, I thought I could restore my 2018 and give it brand-new-like to my friend.
I tried using the built-in tool to restore the MacBook (Settings > General > Transfer or restore > Delete) but it got stuck when trying to remove the Find Device configuration (it asked me for the password for my old Apple ID -now I use the same account but...06-27-2025, 08:54 AM -
Hello everyone hope you all are doing well, I'm posting here since no was interested in my post on "MacBook unlocked!" Topic, so In short I have found a way to test every possible key combination to try and find the combination to open the terminal on fmm/EFI locked M1/M2 machines, the person who found this still refuses to give info, but if hasn't lied about it being a key combination there's a chance we might find it, so to try Evey key combination I've got a digispark attiny 85 which is a small μController, I've written as script to emulate a keyboard and go thru every possible key...
Leave a comment: