Remove MDM on iPad using iBackupBot

Discussion in 'Jailbreaks and iOS Hacks' started by DavidBAppleFreak, Dec 18, 2016.

  1. DavidBAppleFreak macrumors newbie

    Joined:
    Dec 18, 2016
    #1
    So I have a rather crazy issue here. My dad set up MDM on my sister's iPad as a means of parental control. The problem is that my dad now wants to remove the MDM and let her iPad be unrestricted since he now feels she is old enough for it, but for whatever reason, he cannot access whatever he needs to in order to remove the MDM. When I was still in school, I was able to remove the MDM restriction that was on my school-issued iPad running iOS 9 by using iBackupBot and the instructions here. Since my dad knows that I did this, I figured that the easy thing to do would be to pull this trick again, so I tried it. The problem however is that whenever I try to do this on the iPad, which runs iOS 10, it does not work. Whenever I try to restore the backup after editing it, I get an error message on the iPad that states that the backup failed. I tried to jailbreak the iPad so that I would be able to modify the necessary files directly, but what ends up happening is that when I try to jailbreak, the Pangu app gets installed, but I cannot use it, and on top of that, I cannot give it permission to run as the instructions that I have found show because the MDM that my dad installed overrule it.

    Does anyone have any idea what I can do?
     
  2. Will22 macrumors 65816

    Will22

    Joined:
    Dec 4, 2011
    #2
    iOS 10 is not jailbreakable yet.

    How or where did you get the pangu app/jailbreak from?
     
  3. DavidBAppleFreak thread starter macrumors newbie

    Joined:
    Dec 18, 2016
    #3
    The Pangu app that I was trying to use was, unfortunately, for iOS 9. That said, I would imagine that if Pangu was updated for iOS 10, the result would be very similar. I would actually like to downgrade the iPad to iOS 9 because my sister tells me that she likes iOS 9 better and on top of that, the MDM trick that I pulled off before would work.
     
  4. Will22 macrumors 65816

    Will22

    Joined:
    Dec 4, 2011
    #4
    Well there is no way back to iOS 9

    Maybe @eyoungren or @Applejuiced could help you?
     
  5. DavidBAppleFreak thread starter macrumors newbie

    Joined:
    Dec 18, 2016
    #5
    That's the problem. I read online that at one point you could get around the Apple signing requirement by spoofing a DNS entry that points "gs.apple.com" to "74.208.10.249." I tried it, but I was unable to get it to work properly, as it seems that trick no longer works. (I read about it here.)
     
  6. cyber16 macrumors 6502

    Joined:
    Jan 12, 2013
    #6
    rightful owners have zero issues removing MDM
    Maybe give it back to the owner & ask them to do it for you :rolleyes:
    It seems these stories come everyday from new members
     
  7. DavidBAppleFreak thread starter macrumors newbie

    Joined:
    Dec 18, 2016
    #7
    If my dad could remove the MDM or my sister knew how to remove the MDM herself, there would be no need for me to try to remove it myself.
     
  8. Will22 macrumors 65816

    Will22

    Joined:
    Dec 4, 2011
    #8
    If it was possible to go back to an unsigned iOS it would be great but at this moment in time you can't. It was possible in the past but not any longer.
     
  9. DavidBAppleFreak thread starter macrumors newbie

    Joined:
    Dec 18, 2016
    #9
    Is there no such thing as a patched iOS 9 IPSW that I could flash?

    On another note, I wanted to try following along with this video but it must be fake because I cannot find the program that they are using anywhere on the website that they link to.
     
  10. eyoungren macrumors P6

    eyoungren

    Joined:
    Aug 31, 2011
    Location:
    Phoenix • 85037
    #10
    Yeah, sadly the last time that worked was around 2012.

    Apple moved on from SHSH blobs and the bootrom exploit that allowed this with the iPhone 5 and iOS 7. APTicket is what they use now and so far no one has either released a bootrom exploit or figured out how to decrypt APTicket.

    That said…

    MDM is a business tool. It's used to control volume amounts of devices that are owned by companies. IDK, maybe your dad owns a business or is involved in IT because normally the average user has no access to MDM.

    Other than that I know nothing more about it.

    Have you looked through here.
    --- Post Merged, Dec 19, 2016 ---
    There is no such thing as a patched IPSW.

    iTunes is merely the mechanism by which we upgrade/downgrade. When we do this, iTunes queries Apple's servers. It's Apple's servers that determine if an IPSW is signed and therefore if it can be downloaded or not. You can download an IPSW and use the keyboard trick to point to it, but iTunes still queries Apple's servers and if Apple is not signing it iTunes will throw an error.

    Apple's keys are on their servers. You'd need to break in, find them, decrypt them and then somehow figure out how to use them. Short of that - no downgrading/upgrading if not signed.
     
  11. DavidBAppleFreak, Dec 19, 2016
    Last edited: Dec 19, 2016

    DavidBAppleFreak thread starter macrumors newbie

    Joined:
    Dec 18, 2016
    #11
    The MDM my dad uses on her iPad is Curbi. I just found this program called 3uTools that looks rather promising, as it offers a backup editing feature just like iBackupBot, but it was last updated in late November 2016 as of this posting, so it may be able to handle modifying iTunes Backups from iOS 10 better than iBackupBot which hasn't been updated since the release of iOS 10. Unfortunately my sister is doing schoolwork on her iPad right now so I cannot get it off of her to try it.

    Update: Doesn't work. :(
     
  12. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #12
    No, you read wrong, old or false info.
    You cannot bypass the check done by Apple currently.
    Many years ago if you saved your unique shsh blobs for that particular device for older firmware versions you could downgrade by various methods.
    Unfortunately those days are over.
     
  13. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #14
    Yes, there's been talk for years now on dowgrade methods or restore to unsigned ios version and we still haven't see much progress.
     
  14. DavidBAppleFreak thread starter macrumors newbie

    Joined:
    Dec 18, 2016
    #15
  15. cyber16 macrumors 6502

    Joined:
    Jan 12, 2013
    #16
    I suggest if you can see the file system. grab a backup of the on device APTicket found @ system/library/caches
    It maybe helpful later on
     
  16. iActivateHost macrumors newbie

    iActivateHost

    Joined:
    Jun 19, 2017
    #17
    Now Apple use handshake ssl verification, so manual bypass mdm is not working now.
    --- Post Merged, Jun 19, 2017 ---
    But you can use software iActivate.host for remove MDM profile. It use dns server and can bypass handshake ssl verification. So if you have mdm lock device you can easy bypass it.
     
  17. alexrazor86 macrumors newbie

    Joined:
    Sep 7, 2017

Share This Page