Agent Configuration Payload
- Martin Gudme Søndergaard
Introduction.
This payload contains two part that can be used independent from each other or together.
Enterprise Profile Removal Passcode
This payload can be used to set a password which is required to unroll the device.
Configurations
| Configuration | Description |
|---|---|
| Enterprise Profile Removal Passcode | Configure a passcode that is needed for unenrolling (case sensitive). |
| Google Account Id (Factory reset protection, only for Device Owner) | Account Id consists of 21 numbers |
Configuration: Factory Reset Protection (Only for Device Owner) Android 8.1 or later
Factory Reset Protection
Factory Reset Protection is enabled when a Google ID is added on the device and there is a pin code or password to lock the screen. When an Android device has Factory Reset Protection (FRP) enabled, it requires the previous user's account details once it has been factory reset. This can cause issues in the case of corporate devices, as it prevents corporate devices from being reused.
The idea is to have an enterprise Google account that can be used to unlock devices with an unknown Google account added to the device. Both enterprise account and logged in Google account can unlock the device. According to Google FRP works from Android 8.1 or above. It is highly commended to test it before using it in the production environment! It may vary from device to device and Android version to the Android version.
| Step | Configuration |
|---|---|
| 1 | Enroll your Android device as a DEVICE OWNER: |
| 2 | Click on this link, and click “Execute”. Login with your Google account: |
| 3 | Every Google account is associated with an account ID. The 21-digit number present against id is your account ID
|
| 4 | You have to copy your Google Account ID, and paste it in the Agent configurator payload: |
| 5 | On your device, you have to login with another google account. |
| 6 | In the console, add the payload to buffer, and paste it to the device: |
| 7 | Verify the payload is on the device |
| 8 | On your android-device, start it in Recovery mode, and wipe it. |
| 9 | When you start the android device, you will be prompted to connect to Wifi |
| 10 | Connect to wifi. Now you have to use the google-account, you used to get your Google Account ID. If you use another google-account, you will be rejected.
|
