Hey,
I have a bunch of devices that are enrolled with an MDM. They don't have a standard Google account activated since these are meant to be company owned, which means no FRP activated through Google.
The issue at hand is that if I factory reset through the recovery mode and then start the phone there is nothing blocking the device from being used as a normal device. This is not good enough because and I need some way to make the process harder to dissuade malicious intent.
One way to do this is with a Custom ROM. https://www.hexnode.com/mobile-devi...id-devices-in-hexnode-mdm-by-configuring-rom/ https://www.hexnode.com/blogs/the-big-hows-of-managing-custom-android-os-in-the-workplace/
So that leaves me with a question if it's possible to take the stock ROM and just add the MDM APK with the configuration. As I understand, this would always then boot into the MDM configuration, leaving any other option of the table. (As long as the device is not flashed with stock ROM again.)
Another option, which I can't see if possible is if the whole Recovery Mode menu can be disabled/locked with a passcode, making it not possible to do a wipe through this way.
Appreciate all the help I can get with this as I'm new to this scene!
the mdm devices are running bythe admin mdm policies, the admin must enable or disable features from the phone or add more security steps
tutibreaker said:
the mdm devices are running bythe admin mdm policies, the admin must enable or disable features from the phone or add more security steps
Click to expand...
Click to collapse
I've tested this with Scalefusion, Hexnode and had a chat with SOTI.
All of them say that it's not possible to lock or disable the access to the Recovery Menu that you can access by holding the Power button + Volume up and then Wiping the data and restarting the phone as a new device.
If there would be a way to disable this menu, then that would be great. But according to them they can't do that since it might brick the phone.
So now it's either solving a solution myself for this or trying Samsung Knox devices that offer more options regarding this problem.
Related
Hi,
after reading some information about the FRP, a perhaps possible way to bypass it on Samsung devices came into my mind:
After all, the only thing one has to do is somehow managing to open the settings app. From there, one can do a factory reset which will erase the FRP partition. There are already lots of ways to do so, mostly by exploiting "holes" in the UI.
And of course, the FRP is never really secure; as it relies on the inaccessibility of the phone's internal storage. So if one is able to write the flash by some means (for example JTAG), getting rid of the FRP is pretty much straightforward.
This to be said, just to assure you that I don't plan anything malicious. I'm just curious about Samsung's and Android's security measures, and I don't own any recent Samsung device (with FRP) to try it myself.
But now my thoughts: If FRP is active, from what I read one could not boot unsigned binaries flashed by Odin. But Odin seems to flash these images; it appears that it just blocks the boot.
The next point that flashing+booting modified firmware without triggering the Knox flag is possible. From what I read, the kernel and recovery must stay stock. Apps can change. So I assume that it behaves similar with FRP.
This brought me to an idea: Maybe one could modify a stock image so that one could get to a settings screen, flash it via Odin, boot it, open settings, do the factory reset, and do whatever you want form there.
As a modification, I would suggest just deleting the Gapps from the image; then the phone will never ask for a google account. Or put in one of the apps commonly used to bypass FRP by USB OTG.
The key question is: Will the device boot the modified image, or will one get the "Custom binary blocked by FRP" error?
Hello! I have Knox Enterprise Enrollment service active on my J330F (J3 2017 - android 7) and I want to remove it but I don't know how. I tried with TWRP installed, but no luck. Is possible to permanently remove Knox Enterprise Entrollment service from Samsung J330F ?
Knox is a PIA
The only thing I hve been able to do with knox is reset the phone back to factory then use All in one toolbox to cancel it's startup entry. Basically keeps it from booting when you restart your phone. other than that i have no other options. If anyone else has the solution, please let us know.
diavas2007 said:
Hello! I have Knox Enterprise Enrollment service active on my J330F (J3 2017 - android 7) and I want to remove it but I don't know how. I tried with TWRP installed, but no luck. Is possible to permanently remove Knox Enterprise Entrollment service from Samsung J330F ?
Click to expand...
Click to collapse
huckfinn9 said:
The only thing I hve been able to do with knox is reset the phone back to factory then use All in one toolbox to cancel it's startup entry. Basically keeps it from booting when you restart your phone. other than that i have no other options. If anyone else has the solution, please let us know.
Click to expand...
Click to collapse
Can you please provide how to use the all in one toolbox thing to do what you did ?
ion my case, A520F, the knox thing enables FRP Lock, so, it is a bit hard...
I can use Combination file to access Adb mode, then can Remove FRP, and gain partial access to system, but after knox runs, it enables its security policy and enable FRP again and disable ADB access
yurais said:
Can you please provide how to use the all in one toolbox thing to do what you did ?
ion my case, A520F, the knox thing enables FRP Lock, so, it is a bit hard...
I can use Combination file to access Adb mode, then can Remove FRP, and gain partial access to system, but after knox runs, it enables its security policy and enable FRP again and disable ADB access
Click to expand...
Click to collapse
You have to stop the start up entry with thew Boot Speedup option in All in one Toolbox. You will see "User Apps" on the left and "System Apps" on the right. Choose System apps and then scroll till you find the Knox apps. You have to disable all of them I think. They are the Knox Folder container, Knox Apps Update, Knox Setup Wizzard, Knox Enrollment Service and the Knox app itself. And this only stops it from starting up when you reboot the phone. Whatever triggers it to start after the phone boots is a mystery to me, I sure as hell dont try to open it myself, LOL! That is why you have to disable all of it and immediately try to root the phone as soon as it boots up. Don't give it time to wake up!
Hi All
I have an S7 Exynos with latest Magisk installed and everything has been working flawlessly till I decided this early morning, for not any particular reason(except my increasing amount of grey hair ), to lock the "developer options". I think I have done the same maybe a couple of years ago though cannot remember how I had solved it.
Obviously my phone was instantly locked.
Would someone be able to link a good working solution with being able to keep data and apps? I am a bit desperate as my work is starting again tomorrow.
Thanks a lot.
look at frp bypass
Costum binary blocked by FRP lock is a protection, whene you do a factory reset from recovery. the only way you get this message is with odin.
this one works for me on s7, s7 edge and s6 tab
Thanks @Dagobert
I will have a look at it now and see if it is not too scary. See my S7 FRP
kiwigi said:
deleted as repeated post
Click to expand...
Click to collapse
Do you have acces to the phone?
kiwigi said:
deleted as repeated post
Click to expand...
Click to collapse
If you have acces to the phone then backup your data do a factory reset. Then you can flash whatever you want. Frp lock is a google protection with a google account. Whene you do a factory reset from settings you wipe the frp.
What is Google FRP?
FAQ for Samsung Mobile Device. Find more about 'What is Google FRP?' with Samsung Support.
www.samsung.com
I have access to the phone via PC/Odin only. No booting as per image above. I wand to keep Data and Apps
I assume I have to flash stock with home csc to be able to enter the phone again? Then root again, if I so wish?
Yup. Maybee a long shot but try Flashing your former firmware with Odin, using HOME_CSC. I think thats the solution
More info on that in this topic
Help! How to flash without losing data?
Good day! My phone got stuck on breathing Samsung logo after my phone updates. Now the only option I have in mind is to restore factory data. But I have some important files in my phone that is very essential in my work. I know I have read that...
forum.xda-developers.com
hmm., done the flashing with the files plus home csc and it asks for password, which I have entered without success. I know the password and it justs does not accept it.
See the factory reset warning and the FRP lock still being on now.
I'm desperately trying to avoid wipping data and apps.
edit: unfortunately I had to format/reinstall as I could not find a workable option.
I bought a Samsung A13 from a shop in a South African resort after my own phone broke. Now I see that the A13 phone has a device administrator called "ThinkAdam DPC".
This prevents me from enabling the developer mode and hence I cannot root the device following the standard tutorials. I get this error when I try to enable developer tool or hard reset or remove this admin app from the phone: "Action not allowed", "Numobile in your Service Provider"
Is there a way to root this device or remove the admin app get full control over the phone?
Thanks
hiimmat said:
I bought a Samsung A13 from a shop in a South African resort after my own phone broke. Now I see that the A13 phone has a device administrator called "ThinkAdam DPC".
This prevents me from enabling the developer mode and hence I cannot root the device following the standard tutorials. I get this error when I try to enable developer tool or hard reset or remove this admin app from the phone: "Action not allowed", "Numobile in your Service Provider"
Is there a way to root this device or remove the admin app get full control over the phone?
Thanks
Click to expand...
Click to collapse
Unfortunately no. You need to go to a service. They got official tools to disable such problem. Then again, you waited for so long with an unknown admin app on your phone? No privacy concerns?
Fytdyh said:
Unfortunately no. You need to go to a service. They got official tools to disable such problem. Then again, you waited for so long with an unknown admin app on your phone? No privacy concerns?
Click to expand...
Click to collapse
Why not just wipe whole phone with ODIN firmware files?
I recently got a new phone from the Troomi carrier. They sell a Samsung A32 5G phone and it is very locked down. I have done some digging and managed to enable USB debugging, but I can't manage to root it. I can install apps, but the Knox app control quickly disables it. The app is still installed, but can't be seen without adb. I have managed to rename the package name for an app to that of an app that is allowed. That worked until my mom discovered this and deleted the app from my phone and I haven't been able to recreate it. I also can't enter download mode or install a custom bootloader. Factory resetting is also blocked.
Any help is apprechiated.
JGraham26
Did you figure anything out with this?
No, but I'm still trying