2nd NAND says

The hard drive is reversed, please re-insert the NAND...[ATTACH]256730[/ATTACH]

It's mean you are inserting the NAND in wrong direction.

One way for bypass M1 will be patching ipsw file, eg. UniversalMac_11.0.1_20B29_Restore.ipsw\022-10604-034\3_Apple_APFS

KRAActivationAuthViewController



Similar work has been successfully performed for iphone:

1. Download the iPSW file you need from the official website: IPSW.
2. Secondly, convert the iPSW file into a ZIP file by changing the extension and extract it.
3. Now open the extracted file folder, and you will see 3 different .dmg files in there.
4. Look for the biggest file and drag it to your desktop. You will notice that the .dmg files will not be able to open in one click. It's because these files are encrypted.
5. You would need a firmware key to open this file. For this purpose, direct to “The iPhone WiKi” and find your firmware key.
6. Once you have the key, it's time to use ???iDecrypt that is already on your Mac. Simply launch the software and open your .dmg file with it.
7. You will see a warning message on your screen. Simply click on the “OK” button and select your output folder and paste your key for “RootFilesystem."
8. Now, you need to click on “Decrypt DMG," and when the process is finished, you will see a success message.
9. Open the iPSW file that is decrypted and go to the Applications folder. Here, you need to delete the “Setup” file.
10. Then, exit this folder and right-click on your decrypted file and click on “Eject."
11. When the file is successfully saved, delete the original file and rename the new decrypted file matching the original file. Then, paste this file into the extracted folder again.
12. The last step is to compress the folder back to the IPSW format.

Don't know if this has been posted elsewhere, but on the activation screen where it asks for Apple ID/Password, I put in 'null' and 'null' and it says that the Apple account is locked and an email will be sent with instructions on how to unlock. It partly lists the email address.
Just thinking it might remind someone to look at the devices in their iCloud and remove the MacBook from their account? I can live in hope!

would we be able to remove iCloud lock if we took the SN from a locked M1 and put it in a T2 Mac bypass it using jailbreak than use jumpcloud.com to install MDM and use the MDM key to bypass the M1 Mac? we wouldn't need the wifi and bt address from the M1 because we aren't going though the activation process. has anyone given this a shot?

We've tried that.. it isn't working.. mdm key doesn't match. They send wifi mac + bt mac. Once u re able to change sn+wifi+bt you're good to go. No solution for that yet..

What happens if the Wi-Fi/BT chip has its power removed by cutting a track?
Or is it stored in flash?

We've tried that.. it isn't working.. mdm key doesn't match. They send wifi mac + bt mac. Once u re able to change sn+wifi+bt you're good to go. No solution for that yet..

On iPads and iPhone I use a DCSD cable to read the hidden info from the NAND. Sn,wifi,bt etc etc I saw on AliExpress their is a DCSD cable that has a usb C connector I asked the seller what's it's for and he told me either for iPads or MacBooks. Maybe we can use this device to read the nand info on the MacBooks. Here is the link maybe someone can make a software for it.

https://www.ebay.com/itm/iDCSD-UART-...-127632-2357-0

Interesting approach. Looks iDCSD is not exploiting anything, it's just a manufacturing testing interface, would be great if it can access NAND/shell for M1 device.

On iPads and iPhone I use a DCSD cable to read the hidden info from the NAND. Sn,wifi,bt etc etc I saw on AliExpress their is a DCSD cable that has a usb C connector I asked the seller what's it's for and he told me either for iPads or MacBooks. Maybe we can use this device to read the nand info on the MacBooks. Here is the link maybe someone can make a software for it.

https://www.ebay.com/itm/iDCSD-UART-...-127632-2357-0