3XPLO1TS

     Expl0its

What it does

The Fog

Introduced on v112, prevents downgrading.

The Tsunami

Introduced on v114, prevents you from disabling WP.

WP

Write protect, the thing that protects you from writing to the device.

Downgrading

Lowering your version to do certain exploits that were previously patched.

Recover

A process done to remove ChromeOS and then reinstall it via a USB. (removes everything software related then reinstalls it.)

RMA/Factory shim

A tool used by technicians to do various diagnostic tests and do motherboard replacements easier. (very easy to modify, sh1mmer modified rma shims to achieve unenrollment)

Sh1mmer

Multitool jailbreak allowing you to unblock Developer Mode, unenroll your chromebook, access a root bash shell, and more. The exploit modifies RMA shims.

Unenroll

Making your school chromebook act as it is completely yours by doing some sort of exploit.

Developer Mode

Something that you can activate to get full root access to the system. Activate it by doing: ESC+REFRESH+POWER, CTRL+D, ENTER, CTRL+D

Fakemurk

Fakemurk is a tool made by Mercury Workshop intended for use on a already unenrolled chromebook. It will allow you to re-enroll, making your chromebook appear identical to an enrolled one, except keep developer mode, and even boot off a linux USB, all while tricking chromeOS into thinking you're in verified mode, so your chromebook will not show up any different from the hundreds of other chromebooks in your enterprise's google admin console.

VPD/Vital Product Data

Vital Product Data (VPD) refers to a set of system-specific configuration data that is stored on the firmware of a chromebook devices. VPD contains information about the hardware configuration, serial numbers, asset tags, and other system-specific details of the device.

Killcurly

A exploit capable of stopping certain extensions from functioning, made by zoroark on discord, this is exploit uses Chrome's forgotten url.
DM Aka, but nice#5094 on discord if the link below is blocked, I don't want to talk about the other link publicly.

By using this exploit, we are not held accountable for any actions of this because of this use.

Steps:
Go to chrome://settings/signOut
Click the blue link, and visit chrome://restart

Cookie Dough Exploit (Extension Corruption)

This expl0it can corrupt extensions, Securly, Securly Classroom, and Hapara in question. This is the most dangerous one yet, proceed at your own will, we are not held accountable of any causes/actions of this

To start, drag this code into your bookmark bar, then if you have Securly, go to securly.com and run the bookmarklet in the prompt put 50, if you have hapara, go to hapara.com or any block page, and use the bookmarklet and also put 50. Credit to the owners of this expl0it!

PBSL

This is a more safer option and works for most extensions
Any actions caused by this are not our fault, we specifcally said "This is a more safer option" not 100% safe.

If you have one of these below, continue
Securly =>https://tinyurl.com/bettergoofcurly(You may have to reload)
iBoss => https://tinyurl.com/goofboss
Blocksi => https://tinyurl.com/goofsi
Cisco Umbrella => https://tinyurl.com/goofumbrella
Impero => https://tinyurl.com/goofimpero
Securly Classroom => https://tinyurl.com/goofclassroom


On each of these links, it should be a block page or something else, there should be a button in which opens a blank page, bookmark the code at here then return to the blank page and run it.

Kill Extensions

Kill Extensions


Requirements:

chrome://serviceworkers-internals

inspect element


1. Go to chrome://serviceworker-internals

2. Find a scope with an extension ID example is: Scope: chrome-extension://[idhere]


3. Hit the Start button and then the inspect button, it will pull up a dev tool, then execute the original LTB33F code

chrome.management.setEnabled('extension_id_here',false)


BOOM, extensions are GONE.


(For each extension you MUST execut the LTB33F code and do it for each one, make sure you only press inspect with the one that has a extension otherwise it WON'T work.


Credit to Nyaann#3881 for finding this expl0it


Printing Expl0it

1. Find your extension's largest file. This can usually be found by poking around in your extension's manifest.json.

2. Go to that page. and hit Ctrl+P. A print window should show up, with a number of pages in the top right.

3. Do everything you can to increase that number. Shrink down margins, change layout to landscape, anything you can. The higher you can get that number, the longer the effect will last.

4. Hit reload. The page should start hanging.

5. Go to your extension's settings page. This is in chrome://extensions.

6. Duplicate your "printing" tab, and go back to your extension's settings page.

7. Flip any switch you can find there. Usually there'll be one titled "Allow Access to File:// [URI]s".

8. Presto! Go have fun on the (probably) undlocked web.


Incognito Expl0it (Patched v115)


Step 1. Navigate to your WiFi settings

Step 2. Select the WiFi you want to browse incognito mode on (can't be school WiFi)

Step 3. Go into the settings of it, then scroll down to network 

Step 4. Select custom name servers

Step 5. Set the top IP to 52.207.185.90

Step 6. In the bottom right it will say, open a new tab

Step 7. Click that and click Browse Incognito

Step 8. Do whatever you want in inc0gnito mode, play gxmes, use D1sc0rd, learn how to make a bom-

Shimboot Shimboot (ading.dev)

Shimboot is a collection of scripts for patching a Chrome OS RMA shim to serve as a bootloader for a standard Linux distribution. It allows you to boot a full desktop Debian install on a Chromebook, without needing to un3nroll it or modify the firmware