v81 Downgrading
Prerequisites
- An 8gb (or larger) USB drive for downgrading
Section I - Flashing a Recovery Drive
Unless your device is already on v75-v83, in which case you should skip to the next section, you need to downgrade your Chromebook to allow for these exploits to work. You need to find a v81 recovery image for your board (remember when I said that you would need to remember that?) on one of the following websites:
Got your recovery image? Great! Now, there are some differing instructions depending on your platform.
On *nix
On a ChromeOS device in developer mode, you can also use the following instructions to flash the drive. Otherwise, you can download the Chromebook Recovery Utility from the Chrome Webstore and use that to flash the drive. Just click on the top right button in the window and select "Use Local File", then select your .bin file. This probably won't work on an enrolled device, but if the extension is unblocked, you can do it entirely on that Chromebook.
Good choice of operating system, by the way. Most distros will come with the dd utility built-in. If yours doesn't, then choose a different distro or find a way to flash the recovery image. Run the following command, making sure that you have the correct /dev path to your USB drive and the correct path to your recovery image:
dd if=/path/to/recovery-image.bin of=/dev/sdX status=progress
In a few minutes, you should be done, and the command should exit with a 0 exit code.
On Windows
Download Rufus and run the executable. Select the .bin file you just downloaded and select your USB drive. Click on flash and follow the prompts. If asked, select "Flash in DD mode".
On MacOS
Download Etcher and run the excutable. Select the .bin file and your USB drive. Click on flash and follow the prompts.
Section II - Using the Recovery Drive
Got your drive? Great! Unplug it from your computer and insert it into your Chromebook. Press and hold Esc+Refresh+Power for one second, then release the keys. Your Chromebook's screen should flash a couple of times, then you should reboot into the recovery process. Wait around 5 to 10 minutes for everything to verify and copy over.
Section III - Determining Next Steps
If you are unable to log into the Chromebook for any number of reasons (maybe you bought the Chromebook from a reseller and it wasn't unenrolled) you can skip directly to the Kiosk Exploit
Follow the setup instructions for your Chromebook. It should go through the normal stages, and show an "Enterprise Enrollment" screen. Wait for it to complete, then sign in normally. Once you're signed in, press Ctrl+Alt+T to open crosh.
If you see a terminal, continue to v81 Unenrollment - Crosh
If you see a block page and had a kiosk app earlier, continue to v81 Unenrollment - Kiosk Exploit
If you see a terminal at this stage, you can optionally continue to Running cedr instead of unenrolling
Otherwise, your Chromebook is unable to continue on this guide. Sorry.