Choosing an Exploit Chain

Section I - Overview of Exploits

Your device is compatible with two exploit chains - E-Halcyon and traditional WP-disabled unenrollment. Read below for more information to choose between the exploits.

• E-Halcyon
  • Pros
    • Can be booted temporarily or installed to the drive in semi-tethered mode
    • Provides a fully unenrolled environment on v107
    • "Just works" exploit, quick and easy setup
  • Cons
    • Requires a USB drive at every boot to startup, will display "ChromeOS is missing or damaged" if E-Halcyon is installed in semi-tethered mode
    • Won't "phone home" to GAC - you'll have to recover every couple of days for device information to update it if that's a concern for you
    • User data isn't saved between reboots due to cryptohome issues
    • Requires a Linux system to build
• WP-disabled Unenrollment + fakemurk (murkmod)
  • Pros
    • Spoofs enrollment, will update GAC data without sending devmode status
    • Powerful exploit - provides utilities, full Crouton and Chromebrew
    • Semi-unenrolled environment on v105
    • Policy modification via Pollen, devpolicy modification via Lilac
  • Cons
    • Requires disassembly of Chromebook to disable firmware write-protect
    • Not noob-friendly, requires basic knowledge of using a terminal and a Linux system to build

Section II - Choosing Next Steps

Chosen an exploit chain? Great! Select a next step below.

If you want to boot E-Halcyon or install it in semi-tethered mode, continue to SH1mmer Unenrollment

Or, if you want to disable WP and unenroll normally, continue to Identifying Firmware WP