ANY VERSION (v129) UNO REVERSE EXPLOIT. REMOVE GO GUARDIAN!

[88411]

Brand new exploit I came up with just yesterday and I can't believe it actually works!

The exploit will be called: The uno reverse exploit 💯 🥇

The exploit is similar to corkey and the VMC exploit except this exploit is actually consistent.
### REQUIRED:
The ability to edit your school network's DNS. If you can't than I guess you can just use it at home.

### STEPS:
Before you begin drag this link into the bookmark bar. (Don't worry this isn't a bookmarklet you'll see later)

Powerwash your chromebook.

Then on the log in screen continue by connecting to wifi and then logging in

WAIT

After you type in your password ion the logging screen and you see either the screen start to change colors(This is your Chromebook downloading and updating to your previous theme) or you see and Lock icon with a lock and a loading anaimation, turn your wifi off. The point is to turn it off fast enough so that goguardian hasn't installed (similar to the vmc/corkey exploit)
If go guardian isn't there great you can move on. If not restart from the beginning.

This whole process needs to happen extremely quickly otherwise go guardian will install before you connect to the dns and you need to start the process over from the beginning

Find somewhere to type out this dns: 45.90.28.127
This is so you can copy it to your clipboard to make the process smoother

Next open your control center

Quickly turn on your WiFi and connect to your home/school internet.

Once it says connected immediately click on it to open its settings

Scroll down to the network section and open it

Scroll down some more until you see Name servers

Select custom and and paste the dns into the first box and then click somewhere outside the box to deselect and save your changes

For good measure after you set up the DNS go back to your browser and spam the bookmark you saved earlier. (This isn't 100% required but it does help prevent it from causing issues)(fyi it just syncs your computer with my specific DNS profile rather than a different one I have which would mess everything up. Usually it does this automatically but not always)

#Alternative better method

When you are on the welcome to your chrome book open the control center, turn on your WiFi and connect to your wifi.

Once connected click on it. Then expand the network section, scroll down to name servers and set it to custom. Then set the first box to 45.90.28.127 and the rest to 0.0.0.0.

Continue with the login in process. I still do recommend that you turn off you WiFi when you get to the "Please wait" screen just to give you time.

Then turn you WiFi on and then right after while holding ctrl, spam the bookmark from the first method as soon as your bookmark bar loads to insure that the dns gets synced before go guardian installs.

This method is better because you don't have to rush to setup the DNS because it is already setup.

cross your fingers that go guardian doesn't install . 💯

#How to maintain go guardian not installing
I recommend that once you remove goguardian download the html dns looper file and run it in the background while you use your Chromebook. This is probably not necessary if you stay on the same network but if buoy are switching networks or the dns unsyncs the. Ur cooked if this isn't running.

When turn you chrome book off and then on immediately turn off your WiFi and log in. Then start the dns looper and the connect to the WiFi.
NOTE: If you follow all the steps properly and go guardian still installs, just click the bookmark again and restart the steps

NOTE: If at any point you connect to the internet without the dns go guardian will likely be reinstalled

HOW IT WORKS!!!

You first power wash your Chromebook which deletes go guardian.

Then you sign in and turn off your WiFi so it doesn't reinstall.

Then you add my dns server to your network.
This routes all of your traffic through my DNS server which I have configured to basically prevent goguardian from trying to download the extension while allowing all other traffic.

Basically when google tries to install go guardian it has to go through my DNS and my DNS gives go guardian the uno reverse card 💯 💯 💯

Here is my DNS block list in case you want to mess around with it or make your own DNS server:

*.hosted-extensions.goguardian.com
*.ip.goguardian.com
*.goguardian.com
*.snat.goguardian.com
*.waluigi.goguardian.com

If someone an onc file with this DNS that would be awesome. I have already tried using the caub tool from here #1175
But it doesn't work -_-

If you have any questions feel free to ask.
I am more than welcome to answer any questions even if they may seem obvious to others.

[Evanlol123]

@88411 im pretty sure they patched onc file exploit stuff on v129

[88411]

It doesn't use an onc file. You manually set the dns by just typing it in

[DoxrGitHub]

https://discord.com/channels/419123358698045453/1196248262928236555 (this literally already exists but instead of lightspeed URLs use *.goguardian.com) and that tutorial actually shows ppl how to create a nextdns account and stuff

secondly a single account has a quota so once its over for the month everyone's shit is gonna reinstall

and once those IPs are pointed to someone else's IP every other person using the shared DNS account won't have goguardian urls blocked so yeah its like 50 people all trying to use the same account but only one person can use it at once IF you're adding the IPv4 addresses

ALSO doing this once oobe has completed is a bad idea since you have to time shit, you can literally do it within oobe and gg/ls won't even start to install

this is pretty useless and you're trying to take credit for worse omada and/or a worse way to do a kajig that has existed since 01/14/2024

[88411]

Do you know what that account quota is?

[88411]

How I got my Deny list was I connected my dns right after I enrolled and blocked every url in the logs. Because there was i bunch of google urls I suspected that go guardian was coming from a google domain. Because i blocked almost the entirety of google you could not use the dns when logging in. I know that is incorrect and I will update the post when I have time later today. Also I had no idea this already existed but I guess that is just poor research on my part. I will remove all the credits.

[Prexry]

This isn't an exploit nor is it "yours" this is just a DNS Blocklist and has been known for years

[88411]

Fair enough. Either way it still can help people like me who are on 129 and have no other options besides unenrollment.

[schoolexploitkid]

does this work for securly?

[88411]

It could however I don't have my dns setup to block securely specifically because I don't know which domain securely installs from. If we coordinate on discord or something for you to power wash your Chromebook on the dns from the repo I could look at the logs to see what domains are connecting to your Chromebook.

[88411]

. . . And therefore block securely as well.

[88411]

Quick example/ proof that it works:

https://drive.google.com/file/d/1wvwpSjBKhH7El6Fmy1V0t_GjBo6XxBzM/view?usp=drivesdk