iOS 13 MDM/DEP Bypass (using Checkra1n jailbreak)

Before anyone comments about this being a bad idea, let it be known that I’m not responsible for any trouble you may get in for doing this. I’m part of the hacking team at my organization, so this is the type of thing I’m supposed to be doing, but unless you are too, I’d probably advise against this.

Using Checkra1n on my iPhone 8 running iOS 13.2.2 (downgraded from 13.2.3), I have successfully found how to bypass organizational MDM (forced through DEP). In my test case, I was using Blackberry’s MDM services, but I believe this should probably work for any MDM provider.

I’m going to leave these instructions relatively vague. If you can follow them, go for it; if you can’t, you probably should not be jailbreaking your corporate device.

NOTE: This is on a device that has been freshly wiped, or at least had the contents of “/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles” removed. If you already have MDM applied to your device, try wiping the contents of that directory and rebooting. It’ll probably reset a lot of settings, but that seemed to remove MDM for me (and allow me to prevent its application) after a reboot.

Instructions

  1. Jailbreak your device using Checkra1n.
  2. On your phone, walk through the “Welcome” wizard, set your wifi, and then when you get to the screen that says “Your organization requires policies” (not verbatim, but that’s the general message), move on to Step 3.
  3. Connect to your device using SSH via iProxy (username is root, password is alpine).
  4. Using SSH on the device, navigate to “/var/containers/Shared/SystemGroup/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles”.
  5. Ensure the following 2 files are present: “CloudConfigurationDetails.plist” and “CloudConfigurationSetAsideDetails.plist”.
  6. If not already installed, install the “nano” text editor on your device via “apt” (or use vi, if that’s there by default, which I assume it is).
  7. Using your text editor, modify both “CloudConfigurationDetails.plist” and “CloudConfigurationSetAsideDetails.plist”, making the following changes to both files:
    • NOTE: If any of these variables are not present, you can try just leaving them missing. If that doesn’t work, add them with the values I’ve specified.
    • Change the value of the integer “IsMDMUnremovable” to 0.
    • Change the value of the bool “IsMandatory” to false.
    • Change the value of the bool “IsSupervised” to false.
  8. Restart your device (you can either re-jailbreak it using Checkra1n or just let it boot normally; either should be fine).
  9. When booted back up, walk through the “Welcome” wizard again, and this time when you get to the corporate policy screen, click through it. You should have the option to ignore the policies and not apply them.
  10. That’s it. After you reboot again, the device will still be activated but without any MDM.

NOTE: I wrote this shortly after figuring this process out. It’s possible that the policies will attempt to re-apply periodically and/or after an iOS upgrade, but I don’t know for sure. I’ll edit this post if I find any further info.

Edit: Just found this post, which says that hex-editing the Checkra1n app to increase the max_supported_version number to iOS 13.2.3 should allow devices on the most recent iOS release to be jailbroken without needing to downgrade.

Edit2: I just upgraded to 13.2.3 and my MDM-bypass is still fine (I was not prompted to re-enroll after upgrading).

iPad @ Verizon = Fail

Engadget is reporting that Verizon will be offering the iPad for sale at the end of this month.  The only problem is that it’s not a 3G CDMA iPad.  It’s the WiFi iPad bundled with a MiFi wireless hotspot device.  What this means is that you’ll need to lug around your iPad AND MiFi, need to charge two devices, etc.  This is a step in the right direction, but quite frankly, seems like a solution that a tech-geek (such as myself) would hack together if they had a limited budget or couldn’t switch to AT&T.  This is certainly not an ideal solution.  Will Verizon get the iPhone in 2011 (and possibly a true CDMA iPad, as well), like many news outlets have been reporting?  Only time will tell.  Like I’ve said whenever someone brings the VZW iPhone up: “I’ll believe it when I see it”.

Source: Engadget