Macbook M1 bypass FMM / EFI Unlock

**TrumanHW** · 04-14-2022, 08:57 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by betonel

Instead of wasting $$$
~$250+ - on T203 for a USON 4x3 or
~$200 - for an DS809SE (exactly an R809F)

Use these...

$ 64 - RT809F (with 15 adapters)
$ 10 - 1.8V 'Level shifter' (for T2 ROM)

Very good advice:

If the M2012 - 2013 Retina 13"+15" isn't needed, would this be a good deal?

$38 www.aliexpress.com/item/201005003289066054.html
- Includes the CH314a
- The PCB to solder the T2 ROM (4x3mm)
- Includes J6100 connectors for Late-2013 - 2017 (excludes M12-E13 retina)
- Negates any need for getting the VCC, CLK, wiring (already done).

Already Includes the:
$20 - T2 board
$45 - "SAM connectors" (just not the M12 - E13, looks but ≠ L13-M14)
$ 5 - Includes CH314a plus the 'DIL' adapter interface to the cables...
(not as good a programmer but can be okay)

The attached annotated image shows Betonel's suggested means of reading
the T2 with the Level Shifter and, by soldering it on a 4x3 reader.

(which he suggests bc 'clamshell' adapters are all a FORTUNE for 4x3mm).

Betonel: I found a "3mm x 3mm" that's 1/3rd the price ... think it'd fit..?

https://www.aliexpress.com/item/1005001510434419.html
(I ask bc it looks like the width of the chip is 'unconstrained' in the holder..?)

Last:
You wired the board analyzer (Zaleae) where the T2's ROM mounts...

Are you really decoding the SINGALS that way ..? (reverse engineering it?!)
The M1 looks RIDICULOUSLY difficult :'( (see animated GIF)

Attached Files

**TrumanHW** · 04-14-2022, 09:16 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by Stephen

Got the iClouds removed due to owner email being tied and looking them up.

I assume you mean via GSX as this isn't public.

Originally posted by Stephen

MDM should be easy after locating SN in BIN & changing it.
However, we'd have to find legit device-SN to implement it.

If nothing else when you get irreparable M1 boards you should KEEP those SN for these circumstances.

Originally posted by Stephen

In my experience with T2 MDM locks, I always associate the serial with the exact model (A1990 serial changed to another A1990 serial found on Mac Serial Lookup).

If valid SNs are required, they're required. But if an iCloud's associated with
that SN & they lock (enable FMM) could it not lock both..? Or cause issues
with iMessage / FaceTime, etc.. ?

In case you didn't see a remark I made in another post:

C02Z5205G8WN -- If this were a real SN...
C02 = location made
Z5205 = Date Code + SN
G8WN = Model Info

As in ... people talking about willie-nillie changing the last 4 to edit the SN are changing the model info.

There IS a file inside the OS which decodes those last 4 digits to define the unit. I'll see if it's still in Monterey and convert my i9 into an M1, etc., (on the initial about this mac; it'll do nothing for the Profiler details which are from the HW info).

Originally posted by Stephen

MDM bypass is useless, personally who cares?

Why is it useless..? Doesn't it give access to a computer that's locked !?

PS: If anyone has an MDM account, you can often get reps to remove a device from another MDM and add them to yours; they have more discretion (at least did with iPhones and T2 devices via AWS) ... !!

**Stephen** · 04-15-2022, 12:36 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by TrumanHW

I assume you mean via GSX as this isn't public.

If nothing else when you get irreparable M1 boards you should KEEP those SN for these circumstances.

If valid SNs are required, they're required. But if an iCloud's associated with
that SN & they lock (enable FMM) could it not lock both..? Or cause issues
with iMessage / FaceTime, etc.. ?

In case you didn't see a remark I made in another post:

C02Z5205G8WN -- If this were a real SN...
C02 = location made
Z5205 = Date Code + SN
G8WN = Model Info

As in ... people talking about willie-nillie changing the last 4 to edit the SN are changing the model info.

There IS a file inside the OS which decodes those last 4 digits to define the unit. I'll see if it's still in Monterey and convert my i9 into an M1, etc., (on the initial about this mac; it'll do nothing for the Profiler details which are from the HW info).

Why is it useless..? Doesn't it give access to a computer that's locked !?

PS: If anyone has an MDM account, you can often get reps to remove a device from another MDM and add them to yours; they have more discretion (at least did with iPhones and T2 devices via AWS) ... !!

MDM bypass is useless because it still doesn't solve the issue that you still have an MDM bypass. Compared to just removing it for good with a serial number change.

I only change the last digit on a serial number not the last 4. I am well aware of this. Also changing the serial number for MDM does not have activation lock because the T2 is not tied to activation lock if it is MDM, it is tied to the Serial number. So changing the last digit will suffice just make sure it is not an MDM serial again lol.

Old boards for M1 devices will suffice for serial number changes. This also is a good method.

I was able to get the M1 Pro emails because they had the emails logged in when we had access to the full machine. The emails were still on the settings so we reached out and they removed it without issue. If you are able to get an email most consumers that owned the previous device are very willing to remove the iCloud because they would fear the idea you have access to their data (which you do not ) so they just get it removed. We are fortunate to have the emails when this happens.

**TrumanHW** · 04-15-2022, 02:27 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by Stephen

MDM bypass is useless bc it's unresolved: you still have an MDM [bypass], you haven't REMOVED the MDM with a just a SN change.

AHH!!, I see! The SN's LAST DIGIT doesn't affect the system ID info?

I take it this isn't a BAD solution, just less ideal than a solution which ...
...corresponds to an 'Apple Warranty Check' and the Bottom Door's SN..?

Originally posted by Stephen

Old M1 boards will suffice for SN changes (good method).

Good info / confirmation

Originally posted by Stephen

I got the M1 Pro emails bc they were still on the settings

Settings meaning ..? In System Preferences --> iCloud?
(Not in the ROM I assume - as it WAS in Pre-T2 units)

Did the "reported M1 success" a few months ago wind up "re-locking" ..?

Thanks again, you seem to really be leading the pack on this research

**piernov** · 04-15-2022, 05:36 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Last character matters too, there can be some overlap between different models.

**Stephen** · 04-15-2022, 08:07 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by piernov

Last character matters too, there can be some overlap between different models.

The best way to check is use this for example. Go to https://everymac.com/ultimate-mac-lookup/

Type in a Serial like this for example

C02C3839MD6N (pulls up as a 16" MacBook Pro 2019)

You see the N at the end? Either a character or number can be changed, so lets type a few letters in...Maybe an M?

C02C3839MD6M (pulls up as a 16" MacBook Pro 2019)

Basically the last digit was changed and it was associated with another 16". SO pretty much the identifier works and it recognizes its a 16" which in return will solve MDM methods. Now you are rolling the dice but most likely it won't be MDM locked.

**Stephen** · 04-15-2022, 08:10 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by TrumanHW

AHH!!, I see! The SN's LAST DIGIT doesn't affect the system ID info?

I take it this isn't a BAD solution, just less ideal than a solution which ...
...corresponds to an 'Apple Warranty Check' and the Bottom Door's SN..?

Good info / confirmation

Settings meaning ..? In System Preferences --> iCloud?
(Not in the ROM I assume - as it WAS in Pre-T2 units)

Did the "reported M1 success" a few months ago wind up "re-locking" ..?

Thanks again, you seem to really be leading the pack on this research

Yes the computer was able to be logged in because it didn't have a password however it had an email logged into the iCloud. So we reached out and they were kind enough to remove it from their devices. And the old M1 we THOUGHT we unlocked kicked us out at the OS install. What I mean is in order to wipe the drive you have to force restart to start activation again, and boom it locked. So what this means is there is no way at this time to remove these locks unless we have some backdoor access to Apple Servers or someone that works for Apple. I would hope one day enough shops and companies sue apple over their devices they own legal when they buy pallets etc. Matter of time I guess

**piernov** · 04-16-2022, 03:38 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by Stephen

The best way to check is use this for example. Go to https://everymac.com/ultimate-mac-lookup/

https://everymac.com/ultimate-mac-lo...s=C02J31BUF760
https://everymac.com/ultimate-mac-lo...s=C02J31BUF761

**imranromi** · 04-16-2022, 03:45 AM

Re: Macbook M1 bypass FMM / EFI Unlock

I think we need read this.

Attached Files

**alerm** · 04-16-2022, 05:36 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Do you know what apple uses to recognize that the Mac is linked to an Apple Id? I know it's not only the Serial Number.
And I managed to get an Apple Business account, what can I do to MDM my MacBook?

**Stephen** · 04-16-2022, 09:43 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by piernov

https://everymac.com/ultimate-mac-lo...s=C02J31BUF760
https://everymac.com/ultimate-mac-lo...s=C02J31BUF761

Yes some may not match it usually is hit. But that's how I verify before I change the serial. I type a few in till I get a match.

**TrumanHW** · 04-20-2022, 11:04 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by imranromi

I think we need read this.

NOTE: The "image" titled

SN_Decoder.txt file with the code from
https://www.kolide.com/blog/how-to-f...-using-osquery

The page seems very informative to me, but I lack the programming bg to follow the recipe.

As I'm uniquely UNqualified, I'd be grateful if someone were to follow the recipe of said code & provide a script an ignoramus like myself can use?

I realize this just provides a database of mfr dates ... but, I believe I have about 5-10k units in my old database which I could sort by the last four SN to define each model and provide another database (if someone else doesn't already have it) in order to have a program which decodes the Date Codes and model without needing to use a website with captchas, etc.

Even if future SN are truly random (difficult to do & I'm skeptical they'd try to), the script is useful if only for ≥2021 or ≥2022 units.

As you can see, changing anything but digits 6, 7, & 8 cannot correspond to a real unit, and thus, I will only ever modify those (personally) if required.

Attached Files

**HansTodi01** · 04-20-2022, 02:43 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by TrumanHW

As I'm uniquely UNqualified, I'd be grateful if someone were to follow the recipe of said code & provide a script an ignoramus like myself can use?

I used the Information from that Website to create a simple tool that doesn't use any server communication with the serial to calculate the results.

Website: https://tobidi0410.github.io/applesndecoder/
Source: https://github.com/ToBiDi0410/ToBiDi...applesndecoder

If you want to, I could also add the information from your Database for the Models etc.

**TrumanHW** · 04-20-2022, 06:57 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by HansTodi01

I used the Information from that Website to create a simple tool that doesn't use any server communication with the serial to calculate the results.

Website: https://tobidi0410.github.io/applesndecoder/
Source: https://github.com/ToBiDi0410/ToBiDi...applesndecoder

If you want to, I could also add the information from your Database for the Models etc.

You're awesome! I'll look for my FM database and see how I can export it.
TY!!!

**TrumanHW** · 04-20-2022, 07:08 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by Stephen

Yes the computer was able to be logged in because it didn't have a password however it had an email logged into the iCloud. So we reached out and they were kind enough to remove it from their devices. And the old M1 we THOUGHT we unlocked kicked us out at the OS install. What I mean is in order to wipe the drive you have to force restart to start activation again, and boom it locked. So what this means is there is no way at this time to remove these locks unless we have some backdoor access to Apple Servers or someone that works for Apple. I would hope one day enough shops and companies sue apple over their devices they own legal when they buy pallets etc. Matter of time I guess

Makes sense ... maybe there's an IP address in the ROM, at which point you'd need to figure out what info it's 'polling' for ...

You really might try making a management account with AWS for a non-profit (501c3 gets free AWS I think) ... then, ask an agent to just "transfer a device from your 'other' account" ... I've heard the odds are pretty decent.

**walou** · 04-22-2022, 06:45 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Hello ,
when i was playing with the lock screen i tried "user" as apple id and "pwd" as password , it gaves me the abbility to unlock via security question ( in my case it was the day and the month of birth )
you can try up to 4-5 attempts then the option will be disabled for a bit amount of time .

i think we can easily lunch a brut force attack to find it (366 combination ) i dont know if there multiple questions or this is the only one .

**alerm** · 04-23-2022, 03:50 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by walou

Hello ,
when i was playing with the lock screen i tried "user" as apple id and "pwd" as password , it gaves me the abbility to unlock via security question ( in my case it was the day and the month of birth )
you can try up to 4-5 attempts then the option will be disabled for a bit amount of time .

i think we can easily lunch a brut force attack to find it (366 combination ) i dont know if there multiple questions or this is the only one .

This happens with apple id "null" and password "null" too.
Don't this is the Macbooks Apple ID but just one random Apple ID.
Even if you guess the Birthday and reset the password it will say "This Mac is linked to a different ID"

**TrumanHW** · 04-24-2022, 10:08 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Too bad more units don't have this enabled:

I'm not sure if this does anything ... but it might ?

Attached Files

**TrumanHW** · 04-24-2022, 10:12 AM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by HansTodi01

I used the Information from that Website to create a simple tool that doesn't use any server communication with the serial to calculate the results.

Website: https://tobidi0410.github.io/applesndecoder/
Source: https://github.com/ToBiDi0410/ToBiDi...applesndecoder

If you want to, I could also add the information from your Database for the Models etc.

Haven't forgotten: Gonna look for the DataBase today...
Might need an NDA just in case any private info is included.

Check your PM if you get a chance. Thanks!!!

**sangnm1987** · 04-25-2022, 08:09 PM

Re: Macbook M1 bypass FMM / EFI Unlock

Originally posted by techman9510

so in order to get a MDM activation key the MacBook has to be supervised and in order to do that you need a business or school Apple ID. I'm in the process of getting the business Apple ID and I will test the mdm activation key on a iPad that is jailbroken.

Could you explain the "Business Apple ID"? Does it allow supervisor to stay on top of their devices including MDM? Thanks

Macbook M1 bypass FMM / EFI Unlock

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Related Topics