Announcement

Collapse
No announcement yet.

Macbook M1 bypass FMM / EFI Unlock

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Re: Macbook M1 bypass FMM / EFI Unlock

    Originally posted by betonel View Post
    Instead of wasting $$$
    ~$250+ - on T203 for a USON 4x3 or
    ~$200 - for an DS809SE (exactly an R809F)

    Use these...

    $ 64 - RT809F (with 15 adapters)
    $ 10 - 1.8V 'Level shifter' (for T2 ROM)

    Very good advice:

    If the M2012 - 2013 Retina 13"+15" isn't needed, would this be a good deal?


    $38 www.aliexpress.com/item/201005003289066054.html
    - Includes the CH314a
    - The PCB to solder the T2 ROM (4x3mm)
    - Includes J6100 connectors for Late-2013 - 2017 (excludes M12-E13 retina)
    - Negates any need for getting the VCC, CLK, wiring (already done).

    Already Includes the:
    $20 - T2 board
    $45 - "SAM connectors" (just not the M12 - E13, looks but ≠ L13-M14)
    $ 5 - Includes CH314a plus the 'DIL' adapter interface to the cables...
    (not as good a programmer but can be okay)


    The attached annotated image shows Betonel's suggested means of reading
    the T2 with the Level Shifter and, by soldering it on a 4x3 reader.

    (which he suggests bc 'clamshell' adapters are all a FORTUNE for 4x3mm).

    Betonel: I found a "3mm x 3mm" that's 1/3rd the price ... think it'd fit..?

    https://www.aliexpress.com/item/1005001510434419.html
    (I ask bc it looks like the width of the chip is 'unconstrained' in the holder..?)


    Last:
    You wired the board analyzer (Zaleae) where the T2's ROM mounts...

    Are you really decoding the SINGALS that way ..? (reverse engineering it?!)
    The M1 looks RIDICULOUSLY difficult :'( (see animated GIF)
    Attached Files

    Comment


      Re: Macbook M1 bypass FMM / EFI Unlock

      Originally posted by Stephen View Post
      Got the iClouds removed due to owner email being tied and looking them up.
      I assume you mean via GSX as this isn't public.

      Originally posted by Stephen View Post
      MDM should be easy after locating SN in BIN & changing it.
      However, we'd have to find legit device-SN to implement it.
      If nothing else when you get irreparable M1 boards you should KEEP those SN for these circumstances.


      Originally posted by Stephen View Post
      In my experience with T2 MDM locks, I always associate the serial with the exact model (A1990 serial changed to another A1990 serial found on Mac Serial Lookup).
      If valid SNs are required, they're required. But if an iCloud's associated with
      that SN & they lock (enable FMM) could it not lock both..? Or cause issues
      with iMessage / FaceTime, etc.. ?

      In case you didn't see a remark I made in another post:

      C02Z5205G8WN -- If this were a real SN...
      C02 = location made
      Z5205 = Date Code + SN
      G8WN = Model Info

      As in ... people talking about willie-nillie changing the last 4 to edit the SN are changing the model info.

      There IS a file inside the OS which decodes those last 4 digits to define the unit. I'll see if it's still in Monterey and convert my i9 into an M1, etc., (on the initial about this mac; it'll do nothing for the Profiler details which are from the HW info).



      Originally posted by Stephen View Post
      MDM bypass is useless, personally who cares?
      Why is it useless..? Doesn't it give access to a computer that's locked !?


      PS: If anyone has an MDM account, you can often get reps to remove a device from another MDM and add them to yours; they have more discretion (at least did with iPhones and T2 devices via AWS) ... !!
      Last edited by TrumanHW; 04-14-2022, 09:18 PM.

      Comment


        Re: Macbook M1 bypass FMM / EFI Unlock

        Originally posted by TrumanHW View Post
        I assume you mean via GSX as this isn't public.



        If nothing else when you get irreparable M1 boards you should KEEP those SN for these circumstances.




        If valid SNs are required, they're required. But if an iCloud's associated with
        that SN & they lock (enable FMM) could it not lock both..? Or cause issues
        with iMessage / FaceTime, etc.. ?

        In case you didn't see a remark I made in another post:

        C02Z5205G8WN -- If this were a real SN...
        C02 = location made
        Z5205 = Date Code + SN
        G8WN = Model Info

        As in ... people talking about willie-nillie changing the last 4 to edit the SN are changing the model info.

        There IS a file inside the OS which decodes those last 4 digits to define the unit. I'll see if it's still in Monterey and convert my i9 into an M1, etc., (on the initial about this mac; it'll do nothing for the Profiler details which are from the HW info).





        Why is it useless..? Doesn't it give access to a computer that's locked !?


        PS: If anyone has an MDM account, you can often get reps to remove a device from another MDM and add them to yours; they have more discretion (at least did with iPhones and T2 devices via AWS) ... !!

        MDM bypass is useless because it still doesn't solve the issue that you still have an MDM bypass. Compared to just removing it for good with a serial number change.

        I only change the last digit on a serial number not the last 4. I am well aware of this. Also changing the serial number for MDM does not have activation lock because the T2 is not tied to activation lock if it is MDM, it is tied to the Serial number. So changing the last digit will suffice just make sure it is not an MDM serial again lol.

        Old boards for M1 devices will suffice for serial number changes. This also is a good method.

        I was able to get the M1 Pro emails because they had the emails logged in when we had access to the full machine. The emails were still on the settings so we reached out and they removed it without issue. If you are able to get an email most consumers that owned the previous device are very willing to remove the iCloud because they would fear the idea you have access to their data (which you do not ) so they just get it removed. We are fortunate to have the emails when this happens.
        sigpic
        MEOWING IN THE IMPOSSIBLE UNIVERSE!

        Comment


          Re: Macbook M1 bypass FMM / EFI Unlock

          Originally posted by Stephen View Post
          MDM bypass is useless bc it's unresolved: you still have an MDM [bypass], you haven't REMOVED the MDM with a just a SN change.
          AHH!!, I see! The SN's LAST DIGIT doesn't affect the system ID info?

          I take it this isn't a BAD solution, just less ideal than a solution which ...
          ...corresponds to an 'Apple Warranty Check' and the Bottom Door's SN..?

          Originally posted by Stephen View Post
          Old M1 boards will suffice for SN changes (good method).
          Good info / confirmation

          Originally posted by Stephen View Post
          I got the M1 Pro emails bc they were still on the settings
          Settings meaning ..? In System Preferences --> iCloud?
          (Not in the ROM I assume - as it WAS in Pre-T2 units)

          Did the "reported M1 success" a few months ago wind up "re-locking" ..?

          Thanks again, you seem to really be leading the pack on this research
          Last edited by TrumanHW; 04-15-2022, 02:29 PM.

          Comment


            Re: Macbook M1 bypass FMM / EFI Unlock

            Last character matters too, there can be some overlap between different models.
            OpenBoardView — https://github.com/OpenBoardView/OpenBoardView

            Comment


              Re: Macbook M1 bypass FMM / EFI Unlock

              Originally posted by piernov View Post
              Last character matters too, there can be some overlap between different models.

              The best way to check is use this for example. Go to https://everymac.com/ultimate-mac-lookup/


              Type in a Serial like this for example

              C02C3839MD6N (pulls up as a 16" MacBook Pro 2019)

              You see the N at the end? Either a character or number can be changed, so lets type a few letters in...Maybe an M?

              C02C3839MD6M (pulls up as a 16" MacBook Pro 2019)

              Basically the last digit was changed and it was associated with another 16". SO pretty much the identifier works and it recognizes its a 16" which in return will solve MDM methods. Now you are rolling the dice but most likely it won't be MDM locked.
              sigpic
              MEOWING IN THE IMPOSSIBLE UNIVERSE!

              Comment


                Re: Macbook M1 bypass FMM / EFI Unlock

                Originally posted by TrumanHW View Post
                AHH!!, I see! The SN's LAST DIGIT doesn't affect the system ID info?

                I take it this isn't a BAD solution, just less ideal than a solution which ...
                ...corresponds to an 'Apple Warranty Check' and the Bottom Door's SN..?



                Good info / confirmation



                Settings meaning ..? In System Preferences --> iCloud?
                (Not in the ROM I assume - as it WAS in Pre-T2 units)

                Did the "reported M1 success" a few months ago wind up "re-locking" ..?

                Thanks again, you seem to really be leading the pack on this research
                Yes the computer was able to be logged in because it didn't have a password however it had an email logged into the iCloud. So we reached out and they were kind enough to remove it from their devices. And the old M1 we THOUGHT we unlocked kicked us out at the OS install. What I mean is in order to wipe the drive you have to force restart to start activation again, and boom it locked. So what this means is there is no way at this time to remove these locks unless we have some backdoor access to Apple Servers or someone that works for Apple. I would hope one day enough shops and companies sue apple over their devices they own legal when they buy pallets etc. Matter of time I guess
                sigpic
                MEOWING IN THE IMPOSSIBLE UNIVERSE!

                Comment


                  Re: Macbook M1 bypass FMM / EFI Unlock

                  Originally posted by Stephen View Post
                  The best way to check is use this for example. Go to https://everymac.com/ultimate-mac-lookup/
                  https://everymac.com/ultimate-mac-lo...s=C02J31BUF760
                  https://everymac.com/ultimate-mac-lo...s=C02J31BUF761
                  OpenBoardView — https://github.com/OpenBoardView/OpenBoardView

                  Comment


                    Re: Macbook M1 bypass FMM / EFI Unlock

                    I think we need read this.
                    Attached Files

                    Comment


                      Re: Macbook M1 bypass FMM / EFI Unlock

                      Do you know what apple uses to recognize that the Mac is linked to an Apple Id? I know it's not only the Serial Number.
                      And I managed to get an Apple Business account, what can I do to MDM my MacBook?

                      Comment


                        Re: Macbook M1 bypass FMM / EFI Unlock


                        Yes some may not match it usually is hit. But that's how I verify before I change the serial. I type a few in till I get a match.
                        sigpic
                        MEOWING IN THE IMPOSSIBLE UNIVERSE!

                        Comment


                          Re: Macbook M1 bypass FMM / EFI Unlock

                          Originally posted by imranromi View Post
                          I think we need read this.
                          NOTE: The "image" titled

                          SN_Decoder.txt file with the code from
                          https://www.kolide.com/blog/how-to-f...-using-osquery


                          The page seems very informative to me, but I lack the programming bg to follow the recipe.

                          As I'm uniquely UNqualified, I'd be grateful if someone were to follow the recipe of said code & provide a script an ignoramus like myself can use?

                          I realize this just provides a database of mfr dates ... but, I believe I have about 5-10k units in my old database which I could sort by the last four SN to define each model and provide another database (if someone else doesn't already have it) in order to have a program which decodes the Date Codes and model without needing to use a website with captchas, etc.



                          Even if future SN are truly random (difficult to do & I'm skeptical they'd try to), the script is useful if only for ≥2021 or ≥2022 units.



                          As you can see, changing anything but digits 6, 7, & 8 cannot correspond to a real unit, and thus, I will only ever modify those (personally) if required.
                          Attached Files
                          Last edited by SMDFlea; 04-20-2022, 01:52 PM.

                          Comment


                            Re: Macbook M1 bypass FMM / EFI Unlock

                            Originally posted by TrumanHW View Post
                            As I'm uniquely UNqualified, I'd be grateful if someone were to follow the recipe of said code & provide a script an ignoramus like myself can use?
                            I used the Information from that Website to create a simple tool that doesn't use any server communication with the serial to calculate the results.

                            Website: https://tobidi0410.github.io/applesndecoder/
                            Source: https://github.com/ToBiDi0410/ToBiDi...applesndecoder

                            If you want to, I could also add the information from your Database for the Models etc.

                            Comment


                              Re: Macbook M1 bypass FMM / EFI Unlock

                              Originally posted by HansTodi01 View Post
                              I used the Information from that Website to create a simple tool that doesn't use any server communication with the serial to calculate the results.

                              Website: https://tobidi0410.github.io/applesndecoder/
                              Source: https://github.com/ToBiDi0410/ToBiDi...applesndecoder

                              If you want to, I could also add the information from your Database for the Models etc.

                              You're awesome! I'll look for my FM database and see how I can export it.
                              TY!!!

                              Comment


                                Re: Macbook M1 bypass FMM / EFI Unlock

                                Originally posted by Stephen View Post
                                Yes the computer was able to be logged in because it didn't have a password however it had an email logged into the iCloud. So we reached out and they were kind enough to remove it from their devices. And the old M1 we THOUGHT we unlocked kicked us out at the OS install. What I mean is in order to wipe the drive you have to force restart to start activation again, and boom it locked. So what this means is there is no way at this time to remove these locks unless we have some backdoor access to Apple Servers or someone that works for Apple. I would hope one day enough shops and companies sue apple over their devices they own legal when they buy pallets etc. Matter of time I guess

                                Makes sense ... maybe there's an IP address in the ROM, at which point you'd need to figure out what info it's 'polling' for ...

                                You really might try making a management account with AWS for a non-profit (501c3 gets free AWS I think) ... then, ask an agent to just "transfer a device from your 'other' account" ... I've heard the odds are pretty decent.

                                Comment


                                  Re: Macbook M1 bypass FMM / EFI Unlock

                                  Hello ,
                                  when i was playing with the lock screen i tried "user" as apple id and "pwd" as password , it gaves me the abbility to unlock via security question ( in my case it was the day and the month of birth )
                                  you can try up to 4-5 attempts then the option will be disabled for a bit amount of time .

                                  i think we can easily lunch a brut force attack to find it (366 combination ) i dont know if there multiple questions or this is the only one .

                                  Comment


                                    Re: Macbook M1 bypass FMM / EFI Unlock

                                    Originally posted by walou View Post
                                    Hello ,
                                    when i was playing with the lock screen i tried "user" as apple id and "pwd" as password , it gaves me the abbility to unlock via security question ( in my case it was the day and the month of birth )
                                    you can try up to 4-5 attempts then the option will be disabled for a bit amount of time .

                                    i think we can easily lunch a brut force attack to find it (366 combination ) i dont know if there multiple questions or this is the only one .
                                    This happens with apple id "null" and password "null" too.
                                    Don't this is the Macbooks Apple ID but just one random Apple ID.
                                    Even if you guess the Birthday and reset the password it will say "This Mac is linked to a different ID"

                                    Comment


                                      Re: Macbook M1 bypass FMM / EFI Unlock

                                      Too bad more units don't have this enabled:

                                      I'm not sure if this does anything ... but it might ?
                                      Attached Files

                                      Comment


                                        Re: Macbook M1 bypass FMM / EFI Unlock

                                        Originally posted by HansTodi01 View Post
                                        I used the Information from that Website to create a simple tool that doesn't use any server communication with the serial to calculate the results.

                                        Website: https://tobidi0410.github.io/applesndecoder/
                                        Source: https://github.com/ToBiDi0410/ToBiDi...applesndecoder

                                        If you want to, I could also add the information from your Database for the Models etc.
                                        Haven't forgotten: Gonna look for the DataBase today...
                                        Might need an NDA just in case any private info is included.

                                        Check your PM if you get a chance. Thanks!!!

                                        Comment


                                          Re: Macbook M1 bypass FMM / EFI Unlock

                                          Originally posted by techman9510 View Post
                                          so in order to get a MDM activation key the MacBook has to be supervised and in order to do that you need a business or school Apple ID. I'm in the process of getting the business Apple ID and I will test the mdm activation key on a iPad that is jailbroken.
                                          Could you explain the "Business Apple ID"? Does it allow supervisor to stay on top of their devices including MDM? Thanks

                                          Comment

                                          Working...
                                          X