Re: Macbook M1 bypass FMM / EFI Unlock

I found here interesting information about the structure of files and where theoretically can be what we need.

Re: Macbook M1 bypass FMM / EFI Unlock

did you manage to jailbreak it?

Re: Macbook M1 bypass FMM / EFI Unlock

But idea might be good.. On the activation screen I have managed to open log window ( COMMAND + L and other random keys while in startup disk screen.. then I have saved boot log on external usb drive -> attached here)

Re: Macbook M1 bypass FMM / EFI Unlock

Mine can jailbreak alright but it's having an EFI password which I can remove with AC2 but that will also update the bridge os which will make activation lock impossible to remove.

Re: Macbook M1 bypass FMM / EFI Unlock

There is some guy on youtube showing how he open terminal inside activation window on M1/T2 mac.

keywords: M1 terminal inside Internet recovery MacOS Monterey

How is this possible? We need to find key combination, for the moment found way to open log window / save logs to usb.

Re: Macbook M1 bypass FMM / EFI Unlock

One way for bypass M1 will be patching ipsw file, eg. UniversalMac_11.0.1_20B29_Restore.ipsw\022-10604-034\3_Apple_APFS

KRAActivationAuthViewController



Similar work has been successfully performed for iphone:

1. Download the iPSW file you need from the official website: IPSW.
2. Secondly, convert the iPSW file into a ZIP file by changing the extension and extract it.
3. Now open the extracted file folder, and you will see 3 different .dmg files in there.
4. Look for the biggest file and drag it to your desktop. You will notice that the .dmg files will not be able to open in one click. It’s because these files are encrypted.
5. You would need a firmware key to open this file. For this purpose, direct to “The iPhone WiKi” and find your firmware key.
6. Once you have the key, it’s time to use ???iDecrypt that is already on your Mac. Simply launch the software and open your .dmg file with it.
7. You will see a warning message on your screen. Simply click on the “OK” button and select your output folder and paste your key for “RootFilesystem."
8. Now, you need to click on “Decrypt DMG," and when the process is finished, you will see a success message.
9. Open the iPSW file that is decrypted and go to the Applications folder. Here, you need to delete the “Setup” file.
10. Then, exit this folder and right-click on your decrypted file and click on “Eject."
11. When the file is successfully saved, delete the original file and rename the new decrypted file matching the original file. Then, paste this file into the extracted folder again.
12. The last step is to compress the folder back to the IPSW format.

Re: Macbook M1 bypass FMM / EFI Unlock

good idea bro! do you manage to bypass on ios 15? On what device did you test that trick?Do you have that FW files for test?

Re: Macbook M1 bypass FMM / EFI Unlock

Do you think this could actually work?

Re: Macbook M1 bypass FMM / EFI Unlock

I take off nand and put to programmer P11 from JC but get only info about encryption date and can't do anything.

Re: Macbook M1 bypass FMM / EFI Unlock

It's A1706 intel MacBook.

Re: Macbook M1 bypass FMM / EFI Unlock

We're not talking about A1706 Macbooks here, you don't need to take off NAND to unlock that one.

Re: Macbook M1 bypass FMM / EFI Unlock

I don't talk about Unlock A1706 m8.
Read my post again.

Betonel write:
So I go to YouTube use keywords and video shows A1706 MacBook A1706 - not M1.

Also:

Than I try to check this. So i put the NAND just to check what happend cuz I heve a programmer where can use to for example upgrade NAND in iPhones and iPads. That was only a test to see. After take off NAND from 820-02020-11 got this information:
This NAND model does not support generating and burning encrypted data for the time being!

T2 - that all Intel MacBook
M1 - that ARM MacBook
No solution for now.
Got one A2338 If someone know anything I can test.

Re: Macbook M1 bypass FMM / EFI Unlock


Can you share the info you got from reading the nand?

Re: Macbook M1 bypass FMM / EFI Unlock

Already write this.

Re: Macbook M1 bypass FMM / EFI Unlock

You don't need to touch encrypted part of NAND. There is a plain clear partition containing SN/BT-MAC/WIFI-MAC. If we have valid pair it's possible to replace and get rid of activation lock. Can your programmer read raw data from NAND chip? Upload it on mega and share it please.

Re: Macbook M1 bypass FMM / EFI Unlock

Files should be posted here,not offsite

Re: Macbook M1 bypass FMM / EFI Unlock

I can't take anything from this NAND. I use P11 programmer from JC and is for iPhone and iPad. But the NAND structure from M1 2020 is same like iPhone 11 pro or iPad Pro 11" that's why i try to read by JC programmer but was fail.

Re: Macbook M1 bypass FMM / EFI Unlock

Ther's 2 NAND and I try only one of them. Today im gonna take off 2nd and put here screenshot.

Re: Macbook M1 bypass FMM / EFI Unlock


That means we don't have a programmer that can read M1 NAND yet?

Re: Macbook M1 bypass FMM / EFI Unlock

2nd NAND says

The hard drive is reversed, please re-insert the NAND...