Chromebook Unenrollment as of April 2025
Remember when SH1MMER came out. It was all over the internet. But then it got patched, as you might know you might think you could just downgrade, but Google stopped that too by introducing something known as kernver, kernver shows what is the lowest version you can downgrade to.
Like for example here are all of the kernvers from lowest to highest and what version you can downgrade to.
| Kernver | Max Downgrade |
|---|
| 0, 1 | Any Version |
|---|
| 2 | 112 |
|---|
| 3 | 120 |
|---|
| 4 | 125 |
|---|
| 5 | 132 |
|---|
Well how do would I see my kernver, easy.
Go into recovery mode (esc + refresh+ power) and press tab there's a line in the text that says "TPM" look at the last number that is your kernver.
So after SH1MMER there were more exploits after, for kernver 2 there was an unenrollment exploit called Cryptosmite, made by writeable, and was even made into a payload onto SH1MMER. It worked by wiping stateful which is almost the same thing as power washing.
Then Cryptosmite got patched on version 119 which made the kernver turn from 2 to 3. But people on kernver 3 eventually got their own exploit.
Badrecovery came out and used an exploit with recovery images which was also made by
Bin Bash Banana, I won't get into the details of the exploit here but you can read the
writeup to learn about it.
But then it got patched in version 125 so a new kernver came out.
What about kernver 4? What exploits did it have, will it had a bit of them. This is a long list but here's some of the main ones first.
First is
Icarus, one day the certs (
Which by the way I do NOT know what that means) needed to be changed for it to work. And the server hosting got revamped a bit and added Windows support. What is this about server hosting.
So Icarus works by using a SHIM to do some stuff to the stateful partition by then letting you reboot. Then you host a server on your main computer and then on the school one you connect to the server and set it up normally. By the way Icarus got patched on version 128
But also there was OOBESCAPE which let you unenroll with an Android phone.
BR1CK was another major exploit which made you have to go to it's website and find some reset times and reset on the setup screen.
Those were most of the main exploits. What about kernver 5? Kernver 5 hasn't gotten an exploit as of April 2025.
Well that is
almost every single exploit from the top of my head. Maybe next time I will go on to
fakemurk and
murkmod next time.