T2 Chip Programmer Tool

[heatorious]

Quote:

Originally Posted by TrumanHW

Okay, this is exclusively for T2, yes..?

Any luck with M1 devices ..?

Brute force was a method on older macs 4digits and 6digits came about shortly after and from what i remember on the timing with programming a teensy to do a 6digit could take over 6-8months on the timing based on the tried etc.. I haven't tried it on a T2 but i think the time out is alonger time now and could take even longer. Removing the the pincode could be done with AC2 but will update the FW. I've seen other things that can be done. Manually removing with out AC2 with the option of not updating fw and saving the data. I'm not sure as of yet how it's done its my current project.

[TrumanHW]

Quote:

Originally Posted by heatorious

Brute force 6 digit = 6-8 months

And was why I originally bought a Medusa2 (also fixed 4x M2015 w ME issues)

I'm who actually first got Harald (CMI zapper) to add clean ME area feature.

[TrumanHW]

Quote:

Originally Posted by kevingill

doable if you leave it running for a week.
I wrote my own version that tries 5 times (I think), then restarts the Mac and tries again.

Not likely. the 4-digit version takes 2-3 days, without restarting it at all.
The Brutus never required macs restart ...

And 2-3 days x 100 more possibilities ≠ a week.

[bluestone]

So have anyone tried to override MDM with Icloud lock? Like reinstall an MDM machine then activate it with your own icloud and after report it lost, after activating icloud it should clear MDM.

Just a theory

[Stephen]

MDM Method may work
Here is how it may work:

You must have a legit MDM server to do this. MDM serial is registered to the SERIAL on the device, not the T2 or the Bluetooth. In order to register a serial to MDM the Mac must be already enrolled or you must enroll it via QR code, this means you need a T2 mac that is not locked in order to do this, well how do you enroll it? Easy. You must have full access to a working Mac that has access to being able to enroll into MDM. Once you do that. Jot down that serial number of that Mac. Then enroll it, after you enroll it, get that serial number and change it on another Mac, but before you do that you have to not WIPE the data off the EFI Rom chip and only manually change the serial to the ENROLLED MDM serial. Once you get to the activation lock screen, you will be greeted with the option to use an MDM key, that key is provided from your MDM server or whatever program you use to unlock it. This would be the only viable way to get past Activation lock AS LONG as the serial is the exact same as the one registered into the MDM server. But I see this being patched in the near future. I will not say it works or not but it is worth a try

[javitor52x]

a question was following this thread and there were more than 20 pages in the first there was a tutorial on how to do it and I talked several times about a mac that I have and it is not activated and it turns out that there is nothing that has been deleted? What happened?

[Stephen]

Quote:

Originally Posted by javitor52x

a question was following this thread and there were more than 20 pages in the first there was a tutorial on how to do it and I talked several times about a mac that I have and it is not activated and it turns out that there is nothing that has been deleted? What happened?

It's because yours truly wanted it removed after Bad Apples took over the thread. Can't have nice things now can we?

[Quintario]

Good evening,

are there any news about the unlocking with a "new" BridgeOS?

@Stephen

Your damn good Tutorial about T2 with all the Pictures and Step by Step Guidance is removed?

[Stephen]

Quote:

Originally Posted by Quintario

Good evening,

are there any news about the unlocking with a "new" BridgeOS?

@Stephen

Your damn good Tutorial about T2 with all the Pictures and Step by Step Guidance is removed?

Actually yes, Checkrain has been updated a little more (if you check their pongoOS and Libs). I see another month or so and once that is released I see all locked devices being unlocked again. So just be patient.

[alerm]

Quote:

Originally Posted by Stephen

MDM Method may work
Here is how it may work:

You must have a legit MDM server to do this. MDM serial is registered to the SERIAL on the device, not the T2 or the Bluetooth. In order to register a serial to MDM the Mac must be already enrolled or you must enroll it via QR code, this means you need a T2 mac that is not locked in order to do this, well how do you enroll it? Easy. You must have full access to a working Mac that has access to being able to enroll into MDM. Once you do that. Jot down that serial number of that Mac. Then enroll it, after you enroll it, get that serial number and change it on another Mac, but before you do that you have to not WIPE the data off the EFI Rom chip and only manually change the serial to the ENROLLED MDM serial. Once you get to the activation lock screen, you will be greeted with the option to use an MDM key, that key is provided from your MDM server or whatever program you use to unlock it. This would be the only viable way to get past Activation lock AS LONG as the serial is the exact same as the one registered into the MDM server. But I see this being patched in the near future. I will not say it works or not but it is worth a try

Would it be possible to enroll a VM or a Hackintosh with the locked Macs Serialnumber to begin with? I have a Apple Business Account but still no MDM server but I will try as soon as I got one

[curiositymaster]

Quote:

Originally Posted by Stephen

MDM Method may work
Here is how it may work:

You must have a legit MDM server to do this. MDM serial is registered to the SERIAL on the device, not the T2 or the Bluetooth. In order to register a serial to MDM the Mac must be already enrolled or you must enroll it via QR code, this means you need a T2 mac that is not locked in order to do this, well how do you enroll it? Easy. You must have full access to a working Mac that has access to being able to enroll into MDM. Once you do that. Jot down that serial number of that Mac. Then enroll it, after you enroll it, get that serial number and change it on another Mac, but before you do that you have to not WIPE the data off the EFI Rom chip and only manually change the serial to the ENROLLED MDM serial. Once you get to the activation lock screen, you will be greeted with the option to use an MDM key, that key is provided from your MDM server or whatever program you use to unlock it. This would be the only viable way to get past Activation lock AS LONG as the serial is the exact same as the one registered into the MDM server. But I see this being patched in the near future. I will not say it works or not but it is worth a try

I'm thinking if we could just get an older mac (say 2017 version) which does not require removing the chip to change serial number; edit the serial number to that of the locked T2 mac. We can then enrol the Mac with edited serial number and then generate an MDM unlock code that we may then use to unlock the locked Mac.

I have a 2017 mac and an icloud locked T2 Mac we can use to test this in case anyone has a business Apple account and an MDM server.

[Stephen]

Quote:

Originally Posted by curiositymaster

I'm thinking if we could just get an older mac (say 2017 version) which does not require removing the chip to change serial number; edit the serial number to that of the locked T2 mac. We can then enrol the Mac with edited serial number and then generate an MDM unlock code that we may then use to unlock the locked Mac.

I have a 2017 mac and an icloud locked T2 Mac we can use to test this in case anyone has a business Apple account and an MDM server.

Given the circumstance that a T2 chip Mac is what we are trying to unlock I would stick to a 2018 at minimum. It COULD cause issues if it doesn't recognize the difference in the 2. I do not know exactly how Apple servers truly work but they do have a priority in putting Serial numbers first to be read on the server then T2 etc. So if the serial number comes up as MDM, then you may see an MDM key option to activate. I do not know for sure if this would work with a 2017 but if you want to try go for it. Just know that 2017 Model has to already be enrolled in the server for a key to generate.

[fricosu007]

found out one thing today...since they opened up the possibility to repair your iphone by replacing battery(official apple self service), since the iphone xs, all the models if you replace the battery by yourself from a donor one or a bran new chinese bat. you get an error that the battery is not genuine, now, you buy the battery from them, after replacing it you have to contact them and use AC (apple configurator) to restore it with the bran new battery installed so you don't get that "not genuine" error .. my point is ..can we somehow sniff on this apple configurator and add our own info to rewrite our own sn / MACs or just use the protocol they link up with the device ??

p.s. when using apple configurator you do it with them remotely connected as i understood from their support team .. so everything is happening live ..

[curiositymaster]

Quote:

Originally Posted by Stephen

Given the circumstance that a T2 chip Mac is what we are trying to unlock I would stick to a 2018 at minimum. It COULD cause issues if it doesn't recognize the difference in the 2. I do not know exactly how Apple servers truly work but they do have a priority in putting Serial numbers first to be read on the server then T2 etc. So if the serial number comes up as MDM, then you may see an MDM key option to activate. I do not know for sure if this would work with a 2017 but if you want to try go for it. Just know that 2017 Model has to already be enrolled in the server for a key to generate.

I guess I'd have to wait until I can get an Apple Business account.
What's the update on the stuff you're doing with your developer mate?

[Stephen]

Quote:

Originally Posted by curiositymaster

I guess I'd have to wait until I can get an Apple Business account.
What's the update on the stuff you're doing with your developer mate?

Let's just say it cost a good amount to get this app developed and they figured out how to replicate Checkm8 and mina. But this takes weeks to months to develop and trial and error.

[curiositymaster]

Quote:

Originally Posted by Stephen

Let's just say it cost a good amount to get this app developed and they figured out how to replicate Checkm8 and mina. But this takes weeks to months to develop and trial and error.

Fingers crossed then.

[Stephen]

Also the app will not support MDM removal, you will need to have soldering skills to do MDM removal and the T203 device.

[curiositymaster]

Quote:

Originally Posted by Stephen

Also the app will not support MDM removal, you will need to have soldering skills to do MDM removal and the T203 device.

I'm not sure MDM removal is possible unless we could specifically instruct the computer never to check for MDM.

[curiositymaster]

Of course we could also edit the serial number with T203 as you've suggested.

[Stephen]

Quote:

Originally Posted by curiositymaster

Of course we could also edit the serial number with T203 as you've suggested.

As stated before and Piernov would agree, MDM is easily removable by changing the serials. Just figure out which ones match your device and boom. I made a post about this. MDM is not an issue even with the new iBridge.