{"id":21543826,"url":"https://github.com/thealexdev23/stealthymdmblocker","last_synced_at":"2025-03-17T23:55:58.623Z","repository":{"id":219279728,"uuid":"742928369","full_name":"TheAlexDev23/StealthyMdmBlocker","owner":"TheAlexDev23","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-23T07:00:11.000Z","size":122,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-24T08:44:02.902Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TheAlexDev23.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-13T19:34:20.000Z","updated_at":"2024-04-23T07:09:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"f704c6b0-915c-44e5-a874-0a94a5692bb5","html_url":"https://github.com/TheAlexDev23/StealthyMdmBlocker","commit_stats":null,"previous_names":["thealexdev23/stealthymdmblocker"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheAlexDev23%2FStealthyMdmBlocker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheAlexDev23%2FStealthyMdmBlocker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheAlexDev23%2FStealthyMdmBlocker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TheAlexDev23%2FStealthyMdmBlocker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TheAlexDev23","download_url":"https://codeload.github.com/TheAlexDev23/StealthyMdmBlocker/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244130278,"owners_count":20402753,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T05:15:49.538Z","updated_at":"2025-03-17T23:55:58.603Z","avatar_url":"https://github.com/TheAlexDev23.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Stealthy MDM Blocker\n\nMy attempt at silently blocking mdm functionality. Reverse engineered findings of the mdm functionality can be found [here](./ReverseEngineering/Findings/).\n\nThep revious solution was essentially a MITM proxy with custom CA certificates that can decrypt and modify outgoing requests and incoming responses to the mdm server. The main solution found [here](./ProfileModification/), is able to differentiate the possible messages that can happen between the client and the server, decode the mdm configuration, modify it to remove most of the restrictions and encode it back again.\n\nGiven that a custom CA certificate could be installed in the ios system without restrictions then the modification could not be noticed by the server nor the enrolled device.\n\nThe second solution, [here](./RequestBlocking), is a custom DNS that forwards all requests to another DNS of choice except for query requests for the MDM server, those would receive a not found response, and the DNS server would pretend to be the device and communicate with the MDM server itself. Once the communication is finished and the DNS server had pretended to have installed all profiles and restrictions the MDM server had sent it, the DNS on the iOS device could be removed. However, the device believes that the connection with the MDM server failed, and would retry as soon as possible. But given that the DNS server already pretended to be the device, the MDM server would send an empty response due to the lack of commands to execute as all have been \"executed\" by the DNS server.\n\n## Configuration\n\nFor functional execution append the directory of [helpers](./Helpers/) to the PYTHONPATH env variable\n\nConfiguration should be located in `/etc/SMB/config.json` with email logging options strictly environment variables\n\nEnvironment variables:\n\nEmail logging (if enabled in `config.json`)\n\n*SMB_LOGGING_EMAIL* -\u003e Sender email\n\n*SMB_LOGGING_EMAIL_PASSWORD* -\u003e Sender email password\n\n*SMB_LOGGING_EMAIL_TARGET* -\u003e Receiver of emails\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthealexdev23%2Fstealthymdmblocker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthealexdev23%2Fstealthymdmblocker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthealexdev23%2Fstealthymdmblocker/lists"}