Related
Many people heard about FBI fail with android pattern lock. I became interested in this situation and found that it's possible to connect my device to PC and explore files using ClockworkMod bootloader ability to mount USB storage. This is not good, but I found another vulnerability. You can enter to Download mode and again without pattern lock or any password protection flash new firmware. After this you can exec smartphone and see all internal memory (photos, videos or any your private data).
Clockworkmod developers should and option to set password or pattern lock to their bootloader. I believe that it is a realy necessary option. But what with download mode? Is it possible to set password or pattern lock before you enter it and PC will see device ready for flashing?
What you are really wanting is a Power On Password.... This would be the only way to implement what you want to do.
I have the Galaxy Nexus and you can encrypt the entire device just like you can do with other devices. Once you have encrypted the device you cannot mount the internal storage to flash a ROM in CWM. To un-encrypt it when you are running a custom ROM you have to flash stock firmware back and you loose all your data.
Please see this report.
http://homar.blog.fc2.com/blog-entry-210.html
http://homar.blog.fc2.com/blog-entry-341.html
http://homar.blog.fc2.com/blog-entry-349.html
ZiT777 said:
Please see this report.
http://homar.blog.fc2.com/blog-entry-210.html
http://homar.blog.fc2.com/blog-entry-341.html
http://homar.blog.fc2.com/blog-entry-349.html
Click to expand...
Click to collapse
Would be nice to read this in english. Can't understand nothing.
does anyone know how the apps that disable the password are going to work on an encrypted phone and with L on the way encrption will be enabled by default so how with the bluetooth unlock work
mikeyb1216 said:
does anyone know how the apps that disable the password are going to work on an encrypted phone and with L on the way encrption will be enabled by default so how with the bluetooth unlock work
Click to expand...
Click to collapse
Encrypted devices require a password to unlock storage at boot. Without that, it can't boot as all the /data partition is locked.
It is this password that decrypts storage. From that point on, whilst booted, you simply have a normal password. The device is unencrypted at that point.
That said, no one knows what changes in encryption will be implemented with L
Sent from my Nexus 5 using Tapatalk
Guys, apologies if the question is silly / already asked somewhere i wasn't able to locate.
As per thread title, what is that all about? 1. It's an expected behaviour / feature of TWRP, or is it kind of a bug? 2. Is there any way to avoid / disable it?
It's quite annoying during these days of frequent flashing as development is speeding up fast for this little beast.
If you have a pin or pattern set up it will always ask you for it.
sting5566 said:
If you have a pin or pattern set up it will always ask you for it.
Click to expand...
Click to collapse
Well, thanks for pointing that out.
I've been outside of the flashing world for a while with my old phone (OP2), but i'm pretty sure to recall that i was using TWRP 3.X and the pin was setup (due to fingerprint usage for unlocking) and the recovery was not asking for any decryption pwd.
Maybe the OP2 was not encrypted and that's the point. So wondering if future development will change this (are custom ROMs usually decrypted?)
It's something completely outside of my knowledge, so i could just be trashtalking here.
ca110475 said:
Well, thanks for pointing that out.
I've been outside of the flashing world for a while with my old phone (OP2), but i'm pretty sure to recall that i was using TWRP 3.X and the pin was setup (due to fingerprint usage for unlocking) and the recovery was not asking for any decryption pwd.
Maybe the OP2 was not encrypted and that's the point. So wondering if future development will change this (are custom ROMs usually decrypted?)
It's something completely outside of my knowledge, so i could just be trashtalking here.
Click to expand...
Click to collapse
If you don't want to enter anything when twrp starts under security , screen lock change that to none and you shouldn't have to put anything in when twrp starts.
ca110475 said:
Guys, apologies if the question is silly / already asked somewhere i wasn't able to locate.
As per thread title, what is that all about? 1. It's an expected behaviour / feature of TWRP, or is it kind of a bug? 2. Is there any way to avoid / disable it?
It's quite annoying during these days of frequent flashing as development is speeding up fast for this little beast.
Click to expand...
Click to collapse
It is a security issue. If you need pass/pin/pattern to keep your phone secure then logically you should have it required in twrp to prevent unauthorized access to your phone through twrp. You can disable pass/pin/pattern from the twrp file manager
Sent from my OnePlus6 using XDA Labs
Just decrypt your phones storage. You want be asked for a pattern / pin anymore in twrp
matze19999 said:
Just decrypt your phones storage. You want be asked for a pattern / pin anymore in twrp
Click to expand...
Click to collapse
How?
mikex8593 said:
How?
Click to expand...
Click to collapse
I'm not so sure you can actually decrypt the phone's storage and the reason I believe this to be so is the day I received my phone I was going through all of the settings. If you go into security and lock screen and scroll to the bottom you will see that your phone is encrypted. My phone was like this from day one without entering any fingerprint or PIN code. I may be wrong about decrypting the storage however the OnePlus 6 does have an EFS (encrypted file system) which stores meid, imei, serial number, config, diag settings and radio settings, etc in an encrypted format at the file system level.
If you do manage to decrypt your storage your phone will most certainly be vulnerable
dgunn said:
I'm not so sure you can actually decrypt the phone's storage and the reason I believe this to be so is the day I received my phone I was going through all of the settings. If you go into security and lock screen and scroll to the bottom you will see that your phone is encrypted. My phone was like this from day one without entering any fingerprint or PIN code. I may be wrong about decrypting the storage however the OnePlus 6 does have an EFS (encrypted file system) which stores meid, imei, serial number, config, diag settings and radio settings, etc in an encrypted format at the file system level.
If you do manage to decrypt your storage your phone will most certainly be vulnerable
Click to expand...
Click to collapse
I've always been decrypt with previous phones. There is no decryption method with the 6 yet because of the a/b partitioning. You need to flash a modified boot img.
mikex8593 said:
I've always been decrypt with previous phones. There is no decryption method with the 6 yet because of the a/b partitioning. You need to flash a modified boot img.
Click to expand...
Click to collapse
If you were to decrypt your data (and you can through either adb or fastboot - but I,m not going into that here), you would wipe it at the same time.
There's no way around this.
carlos67 said:
If you were to decrypt your data (and you can through either adb or fastboot - but I,m not going into that here), you would wipe it at the same time.
There's no way around this.
Click to expand...
Click to collapse
With that, I am aware of the wipe, but it would be a prepared and willing wipe, but you are right, this is not the place for the discussion.
Hi,
i had root my O+7 pro and didn't seen the warning that it's wip datas ...
is there any way to recover theme?
Thanks a lot in advance
You can try disk recovery from the play store and give it root permissions, but I can't say if it will recover anything. But to be fair, there were warnings given when unlocking the bootloader, etc about the wiping of data. So possibly a hard lesson learned
Always backup... Backup... Backup... Even if just doing an update. Since you are rooted now I would get titanium backup and do a backup before any update or flashing that u r not comfortable with and back up to Google drive or push to an OTG also back up ur sdcard files by manually moving to an OTG or use twrp to backup data to an OTG... Preferably before u set a pass code or pin securities. Hope u can recover bud.
i'll try the first solution.
in all the case i'll use a good backup solution after that. and i know, i usualy alaways backup but idn, this way my brain had decided it was useless *facepalml*
hallo dare said:
You can try disk recovery from the play store and give it root permissions, but I can't say if it will recover anything. But to be fair, there were warnings given when unlocking the bootloader, etc about the wiping of data. So possibly a hard lesson learned
Click to expand...
Click to collapse
can't find the app, sorry but do you have the link of the app you have in mind?
thanks a lot for your help in all the cases :good: :highfive:
Zeirman said:
can't find the app, sorry but do you have the link of the app you have in mind?
thanks a lot for your help in all the cases :good: :highfive:
Click to expand...
Click to collapse
https://play.google.com/store/apps/details?id=com.defianttech.diskdigger
hallo dare said:
https://play.google.com/store/apps/details?id=com.defianttech.diskdigger
Click to expand...
Click to collapse
Already tried DiskDigger pro (root allowed), and only finded some icone in JPG and PNG, a blank TIF, 16 .zip, and thousands of SQLITE files (don't know what it is)... i had guess it hadn't work
Any other idea? (and thanks a lot again for your help!)
Zeirman said:
Already tried DiskDigger pro (root allowed), and only finded some icone in JPG and PNG, a blank TIF, 16 .zip, and thousands of SQLITE files (don't know what it is)... i had guess it hadn't work
Any other idea? (and thanks a lot again for your help!)
Click to expand...
Click to collapse
Think you're out of luck.
hallo dare said:
Think you're out of luck.
Click to expand...
Click to collapse
No other idea? even through adb or a soft, even not free solution? :/
i don't understand why nothing work
i had almost writte no data since i had root, and my phone has 256Go
even by writte a little with the root process and install 3 app, i couldn't writte 256Go so... why nothing work? why realy no data is found? that's not strange? :/
Maybe you can dumb and pull your userdata partition to an .img file via adb to your pc and then use softwares like recuva to recover data on windows, i don't guaranty it will work , but it's Worth the shot, i tried it one time when i had the OPO (i changed to f2fs partition without backing up and lost everything) annnnnnnndddddd...... no i found nothing lol, but maybe you can find since it's a different type of format i guess" but worth a try
Chinaroad said:
Maybe you can dumb and pull your userdata partition to an .img file via adb to your pc and then use softwares like recuva to recover data on windows, i don't guaranty it will work , but it's Worth the shot, i tried it one time when i had the OPO (i changed to f2fs partition without backing up and lost everything) annnnnnnndddddd...... no i found nothing lol, but maybe you can find since it's a different type of format i guess" but worth a try
Click to expand...
Click to collapse
i had try this tutorial: https://howtorecover.me/data-recovery-internal-storage-android-phone-guide
but the list_of_partitions.txt file is blank, no matter if i do it from the phone or computer
Zeirman said:
i don't understand why nothing work
i had almost writte no data since i had root, and my phone has 256Go
even by writte a little with the root process and install 3 app, i couldn't writte 256Go so... why nothing work? why realy no data is found? that's not strange? :/
Click to expand...
Click to collapse
There is no data found because it is encrypted.
All phones that ship with Android 6 or higher have user data encrypted by default from first boot, without the user enabling encryption.
This is intentionally designed to protect against data recovery by an attacker.
Even if you don't use a PIN or password, Android creates a random encryption key to secure the data. When the phone is wiped the keys are deleted making it difficult to recover data without said keys.
KemikalElite said:
There is no data found because it is encrypted.
All phones that ship with Android 6 or higher have user data encrypted by default from first boot, without the user enabling encryption.
This is intentionally designed to protect against data recovery by an attacker.
Even if you don't use a PIN or password, Android creates a random encryption key to secure the data. When the phone is wiped the keys are deleted making it difficult to recover data without said keys.
Click to expand...
Click to collapse
I understand better now!
that's a good news that people can't recover datas from a second hand phone
but... does it mean it's impossible for me? 0% chances? or is there a maybe complicated but possible way?
Zeirman said:
I understand better now!
that's a good news that people can't recover datas from a second hand phone
but... does it mean it's impossible for me? 0% chances? or is there a maybe complicated but possible way?
Click to expand...
Click to collapse
Not possible. The encryption keys are protected by what is called hardware-backed encryption. The Snapdragon chip binds the keys to a specific device so the data can't just be copied to a computer and recovered. It would take a major security flaw (that hasn't already been patched) to get through this system.
It is designed to be very secure. It is also used to protect fingerprint data and Netflix DRM.
KemikalElite said:
Not possible. The encryption keys are protected by what is called hardware-backed encryption. The Snapdragon chip binds the keys to a specific device so the data can't just be copied to a computer and recovered. It would take a major security flaw (that hasn't already been patched) to get through this system.
It is designed to be very secure. It is also used to protect fingerprint data and Netflix DRM.
Click to expand...
Click to collapse
You don't give me good news but at least i know why i can't recover theme
Thanks a lot for your help!
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
people report similar on updates, but I don't think it's official known bug. however, there is gatekeeper in background which will deny correct password after too many attempts, timeout increases up to 1 trial per day. if something corrupted it might happen this deny is silent without notifying you.
so best what you can do for now is nothing, just wait for 24 hours and keep on charging.
perwell said:
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
Click to expand...
Click to collapse
if you're decrypted you can delete your lockscreen in twrp if you're encrypted you'll need to remember your password otherwise it's wipe data
@jons99 if OP would have the availability to access lockdettings it would be also possible to backup data, right?
aIecxs said:
people report similar on updates, but I don't think it's official known bug. however, there is gatekeeper in background which will deny correct password after too many attempts, timeout increases up to 1 trial per day. if something corrupted it might happen this deny is silent without notifying you.
so best what you can do for now is nothing, just wait for 24 hours and keep on charging.
Click to expand...
Click to collapse
It would be strange to ask again for password every 2 minutes and silently block out for the whole day. Actually it would rather bad for the actual users rather than unauthorized break in.
I've tried many times and I'm quite sure that I've typed the correct password at least once. Are there any options like blocking it through Xiaomi cloud and maybe it would ask to log into the account. I've tried changing the password but it still does not work (maybe it was made after too many attempts).
Does the password to phone change when it is changed to the Xiaomi account?
as stated above, it doesn't matter you typed the correct password
aIecxs said:
@jons99 if OP would have the availability to access lockdettings it would be also possible to backup data, right?
Click to expand...
Click to collapse
any one with working twrp can access the lockscreen file but if your device is encrypted you'll be locked out if you delete it
Poco F2 Pro on MIUI 13 /data/system/lockdettings.db is unencrypted despites /data partition is encrypted?
aIecxs said:
Poco F2 Pro on MIUI 13 /data/system/lockdettings.db is unencrypted despites /data partition is encrypted?
Click to expand...
Click to collapse
if his data partition is encrypted then it doesn't matter deleting locksettings won't help
except for most Xiaomi devices encrypted with default_password where lockdettings.db can be deleted safely (if you would have access to decrypted /data partition, which would also allow you to backup /data)
aIecxs said:
except for most Xiaomi devices encrypted with default_password where lockdettings.db can be deleted safely (if you would have access to decrypted /data partition, which would also allow you to backup /data)
Click to expand...
Click to collapse
To access files I need to enable file transfers. Besides I also wouldn't want to risk bricking the phone.
as your bootloader is locked there is nothing you can do anyway... this was just side note question to @jons99
it's true that file-based encryption is tied to lock screen credentials, but MIUI 13 is insecure and implemented metadata encryption in a wrong way so that TWRP is able to decrypt without password, like it was common on full-disk encryption.
full-disk encryption requires decrypted partition first in order to access files on it, so the suggestion to delete locksettings.db is pointless as goal (access /data) would already achieved before. but I am curious about file-based encryption and metadata encryption leaves /data/system unencrypted. while it for sure would break file-based encryption, I am not quite sure this applies to MIUI weak metadata encryption too, if we delete locksettings.db
aIecxs said:
as your bootloader is locked there is nothing you can do anyway... this was just side note question to @jons99
it's true that file-based encryption is tied to lock screen credentials, but MIUI 13 is insecure and implemented metadata encryption in a wrong way so that TWRP is able to decrypt without password, like it was common on full-disk encryption.
full-disk encryption requires decrypted partition first in order to access files on it, so the suggestion to delete locksettings.db is pointless as goal (access /data) would already achieved before. but I am curious about file-based encryption and metadata encryption leaves /data/system unencrypted. while it for sure would break file-based encryption, I am not quite sure this applies to MIUI weak metadata encryption too, if we delete locksettings.db
Click to expand...
Click to collapse
I'm pretty sure xiaomi is using file based encryption and without the locksettings you won't be able to decrypt your data I mean the system will load but you won't be able to use it as it will show phone is starting message forever cause it won't be able to decrypt your data on the other hand I don't know much about xiaomi so I guess anything is possible
nope, actually it's metadata encryption (but I have never seen personally as I don't got such device in hands)
Code:
/dev/block/bootdevice/by-name/userdata /data f2fs noatime,nosuid,nodev,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,inlinecrypt,checkpoint_merge latemount,wait,formattable,fileencryption=ice,wrappedkey,keydirectory=/metadata/vold/metadata_encryption,quota,reservedsize=128M,sysfs_path=/sys/devices/platform/soc/1d84000.ufshc,checkpoint=fs
perwell said:
Hello,
today it happened that I forgot a password to my phone. I've tried to restore it by logging in into my xiaomi account and my google account. Unfortunately it only offers to wipe my data, which I want to avoid at all costs.
I have Poco F2 Pro on MIUI 13
Is there known a bug which could in any way make me unable to log into my phone?
Please help me. I am really desperate. I beg you. If you need any information about this case and it's sensible to share it there, please ask.
Click to expand...
Click to collapse
Hi my friend
Were you able to unlock your cell phone?
It just happened to me with a xiaomi redmi note 8 and every time I try, the device makes me wait 64 minutes.
SBUnlock said:
Hi my friend
Were you able to unlock your cell phone?
It just happened to me with a xiaomi redmi note 8 and every time I try, the device makes me wait 64 minutes.
Click to expand...
Click to collapse
Did you previously unlocked bootloader with Miflash Unlock Tool?
aIecxs said:
Did you previously unlocked bootloader with Miflash Unlock Tool?
Click to expand...
Click to collapse
Not yet
The truth is that I am new to this, when I investigated about Miflash Unlock Tool, I see that it is used to unlock bootloader, not to unlock cell phone security pattern.
I am right?
I need to unlock the security pattern of my cell phone
you can't unlock bootloader, it's too late. you are screwed. either give it back to the child for playing (hopefully one day it get unlocked) or factory reset phone. you can't break screen lock on locked bootloader no matter what encryption type used.
aIecxs said:
you can't unlock bootloader, it's too late. you are screwed. either give it back to the child for playing (hopefully one day it get unlocked) or factory reset phone. you can't break screen lock on locked bootloader no matter what encryption type used.
Click to expand...
Click to collapse
THANK YOU SO MUCH FRIEND,
Is there an android security option that after many failed attempts, blocks the correct pattern?
until now, theres still no solution to this bug