Badcaps.net Forum
Go Back   Badcaps Forums > Troubleshooting Hardware & Devices and Electronics Theory > Troubleshooting Laptops, Tablets, and Mobile Devices > BIOS Requests ONLY!
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 06-11-2022, 07:58 AM   #221
Stephen
Meow Meow MEOW!
 
Stephen's Avatar
 
Join Date: Apr 2020
City & State: USA 🇺🇸
My Country: United States
Line Voltage: 120VAC 60hz
I'm a: Hardcore Geek
Posts: 412
Default Re: T2 Chip Programmer Tool

Mina did this because you had a special someone in the thread tell them so they had to create a code to stop this since you know…people don’t want people to have nice things lol. I’m not worried about it. Our software is half way there.
__________________

MEOWING IN THE IMPOSSIBLE UNIVERSE!
Stephen is offline   Reply With Quote
Old 06-12-2022, 07:07 AM   #222
ugamazing
Member
 
Join Date: Jun 2013
City & State: georgia
My Country: usa
I'm a: Knowledge Seeker
Posts: 54
Default Re: T2 Chip Programmer Tool

Without being too informed on the current status/progress of a T2 bypass or unlock, can I ask a potentially-dumb question?

Would it be possible to somehow identify the contact information (name/email) of the iCloud account owner of a particular board, and then simply attempt to contact them to have the lock removed? Of course many people wouldn't respond, and you'd still be stuck with a locked board, but I was curious if that information would somehow be stored on the board. I'd imagine that info is securely stored/encrypted in the SE, so probably impossible to get to, but was just curious.
ugamazing is offline   Reply With Quote
Old 06-13-2022, 02:59 AM   #223
lamo
Member
 
Join Date: Nov 2017
City & State: Odessa
My Country: Ukraine
I'm a: Knowledge Seeker
Posts: 26
Default Re: T2 Chip Programmer Tool

guys from mina also reading badcaps
lamo is offline   Reply With Quote
Old 06-13-2022, 07:50 AM   #224
Stephen
Meow Meow MEOW!
 
Stephen's Avatar
 
Join Date: Apr 2020
City & State: USA 🇺🇸
My Country: United States
Line Voltage: 120VAC 60hz
I'm a: Hardcore Geek
Posts: 412
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by ugamazing View Post
Without being too informed on the current status/progress of a T2 bypass or unlock, can I ask a potentially-dumb question?

Would it be possible to somehow identify the contact information (name/email) of the iCloud account owner of a particular board, and then simply attempt to contact them to have the lock removed? Of course many people wouldn't respond, and you'd still be stuck with a locked board, but I was curious if that information would somehow be stored on the board. I'd imagine that info is securely stored/encrypted in the SE, so probably impossible to get to, but was just curious.

Believe it or not it is stored into the T2 chip. That information is easily obtained if you had admin access to the board if bypassed. What do I mean?

When you bypass a board, sometimes a board will say at setup “find my mac” is enabled. And you see the actual email in result, I think this is a minor glitch in bypass but it happens sometimes and I write that information down. But it’s always not the case. Now when the computer is fully wiped and updated with iBridge, it will have to be a little more digging to figure out how to bypass it again. That is when checkrain comes into play (when they finally update it). I anticipate it happening soon since they have updated pongoOS and the libs files. Just a matter of time.

Nextly to the response saying Mina developers are on here. I am fairly certain the trolls that got banned were the ones by Mina. They want to make money let them. However they have no ownership to the jailbreak since it is open source and all it is a few key strokes in SSH control. Checkm8 and Mina use the exact same concept to remove the lock. It actually is just telling the device it is activated and you get OS install.

Last edited by piernov; 06-13-2022 at 08:53 AM..
Stephen is offline   Reply With Quote
Old 06-14-2022, 06:52 AM   #225
ugamazing
Member
 
Join Date: Jun 2013
City & State: georgia
My Country: usa
I'm a: Knowledge Seeker
Posts: 54
Default Re: T2 Chip Programmer Tool

Thanks, Stephen! That's good information, thank you. I've had moderate success in just contacting the iCloud owners; some of them are happy to make a quick buck (we offer them a monetary incentive to remove, and explain that if it was stolen, we're happy to return, etc). Seems the way to go (if possible) until an actual unlocking process is discovered.
ugamazing is offline   Reply With Quote
Old 06-14-2022, 07:43 PM   #226
anhbanxoi
Member
 
Join Date: Sep 2021
City & State: Ho Chi Minh
My Country: VN
I'm a: Knowledge Seeker
Posts: 56
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by ugamazing View Post
Thanks, Stephen! That's good information, thank you. I've had moderate success in just contacting the iCloud owners; some of them are happy to make a quick buck (we offer them a monetary incentive to remove, and explain that if it was stolen, we're happy to return, etc). Seems the way to go (if possible) until an actual unlocking process is discovered.
But how can you get the owner information to contact them?
anhbanxoi is offline   Reply With Quote
Old 06-14-2022, 08:36 PM   #227
Pedro147
Member
 
Pedro147's Avatar
 
Join Date: Sep 2016
City & State: Canberra ACT
My Country: Australia
I'm a: Knowledge Seeker
Posts: 85
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by anhbanxoi View Post
But how can you get the owner information to contact them?
just read what was just posted

Quote:
Originally Posted by Stephen View Post
Believe it or not it is stored into the T2 chip. That information is easily obtained if you had admin access to the board if bypassed. What do I mean?

When you bypass a board, sometimes a board will say at setup “find my mac” is enabled. And you see the actual email in result, I think this is a minor glitch in bypass but it happens sometimes and I write that information down. But it’s always not the case. Now when the computer is fully wiped and updated with iBridge, it will have to be a little more digging to figure out how to bypass it again. That is when checkrain comes into play (when they finally update it). I anticipate it happening soon since they have updated pongoOS and the libs files. Just a matter of time.
Pedro147 is offline   Reply With Quote
Old 06-15-2022, 09:50 AM   #228
Brais
New Member
 
Join Date: Jun 2022
City & State: Mos
My Country: España
I'm a: Knowledge Seeker
Posts: 4
Default Re: T2 Chip Programmer Tool

I was reading all posts here, very good and interesting information also.many thanks for share also.

I use to work with BIOS editing with TL866II -Plus and CH341-A , does anyone found any difference with another tools on T2 edition?

I want to try with some MAC mini (2018) , having a blocked model and the same unit unlocked for serial number collection if necessary.

Also i have Imac (2020) various units icloud locked, and other identic stuff unlocked and avaliable.

Anyone has access to the guide that was removed here with hardware modification methods?

I have access to other M1, locked and unlocked devices if someone needs more info or wants me to make any tests.

Kind Regards
Brais is offline   Reply With Quote
Old 06-16-2022, 01:06 AM   #229
simplylcd
New Member
 
Join Date: Nov 2015
City & State: Southport
My Country: United Kingdom
I'm a: Knowledge Seeker
Posts: 9
Default Re: T2 Chip Programmer Tool

I have tried the ufix u-bos2 to change serial number.
When soldered the T2 chip it was in DFu mode.
Tried a revive came on briefly and now nothing.
Any tips on what to do now ??
simplylcd is offline   Reply With Quote
Old 06-16-2022, 02:36 AM   #230
Pedro147
Member
 
Pedro147's Avatar
 
Join Date: Sep 2016
City & State: Canberra ACT
My Country: Australia
I'm a: Knowledge Seeker
Posts: 85
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by simplylcd View Post
I have tried the ufix u-bos2 to change serial number.
When soldered the T2 chip it was in DFu mode.
Tried a revive came on briefly and now nothing.
Any tips on what to do now ??
Christopher, you were told on FB, the SN is stored in the SPI ROM chip so what are you talking about "When soldered the T2 chip" ?

That statement makes no sense
Pedro147 is offline   Reply With Quote
Old 06-16-2022, 03:38 AM   #231
lamo
Member
 
Join Date: Nov 2017
City & State: Odessa
My Country: Ukraine
I'm a: Knowledge Seeker
Posts: 26
Default Re: T2 Chip Programmer Tool

there's no need to change serial number to avoid icloud lock. icloud lock is connected to ECID of T2. so, only t2 replacement will helps.
lamo is offline   Reply With Quote
Old 06-16-2022, 07:33 AM   #232
Stephen
Meow Meow MEOW!
 
Stephen's Avatar
 
Join Date: Apr 2020
City & State: USA 🇺🇸
My Country: United States
Line Voltage: 120VAC 60hz
I'm a: Hardcore Geek
Posts: 412
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by simplylcd View Post
I have tried the ufix u-bos2 to change serial number.
When soldered the T2 chip it was in DFu mode.
Tried a revive came on briefly and now nothing.
Any tips on what to do now ??
Might have to do a restore, also if that doesn't help check the battery to make sure it is a good battery. Believe it or not a bad battery will not allow a proper restore or revive.
Stephen is offline   Reply With Quote
Old 06-16-2022, 08:44 AM   #233
ugamazing
Member
 
Join Date: Jun 2013
City & State: georgia
My Country: usa
I'm a: Knowledge Seeker
Posts: 54
Default Re: T2 Chip Programmer Tool

I just received my 1.8v level shifter and can now read/pull dumps from the T2+ models.

Confirmed it's quite easy to find the serial/MLB# as mentioned by others. Will now move onto comparing dumps from boards without lock (that I own), then locking to my own iCloud/FMM, then comparing dumps again.

Anyone have any ideas for additional things to check/try? I wish there was some way to reconcile iCloud ID with serial number, but I know that's likely not something that will easily be done.

Stephen, when you mentioned the bypass method sometimes producing/printing the full iCloud email address; is it theoretically possible to--somehow--modify the T2 ROM to produce this 'glitch' and instruct the T2 to print the full email (instead of the s*****@gmail.com or whatever)? Just spitballing, I have zero knowledge of how the actual data/encryption works or is stored/handled at all. I am a hardware guy, and getting down to these details is a learning experience, but I'm definitely willing to learn!
ugamazing is offline   Reply With Quote
Old 06-17-2022, 12:20 AM   #234
simplylcd
New Member
 
Join Date: Nov 2015
City & State: Southport
My Country: United Kingdom
I'm a: Knowledge Seeker
Posts: 9
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by Pedro147 View Post
Christopher, you were told on FB, the SN is stored in the SPI ROM chip so what are you talking about "When soldered the T2 chip" ?

That statement makes no sense
I removed the chip put it in the programmer and then soldered back onto the board
simplylcd is offline   Reply With Quote
Old 06-17-2022, 11:44 AM   #235
ugamazing
Member
 
Join Date: Jun 2013
City & State: georgia
My Country: usa
I'm a: Knowledge Seeker
Posts: 54
Default Re: T2 Chip Programmer Tool

Got my 1.8v ROM reader working well, and will begin pulling dumps from all T2/M1 models this weekend. Will then lock them, pull dumps again, compare, etc.
ugamazing is offline   Reply With Quote
Old 06-18-2022, 10:51 AM   #236
Stephen
Meow Meow MEOW!
 
Stephen's Avatar
 
Join Date: Apr 2020
City & State: USA 🇺🇸
My Country: United States
Line Voltage: 120VAC 60hz
I'm a: Hardcore Geek
Posts: 412
Default Re: T2 Chip Programmer Tool

I am not sure how we could read the T2 chip itself, it could be possible if we are able to remove the T2 chip and one day able to read it, nothing is impossible in this world remember that. However, even if we were able to read the T2, the serial of that T2 itself would tie to the iCloud that it is locked to, even if you were able to some how reset it which basically is a DFU, which means that serial still has to go through Activation on Apples servers, so if we are able to figure a way to read it before it is ERASED, maybe so? No idea, the glitch comes sometimes when you bypass the machine and then it has the email once you get to the setup screen when the OS is installed. I sometimes see an email and sometimes I don't , however if we are able to produce the glitch all the time that would be perfect after you bypass it so you can ask them to remove it for good.

Quote:
Originally Posted by ugamazing View Post
I just received my 1.8v level shifter and can now read/pull dumps from the T2+ models.

Confirmed it's quite easy to find the serial/MLB# as mentioned by others. Will now move onto comparing dumps from boards without lock (that I own), then locking to my own iCloud/FMM, then comparing dumps again.

Anyone have any ideas for additional things to check/try? I wish there was some way to reconcile iCloud ID with serial number, but I know that's likely not something that will easily be done.

Stephen, when you mentioned the bypass method sometimes producing/printing the full iCloud email address; is it theoretically possible to--somehow--modify the T2 ROM to produce this 'glitch' and instruct the T2 to print the full email (instead of the s*****@gmail.com or whatever)? Just spitballing, I have zero knowledge of how the actual data/encryption works or is stored/handled at all. I am a hardware guy, and getting down to these details is a learning experience, but I'm definitely willing to learn!
Stephen is offline   Reply With Quote
Old 06-18-2022, 11:37 AM   #237
ugamazing
Member
 
Join Date: Jun 2013
City & State: georgia
My Country: usa
I'm a: Knowledge Seeker
Posts: 54
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by Stephen View Post
I am not sure how we could read the T2 chip itself, it could be possible if we are able to remove the T2 chip and one day able to read it, nothing is impossible in this world remember that. However, even if we were able to read the T2, the serial of that T2 itself would tie to the iCloud that it is locked to, even if you were able to some how reset it which basically is a DFU, which means that serial still has to go through Activation on Apples servers, so if we are able to figure a way to read it before it is ERASED, maybe so? No idea, the glitch comes sometimes when you bypass the machine and then it has the email once you get to the setup screen when the OS is installed. I sometimes see an email and sometimes I don't , however if we are able to produce the glitch all the time that would be perfect after you bypass it so you can ask them to remove it for good.
Hey Stephen, I'm shooting you a private message, thanks!
ugamazing is offline   Reply With Quote
Old 06-19-2022, 07:03 AM   #238
lamo
Member
 
Join Date: Nov 2017
City & State: Odessa
My Country: Ukraine
I'm a: Knowledge Seeker
Posts: 26
Default Re: T2 Chip Programmer Tool

Quote:
Originally Posted by Stephen View Post
I am not sure how we could read the T2 chip itself, it could be possible if we are able to remove the T2 chip and one day able to read it, nothing is impossible in this world remember that. However, even if we were able to read the T2, the serial of that T2 itself would tie to the iCloud that it is locked to, even if you were able to some how reset it which basically is a DFU, which means that serial still has to go through Activation on Apples servers, so if we are able to figure a way to read it before it is ERASED, maybe so? No idea, the glitch comes sometimes when you bypass the machine and then it has the email once you get to the setup screen when the OS is installed. I sometimes see an email and sometimes I don't , however if we are able to produce the glitch all the time that would be perfect after you bypass it so you can ask them to remove it for good.
according to my investigations, there're no useful information, except machine serial number and board number in t2 rom. t2 rom only need to boot into dfu. also, all known methods of jailbreak won't work, because of usb-c firmware patch in t2 chip. t2 chip also have small rom-memory inside. the only way to remove icloud lock is to modify ECID of t2. this operation isn't possible for current moment.
lamo is offline   Reply With Quote
Old 06-19-2022, 02:01 PM   #239
LevanGood
New Member
 
Join Date: Jun 2022
City & State: Che
My Country: Ukraine
I'm a: Knowledge Seeker
Posts: 10
Default Re: T2 Chip Programmer Tool

Hey guys!
Sorry for my english. I know it’s poor cuz I’m from Ukraine))

Look, I’ve got AppleID locked MB Pro A2141 and I wonder if I can unlock it.
As I know Apple blocked jailbreak ability on the last MacOS.
I’ve got another A2141 logic board with issues and it has FMM OFF.

So I wonder if it’s possible to replace some IC’s from the defective logic board with FMM off to my locked board? Has anybody done this before?
Should I replace T2 itself + SPI or should I replace WIFI+NANDs additionaly?

Thanks in advance!
LevanGood is offline   Reply With Quote
Old 06-20-2022, 02:59 AM   #240
lamo
Member
 
Join Date: Nov 2017
City & State: Odessa
My Country: Ukraine
I'm a: Knowledge Seeker
Posts: 26
Default Re: T2 Chip Programmer Tool

i replaced about 20 t2's. it's very complicated procedure by itself. too many issues. but it's possible.
lamo is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums © 2003 - 2022
Powered by vBulletin ®
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 10:13 PM.
Did you find this forum helpful?