Skip to content

Instantly share code, notes, and snippets.

@c22dev
Last active December 22, 2024 11:49
Show Gist options
  • Save c22dev/e3a1223fa63b20f1b4e95a7119277cb9 to your computer and use it in GitHub Desktop.
Save c22dev/e3a1223fa63b20f1b4e95a7119277cb9 to your computer and use it in GitHub Desktop.
Remove MDM & DEP from an Apple Sillicon Mac (Sonoma)

How to make an MDM Mac shine like it's brand new ?

Works, as of 14/04/2024, on macOS 14.4.1 and lower (prob higher but idk)

This was made for Apple Sillicon Macs.

Restore Process

You need another Mac for this.

If you don't have one and have recovery locked, it's not possible.

If you don't have recovery locked, I'd recommend you reset your mac (there is plenty of tutorials online) from Recovery mode, then go to the next section (Bypassing setup)

Steps

Follow Apple steps. That's all I can say. But instead of reviving your Mac, restore/reset it.

I'd recommend using Apple Configurator 2.

https://support.apple.com/en-us/108900

During the restore process (should take some time), I'd recommend you download the multiple scripts down there and put them in a macOS readable USB key, at root (so in first folder, you know the main folder).

Bypassing setup

In this part, we'll bypass Setup.app (it checks for MDM, and we don't want that do we ?)

You'll need to boot up in recovery mode. To do so, make sure you are on the hello screen, and press your Touch-ID button for 10s.

Your Mac should go black (it's turned off!)

Now, you need to turn it back on, but instead of pressing once, you press and hold the button until you see "Loading recovery options..." or something similar.

Once you see this beautiful screen, go here: recoveryOptions

Once you boot into this, follow steps if necessary, then plug your USB key prepared before. Also, make sure your keyboard is the correct one (top right, you can select it).

Now, you need to access the Terminal.

You can do so by looking at the bar at the top and going to Utilities>Terminal.

Once there, you'll need to naviguate to your USB key.

cd /Volumes/ should bring you right to the mounted volumes (where your usb key sits, holy moly). Right here, you can do a ls to see if your usb key is there. If so, cd <yourUsbKeyName>. Make sure you don't write the <>.

Right there, if you didn't renamed the scripts I told you, you should be able to run those commands :

chmod +x inRecoveryScriptFirst.sh && ./inRecoveryScriptFirst.sh

This will ask you for a "New Password". Put any password you want, but make sure you remember it !!!!

Once it tells you it's done, Reboot your Mac by going to  > Reboot (or Restart, whatever it's called).

You should now see the magnificient macOS Sonoma Hello screen. Click on Next, and configure your Mac until you arrive to the WiFi selection screen.

Here, hold on tight, you aren't going to connect to the internet (yet!)

You need to press the following keys;

⌘ command + ⌥ option + ⌃ control + T

This should bring you our friend the terminal (again!)

For now, you won't type any commands in it, but we'll use it as a way to access system settings.

Click on the , then System Settings.

Here, go down to Users & Groups section, click on Add User

Here, macOS will ask you to login with an admin account.

Replace the first field by root, then fill second field by the password you sent back in Recovery mode (in the script).

You should now be able to fill info (like if you were creating a normal user on Mac). MAKE SURE IT'S AN ADMIN ACCOUNT!!!

After creating the account, turn off the MacBook by pressing 10seconds (again) on the TouchID button.

Then, when it's off, access recovery options like we did before (by pressing the button until it shows you loading...)

Little reminder on how to access the terminal then your usb key from here:

recoveryOptions

Once you boot into this, follow steps if necessary, then plug your USB key prepared before. Also, make sure your keyboard is the correct one (top right, you can select it).

Now, you need to access the Terminal.

You can do so by looking at the bar at the top and going to Utilities>Terminal.

Once there, you'll need to naviguate to your USB key.

cd /Volumes/ should bring you right to the mounted volumes (where your usb key sits, holy moly). Right here, you can do a ls to see if your usb key is there. If so, cd <yourUsbKeyName>. Make sure you don't write the <>.

Once in your USB key, do the following;

chmod +x inRecoveryScriptSecond.sh && ./inRecoveryScriptSecond.sh

You can now reboot your Mac again once it told you to do so.

 > Reboot (or Restart, whatever it's called)

Now, once the Mac is rebooted, connect (type the password) to the user you created before.

Follow the instructions like if you would be configuring a normal Mac (you can connect your iCloud, etc...)

When you are done and are on your desktop, we need to run one more thing and you should be good to go !

  1. Open a Terminal (⌘command+Space then type Terminal then enter)
  2. cd /Volumes/ should bring you right to the mounted volumes (where your usb key sits, holy moly).

Right here, you can do a ls to see if your usb key is there. If so, cd <yourUsbKeyName>. Make sure you don't write the <>.

  1. Run the following :
chmod +x PostSetup.sh && ./PostSetup.sh

This should ask two times for your user password (not root but your user password) and you should be good to go !

Bonus:

You might want to download LuLu by https://objective-see.org/products/lulu.html and block add Block rules for the following: /usr/libexec/teslad and /usr/libexec/mdmclient IF YOU ARE COMING FROM MY OTHER TUTORIAL IN FRENCH, DONT DO THAT.

Thanks to @guiga1502 for the better explaination.

Please be sure that someone tested this version before updating, as it might break MDM. If no one have yet and you feel brave enough, let's do it!

You need to update /etc/hosts for this to work.

Type sudo nano /etc/hosts

Type your password then enter. /etc/hosts You need to remove this line. Navigate using the arrows.

Once removed, do Ctrl+X, then Y.

Check for updates, if nothing appears restart your Mac.

Update your Mac like normal; once updated, do the whole process back:

Type, again sudo nano /etc/hosts

Type your password then enter.

0.0.0.0 gdmf.apple.com

Add this line, Ctrl + X then Y then enter and you are good to go!

# inRecoveryScriptFirst.sh
# v0.1a - Constantin Clerc
# This script only works if the recovery mode has been unlocked using a DFU restore.
# Define root password; wait for user input.
dscl -f /Volumes/Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root
# We block MDM servers
echo "0.0.0.0 iprofiles.apple.com" >> "/Volumes/Macintosh HD/etc/hosts"
echo "0.0.0.0 mdmenrollment.apple.com" >> "/Volumes/Macintosh HD/etc/hosts"
echo "0.0.0.0 deviceenrollment.apple.com" >> "/Volumes/Macintosh HD/etc/hosts"
echo "0.0.0.0 gdmf.apple.com" >> "/Volumes/Macintosh HD/etc/hosts"
echo "0.0.0.0 acmdm.apple.com" >> "/Volumes/Macintosh HD/etc/hosts"
echo "0.0.0.0 albert.apple.com" >> "/Volumes/Macintosh HD/etc/hosts"
echo Done. Reboot Mac now.
# inRecoveryScriptSecond.sh
# v0.1a - Constantin Clerc
# This script only works if the recovery mode has been unlocked using a DFU restore.
# This requires that an Administrator account have been created.
touch /Volumes/Data/private/var/db/.AppleSetupDone
rm /Volumes/Data/private/var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
rm /Volumes/Data/private/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
touch /Volumes/Data/private/var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
touch /Volumes/Data/private/var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
echo Done. Reboot your Mac now.
# PostSetup.sh
# v0.1a - Constantin Clerc
echo Disabling root... this will ask for your user password
dsenableroot -d
echo Listing hosts, this should ask for your user password \(again\)
sudo cat /etc/hosts
sudo launchctl disable system/com.apple.devicemanagementclient.teslad
sudo launchctl disable gui/501/com.apple.mdmclient.agent
sudo launchctl disable system/com.apple.ManagedClient.enroll
echo Done, close the Terminal using Cmd + Q and enjoy!
echo This was made by c22dev
@c22dev
Copy link
Author

c22dev commented Jul 30, 2024

Yep, works fine on my friend's side

@guiga1502
Copy link

Yep, works fine on my side

Thanks, works fine!
I hope that in version 15 everything will still work.

@c22dev
Copy link
Author

c22dev commented Aug 3, 2024

I'm on 15.1 and still working !

@joaopedropio
Copy link

joaopedropio commented Aug 29, 2024

Hi! Does this method work on a Mac Mini M1 2020? It is stuck in this screen
image

@c22dev
Copy link
Author

c22dev commented Aug 31, 2024

Hi, you're sure you reseted with recovery mode?
Btw; this doesn't bypass Activation Lock, just MDM

@joaopedropio
Copy link

joaopedropio commented Aug 31, 2024

So, the company I work is selling this Mac Mini very very cheap. It is not mine yet but I think I'm gonna buy it. Maybe I'll sell the parts. But before that I was thinking of using it, if possible. Is it possible to bypass activation lock? Or is this just paperweight?

@Ran-Xing
Copy link

@joaopedropio Good night

@c22dev
Copy link
Author

c22dev commented Sep 1, 2024

The activation lock isn't the subject of the bypass.
Contact your company so they unlock it using MDM codes.

@somnathasati
Copy link

this works like a charm in 15.1.1 latest also, really thankful and grateful to you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment