Kiosk mode locks a Chromebook into running a single application — typically a testing tool such as SecureTestBrowser, TestNav, or NWEA — with no way to switch windows, access the browser, or install extensions. Skiovox exploits a bug in how kiosk apps handle network errors: by disconnecting from Wi-Fi before launching a kiosk app, you can trigger an error screen that contains a Certificates, Diagnose, or accessibility button. Clicking through those buttons opens the ChromeOS File Manager, and from there you can open a full Chrome browser window in the kiosk’s unmanaged profile. Within that browser you can install extensions, access any website, and bypass virtually all school-imposed restrictions. Use CAUB to stay on a version where Skiovox works.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/S-PScripts/chromebook-utilities/llms.txt
Use this file to discover all available pages before exploring further.
Version Compatibility
| Version Range | Status |
|---|---|
| v118 | Supported |
| v119–v120 | Supported |
| v121 | Supported |
| v124 | Supported |
| v125–v126 | Supported |
| v138–v144 | Supported (currently works on v144) |
| v141 | Separate method available |
Version-Specific Instructions
Skiovox v118
Skiovox v118
Notes:If a back button is available on the error page:If a back button is NOT available:If a back button is NOT available (ChromeVox method):Once inside a browser window, proceed to Skiovox Helper.
- A compatible kiosk application is required. Some kiosk apps will not work with this exploit.
- Kiosk apps have their own profiles — this exploit browses using the kiosk profile.
- Your Chromebook must be connected to Wi-Fi before you begin, and you will disconnect during the process.
Pre-enter your password (if applicable)
If usernames and photos are shown on the sign-in screen, enter your password but do not press Enter. Otherwise skip this step.
Click Add other Wi-Fi network
Click Add other Wi-Fi network, then immediately spam
Esc twice. The sign-in screen should appear with your password still entered.Press Enter to sign in
Press
Enter to sign in. Do this within 4 seconds of clicking “Add other Wi-Fi network.”Bypass the multiple sign-in message
If a Multiple sign-in has been disabled message appears, press
Esc to bypass it.Click Add other Wi-Fi network
Click Add other Wi-Fi network and wait for the diagnostics screen to appear. This step may be inconsistent — try a few times or try a different kiosk app.
Open in Settings
Expand the Wi-Fi dropdown, then click Open in Settings. A settings window should open.
Open Resources
While holding
Search, press O, then press T. Select Resources. Three links should appear.Skiovox v119–v120
Skiovox v119–v120
Notes:Once inside a browser window, proceed to Skiovox Helper.
- A compatible kiosk application is required.
- Your Chromebook must be connected to Wi-Fi before you begin.
Pre-enter your password (if applicable)
If usernames and photos are shown, enter your password but do not press Enter.
Open display settings
In the toolbar, show the display settings menu by clicking the button next to the brightness slider, then click the settings button to open the settings app.
Open Resources
Select Resources. Three links should appear. Click any one of them — Chrome should open.
Sign in as existing user
Click Sign in as an existing user. Attempt to sign in — a Multiple sign-in has been disabled message should appear. Press
Esc to bypass it. A browsing window should be focused.Skiovox v121
Skiovox v121
Notes:
- This only works if your Gmail is saved to your Chromebook (your profile picture appears on the sign-in screen and you only need to type your password).
Type your password (do not press Enter)
Enter your password on the sign-in screen but do not press Enter.
Perform standard Skiovox
Turn off Wi-Fi, launch the kiosk app, press
Alt + Shift + S, and navigate to Accessibility → question mark.Skiovox v124
Skiovox v124
Credits: eth3r.xyz/skiovox124 / Titanium Network
Handle missing 'Log in as existing user'
If the network unavailable page does not show Log in as existing user, click Add person and hold
Esc.Rapid sequence (must be fast)
Click Add network, type random letters, and hit
Enter. Then click Diagnose.Open in Settings
Click Wi-Fi, then click Open in Settings. Click the close button (X) at the top right to go back to the Wi-Fi page.
Skiovox v125–v126
Skiovox v125–v126
Requirements:Method 2 (Legacy — requires external login page):Common issues:
- ChromeOS v125 or v126
- An account saved on the device (Method 1)
- External login page, if available (Method 2)
Go to the sign-in screen
Make sure you have an account saved on your device. Go to the sign-in screen and open Quick Settings.
Disable Wi-Fi and open the kiosk app
Hover your mouse over the Apps button and press
Enter. This disables Wi-Fi. Before it reaches the no-Wi-Fi screen, press Apps (the search/launcher key), then press the key corresponding to your kiosk app (e.g. S for SecureTestBrowser). Do this very quickly.Wait and then reset
Wait approximately 2 seconds (or until it says Waiting for app window), then press
Ctrl + Alt + Shift + R and click Cancel.Sign in with existing user
Click Add other Wi-Fi, type random letters, press
Enter, and click Sign in as existing.Enter credentials and trigger the shortcut
Enter your username and password. Immediately after pressing
Enter on the password, press Ctrl + Search + Esc.Enter credentials on the external login page
Enter your email and password on the external login page.
Watch for the launch moment
After pressing
Enter, you will see a small spinning circle for approximately 0.5 seconds. Wait for the kiosk app to start launching.Wait for Chrome browser
If the managed Chrome browser does not appear, restart from Step 1 and adjust your timing.
- “I don’t have a Help Center button!” — Wait 2+ seconds after Step 3 before proceeding.
- “My kiosk app loads normally!” — Adjust your timing on the launch step.
Skiovox v138–v144 (currently works on v144)
Skiovox v138–v144 (currently works on v144)
Credits: 2pro12342 (open file manager and Method 2), schoolexploitkid (open browser)Method 1:Method 2 (Wi-Fi/DNS approach — use if Method 1 does not work):
Click Certificates
When it says Internet Not Found, click the Certificates button next to Diagnose. A menu should open. If it crashes or doesn’t open, try Method 2.
Handle the Get Started screen
- If kiosk apps are visible on the Get Started screen (Path A): Click Get Started, click Add Wi-Fi, and enroll until you see kiosk apps.
- If kiosk apps are NOT visible (Path B): Do not click Get Started. Instead, go to the Wi-Fi panel and connect to your Wi-Fi.
Change DNS to block network
Once connected, change the DNS to
0.0.0.0 or 52.207.185.90. This should produce a Wi-Fi Network Error or No Network Connection with a ! icon.Skiovox v141 (Website Kiosk Method)
Skiovox v141 (Website Kiosk Method)
This method targets website kiosks (kiosk apps that display a URL in the address bar while loading) rather than packaged app kiosks.Link: https://skiovox141.crosbreaker.dev/openCredits: crosbreaker — crosbreaker.dev / github.com/crosbreaker/skiovox-141
Navigate to a search engine
Find a way to navigate away from the main page and reach a search engine like Google.
Copy the injection HTML
In a text field (such as the search bar), copy the following snippet to your clipboard:
Open a real-time HTML editor
Navigate to https://htmledit.squarefree.com/.
File Manager Methods
Once you reach the ChromeOS File Manager through Skiovox (v138–v144), you need to open a browser window from within it. Two methods are available — try both and use whichever works.File Manager Method 1 — New Folder
File Manager Method 1 — New Folder
File Manager Method 2 — Open File Settings (Recommended)
File Manager Method 2 — Open File Settings (Recommended)
Skiovox Helper
After performing Skiovox, most keyboard shortcuts do not work, windows cannot be easily resized or moved, and adding Google accounts is difficult. Skiovox Helper is an extension that restores this functionality. It only needs to be set up once per device. Features:- Restores most keyboard shortcut functionality within the exploit
- Allows resizing and dragging of windows
- Makes it easier to add Google accounts and use the Chrome Web Store
- Fixes functionality of some Google logins on webpages
- Shows time, date, and battery status
- Press
Ctrl + Tafter shortcuts are configured to exit fullscreen
Download Skiovox Helper
Download Skiovox Helper from https://github.com/bypassiwastaken/skiovox-helper/releases. If you followed the back-button method, disable Ask where to save each file in browser settings before downloading.
Extract and open the folder
Find the downloaded Skiovox Helper ZIP file. Right-click → Extract all. Open the extracted folder. Select the file inside and click Open. Skiovox Helper should install and automatically open the keyboard shortcuts page.
Skiovox Breakout
Skiovox Breakout takes the Skiovox exploit further by allowing you to inject custom JavaScript into an installed extension, enabling persistent code execution that survives a reboot. Credits: munyDev / github.com/munyDev/skiovox-breakoutDownload Skiovox Breakout
Navigate to https://github.com/munyDev/skiovox-breakout/. Click Code → Download ZIP (you can use the CSS or main branch).
Install the extension in dev mode
Go to
chrome://extensions, enable Developer Mode, click Load unpacked, and load the downloaded extension folder.Inject a script
Click the Skiovox Breakout extension icon. In the first input box, type the first 5 letters of the target extension ID. In the second box, enter your custom JavaScript or clear the box entirely.
Open the injected file
Open any file (e.g.
*.html) — a school window should open. Open the extension page and press any switch (or open background.js if no switches are present).Bookmark the shim URL
Copy the URL
filesystem:chrome-extension://ID_HERE/temporary/shim.html and make it a bookmark.ASH (Skiovox Downloaded to USB)
ASH is a method for making Skiovox persistent on a Chromebook by loading the Skiovox Helper extension from a USB drive rather than downloading it each time. It also enables a “hotswapping” technique to quickly switch between the kiosk profile and your school account. Requirements: ChromeOS v119–v120 (v121 may not work), a USB drive, and a kiosk app. Credits: Brandon421-ops/Exploits-And-HacksPerform Skiovox normally
Hold the power button to sign out. Turn off Wi-Fi, open the kiosk app, press
Alt + Shift + S, click the ? in the panel, sign in as an existing user, bypass the multiple sign-in message with Esc, and close the school window.Set startup pages
In
chrome://settings → On startup, select Open a specific page or set of pages and add:Set up persistence across reboots
Restart by holding the power button and selecting Sign out all. Repeat the Skiovox steps. After closing the default school window, you should see the OS settings and can toggle Wi-Fi back on.
Load Skiovox Helper from USB
Download the Skiovox Helper files from github.com/bypassiwastaken/skiovox-helper and put them on a USB drive. After performing Skiovox again, open the File Manager tab, right-click the ZIP file → Extract. Drag the extracted folder to Downloads.
Install via dev mode
Open a new window (three-dots menu), go to
chrome://extensions, enable Developer Mode, click Load Unpacked, and select the inner folder in Downloads. Click Open.- Go to Pixlr and click Create new.
- Once the editor opens, press
Ctrl + Sthen Save as. - Name the file anything but remove the
.pngextension. - Open a new tab, go to Files, and double-click the file — this opens the school account window.
- To swap back, delete the school account window.
- Skiovox deleting itself from extensions (manifest): delete the current Skiovox file from Downloads, pull the file from the USB drive back into Downloads, and re-link it.
Escnot working to bypass the multiple sign-in message: no fix currently.
Unrestricted Browsing via Skiovox
Within the Skiovox kiosk browser window:- You can install extensions from the Chrome Web Store
- You can bypass virtually all school-imposed web filters and DNS blocks
- The browsing session uses the kiosk app’s unmanaged profile
Skebstore
Skebstore is a minimal alternative extension installer for Skiovox users whose Chrome Web Store (chromewebstore.google.com) is blocked by the school network.
Credits: bypassi / github.com/bypassiwastaken/skebstore
Other Kiosk-Related Exploits
KIOSK Exploit (up to v85)
The original kiosk exploit. Opens an unrestricted Chrome instance within a kiosk app using the ChromeVox accessibility shortcut. Works consistently on v76 and below; possible but less consistent on v77–v85 (only once per powerwash). Credits: B3AT, Divide, Luphoria, OlyB / Titanium Network Method 1 (v77–v85, requires fresh install/OOBE):Sign out, turn off Wi-Fi, enable ChromeVox
Sign out. Turn off Wi-Fi. Press
Ctrl + Alt + Z to enable ChromeVox.Open a kiosk app and spam the shortcut
Open a kiosk app, then spam
Search + O + K (keep re-pressing O and K).Enable ChromeVox and spam shortcut
Press
Ctrl + Alt + Z to enable ChromeVox. Spam Search + O (hold Search, spam O).Click Diagnose
While spamming, click Diagnose. Keep spamming until a browser window appears (up to 5 seconds).
Open a new tab and disable ChromeVox
Open a new tab, then press
Ctrl + Alt + Z to disable ChromeVox.PowerR3SET — Unenroll via ChromeOS Flex (up to v131)
Unenrolls a Chromebook by flashing ChromeOS Flex (which has no forced re-enrollment support). Requires physically opening the Chromebook to disable write protection.- Get the Mr. Chromebox BIOS for your Chromebook model. Verify your board has UEFI Firmware (Full ROM) support.
- Enter developer mode, then EC reset (hold
Escduring power-on). - Use BR1CK to enter the firmware flashing environment.
- Disable write protection (jump the WP chip, remove battery, or use a SUZY-Q cable).
- On v117+, use
Ctrl + Alt + F2for VT2 and use chronos; on v116 and below use Crosh. - Run:
- Download a ChromeOS Flex board image from chromiumdash.appspot.com/serving-builds, flash to USB, and boot from it.
- Install ChromeOS Flex and sign in with a personal account.
Dump Kiosk Apps
Extracts a kiosk app’s extension files and converts it into a regular ChromeOS app by removing thekiosk_only manifest key.
Requirements: Crosh and Developer Mode enabled.
Known kiosk app IDs:
| App | Extension ID |
|---|---|
| TestNav | mdmkkicfmmkgmpkmkdikhlbggogpicma |
| SecureTestBrowser | hblfbmjdaalalhifaajnnodlkiloengc |
| NWEA | omkghcboodpimaoimdkmigofhjcpmpeb |
| CollegeBoard | joaneffahikmmipmidpkeedopejmhbbm |
Enable dev mode and add accounts
Enable Developer Mode, then add your home account followed by your school account.
Find the kiosk app ID
Navigate to
/home/chronos/{user account hash}/extentions/kiosk/ and note the ID of the kiosk app you want.Edit the manifest
Open the copied folder and edit
manifest.json. Delete the line "kiosk_only": true.Unblock Crosh (Ext. or Terminal)
Ifchrome-untrusted://crosh is blocked, use the Secure Shell extension to open a Crosh instance via chrome.terminalPrivate.
Method 1 — Secure Shell extension:
- Install the Secure Shell Dev extension.
- In the username box, type anything.
- In the hostname box, type
>crosh. - Press
Enter— a Crosh window will open.
- Open the Terminal app and create a new SSH profile.
- Set the hostname to
ssh a@>crosh. - Save the profile, right-click the Terminal app icon, and select your new SSH profile.
Unblock Crosh (Kiosk Apps)
Uses the Skiovox limbo sign-in state to access Crosh when it is normally blocked.This may be patched on newer ChromeOS versions due to changes introduced alongside Skiovox patches.
Enter the kiosk limbo state
Sign in to a kiosk app and let it reach the Connect to Wi-Fi to continue screen. Click the Back button (top left). You should be at the sign-in screen without the Apps button.
Sign in
Sign in to your school account. You should see a browser in the background and a prompt saying Administrator has disabled multiple sign-ins. Press
Esc to bypass it.