T2 Chip Programmer Tool

[Stephen]

I was curious if the T2 chip serial being changed would allow cracking the Firmware lock and icloud lock of a device? We came across the T2 Rom Tool and this allows the use of changing the serial which in our experience would allow removal of MDM on older models (2017-and older). Would that isolate the icloud bypass since it is married to the serial of the T2 chip? Curious since we are close to pulling the trigger on a wholesale lot and we anticipate iCloud devices in MacBooks etc. Piernov or anyone have thoughts on this?

Update: People are saying yes and no. If you change the serial you would have to change the UUID? Apple looks at the serial and the UUID in the rom. I know we could figure this out some how some way.

[piernov]

The serial can be changed in the T2 ROM without too much trouble. It's a 25-series 1.8V SPI ROM so a decent programmer can deal with it (it's a 3x4mm package so smaller than usual though). Serial number should show up in the dump after "mNrS" string.
I don't know what are the repercussions. I'm probably at least 5 years away from seeing a T2 machine in front of me.

[TrumanHW]

Quote:

Originally Posted by piernov

Changing T2 SN

Fixing [ONLY] the MDM management issue can be done via T2's ROM (SN):

•*Desolder ROM
•*Dump ROM BIN
•*Find SN: after string mNrS

THE QUESTION:
Does ONLY eliminating MDM from T2 (Intel obviously) require steps beyond modifying the SN?
Exemplars of my preferred character-revision:
- C02 --> CO2 ...or... C02 --> C0Z ... 6 --> G ... G --> Q
- Retain the letter-qty
- Validate: Fsys @ 0x590000 ... via Medusa v2.7 (SO convenient!!!)

IS a valid SN FORMAT (naming convention) now required? If so, can we:
- Could we not change the WEEK of mfr to 53..?
- Reuse a SN that was made in one country-code (Czech?) for China?
- Reuse a SN from a unit which is no longer reparable?
- Is there something analogous to the 0x590000 ..?

Thanks!!!

[/SIZE][/B]IE, following Stephen's STICKIED: T2 Unlocking Method (Hardware)


(Obviously all other info posted stands + I already have the T203)
•*Pkg kind: 25-series SPI ROM
•*Pkg size: 3x4mm (smaller than ≤ 2017 ROM)
•*ROM volt: 1.8v (Requires a 'level shifter' to use a CH341a)
•*Simple: T203 = CH341a with integral 1.8v level shifter + 3x4mm fixture.

[Stephen]

Yeah I feel thats the difficult part...taking that risk on . T2. I mean worst case scenario we just have to RUN DFU lol

[Nico Latour]

change serial on a t2 machine only works for mdm, mdm is linked on serial and icloud is linked on serial, wifi adres,bleutooth adres, so change serial not solved the problem, even the serial is not stored in the t2 chip and cant change it with software, the serial is in a small chip (4mb) and need to solder before can read write

[curiositymaster]

Quote:

Originally Posted by Nico Latour

change serial on a t2 machine only works for mdm, mdm is linked on serial and icloud is linked on serial, wifi adres,bleutooth adres, so change serial not solved the problem, even the serial is not stored in the t2 chip and cant change it with software, the serial is in a small chip (4mb) and need to solder before can read write

Of course you need to remove the chip to reprogram it. I have used this to change the serial number on T2 twice. The programmer I used was purchased on aliexpress and it came with the bin file and bypass software.

[sanmlis]

Please share bin files, it would be interesting to study them

Quote:

Originally Posted by curiositymaster

Of course you need to remove the chip to reprogram it. I have used this to change the serial number on T2 twice. The programmer I used was purchased on aliexpress and it came with the bin file and bypass software.

[curiositymaster]

Quote:

Originally Posted by sanmlis

Please share bin files, it would be interesting to study them

I hope it helps

[M4n0l0307]

Quote:

Originally Posted by curiositymaster

I hope it helps

Thank You Friend !

[RethoricalCheese]

Quote:

Originally Posted by curiositymaster

Of course you need to remove the chip to reprogram it. I have used this to change the serial number on T2 twice. The programmer I used was purchased on aliexpress and it came with the bin file and bypass software.

Hey! Could you upload the whole USB stick content? Software and other files.

[bluestar77]

Which programmer bro you have to change the serial that come with software

[andriyd1]

Quote:

Originally Posted by Nico Latour

change serial on a t2 machine only works for mdm, mdm is linked on serial and icloud is linked on serial, wifi adres,bleutooth adres, so change serial not solved the problem, even the serial is not stored in the t2 chip and cant change it with software, the serial is in a small chip (4mb) and need to solder before can read write

How do you identify WiFi address and Bluetooth address in the dump read from small bt and WiFi rom chips?

[imranromi]

Quote:

Originally Posted by andriyd1

How do you identify WiFi address and Bluetooth address in the dump read from small bt and WiFi rom chips?

For which purpose you want to find?

[andriyd1]

Activation locks

[curiositymaster]

Quote:

Originally Posted by andriyd1

Activation locks

You can't unlock simply by changing values on the dump file.

[paulyboy]

What programmer interface for reading the chip please? Is the a socket for tl866 thanks

[Bb68]

Quote:

Originally Posted by paulyboy

What programmer interface for reading the chip please? Is the a socket for tl866 thanks

Hi

Ch340 programmer , like by-t200

[Pedro147]

Quote:

Originally Posted by Bb68

Hi

Ch340 programmer , like by-t200

Yes I believe so but AFAIK, T2 ROM are only 1.8v so you need the right adapter that supplies that voltage to the chip

Quote:

Originally Posted by anhbanxoi

I cannot open minaT2Activator on Macbook M1. Anybody tested that file?

As suggested by others, all of this software for reading flashing BIOS etc is all Windows based

Quote:

Originally Posted by curiositymaster

I'm very sure you've got a lot of free help on this forum, I mean from people who didn't get the knowledge/tools free of charge.

Yes correct. Some people just want to take, take take and never give diddly squat. Luckily there are many people here not like that.

[TrumanHW]

Quote:

Originally Posted by Bb68

Hi
Ch340 programmer , like by-t200

You a MacOS user ... ? Able to read CH341x (ROMs) via MacOS ..?
If not, I finally figured out how (after 7 years) and can help (free obviously)


As far as dealing with T2 (Intel + M1) ... I have:
•*T203
•*Medusa 2.6 / 2.7 / 3.1
•*DS809
•*RT809F + Level Shifter

I'm determined to figure iC locked + MDM issue (intel + M1) asap.

Back to reading the remainder of this thread)

[TrumanHW]

Quote:

Originally Posted by Bb68

Hi

CH340 programmer , like by-t200

Cool, would you be willing to provide a copy of the SW which came with the T200 ..? I'm thinking the only difference between the T200 and T203 is the software, no ...?

PS, You can read a CH341x on MacOS (as can the T203, - also a CH341a)