Unenrollment until next powerwash on 135-137
If you need any kind of support, please join our discord server for help
- Powerwash your Chromebook
- On the "welcome to your Chromebook" screen, wait until you see the quick setup with Android button (DO NOT PRESS GET STARTED IF IT DOESN'T SHOW IMMEDIATELY), once it appears, press the button
- Hit
CTRL+ALT+SHIFT+Rand click "cancel" - Click "Enter your Google account email and password." It should say to connect to a network
- Open quick settings from the bottom right and connect to a network
After signing in, you can sign out, and you will be back on the welcome screen. Progress through Oobe as normal by clicking get started, and next, you will be greeted with three options to sign in. Sign in with the same email, and when you sign in, it will hang on the please wait screen. Simply restart or Alt+VolumeUp + X, and you will be placed on the lockscreen. After that, you are done and can sign out/reboot, and it will be persistent until the next powerwash.
After you have done the persistence method, you can recover to modified recovery images in unverified recovery, because VPD is not blocking developer mode. This can be used to obtain a root shell even on keyrolled devices via badrecovery unverified, and can be used to remove fwmp when used with badbr0ker
- Lxrd/SPIRAME: Finding the vulnerability
- HarryTarryJarry: reading logs to figure out sh1ttyOOBE disables enforced rootfs verification in developer mode recovery while enrolled, allowing badrecovery unverified to work. (leading to badbr0ker)
- crossjbly/xz8f: testing, persistence method
- all other members of crosbreaker: uhh idk