Icarus

An exploit for Chrome devices which allows people to unenroll devices with device management interception using a proxy and a custom Certificate Authority.

For EOL boards (e.g: relm, banon), please use SH1mmer instead of anything else.

WARNING

Important

DO NOT USE ANY PUBLIC IP ADDRESSES FOR ICARUS AS A PROXY, YOU WILL RISK YOUR DATA and YOU WILL BE REMOTELY COMPROMISED.

ANYTHING GOOGLE CAN REMOTELY PERFORM ON YOUR DEVICE, ICARUS CAN BE USED TO DO. AN EXAMPLE OF THIS IS INSTALL EXTENSIONS, SPY, USE YOUR CAMERA, REMOTE INTO YOUR DEVICE, GET YOUR PASSWORDS, AND MORE.

ONLY SELF HOST ICARUS, NEVER USE A PUBLIC SERVER! -UNRETAINED/WRITABLE/profile_encryption (they're all the same person)

REQUIREMENTS

• KV4 OR LOWER CHROMEBOOK
• V127 - V125 (YOU CAN DOWNGRADE USING IMAGES @ https://chrome100.dev)
• A USB DRIVE

USING PREBUILTS

GET A PREBUILT @ MY FILE HOST FLASH IT TO YOUR USB USING RUFUS, BALENAETCHER, OR CHROMEBOOK RECOVERY UTILITY

FOLLOW THE SERVER SETUP INSTRUCTIONS

Setup and installation instructions

Clone the repo with git clone --recursive https://git.kxtz.dev/kxtzownsu/icarus.git and change directory to it.

Set up the environment by running the following commands (Make sure you have python3, python3-venv, and protobuf installed beforehand):

• make build-packed-data

Before continuing, open Chrome on your build machine and go to chrome://components. Press CTRL + F and search for "PKIMetadata". Once you find it, press "Check for Updates". Make sure it says up-to-date before continuing (and that the version is below 9999.)

• bash scripts/create_out.sh myCA.der

After doing this the output directory (from here on reffered to as PKIMetadata) will be generated, which is the custom Certificate Authority.

Now, to modify the shim with the generated PKIMetadata (THIS WILL OVERWRITE YOUR SHIM) :

• sudo bash modify.sh <shim path>

Now boot the shim, and Icarus will attempt to modify your stateful partition.

Server setup

Requirements: npm, node

Linux: Run make start-server to start your proxy, then continue with the instructions below.

Windows: GET A PREBUILT FROM THE RELEASES TAB, AND RUN IT.

Setup and installation instructions, continued

Reboot the device. You'll boot into verified mode. Once you have your server running, open the network configuration by clicking the lower right button (it will show the date), connecting to wifi, and then change the proxy settings accordingly.

• Set proxy settings to manual
• Set HTTPS IP to the IP you used to host the proxy server.
• Resume setup and your device will unenroll.

Troubleshooting

My device says "Can't reach Google"!

• Make sure your device and the server are connected to the same network
• If that didn't work, powerwash your device and re-run the modified shim, and keep the server running.

HELP PLEASE

• PLEASE DONT ANNOY WRITABLE/UNRETAINED FOR HELP
• FOR HELP, JOIN https://discord.gg/unblock

New Credits

• kxtzownsu - rolling ssl keys, rewriting bash scripts
• cosmicdevv - creating icarus lite
• fanqyxl - emotional support, testing :3

Original Credits

• MunyDev - Creating this exploit
• Archimax - Cleaning up get_original_data.sh and inshim.sh + README changes
• r58Playz - General bash script improvements
• Akane - Help with SSL, general advice, and README changes