mariosant/bypass-mdm
1
0
Fork 0
mirror of https://github.com/assafdori/bypass-mdm.git synced 2026-04-19 18:44:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

updating script & README file

Browse Source
This commit is contained in:
Assaf Dori
2024-03-01 10:55:15 +02:00
parent b569875ddd
commit d1f06ae653
1 changed files with 81 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

227
bypass-mdm.sh
View File

@@ -1,174 +1,91 @@
#!/bin/bash #!/bin/bash
# Global constants
readonly DEFAULT_SYSTEM_VOLUME="Macintosh HD"
readonly DEFAULT_DATA_VOLUME="Macintosh HD - Data"
# Text formating
RED='\033[1;31m' RED='\033[1;31m'
GREEN='\033[1;32m' GRN='\033[1;32m'
BLUE='\033[1;34m' BLU='\033[1;34m'
YELLOW='\033[1;33m' YEL='\033[1;33m'
PURPLE='\033[1;35m' PUR='\033[1;35m'
CYAN='\033[1;36m' CYAN='\033[1;36m'
NC='\033[0m' NC='\033[0m'
# Checks if a volume with the given name exists echo -e "${CYAN}Bypass MDM By Assaf Dori (assafdori.com)${NC}"
checkVolumeExistence() {
local volumeLabel="$*"
diskutil info "$volumeLabel" >/dev/null 2>&1
}
# Returns the name of a volume with the given type
getVolumeName() {
local volumeType="$1"
# Getting the APFS Container Disk Identifier
apfsContainer=$(diskutil list internal physical | grep 'Container' | awk -F'Container ' '{print $2}' | awk '{print $1}')
# Getting the Volume Information
volumeInfo=$(diskutil ap list "$apfsContainer" | grep -A 5 "($volumeType)")
# Extracting the Volume Name from the Volume Information
volumeNameLine=$(echo "$volumeInfo" | grep 'Name:')
# Removing unnecessary characters to get the clean Volume Name
volumeName=$(echo "$volumeNameLine" | cut -d':' -f2 | cut -d'(' -f1 | xargs)
echo "$volumeName"
}
# Defines the path to a volume with the given default name and volume type
defineVolumePath() {
local defaultVolume=$1
local volumeType=$2
if checkVolumeExistence "$defaultVolume"; then
echo "/Volumes/$defaultVolume"
else
local volumeName
volumeName="$(getVolumeName "$volumeType")"
echo "/Volumes/$volumeName"
fi
}
# Mounts a volume at the given path
mountVolume() {
local volumePath=$1
if [ ! -d "$volumePath" ]; then
diskutil mount "$volumePath"
fi
}
echo -e "${CYAN}*-------------------*---------------------*${NC}"
echo -e "${YELLOW}* Check MDM - Bypass MDM Setup on MacOS edited by*${NC}"
echo -e "${RED}* Assaf Dori*${NC}"
echo -e "${RED}* Originally by Phoenix Team*${NC}"
echo -e "${CYAN}*-------------------*---------------------*${NC}"
echo "" echo ""
PS3='Please enter your choice: ' PS3='Please enter your choice: '
options=("Autobypass on Recovery" "Check MDM Enrollment" "Reboot" "Exit") options=("Bypass MDM from Recovery" "Reboot")
select opt in "${options[@]}"; do select opt in "${options[@]}"; do
case $opt in case $opt in
"Autobypass on Recovery") "Bypass MDM from Recovery")
echo -e "\n\t${GREEN}Bypass on Recovery${NC}\n" echo -e "${GRN}Bypass from Recovery"
if [ -d "/Volumes/Macintosh HD - Data" ]; then
# Mount Volumes diskutil rename "Macintosh HD - Data" "Data"
echo -e "${BLUE}Mounting volumes, please wait.${NC}"
# Mount System Volume
systemVolumePath=$(defineVolumePath "$DEFAULT_SYSTEM_VOLUME" "System")
mountVolume "$systemVolumePath"
# Mount Data Volume
dataVolumePath=$(defineVolumePath "$DEFAULT_DATA_VOLUME" "Data")
mountVolume "$dataVolumePath"
echo -e "${GREEN}Volume preparation completed${NC}\n"
# Create User
echo -e "${BLUE}Checking user existence${NC}"
dscl_path="$dataVolumePath/private/var/db/dslocal/nodes/Default"
localUserDirPath="/Local/Default/Users"
defaultUID="501"
if ! dscl -f "$dscl_path" localhost -list "$localUserDirPath" UniqueID | grep -q "\<$defaultUID\>"; then
echo -e "${CYAN}Create a new user{NC}"
echo -e "${CYAN}Press Enter to continue, Note: Leaving it blank will default 'Apple' user${NC}"
echo -e "${CYAN}Enter Full Name (Default: Apple)${NC}"
read -rp "Full name: " fullName
fullName="${fullName:=Apple}"
echo -e "${CYAN}Username${NC} ${RED}NO SPACES ALLOWED${NC} ${GREEN}(Default: Apple)${NC}"
read -rp "Username: " username
username="${username:=Apple}"
echo -e "${CYAN}Enter the User Password (Default: 1234)${NC}"
read -rsp "Password: " userPassword
userPassword="${userPassword:=. }"
echo -e "\n${BLUE}Creating User${NC}"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" UserShell "/bin/zsh"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" RealName "$fullName"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" UniqueID "$defaultUID"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" PrimaryGroupID "20"
mkdir "$dataVolumePath/Users/$username"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" NFSHomeDirectory "/Users/$username"
dscl -f "$dscl_path" localhost -passwd "$localUserDirPath/$username" "$userPassword"
dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership "$username"
echo -e "${GREEN}User created${NC}\n"
else
echo -e "${BLUE}User already created${NC}\n"
fi fi
echo -e "${GRN}Create a new user"
# Block MDM hosts echo -e "${BLU}Press Enter to continue, keaving it blank will default to the default user ('Apple')"
echo -e "${BLUE}Blocking MDM domains, please wait.${NC}" echo -e "Enter Real Name (Default: Apple)"
hostsPath="$systemVolumePath/etc/hosts" read realName
blockedDomains=("deviceenrollment.apple.com" "mdmenrollment.apple.com" "iprofiles.apple.com") realName="${realName:= Apple}"
for domain in "${blockedDomains[@]}"; do echo -e "${BLUE}Enter username ${RED}No Spaces Allowed (Default: Apple)"
echo "0.0.0.0 $domain" >>"$hostsPath" read username
done username="${username:=Apple}"
echo -e "${GREEN}Domains have been blocked.${NC}\n" echo -e "${BLUE}Enter the password (Default: 1234)"
read passw
# Remove config profiles passw="${passw:=1234}"
echo -e "${BLUE}Remove config profiles${NC}" dscl_path='/Volumes/Data/private/var/db/dslocal/nodes/Default'
configProfilesSettingsPath="$systemVolumePath/var/db/ConfigurationProfiles/Settings" echo -e "${GREEN}Creating User"
touch "$dataVolumePath/private/var/db/.AppleSetupDone" # Create user
rm -rf "$configProfilesSettingsPath/.cloudConfigHasActivationRecord" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username"
rm -rf "$configProfilesSettingsPath/.cloudConfigRecordFound" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UserShell "/bin/zsh"
touch "$configProfilesSettingsPath/.cloudConfigProfileInstalled" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName"
touch "$configProfilesSettingsPath/.cloudConfigRecordNotFound" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" RealName "$realName"
echo -e "${GREEN}Config profiles removed${NC}\n" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" UniqueID "501"
dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" PrimaryGroupID "20"
echo -e "${GREEN}------ Autobypassed Successfully ------${NC}" mkdir "/Volumes/Data/Users/$username"
echo -e "${CYAN}------ Exit Terminal & reboot your Mac. Asiko is GOAT. ------${NC}" dscl -f "$dscl_path" localhost -create "/Local/Default/Users/$username" NFSHomeDirectory "/Users/$username"
dscl -f "$dscl_path" localhost -passwd "/Local/Default/Users/$username" "$passw"
dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership $username
echo "0.0.0.0 deviceenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo "0.0.0.0 mdmenrollment.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo "0.0.0.0 iprofiles.apple.com" >>/Volumes/Macintosh\ HD/etc/hosts
echo -e "${GREEN}Successfully blocked MDM domains"
echo "Removing config profile"
touch /Volumes/Data/private/var/db/.AppleSetupDone
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
echo -e "${CYAN}MDM Bypass Done.${NC}"
echo -e "${CYAN}Please exit terminal and reboot.${NC}"
break break
;; ;;
"Disable Notification (SIP)")
echo -e "${RED}Please Insert Your Password To Proceed${NC}"
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
break
;;
"Disable Notification (Recovery)")
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm -rf /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Macintosh\ HD/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
break
;;
"Check MDM Enrollment") "Check MDM Enrollment")
if [ ! -f /usr/bin/profiles ]; then echo ""
echo -e "\n\t${RED}Don't use this option in recovery${NC}\n" echo -e "${GRN}Check MDM Enrollment. Error is success${NC}"
continue echo ""
fi echo -e "${RED}Please Insert Your Password To Proceed${NC}"
echo ""
if ! sudo profiles show -type enrollment >/dev/null 2>&1; then sudo profiles show -type enrollment
echo -e "\n\t${GREEN}Success${NC}\n" break
else
echo -e "\n\t${RED}Failure${NC}\n"
fi
;; ;;
"Reboot")
echo -e "\n\t${BLUE}Rebooting...${NC}\n"
reboot
;;
"Exit") "Exit")
echo -e "\n\t${BLUE}Exiting...${NC}\n" echo "Rebooting..."
exit reboot
;; break
*)
echo "Invalid option $REPLY"
;; ;;
*) echo "Invalid option $REPLY" ;;
esac esac
done done