Announcement

Collapse
No announcement yet.

Macbook M1 bypass FMM / EFI Unlock

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #61
    Re: Macbook M1 bypass FMM / EFI Unlock

    I found here interesting information about the structure of files and where theoretically can be what we need.

    Comment


      #62
      Re: Macbook M1 bypass FMM / EFI Unlock

      Originally posted by bluestone View Post
      How do you get the info from the mac itself? I have A1932. with EFI and Icloud locked but its not erased
      did you manage to jailbreak it?

      Comment


        #63
        Re: Macbook M1 bypass FMM / EFI Unlock

        But idea might be good.. On the activation screen I have managed to open log window ( COMMAND + L and other random keys while in startup disk screen.. then I have saved boot log on external usb drive -> attached here)
        Attached Files
        Last edited by SMDFlea; 02-15-2022, 01:32 PM.

        Comment


          #64
          Re: Macbook M1 bypass FMM / EFI Unlock

          Originally posted by .::iRizwan::. View Post
          did you manage to jailbreak it?
          Mine can jailbreak alright but it's having an EFI password which I can remove with AC2 but that will also update the bridge os which will make activation lock impossible to remove.

          Comment


            #65
            Re: Macbook M1 bypass FMM / EFI Unlock

            Originally posted by betonel View Post
            But idea might be good.. On the activation screen I have managed to open log window ( COMMAND + L and other random keys while in startup disk screen.. then I have saved boot log on external usb drive -> attached here)
            There is some guy on youtube showing how he open terminal inside activation window on M1/T2 mac.

            keywords: M1 terminal inside Internet recovery MacOS Monterey

            How is this possible? We need to find key combination, for the moment found way to open log window / save logs to usb.

            Comment


              #66
              Re: Macbook M1 bypass FMM / EFI Unlock

              One way for bypass M1 will be patching ipsw file, eg. UniversalMac_11.0.1_20B29_Restore.ipsw\022-10604-034\3_Apple_APFS

              KRAActivationAuthViewController



              Similar work has been successfully performed for iphone:

              1. Download the iPSW file you need from the official website: IPSW.
              2. Secondly, convert the iPSW file into a ZIP file by changing the extension and extract it.
              3. Now open the extracted file folder, and you will see 3 different .dmg files in there.
              4. Look for the biggest file and drag it to your desktop. You will notice that the .dmg files will not be able to open in one click. It’s because these files are encrypted.
              5. You would need a firmware key to open this file. For this purpose, direct to “The iPhone WiKi” and find your firmware key.
              6. Once you have the key, it’s time to use ???iDecrypt that is already on your Mac. Simply launch the software and open your .dmg file with it.
              7. You will see a warning message on your screen. Simply click on the “OK” button and select your output folder and paste your key for “RootFilesystem."
              8. Now, you need to click on “Decrypt DMG," and when the process is finished, you will see a success message.
              9. Open the iPSW file that is decrypted and go to the Applications folder. Here, you need to delete the “Setup” file.
              10. Then, exit this folder and right-click on your decrypted file and click on “Eject."
              11. When the file is successfully saved, delete the original file and rename the new decrypted file matching the original file. Then, paste this file into the extracted folder again.
              12. The last step is to compress the folder back to the IPSW format.

              Comment


                #67
                Re: Macbook M1 bypass FMM / EFI Unlock

                good idea bro! do you manage to bypass on ios 15? On what device did you test that trick?Do you have that FW files for test?
                Last edited by mazoot; 02-17-2022, 02:11 AM.
                Kill the state in yourself and you will be free like a wind...

                Comment


                  #68
                  Re: Macbook M1 bypass FMM / EFI Unlock

                  Originally posted by betonel View Post
                  One way for bypass M1 will be patching ipsw file, eg. UniversalMac_11.0.1_20B29_Restore.ipsw\022-10604-034\3_Apple_APFS

                  KRAActivationAuthViewController
                  Do you think this could actually work?
                  Last edited by SMDFlea; 02-18-2022, 04:08 AM.

                  Comment


                    #69
                    Re: Macbook M1 bypass FMM / EFI Unlock

                    Originally posted by ebaymonster View Post
                    Steven, do you think it makes sense to solder ssd from a locked macbook to m1 and read it?
                    I take off nand and put to programmer P11 from JC but get only info about encryption date and can't do anything.

                    Comment


                      #70
                      Re: Macbook M1 bypass FMM / EFI Unlock

                      Originally posted by qava View Post
                      I take off nand and put to programmer P11 from JC but get only info about encryption date and can't do anything.
                      Originally posted by betonel View Post
                      There is some guy on youtube showing how he open terminal inside activation window on M1/T2 mac.

                      keywords: M1 terminal inside Internet recovery MacOS Monterey

                      How is this possible? We need to find key combination, for the moment found way to open log window / save logs to usb.
                      It's A1706 intel MacBook.

                      Comment


                        #71
                        Re: Macbook M1 bypass FMM / EFI Unlock

                        Originally posted by qava View Post
                        It's A1706 intel MacBook.
                        We're not talking about A1706 Macbooks here, you don't need to take off NAND to unlock that one.

                        Comment


                          #72
                          Re: Macbook M1 bypass FMM / EFI Unlock

                          Originally posted by curiositymaster View Post
                          We're not talking about A1706 Macbooks here, you don't need to take off NAND to unlock that one.
                          I don't talk about Unlock A1706 m8.
                          Read my post again.

                          Betonel write:
                          Originally posted by betonel View Post
                          There is some guy on youtube showing how he open terminal inside activation window on M1/T2 mac.

                          keywords: M1 terminal inside Internet recovery MacOS Monterey

                          How is this possible? We need to find key combination, for the moment found way to open log window / save logs to usb.
                          So I go to YouTube use keywords and video shows A1706 MacBook A1706 - not M1.

                          Also:

                          Originally posted by betonel View Post
                          What if you remove nand and run diagnostic mode, I guess you will be able to see SN there. Funny will be that SN is generated from bt mac + wifi mac, and we're looking for something that doesn't exist.

                          Need to compare dumps from SOC rom of M1, @Stephen, can you share some? Will upload mine tomorrow.
                          Than I try to check this. So i put the NAND just to check what happend cuz I heve a programmer where can use to for example upgrade NAND in iPhones and iPads. That was only a test to see. After take off NAND from 820-02020-11 got this information:
                          This NAND model does not support generating and burning encrypted data for the time being!

                          T2 - that all Intel MacBook
                          M1 - that ARM MacBook
                          No solution for now.
                          Got one A2338 If someone know anything I can test.

                          Comment


                            #73
                            Re: Macbook M1 bypass FMM / EFI Unlock

                            Originally posted by qava View Post
                            I don't talk about Unlock A1706 m8.
                            Read my post again.

                            Can you share the info you got from reading the nand?

                            Comment


                              #74
                              Re: Macbook M1 bypass FMM / EFI Unlock

                              Originally posted by curiositymaster View Post
                              Can you share the info you got from reading the nand?
                              Originally posted by qava View Post
                              I don't talk about Unlock A1706 m8.
                              Read my post again.

                              After take off NAND from 820-02020-11 got this information:
                              This NAND model does not support generating and burning encrypted data for the time being!
                              Already write this.

                              Comment


                                #75
                                Re: Macbook M1 bypass FMM / EFI Unlock

                                Originally posted by qava View Post
                                I don't talk about Unlock A1706 m8.
                                Read my post again.
                                You don't need to touch encrypted part of NAND. There is a plain clear partition containing SN/BT-MAC/WIFI-MAC. If we have valid pair it's possible to replace and get rid of activation lock. Can your programmer read raw data from NAND chip? Upload it on mega and share it please.
                                Last edited by SMDFlea; 02-18-2022, 05:32 AM.

                                Comment


                                  #76
                                  Re: Macbook M1 bypass FMM / EFI Unlock

                                  Originally posted by betonel View Post
                                  You don't need to touch encrypted part of NAND. There is a plain clear partition containing SN/BT-MAC/WIFI-MAC. If we have valid pair it's possible to replace and get rid of activation lock. Can your programmer read raw data from NAND chip? Upload it on mega and share it please.
                                  Files should be posted here,not offsite
                                  All donations to badcaps are welcome, click on this link to donate. Thanks to all supporters

                                  Comment


                                    #77
                                    Re: Macbook M1 bypass FMM / EFI Unlock

                                    Originally posted by betonel View Post
                                    You don't need to touch encrypted part of NAND. There is a plain clear partition containing SN/BT-MAC/WIFI-MAC. If we have valid pair it's possible to replace and get rid of activation lock. Can your programmer read raw data from NAND chip? Upload it on mega and share it please.
                                    I can't take anything from this NAND. I use P11 programmer from JC and is for iPhone and iPad. But the NAND structure from M1 2020 is same like iPhone 11 pro or iPad Pro 11" that's why i try to read by JC programmer but was fail.

                                    Comment


                                      #78
                                      Re: Macbook M1 bypass FMM / EFI Unlock

                                      Ther's 2 NAND and I try only one of them. Today im gonna take off 2nd and put here screenshot.

                                      Comment


                                        #79
                                        Re: Macbook M1 bypass FMM / EFI Unlock

                                        Originally posted by qava View Post
                                        Ther's 2 NAND and I try only one of them. Today im gonna take off 2nd and put here screenshot.

                                        That means we don't have a programmer that can read M1 NAND yet?

                                        Comment


                                          #80
                                          Re: Macbook M1 bypass FMM / EFI Unlock

                                          2nd NAND says

                                          The hard drive is reversed, please re-insert the NAND...
                                          Attached Files

                                          Comment

                                          Working...
                                          X