CryptoSmite

New unenrollment exploit that uses stateful files to unenroll.

How does it work?

We use stateful "backups" that basically allows us to change the encrypted contents of the stateful partition, to arbritary contents. This data is useful for enrollment status, so we changed it to make the device appear unenrolled. On the OOBE, it starts the AutoEnrollmentController, which chains into the ash ownership system, and then the ownership system checks for a file. If this file exists, it removes FWMP.

Usage instructions

To use this, you need to look at the instructons here.

Any further questions?

Please dm @unretained or join the support server on discord.

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
getkeyfromfinal		getkeyfromfinal
lib		lib
smite_keygen		smite_keygen
smite_loader		smite_loader
toolkit		toolkit
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
cryptosmite.md		cryptosmite.md
cryptosmite.sh		cryptosmite.sh
cryptosmite_host.sh		cryptosmite_host.sh
cryptsetup_aarch64		cryptsetup_aarch64
cryptsetup_x86_64		cryptsetup_x86_64
factory_install.sh		factory_install.sh
package-lock.json		package-lock.json
package.json		package.json
serve.js		serve.js
sh1mmer.sh		sh1mmer.sh
tsconfig.json		tsconfig.json

License

FWSmasher/CryptoSmite

Folders and files

Latest commit

History

Repository files navigation

CryptoSmite

How does it work?

Usage instructions

Any further questions?

WE AREN'T LIABLE NOR RESPONSIBLE FOR ANY DAMAGE/ISSUES CAUSED BY THIS EXPLOIT! DO NOT CONTACT US FOR ANY ISSUES CAUSED BY THIS EXPLOIT!

About

Resources

License

Stars

Watchers

Forks

Languages