Re: Macbook M1 bypass FMM / EFI Unlock

i'm not gonna expose it right now, because it is huge hole in macos security and seems like nobody know it. at first i'll post a vidio next week with poc without ditails, next i'll contact apple bug bounty(i know it's weak) , next... anyway i'll get profit and then i'll tell u

Re: Macbook M1 bypass FMM / EFI Unlock



actually you can get kernel privileges, bypass the FileVault, mount main partition and do whatever you want. I'm on this stage now, and have already booted linux with success. But my goal is to bypass activation lock and install normal macos....

Re: Macbook M1 bypass FMM / EFI Unlock

When you start diagnostics there is dmg image (FieldServiceDiskImagePersonalized) downloded via internet, which contains another dmg image (like 012-94675-003.dmg). That last dmg contains apps, libs, lua scripts and so on, for running diagnostics, but this image is trustcache protected, so if you have control over network it is not possible to change... almost.
assume, you've found a way to change on this image whatever you want, what would you do?