Device locked down by MDM Airwatch (by me) - no access to anything!

Search This thread

*Detection*

Senior Member
Dec 5, 2011
10,513
2,850
Durham

That is the one I was talking about, it says it restricts firmware updates in download mode, not access to download mode itself

For anyone interested here is the list of restrictions available under Airwatch Android:

http://pastebin.com/2qxTGa5G

Nothing in there even mentions Download Mode strangely - only firmware recoverySAFE, whatever that means


I'm assuming you've tried safemode:

  1. Turn the device off.
  2. Press and hold the Power key past the Samsung Galaxy S7 screen.
  3. When "SAMSUNG" appears on the screen, release the Power key.
  4. Immediately after releasing the Power key, press and hold the Volume down key.
 

xspyda

Senior Member
Mar 8, 2006
627
25
I wasn't actually aware of the safe mode so no. I'll try that Mondayas the phone isn't with me right now. I have my doubts it will work but will be interesting to try.

What is safe mode meant to do, as the device is in a. Boot loop now so won't boot anyway I wouldn't think?
 

*Detection*

Senior Member
Dec 5, 2011
10,513
2,850
Durham
Afaik it disables all 3rd party that would usually start up with the phone

Samsung had me do it to troubleshoot the camera on mine one time

I'm guessing it disables other non 3rd party too, as it didn't respond or act correctly while in safemode - possibly a limited version of how Windows safemode disables all but default drivers etc maybe

There are programs available for different Android devices that can write to NAND without the device being booted too, not sure if there is such a program for the S7 but I had an old Acer tablet to fix which wouldn't boot and I had to run the program while connected to the tablet powered off, then power it on and the program hooked in during the very early boot stages and had access to write to it

Does the PC recognise it at all during any stage of it's looping / booting that something could hook onto?
 

xspyda

Senior Member
Mar 8, 2006
627
25
That's interesting, will definitely give it a go.

As far as I recall there was no recognition through the PC whatsoever and when booted, the warning just popped up on screen saying that policy restricts connection to computer.

I guess there must be some way to bring it back to life but not sure with any software or hardware available to us. Once I realised download mode (and therefore Odin) was out, I pretty much gave up hope. Having said that, Airwatch support did say there was nothing anyone can do now other than return to Samsung and that's after speaking with Samsung apparently.
 

*Detection*

Senior Member
Dec 5, 2011
10,513
2,850
Durham
That's interesting, will definitely give it a go.

As far as I recall there was no recognition through the PC whatsoever and when booted, the warning just popped up on screen saying that policy restricts connection to computer.

I guess there must be some way to bring it back to life but not sure with any software or hardware available to us. Once I realised download mode (and therefore Odin) was out, I pretty much gave up hope. Having said that, Airwatch support did say there was nothing anyone can do now other than return to Samsung and that's after speaking with Samsung apparently.

SPFlash (Smartphone Flash Tool) is the one I used for the Acer
http://spflashtool.com/

Worth a shot if you can work out how to use it, it's a bit complex as you are basically trying to set up all parameters manually
https://forum.xda-developers.com/showthread.php?t=2466694

I had to find a scatterfile.txt for the Acer to tell SPFlash what to do
 
  • Like
Reactions: xspyda

SquirtingCherry

Senior Member
Jul 18, 2010
480
100
40
Zevenbergen
www.smartphonerepairs.nl
I know i'm late to the party, but i work at a company that installs airwatch agent to devices for companies, the only way to remove it from a samsung device is with KIES or SmartSwitch.
Go to the "tools" dropdown menu and choose Software update and Initialisation. Fill out the device model and samsung serial numbers and your good to go.
 

Hidden Username

Senior Member
Dec 25, 2012
739
153
You're kinda screwed. AFAIK Samsung has allowed MDM companies very low level access (even things like download mode and recovery can be disabled at a hardware level). Try an emergency restore with smart switch, that MAY help you.
 

billa

Senior Member
Mar 30, 2006
730
352
SPFlash (Smartphone Flash Tool) is the one I used for the Acer
http://spflashtool.com/

Worth a shot if you can work out how to use it, it's a bit complex as you are basically trying to set up all parameters manually
https://forum.xda-developers.com/showthread.php?t=2466694

I had to find a scatterfile.txt for the Acer to tell SPFlash what to do

Well yeah those are low level tools specifically designed for the Acer tablet.
Unfortunately that won't work for the Samsung S7, since it requires a special emmc chip flasher in EDL mode, and it's really hard to get the low level bootloader files for each specific model.

So, I have a similar situation, someone brought me a Samsung Note3 (model N900T us tmobile model) with a similar MDM locker called PayJoy.
Now, on this device I can access download mode BUT when trying to flash anything (stock or factory combination files) it throws an MDM error.
Tried every version of Odin including the patched ones, but none can flash anything onto this device.
The Developer Options menu is locked so I can't enable ADB mode including via keypad *#0808#
The computer can see the device connected, just showing a modem port, no ADB port.
Interestingly I'm able to use an OTG cable and pretty much sideload any app on it, but the low level ones get blocked upon running it.
Tried all the tricks in the book including these apps, but no Joy with PayJoy! (pun intended lol)
Android_Developer_Options_v2014-08-12.APK
Android_Developer_Options_v2015-07-16.APK
Apex_Launcher__Android_Does_v3.2.1.APK
Cortana__Microsoft_v2015-07-13.APK
Developer__Jan_Tursky_v4.5.APK
Device_Owner_Provisioner__Cottonwood_Computer_v15.4.1.APK
FRP_Bypass_ADB__GSM_Flasher.ZIP
FRP_Bypass__Easy_Firmware_v1.0.APK
FRP_Bypass__RJ_v1.0.APK
FRP_Remover_ADB_v2017-10-14.ZIP
GAM5_v2015-01-01.APK
GAM6_v2016-01-01.APK
GAM7_v2017-01-01.APK
GAM7_v2017-07-01.APK
GAM7_v2017-09-01.APK
Google_Admin__Google_v2014-10-16.APK
Google_Admin__Google_v2016-11-20.APK
NFC_Tools_v5.4.APK
NFC_Tools__Wakdev_v4.4.APK
Samsung_Retail_Mode_v2.0.2.APK
Sidebar__Mohammad_Adib_v4.4.0.APK
Test_DPC__Sample_v3.0.3.APK
Test_DPC__Sample_v4.0.4.APK
Test_DPC__Sample_v4.0.5.APK

By the way I have also tried an emergency boot disk, which also allows download mode, but the dreaded MDM error still shows up.
So if anyone has any intelligent suggestions, let's hear it.
 
Last edited:

JeffDC

Senior Member
Oct 21, 2009
1,140
168
Roseburg
Not sure how much access you have, but take a look at this, a method to hard reset the phone, from within System settings:

https://forum.xda-developers.com/showpost.php?p=74573107&postcount=12

I've never tried it, but I've seen the method posted around a few places.

You know I wonder, as you can move about the installed apps on your phone, if you can USB keyboard into your phone and see if that would connect up and provide increased movement within apps, up, dwn, back, etc, and get into Settings perhaps?
 
Last edited:

Houssem9506

Member
Jun 20, 2015
21
0
I have bought a note 8 with mdm restrictions and custom Blocker / demo mode enabled without paying attention, the phone is fully fonctionnal except I can't change wallpaper or turn on airplane mode and there is no playstoee
I'm pretty confident you have done some deep research then I did and you have more information about these things since I have seen your post about your s7 edge
I have adb enabled on developer mode but there is no oem unlock or download mode
Could you please help me with this note 8
I'm pretty sure there is at least a solution to enable play store and disable airplane and wallpaper restrictions
 

chavonbravo

Senior Member
Jul 15, 2006
408
3
I am looking for an mdm locked s8, s8+ or note8 to test on, actually, for full removal of MDM. If you are willing to sell I will buy from u. Or can ship to me and I can remove, and ship back, but few would trust to do something like that. Pm me if interested in one of these options.
 

sniperess

Senior Member
Jun 1, 2007
160
4
Toronto
I'm assuming you have access to the device, and know the PIN/password/etc (if any)? You can change CSC from the dialer, this will wipe the device, but FRP will be on. You can also dial *#0808# to enable ADB.

Source: I just did this with an AirWatch locked S5 Neo - but now I have to work around FRP :(

EDIT: Oops, still can't wipe from recovery, but at least the device is wiped (and back to initial setup screen). I assume, after getting around FRP (or in your case, you can login to your own gmail account?), there won't be any device admin/MDM setup, so you can perform normal wipe from settings menu.

EDIT2: If you're doing trying this CSC thing and will need to bypass FRP, you should downgrade the OS first... I'm stuck on the Nougat and have no bypass method now lol.
 
Last edited:
  • Like
Reactions: billa

tom_hungston

Member
Sep 27, 2008
31
0
I am looking for an mdm locked s8, s8+ or note8 to test on, actually, for full removal of MDM. If you are willing to sell I will buy from u. Or can ship to me and I can remove, and ship back, but few would trust to do something like that. Pm me if interested in one of these options.

I have S8+ and I'm unable to log in to the phone as don't know the password. I tried factory reset and it says MDM doesnt allow factory reset and phone reboots to pin entry. I can't get it into download mode either.
 

TaaRiiF

New member
May 23, 2013
2
1
Try keeping Volume down & Home & Power pressed until the phone reboots twice

Do not let go of the buttons until it has rebooted 2 times, hopefully after the 2nd it will enter download mode

i have tried even jig on my j330fn (had password and mdm and also not booting to download mode) but no joy.
 

JakeNorth

New member
Apr 11, 2019
1
0
Solution is much quicker guys:
1) setup a 6 digit pin code on your device
2) encrypt it
3) set unit to wipe automatically after 15 wrong attempts
3) reboot and let it start up, log in, and shut down
4) start up, type password wrong many many times.
Accept to restart every time the units wants you to.
and after many many many attempts, the unit will warn you that you are about to face total wipe of you unit
5) say hello to your freshly installed device again
 

Gamebook589

New member
Jun 12, 2019
1
0
Solution is much quicker guys:
1) setup a 6 digit pin code on your device
2) encrypt it
3) set unit to wipe automatically after 15 wrong attempts
3) reboot and let it start up, log in, and shut down
4) start up, type password wrong many many times.
Accept to restart every time the units wants you to.
and after many many many attempts, the unit will warn you that you are about to face total wipe of you unit
5) say hello to your freshly installed device again

What if you can't get to the settings? Then what?
 

awedel

Senior Member
Dec 29, 2011
57
14
Garden City
Same thing

I have the same issue only using MobiControl. Can't do anything. I've tried the jig. No go. Can't get to download mode. Can't flash via ADB. Can't uninstall MobiControl. Can't disable it as a Admin app. Factory Reset is blocked. Can't uninstall via ADB. Flashing via the SD card fails (says the footers are wrong, but the file works on other S7's). I've tried setting the pin, but after 15 attempts nothing happens. Tried factory resetting through "Find my phone", didn't work. Basically I need a way to override or uninstall MobiControl but can't. The app won't even load because it's force closing, thus I can't disable it from the backend, or the frontend.
I've even tried booting into Safe Mode and uninstalling the app. No go.
Anybody have any ideas I haven't tried.
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    MDM - Mobile Device Management and in this case, Airwatch.

    Factory reset is a no go, as the MDM prevents that through recovery. Unable to access download mode so can't flash with Odin.

    Basically, Airwatch have advised there is nothing that can be done. That being the case I find it incredible that the s/w would allow the action in the first place. I would expect them to have some tool to remove the MDM software at a low level via install from SD card in recovery or something (after authentication) but no, no such thing.
    Yea thats pretty messed up. Id raise some hell. Unless it has root privlages it shouldnt be able to do that. And the compny should always have a way to remove it.
    1
    Yea thats pretty messed up. Id raise some hell. Unless it has root privlages it shouldnt be able to do that. And the compny should always have a way to remove it.



    Absolutely! Asked them about a .zip to flash and also expressed surprise that I was allowed to do what I did in the software. Fell on deaf ears.

    I'm with you but if this serves as a warning against people using Airwatch that's a win too.
    1
    Seems strange to me as download mode is not something you can alter
    https://seap.samsung.com/api-refere...AVersion(java.lang.String, android.os.Bundle)

    ---------- Post added at 08:04 PM ---------- Previous post was at 07:45 PM ----------

    Are you able to install apps that don't come from the playstore?
    Can you disable it as device administrator?

    It meaning Airwatch
    https://www.dropbox.com/s/dh16mxonvvwuotw/Screenshot_20170210-200209.png?dl=0
    1
    For anyone interested here is the list of restrictions available under Airwatch Android:

    http://pastebin.com/2qxTGa5G
    1
    That's interesting, will definitely give it a go.

    As far as I recall there was no recognition through the PC whatsoever and when booted, the warning just popped up on screen saying that policy restricts connection to computer.

    I guess there must be some way to bring it back to life but not sure with any software or hardware available to us. Once I realised download mode (and therefore Odin) was out, I pretty much gave up hope. Having said that, Airwatch support did say there was nothing anyone can do now other than return to Samsung and that's after speaking with Samsung apparently.

    SPFlash (Smartphone Flash Tool) is the one I used for the Acer
    http://spflashtool.com/

    Worth a shot if you can work out how to use it, it's a bit complex as you are basically trying to set up all parameters manually
    https://forum.xda-developers.com/showthread.php?t=2466694

    I had to find a scatterfile.txt for the Acer to tell SPFlash what to do
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone