-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Airwatch MDM Agent #30
Comments
We need more info on this. When I launch the app it asks for a url. I'm assuming there is some sort of server piece for this. |
Also what is the exact message you get. This will help us find the JB Detection. |
Actually I think I found the JB Detection. This should be easy to implement. |
OK I think I have this fully supported. Can you test it out and let us know. http://dl.dropbox.com/u/8694528/xCon/com.n00neimp0rtant.xcon_37%2Bbeta_iphoneos-arm.deb |
Beta 2 was pushed can you test it out and let us know. |
37 b2 while xcon is enabled airwatch operates until URL is entered from your company's mdm server, then it crashes immediately and upon every subsequent relaunch. |
Thanks for the feedback. Will continue to research. |
Following class-dump-z suggestions from iphonewiki, I found several suspects in the headers: deviceCompliance and deviceCompromised. I don't know how to hook them myself and have no access to IDA pro to trace them, so I hope that helps. I am able to test anytime, I have excellent command line skills and platform knowledge, crashed app leaves no crash report via ios or crash reporter via Cydia or syslog. thank you for your attention to this. |
Hi, What's the latest on AirWatch? I've been trying to get it to work but have not been successful. Should AirWatch be installed after xCon? |
Would be great for AirWatch MDM Agent v 4.0.. Hope xcon is a solution to bypass jbreak detection for this app.. |
Doesn't work for v4.0. Do you need any info from the app or the iPad to fix xCon for v4.0? |
App. Store only have the 4.0 version of this app. I cant find the earlier versions, xcon fix for 4.0 would be great |
Any updates on this one? |
Please fix airwatch 4.0. My company just implemented AirWatch but I can't run on my phone. If you could fix the new version or even give a link to download an older working version it would be very much appreciated! Great App! |
Just emailed Scott the requested information and cracked IPA for version 4.0. Please update xcon. Will definitely make a donation if this works! Thank you. |
@george4073 you didn't need to do that since AirWatch is a free download. |
@Lunat1k Thank you. Do you think you guys will be able to get xcon working with Air Watch 4.0? |
4.0.1 just released |
37 beta 6 has the same behavior for 4.0.1 for me. See post from 2 months ago. App crashes while xcon enabled once URL is entered for company mtm server. Is there a way to clear the last saved prefs from airwatch, what file can I delete to reset it. With ifile or terminal. |
Usually apps store their settings in /var/mobile/[GUID]/Documents or /var/mobile/[GUID]/Library. You'll just have to look in one of those folders to delete the prefs. When I get a chance I'll take a peek at 4.0.1 but without a server it's going to be hard for us to test. |
App is crashing on load after entering server URL for me too. |
My company is using this too. Would be great to get it working! Thanks so much for your time. It's appreciated. |
Just to give an update. I finally got around to checking it out this AM. Based on some info another user gave me I was able to get past the url screen. I'm still doing some testing and if it looks good I'll get n00ne to push it to his repo for beta testing. |
Any update on this release? |
Probably next week. I'm trying to work a few apps at the same time. |
Cool, I have the current version of xcon and airwatch is able to detect the jailbreak. When this new version comes will i just have to remove airwatch and reinstall it or will i have to remove some files with ifile? |
You'll just have to upgrade xcon |
Any updates? |
Thanks for the updates. Cant wait to try it out. |
What version of Airwatch are you using? you do your own internal or go w/ their SaaS? |
5.2 and we host it internally. Just removed my profiles, deleted Airwatch, On Mar 29, 2013, at 3:42 PM, cnote2020 notifications@github.com wrote: What version of Airwatch are you using? you do your own internal or go w/ — |
make sure you delete the device from airwatch as well... I am using xcon 26 and no problems.. mine just did a comprise scan last night.. I have it set to do one every 48 hours... we are using SaaS though so on 6.3.1.2 |
Ok, it's working now on beta22. But I uninstalled Airwatch MDM app again, So could've just been something flaky and needed to reinstall everything. Thanks for the quick replies. On Fri, Mar 29, 2013 at 3:45 PM, cnote2020 notifications@github.com wrote:
|
@Lunat1k - --iPhone 4 GSM-- *iOS 6.1.3 - JB (tethered) with redsn0w - installed beta28 - installed airwatch 4.2 (apparently my APTickets didn't store correctly for this phone so I have been unable to downgrade to 6.1.2) --iPhone 5 GSM-- (Interesting note: upon initial enrollment, it wouldn't let me enroll as it stated I had my device locked. Turns out the cydia tweak "Exchange Unlock" I had installed was preventing me from enrolling. I uninstalled the tweak, and was able to enroll. Then, after I passed all compliance checks, I installed Exchange Unlock, REBOOTED (just for completeness), had to do my typical 'safe mode' boot after a reboot (I have to manually do this to make ExchangeUnlock 'stick')), and all is well. I forced a compliance recheck from the console and it is showing as PinCode enabled) Again, your work is incredible, and once again the jailbreaking community has made my life complete :). If I can lend my testing services to you in anyway, please let me know, I am eager and happy to help. |
@gratefuljailbreaker I have no way of testing a tethered jailbreak as I don't have any a4 devices anymore so I can't tell you whats going on. Also I suggest using exchange policy cleaner instead of exchange unlock so that you don't have to type a passcode everytime you reboot. It actually strips the passcode part of the policy out. |
@Lunat1k - Thanks for the heads up on ExchangePolicyCleaner, and I thought I'd let you know what I found with that. I installed it, removed my MDM and exchange information. I then re-enrolled, and it appeared to have gone through correctly, no issues, no message prompting me that I didn't have a pincode set or anything. I saw my device show up in the console, and saw that it appeared as NON-COMPLIANT, due to there being no pincode set. After a few minutes, the create-pin-code prompt appeared, and I was forced to set a pincode. After a respring, and reboot, it appears that the pincode was here to stay, and ExchangePolicyCleaner had no effect on the new MDM profile. I re-installed Exchange Unlock, and it has indeed, 'removed' the pincode. Now, I realize that the pincode isn't actually removed, because if I reboot the phone and do NOT put the pincode in, all my e-mail shows up blank, and my wireless connections haven't stored any keys. I'm assuming then that the pincode acts as some kind of encryption key unlocking the data, and Exchange Unlock simply 'sticks' that key after first time usage. Therefore, in a way I kinda like having at least that initial power-on protection in place. Still, I greatly appreciate the suggestion. Always in favor of new and helpful apps. ANYWAY, all good stuff here, thanks again for the help. Do you have a donation link for me? I'd like to say thanks properly. |
In Airwatch remove the password policy part in the device profile payload. Exchange cleaner only can bypass activesync policy. Your probably still getting password policy from Airwatch not your exchange server. |
@gratefuljailbreaker my donation link is http://goo.gl/O1nPT |
This is a fascinating thread. And thanks to @pomc for the insights into the AirWatch Admin Console. In particular: ...There is a setting that can be enabled to prevent JB devices, just warn JB My employer deployed AirWatch last year. But they do not provide any devices- one must bring one's own iPad. I wouldn't have any huge problem with that, except that they've also gone with what I consider an onerous MDM Profile policy. I started to install Airwatch, but quit when I got to the MDM profile installation which read: "Installing this Profile will allow the Administrator at "https://aaa.bbb.ccc/DeviceServices/AppleMDM/Processor.aspx" to remotely manage your iPad. The Administrator may collect personal data, add/remove accounts and restrictions, list, install, and manage apps, and remotely erase data on your iPad" YGBSM I said! Again, if this was a company issued device, I'd have no problem with whatever policy they want. But I was simply not going to agree to that on a personally owned device- on principal alone. So my question to @pomc- does that MDM Profile policy look pretty standard to you? Appropriate for a bring-your-own-device shop? Can they really do all that? I'm a very happy Xcon user, and many many thanks to Lunat1k (donation sent). On one hand I'm tempted to go ahead and give Airwatch a try, but given that Profile policy, not sure I even want to do that much. Your thoughts as an Admin? Other Airwatch users? Thanks Lunat1k if you can indulge some broad discussion of this subject. |
That message is actually generated by Apple and not from Airwatch. Believe I can see what apps a user has installed, the location of the iPad (just So yeah, that does look pretty standard. On Mon, Apr 1, 2013 at 11:09 AM, tech5 notifications@github.com wrote:
|
I just sent my donation as well. On Mon, Apr 1, 2013 at 11:38 AM, Rick Osborn rickismyname@gmail.com wrote:
|
@pomc thanks for that ;) |
@pomc wrote "I can...remotely wipe the entire iPad..." Doh. Well...thanks for at least confirming that. Would the simple detection of a jailbroken device ever result in the device being wiped? All in all I just can't get my head around such a policy for a personally owned device. I think I'll save myself the worry and just skip it. |
@tech5 I agree with you. I don't think a company should have the right to wipe a personal device. If anything Apple really needs to redesign it so that a company could just strip corporate related stuff from the device instead of a remote wipe. I do think keeping remote wipe should stay for an only in case of an emergency someone stole my phone situation, however that should only reside on icloud imo. |
The whole point of Airwatch is to do "enterprise wipe" so this way personal data is never wiped/or a full device wipe is never done. Meaning if they do the enterprise wipe it only rips out the airwatch profiles (Wifi, Activesync,etc.) |
The profile could be configured to perform an enterprise wipe if a JB was On Mon, Apr 1, 2013 at 12:57 PM, cnote2020 notifications@github.com wrote:
|
Donation sent. Again, thank you so much for freeing my devices!! |
@Lunat1k - Part of our policy was that it was disabling Siri in the lock screen. Last week, the policy was enforced. Now however, siri is working even though my policy states it shouldn't be (and is greyed out)... was that you? If yes, I wanted to shout out a huge thanks! If not, well, I'll blame you anyway and say thanks!! |
Yikes- every time I think I'll go ahead and install AirWatch, I learn something more. I use Siri from the lock screen all the time- i.e. for Siri Eyes Free while driving and tethered to the Bluetooth in my car. Has Airwatch considered the legal ramifications here? i.e. forcing a driver to unlock their device each time to use a motor-vehicle safety feature that is supposed to be able to be used hands and eyes free? |
I get the enthusiasm but hope people realize this will be again broken as soon as the next version of Airwatch or iOS comes out. |
@tech5 I actually don't have anything to do with that. Sounds like either an Airwatch policy bug or an iOS bug. @CGtrue Depends on what the company is doing. I learn more and more by various complex JB detections and more and more i'm actually making equally as hard for them to work around my stuff. Just like jailbreaking it's definately a cat/mouse game. |
@tech5 - you make a good point, but I'm sure my company feels it's worth the trade off for whatever possible information they think they can get out of Siri (contacts and the like I suppose). Regardless, since a version or two ago of xCon, it started working on the lock screen and I'm giving Lunati1k credit (it may also be Cleverpin... I just bought that app to help me selectively bypass my pin code... I can't really have my boss picking up my phone at work and discover it's still jailbroken after all) |
V38 Final is being pushed today. Closing this issue as completed. If they push a new version that requires xcon changes please open a new issue. Comments can can still be posted onto this thread even though it's closed. |
I realize this is closed, but is there possibility to implement this on devices that do not use the app, just profiles installed. it is still airwatch, but no app is installed. |
@pomc do you know if the console configuration for allowing jailbroken phones still exists in version 4.4 of MDM? |
In the Airwatch admin console of the server you can whitelist any devices On Sat, Jul 20, 2013 at 11:27 PM, llamahunter notifications@github.comwrote:
|
Think this one is possible? It's free on the app store. Would be really grateful :)
The text was updated successfully, but these errors were encountered: