Exit Setup Screen

[LevyTheDevy]

It'd be awesome to have a feature here that lets us exit the setup assistant on Apple devices quickly. Maybe something that can tweak com.apple.purpleBuddy.plist or push an MDM profile without needing a paid server.

Alternatives I've considered

• Manually messing with com.apple.purpleBuddy.plist, which is a headache.
• Using an MDM profile, but that needs a paid server.
• iMazing's CLI, but again, it costs money.

None of these are great for a quick, free fix.

This feature would be a lifesaver for anyone setting up lots of Apple devices. It's about making things faster and easier without paying extra.

[doronz88]

Could you explain how you would expect to install com.apple.purpleBuddy.plist preference or an MDM profile with no user-interaction while in purple buddy?

[LevyTheDevy]

For example,

If I use this command: ideviceinfo -q com.apple.PurpleBuddy

(using libimobiledevice)

I get this config info -->

AppleIDPB10Presented: true ApplePayOnBoardingPresented: true AssistantPHSOffered: true AssistantPresented: true AutoUpdatePresented: true DiagnosticsAutoOptInSet: true FaceIDPeriocularPresented: true GuessedCountry[1]: 0: US HSA2UpgradeMiniBuddy3Ran: true HomeButtonCustomizePresented: true Language: en Locale: en_US Mesa2Presented: true PBAppActivity2Presented: true PBDiagnostics4Presented: true Passcode4Presented: true Payment2Presented: true PaymentMiniBuddy4Ran: true PrivacyContentVersion: 2 PrivacyPresented: true RestoreChoice: true SSDeviceType: buildVersion: 17E8255 deviceType: 225 hardwareModel: D79AP SafetyPresented: true ScreenTimePresented: true SetupDone: true SetupFinishedAllSteps: true SetupLastExit: 1992-11-03T11:56:58Z SetupState: RestoredFromDevice SetupVersion: 11 SiriOnBoardingPresented: true TrueTonePresented: true UserChoseLanguage: true UserInterfaceStyleModePresented: true WebDatabaseDirectory: /var/mobile/Library/Caches WebKitAcceleratedDrawingEnabled: false WebKitAllowsPictureInPictureMediaPlayback: false WebKitLocalStorageDatabasePathPreferenceKey: /var/mobile/Library/Caches WebKitMediaPlaybackAllowsInline: true WebKitMediaPlaybackRequiresUserGesture: false WebKitMinimumZoomFontSizePreferenceKey: 15.000000 WebKitOfflineWebApplicationCacheEnabled: true WebKitShrinksStandaloneImagesToFit: true chronicle: features[1]: 0: data: productVersion: 17.0 type: 2 lastPrepareLaunchSentinel[2]: 0: 1993-01-20T11:26:14Z 1: 0 setupMigratorVersion: 12

Is it possible to modify this to bypass the setup assistant?

I tried using Apple's cfgutil CLI to install a profile but it only skips a few setup screen. (If you use the paid MDN server you can fully skip all screens)

I think iMazing is using this profile method because after it runs I can't load another profile because is say's an existing profile is on the device.

I'll look in seeing the the PID of the Setup Assistant and test if I can kill it but I think configuration is required to be set.

Thank you for the response.

Some Links on the subject:

• https://github.com/libimobiledevice/libimobiledevice/issues/414
• https://github.com/libimobiledevice/libimobiledevice/issues/934

[doronz88]

You can both activate the device automatically and set all the keys mentioned :

pymobiledevice3 activation activate --now
pymobiledevice3 lockdown set com.apple.PurpleBuddy Key Value

Or supervise the device and install profile using http://supervise.me

[LevyTheDevy]

Hi there,

Thanks for the suggestions you've given. I'm running into a bit of a snag with the pymobiledevice3 lockdown setcommand. I tried running pymobiledevice3 lockdown set True com.apple.PurpleBuddy AssistantPresented, and it seemed to go through fine. But when I check with pymobiledevice3 lockdown get com.apple.PurpleBuddy, the changes aren't showing up.

Also, I tried using the supervision profile from "http://supervise.me/", but it looks like it's been removed from the site. I've been using cfgutil to supervise the device.

Just a heads up, I'm pretty new to iOS development. I've recently started diving into it to support my Appium iOS testing framework, so there's a lot I'm still learning.

I really appreciate your help on this, but it looks like this feature might not be available on any free CLI tools right now. Any other ideas or workarounds you might have would be great.

[LevyTheDevy]

Update:

I made is mistake on my part. When writing a value to com.apple.purplebuddy then rebooting the device it shows under the query for com.apple.PurpleBuddy (case sensitivity)

Still it seems like writing these keys & values has no affect on the Setup Assistant.

PS. I also tried Killing the PID for com.apple.purplebuddy and it just restarts the Setup Assistant.

[AnNEDoMini]

Long story short, it is possible to skip setup(tested on thousands devices) completely, iOS < 17.2, pymd3 alone is more than enough. Unfortunately I'm under NDA and can not guide you step-by-step how to do it. Basically you need 4 things:

1. read https://book.hacktricks.xyz/macos-hardening/macos-red-teaming/macos-mdm/enrolling-devices-in-other-organisations
2. take IDA(free version is enough) disassembler and diasm 3utools.
3. Pair and activate device
4. Poke device with pymd3 This will be more than enough to skip setup

[Dantee296]

You can skip setup Using com.apple.mobile.MCInstall service

[LevyTheDevy]

@Dantee296 Can you please explain?

Thank you :)

[LevyTheDevy]

I figured out a very janky workaround:

1. Pair and Activate Device.
2. Enable Dev Mode
3. Mount Images
4. Install Appium WDA
5. Prepare Device (cfgutil can skip most except ULA)
6. Use WDA automation to tap agree (Any other steps)

This works for me as I'm doing ETE software testing and WDA is prepared from the start but they is probably a more effective way.

Thanks

[tudorcraciun]

Hello, I have a question, how did you supervise the device? Is there a way to do it on Linux?