Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Remove MDM on iPad using iBackupBot

D

DavidBAppleFreak

macrumors newbie
Original poster
Dec 18, 2016
7
0
So I have a rather crazy issue here. My dad set up MDM on my sister's iPad as a means of parental control. The problem is that my dad now wants to remove the MDM and let her iPad be unrestricted since he now feels she is old enough for it, but for whatever reason, he cannot access whatever he needs to in order to remove the MDM. When I was still in school, I was able to remove the MDM restriction that was on my school-issued iPad running iOS 9 by using iBackupBot and the instructions here. Since my dad knows that I did this, I figured that the easy thing to do would be to pull this trick again, so I tried it. The problem however is that whenever I try to do this on the iPad, which runs iOS 10, it does not work. Whenever I try to restore the backup after editing it, I get an error message on the iPad that states that the backup failed. I tried to jailbreak the iPad so that I would be able to modify the necessary files directly, but what ends up happening is that when I try to jailbreak, the Pangu app gets installed, but I cannot use it, and on top of that, I cannot give it permission to run as the instructions that I have found show because the MDM that my dad installed overrule it.

Does anyone have any idea what I can do?
 
iOS 10 is not jailbreakable yet.

How or where did you get the pangu app/jailbreak from?
 
Will22 said:
iOS 10 is not jailbreakable yet.

How or where did you get the pangu app/jailbreak from?
Click to expand...
The Pangu app that I was trying to use was, unfortunately, for iOS 9. That said, I would imagine that if Pangu was updated for iOS 10, the result would be very similar. I would actually like to downgrade the iPad to iOS 9 because my sister tells me that she likes iOS 9 better and on top of that, the MDM trick that I pulled off before would work.
 
DavidBAppleFreak said:
The Pangu app that I was trying to use was, unfortunately, for iOS 9. That said, I would imagine that if Pangu was updated for iOS 10, the result would be very similar. I would actually like to downgrade the iPad to iOS 9 because my sister tells me that she likes iOS 9 better and on top of that, the MDM trick that I pulled off before would work.
Click to expand...

Well there is no way back to iOS 9

Maybe @eyoungren or @Applejuiced could help you?
 
  • Like
Reactions: eyoungren
Will22 said:
Well there is no way back to iOS 9

Maybe @eyoungren or @Applejuiced could help you?
Click to expand...
That's the problem. I read online that at one point you could get around the Apple signing requirement by spoofing a DNS entry that points "gs.apple.com" to "74.208.10.249." I tried it, but I was unable to get it to work properly, as it seems that trick no longer works. (I read about it here.)
 
DavidBAppleFreak said:
That's the problem. I read online that at one point you could get around the Apple signing requirement by spoofing a DNS entry that points "gs.apple.com" to "74.208.10.249." I tried it, but I was unable to get it to work properly, as it seems that trick no longer works. (I read about it here.)
Click to expand...

If it was possible to go back to an unsigned iOS it would be great but at this moment in time you can't. It was possible in the past but not any longer.
 
  • Like
Reactions: Applejuiced
Will22 said:
If it was possible to go back to an unsigned iOS it would be great but at this moment in time you can't. It was possible in the past but not any longer.
Click to expand...
Is there no such thing as a patched iOS 9 IPSW that I could flash?

On another note, I wanted to try following along with this video but it must be fake because I cannot find the program that they are using anywhere on the website that they link to.
 
DavidBAppleFreak said:
That's the problem. I read online that at one point you could get around the Apple signing requirement by spoofing a DNS entry that points "gs.apple.com" to "74.208.10.249." I tried it, but I was unable to get it to work properly, as it seems that trick no longer works. (I read about it here.)
Click to expand...
Yeah, sadly the last time that worked was around 2012.

Apple moved on from SHSH blobs and the bootrom exploit that allowed this with the iPhone 5 and iOS 7. APTicket is what they use now and so far no one has either released a bootrom exploit or figured out how to decrypt APTicket.

That said…

MDM is a business tool. It's used to control volume amounts of devices that are owned by companies. IDK, maybe your dad owns a business or is involved in IT because normally the average user has no access to MDM.

Other than that I know nothing more about it.

Have you looked through here.
[doublepost=1482169581][/doublepost]
DavidBAppleFreak said:
Is there no such thing as a patched iOS 9 IPSW that I could flash?

On another note, I wanted to try following along with this video but it must be fake because I cannot find the program that they are using anywhere on the website that they link to.
Click to expand...
There is no such thing as a patched IPSW.

iTunes is merely the mechanism by which we upgrade/downgrade. When we do this, iTunes queries Apple's servers. It's Apple's servers that determine if an IPSW is signed and therefore if it can be downloaded or not. You can download an IPSW and use the keyboard trick to point to it, but iTunes still queries Apple's servers and if Apple is not signing it iTunes will throw an error.

Apple's keys are on their servers. You'd need to break in, find them, decrypt them and then somehow figure out how to use them. Short of that - no downgrading/upgrading if not signed.
 
  • Like
Reactions: Applejuiced and Will22
eyoungren said:
Yeah, sadly the last time that worked was around 2012.

Apple moved on from SHSH blobs and the bootrom exploit that allowed this with the iPhone 5 and iOS 7. APTicket is what they use now and so far no one has either released a bootrom exploit or figured out how to decrypt APTicket.

That said…

MDM is a business tool. It's used to control volume amounts of devices that are owned by companies. IDK, maybe your dad owns a business or is involved in IT because normally the average user has no access to MDM.

Other than that I know nothing more about it.

Have you looked through here.
[doublepost=1482169581][/doublepost]
There is no such thing as a patched IPSW.

iTunes is merely the mechanism by which we upgrade/downgrade. When we do this, iTunes queries Apple's servers. It's Apple's servers that determine if an IPSW is signed and therefore if it can be downloaded or not. You can download an IPSW and use the keyboard trick to point to it, but iTunes still queries Apple's servers and if Apple is not signing it iTunes will throw an error.

Apple's keys are on their servers. You'd need to break in, find them, decrypt them and then somehow figure out how to use them. Short of that - no downgrading/upgrading if not signed.
Click to expand...
The MDM my dad uses on her iPad is Curbi. I just found this program called 3uTools that looks rather promising, as it offers a backup editing feature just like iBackupBot, but it was last updated in late November 2016 as of this posting, so it may be able to handle modifying iTunes Backups from iOS 10 better than iBackupBot which hasn't been updated since the release of iOS 10. Unfortunately my sister is doing schoolwork on her iPad right now so I cannot get it off of her to try it.

Update: Doesn't work. :(
 
Last edited:
DavidBAppleFreak said:
That's the problem. I read online that at one point you could get around the Apple signing requirement by spoofing a DNS entry that points "gs.apple.com" to "74.208.10.249." I tried it, but I was unable to get it to work properly, as it seems that trick no longer works. (I read about it here.)
Click to expand...

No, you read wrong, old or false info.
You cannot bypass the check done by Apple currently.
Many years ago if you saved your unique shsh blobs for that particular device for older firmware versions you could downgrade by various methods.
Unfortunately those days are over.
 
I suggest if you can see the file system. grab a backup of the on device APTicket found @ system/library/caches
It maybe helpful later on
 
Now Apple use handshake ssl verification, so manual bypass mdm is not working now.
[doublepost=1497858831][/doublepost]But you can use software iActivate.host for remove MDM profile. It use dns server and can bypass handshake ssl verification. So if you have mdm lock device you can easy bypass it.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back