-
Notifications
You must be signed in to change notification settings - Fork 0
/
MacMDM.sh
180 lines (153 loc) · 6.17 KB
/
MacMDM.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/bash
# Global constants
readonly DEFAULT_SYSTEM_VOLUME="Untitled HD"
readonly DEFAULT_DATA_VOLUME="Data"
SystemVolume=$DEFAULT_SYSTEM_VOLUME
SystemDataVolume=$DEFAULT_DATA_VOLUME
if [ -n "$1" ]
then
SystemVolume=$1
SystemDataVolume="$1 - Data"
fi
# Text formating
RED='\033[1;31m'
GREEN='\033[1;32m'
BLUE='\033[1;34m'
YELLOW='\033[1;33m'
PURPLE='\033[1;35m'
CYAN='\033[1;36m'
NC='\033[0m'
# Checks if a volume with the given name exists
checkVolumeExistence() {
local volumeLabel="$*"
diskutil info "$volumeLabel" >/dev/null 2>&1
}
# Returns the name of a volume with the given type
getVolumeName() {
local volumeType="$1"
# Getting the APFS Container Disk Identifier
apfsContainer=$(diskutil list internal physical | grep 'Container' | awk -F'Container ' '{print $2}' | awk '{print $1}')
# Getting the Volume Information
volumeInfo=$(diskutil ap list "$apfsContainer" | grep -A 5 "($volumeType)")
# Extracting the Volume Name from the Volume Information
volumeNameLine=$(echo "$volumeInfo" | grep 'Name:')
# Removing unnecessary characters to get the clean Volume Name
volumeName=$(echo "$volumeNameLine" | cut -d':' -f2 | cut -d'(' -f1 | xargs)
echo "$volumeName"
}
# Defines the path to a volume with the given default name and volume type
defineVolumePath() {
local defaultVolume=$1
local volumeType=$2
if checkVolumeExistence "$defaultVolume"; then
echo "/Volumes/$defaultVolume"
else
local volumeName
volumeName="$(getVolumeName "$volumeType")"
echo "/Volumes/$volumeName"
fi
}
# Mounts a volume at the given path
mountVolume() {
local volumePath=$1
if [ ! -d "$volumePath" ]; then
diskutil mount "$volumePath"
fi
}
echo -e "${CYAN}*-------------------*---------------------*${NC}"
echo -e "${YELLOW}* Check MDM - Skip MDM Auto for MacOS by *${NC}"
echo -e "${RED}* SKIPMDM.COM *${NC}"
echo -e "${RED}* Phoenix Team *${NC}"
echo -e "${CYAN}*-------------------*---------------------*${NC}"
echo ""
PS3='Please enter your choice: '
options=("Autoypass on Recovery" "Check MDM Enrollment" "Reboot" "Exit")
select opt in "${options[@]}"; do
case $opt in
"Autoypass on Recovery")
echo -e "\n\t${GREEN}Bypass on Recovery${NC}\n"
# Mount Volumes
echo -e "${BLUE}Mounting volumes...${NC}"
# Mount System Volume
#systemVolumePath=$(defineVolumePath "$DEFAULT_SYSTEM_VOLUME" "System")
diskutil mount "/Volumes/Macintosh HD"
# Mount Data Volume
#dataVolumePath=$(defineVolumePath "$DEFAULT_DATA_VOLUME" "Data")
diskutil mount "/System/Volumes/Data"
echo -e "${GREEN}Volume preparation completed${NC}\n"
# Create User
echo -e "${BLUE}Checking user existence${NC}"
dscl_path="$dataVolumePath/private/var/db/dslocal/nodes/Default"
localUserDirPath="/Local/Default/Users"
defaultUID="501"
if ! dscl -f "$dscl_path" localhost -list "$localUserDirPath" UniqueID | grep -q "\<$defaultUID\>"; then
echo -e "${CYAN}Create a new user / Tạo User mới${NC}"
echo -e "${CYAN}Press Enter to continue, Note: Leaving it blank will default to the automatic user / Nhấn Enter để tiếp tục, Lưu ý: có thể không điền sẽ tự động nhận User mặc định${NC}"
echo -e "${CYAN}Enter Full Name (Default: Apple) / Nhập tên User (Mặc định: Apple)${NC}"
read -rp "Full name: " fullName
fullName="${fullName:=Apple}"
echo -e "${CYAN}Nhận Username${NC} ${RED}WRITE WITHOUT SPACES / VIẾT LIỀN KHÔNG DẤU${NC} ${GREEN}(Mặc định: Apple)${NC}"
read -rp "Username: " username
username="${username:=Apple}"
echo -e "${CYAN}Enter the User Password (default: 4 space) / Nhập mật khẩu (mặc định: 4 dấu cách)${NC}"
read -rsp "Password: " userPassword
userPassword="${userPassword:= }"
echo -e "\n${BLUE}Creating User / Đang tạo User${NC}"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" UserShell "/bin/zsh"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" RealName "$fullName"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" UniqueID "$defaultUID"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" PrimaryGroupID "20"
mkdir "$dataVolumePath/Users/$username"
dscl -f "$dscl_path" localhost -create "$localUserDirPath/$username" NFSHomeDirectory "/Users/$username"
dscl -f "$dscl_path" localhost -passwd "$localUserDirPath/$username" "$userPassword"
dscl -f "$dscl_path" localhost -append "/Local/Default/Groups/admin" GroupMembership "$username"
echo -e "${GREEN}User created${NC}\n"
else
echo -e "${BLUE}User already created${NC}\n"
fi
# Block MDM hosts
echo -e "${BLUE}Blocking MDM hosts...${NC}"
hostsPath="$systemVolumePath/etc/hosts"
blockedDomains=("deviceenrollment.apple.com" "mdmenrollment.apple.com" "iprofiles.apple.com")
for domain in "${blockedDomains[@]}"; do
echo "0.0.0.0 $domain" >>"$hostsPath"
done
echo -e "${GREEN}Successfully blocked host / Thành công chặn host${NC}\n"
# Remove config profiles
echo -e "${BLUE}Remove config profiles${NC}"
configProfilesSettingsPath="$systemVolumePath/var/db/ConfigurationProfiles/Settings"
touch "$dataVolumePath/private/var/db/.AppleSetupDone"
rm -rf "$configProfilesSettingsPath/.cloudConfigHasActivationRecord"
rm -rf "$configProfilesSettingsPath/.cloudConfigRecordFound"
touch "$configProfilesSettingsPath/.cloudConfigProfileInstalled"
touch "$configProfilesSettingsPath/.cloudConfigRecordNotFound"
echo -e "${GREEN}Config profiles removed${NC}\n"
echo -e "${GREEN}------ Autobypass SUCCESSFULLY / Autobypass HOÀN TẤT ------${NC}"
echo -e "${CYAN}------ Exit Terminal. Reboot Macbook and ENJOY ! ------${NC}"
break
;;
"Check MDM Enrollment")
if [ ! -f /usr/bin/profiles ]; then
echo -e "\n\t${RED}Don't use this option in recovery${NC}\n"
continue
fi
if ! sudo profiles show -type enrollment >/dev/null 2>&1; then
echo -e "\n\t${GREEN}Success${NC}\n"
else
echo -e "\n\t${RED}Failure${NC}\n"
fi
;;
"Reboot")
echo -e "\n\t${BLUE}Rebooting...${NC}\n"
reboot
;;
"Exit")
echo -e "\n\t${BLUE}Exiting...${NC}\n"
exit
;;
*)
echo "Invalid option $REPLY"
;;
esac
done