Salta al contenuto principale
Aiuto

Versione corrente di: Kevin O'Brien ,

Testo:

Hey there guys.
 
I hate to break this to you all, but this is nearly impossible. I'm stuck in the exact same situation on a Lenovo Thinkpad 11e Chromebook running Chrome OS 61 Stable-Release (which I'm currently typing this response on).
 
Let me give you some knowledge that I've picked up during my tournament to attempt to gain victory against the Enterprise Admin of my school district:
 
1) I ''have'' bypassed enrollment before...three or four times. It did involve doing exactly what Eric Tribble did (only without me removing the write-protect screw because I honestly don't know where the !&&* it is on my Chromebook).
 
2) Now, with the completely new device they gave me (same make and model), I can't bypass enrollment for the life of me. If you refer to chrome://policy on an enterprise enrolled device, you'll see the many policies that your Enterprise Admin has set for you.
 
3) This is the ass kicker of them all...all those policies I just mentioned AREN'T tied to the firmware, the BIOS, or any of that (well they are but you'll see what I mean). They're all tied to your serial number. When you reset your Chromebook, go through the GUI Setup process, and right before the enrollment screen you see "Determining device configuration"...that's Google checking in with it's servers to see if your device is managed by a domain. So that's really hard to bypass. I can give you all a few extra suggestions to try, but don't get your hopes up. It's also just a policy called "Forced Re-Enroll" in the Admin Console. These things have security tighter than a bug's ass, but I guess that's why all of our G Suite admins are laughing at us right now, me included.
 
--------------------------------------------------------------------------------------------------------------------------------------
 
1) Shut down the device, disconnect DC Power, open up the back of your Chromebook using a Phillips Head Screwdriver, locate the battery, and disconnect it from the motherboard. If your policies aren't as strict, you'll need to wait about 25-30 minutes. This allows the BIOS/UEFI/CMOS chips to clear, and the capacitors on the motherboard to drain since they're not receiving any power from the local main battery. After the allotted amount of time (or even after), plug in the DC Power ONLY. Proceed to press ESC+REFRESH+POWER, hit Ctrl+D at the "Chrome OS Is Missing or Damaged" screen, press enter to be delivered to a screen that states "OS Verification is OFF", hit Ctrl+D again or wait thirty seconds to transition to Developer Mode. If you were successful, refer to step three. If you were unsuccessful, refer to step two.
 
2) If you failed to achieve Developer Mode because the foul Administrator blocked it, unplug DC Power to kill all power to your computer again, and press the power button for 60-75 seconds, increasing it by 5-7 seconds per time as needed. This should bypass the Admin block by further draining those capacitors and the BIOS/UEFI/CMOS chips.
 
3) If you succeeded in reaching Developer Mode, great job! You defeated the foul Admin. Refer to Eric Tribble's post on changing the internal MLB_SERIAL_NUMBER and the SERIAL_NUMBER.
 
4) Sorry for the long post, I just enjoy sharing the knowledge I have, especially against foul Enterprise/Domain G Suite Admins.
 
5) If you have any questions, or want to tell me if it did/didn't work, please email me at obrienk216@gmail.com
 
I hope that this helps at least one person defeat their disgustingly foul G Suite Admin. Good luck and let the hacking gods be with you.
 
=== Update (02/18/2018) ===
 
Here's an updated to my post from a few months back.
 
If it's just websites you want to unblock, you can try with changing the DNS Server to Comodo Secure's Server address (8.26.46.26 for primary and 8.20.247.20 for secondary).
 
However, I have been unable to bypass the developer (dev) mode block on my Lenovo Thinkpad 11e Chromebook (Type: 20DU0003US), and I have also been unable to use the motherboard/capacitor draining. I have tried everything, and will most likely give up. Here are the stats of my system:
 
Version: 64.0.3282.144 (official build) (64-bit)
Platform
10176.68.0 (Official Build) stable-channel glimmer
Firmware
Google_Glimmer.5216.198.19
Channel
Currently on stable
Blink
537.36 (@)
V8
6.4.388.41
User Agent
Mozilla/5.0 (X11; CrOS x86_64 10176.68.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.144 Safari/537.36
Command Line
/opt/google/chrome/chrome --ppapi-flash-path=/opt/google/chrome/pepper/libpepflashplayer.so --ppapi-flash-version=28.0.0.161 --ui-prioritize-in-gpu-process --use-gl=egl --enable-native-gpu-memory-buffers --gpu-sandbox-failures-fatal=yes --enable-logging --log-level=1 --use-cras --enable-wayland-server --user-data-dir=/home/chronos --max-unused-resource-memory-usage-percentage=5 --login-profile=user --has-chromeos-keyboard --enable-touchview --default-wallpaper-large=/usr/share/chromeos-assets/wallpaper/default_large.jpg --default-wallpaper-small=/usr/share/chromeos-assets/wallpaper/default_small.jpg --child-wallpaper-large=/usr/share/chromeos-assets/wallpaper/child_large.jpg --child-wallpaper-small=/usr/share/chromeos-assets/wallpaper/child_small.jpg --guest-wallpaper-large=/usr/share/chromeos-assets/wallpaper/guest_large.jpg --guest-wallpaper-small=/usr/share/chromeos-assets/wallpaper/guest_small.jpg --enable-consumer-kiosk --enterprise-enrollment-initial-modulus=15 --enterprise-enrollment-modulus-limit=19 --login-manager --first-exec-after-boot --vmodule=tablet_power_button_controller=1,*chromeos/login/*=1,auto_enrollment_controller=1,*plugin*=2,*zygote*=1,*/ui/ozone/*=1,*/ui/display/manager/chromeos/*=1,*night_light*=1,power_button_observer=2,webui_login_view=2,lock_state_controller=2,webui_screen_locker=2,screen_locker=2 --silent-launch
Build Date
Friday, February 2, 2018.
 
I have to admit asking this hurts my self-esteem, as I am typically used to bypassing this myself...but I can't on the newer versions...so can someone please help me?

Stato:

open

Post originale di: Kevin O'Brien ,

Testo:

Hey there guys.

I hate to break this to you all, but this is nearly impossible. I'm stuck in the exact same situation on a Lenovo Thinkpad 11e Chromebook running Chrome OS 61 Stable-Release (which I'm currently typing this response on).

Let me give you some knowledge that I've picked up during my tournament to attempt to gain victory against the Enterprise Admin of my school district:

1) I ''have'' bypassed enrollment before...three or four times. It did involve doing exactly what Eric Tribble did (only without me removing the write-protect screw because I honestly don't know where the !&&* it is on my Chromebook).

2) Now, with the completely new device they gave me (same make and model), I can't bypass enrollment for the life of me. If you refer to chrome://policy on an enterprise enrolled device, you'll see the many policies that your Enterprise Admin has set for you.

3) This is the ass kicker of them all...all those policies I just mentioned AREN'T tied to the firmware, the BIOS, or any of that (well they are but you'll see what I mean). They're all tied to your serial number. When you reset your Chromebook, go through the GUI Setup process, and right before the enrollment screen you see "Determining device configuration"...that's Google checking in with it's servers to see if your device is managed by a domain. So that's really hard to bypass. I can give you all a few extra suggestions to try, but don't get your hopes up. It's also just a policy called "Forced Re-Enroll" in the Admin Console. These things have security tighter than a bug's ass, but I guess that's why all of our G Suite admins are laughing at us right now, me included.

--------------------------------------------------------------------------------------------------------------------------------------

1) Shut down the device, disconnect DC Power, open up the back of your Chromebook using a Phillips Head Screwdriver, locate the battery, and disconnect it from the motherboard. If your policies aren't as strict, you'll need to wait about 25-30 minutes. This allows the BIOS/UEFI/CMOS chips to clear, and the capacitors on the motherboard to drain since they're not receiving any power from the local main battery. After the allotted amount of time (or even after), plug in the DC Power ONLY. Proceed to press ESC+REFRESH+POWER, hit Ctrl+D at the "Chrome OS Is Missing or Damaged" screen, press enter to be delivered to a screen that states "OS Verification is OFF", hit Ctrl+D again or wait thirty seconds to transition to Developer Mode. If you were successful, refer to step three. If you were unsuccessful, refer to step two.

2) If you failed to achieve Developer Mode because the foul Administrator blocked it, unplug DC Power to kill all power to your computer again, and press the power button for 60-75 seconds, increasing it by 5-7 seconds per time as needed. This should bypass the Admin block by further draining those capacitors and the BIOS/UEFI/CMOS chips.

3) If you succeeded in reaching Developer Mode, great job! You defeated the foul Admin. Refer to Eric Tribble's post on changing the internal MLB_SERIAL_NUMBER and the SERIAL_NUMBER.

4) Sorry for the long post, I just enjoy sharing the knowledge I have, especially against foul Enterprise/Domain G Suite Admins.

5) If you have any questions, or want to tell me if it did/didn't work, please email me at obrienk216@gmail.com

I hope that this helps at least one person defeat their disgustingly foul G Suite Admin. Good luck and let the hacking gods be with you.

Stato:

open