Re: Macbook M1 bypass FMM / EFI Unlock
i'm not gonna expose it right now, because it is huge hole in macos security and seems like nobody know it. at first i'll post a vidio next week with poc without ditails, next i'll contact apple bug bounty(i know it's weak) , next... anyway i'll get profit and then i'll tell u
Announcement
Collapse
No announcement yet.
User Profile
Collapse
-
Re: Macbook M1 bypass FMM / EFI Unlock
actually you can get kernel privileges, bypass the FileVault, mount main partition and do whatever you want. I'm on this stage now, and have already booted linux with success. But my goal is to bypass activation lock and install normal macos....Last edited by fshadow; 11-02-2022, 09:30 AM.
Leave a comment:
-
Re: Macbook M1 bypass FMM / EFI Unlock
When you start diagnostics there is dmg image (FieldServiceDiskImagePersonalized) downloded via internet, which contains another dmg image (like 012-94675-003.dmg). That last dmg contains apps, libs, lua scripts and so on, for running diagnostics, but this image is trustcache protected, so if you have control over network it is not possible to change... almost.
assume, you've found a way to change on this image whatever you want, what would you do?
Leave a comment:
No activity results to display
Show More
Leave a comment: