Exploit 'SH1MMER' that can unregister corporate / school managed Chromebook

Chromebooks issued by companies and schools can be managed by the administrator by

registering the device when using it. However, an exploit has been found that allows this registration to be completely unenrolled.


The Chromebook deregistration exploit 'SH1MMER' was discovered by a volunteer team called Mercury Workshop, and a pre-built binary was released on January 13, 2023. However, there have been a number of cases where students unregister school-managed Chromebooks, and legal liability issues have arisen, so binary distribution has been stopped and the method has been changed to build from source on your own. .

SH1mmer File Mirror


Once the build is complete, install the Chrome extension and create Chromebook recovery media.

When recovering a Chromebook with recovery media, the message 'return to secure mode' or 'OS verification is turned off' will be displayed.

If you proceed further, SH1MMER will start up and you will be able to unregister the terminal.

The FAQ warns that students will not be arrested for deregistering school-managed Chromebooks, but that they may be taken away if found. The unregistered terminal appears to be offline from the management console side, and ``It looks suspicious if too long has passed, but it is okay if it is operated safely.''

in Software, Posted by logc_nt