[Q] Password-protected bootloader. Is it possible? - General Questions and Answers

Hi everybody
I thought that if someone steals my phone, the thief has simply to flash a fresh rom to make the device usable (don't consider the IMEI lock, because, at least in EU, if the phone is taken in another country this lock is useless), even if I am able to protect my data with many programs that lock the phone when it's urned on. I was thinking about something that makes the device not usable at all, for example a password-locked bootloader to prevent unauthorized flashing. What do you think about it, is it makeable? Does it makes sense or is it simply a bad idea?

Actually, that does sound like a good idea, its simple enough putting a phone into boot loader and flashing a new ROM, I have no idea if its make able but it is a good idea
Sent from my One V using xda premium

I guess u cannot do that...so far no one did it....
But good idea.

gigsaw said:
Hi everybody
I thought that if someone steals my phone, the thief has simply to flash a fresh rom to make the device usable (don't consider the IMEI lock, because, at least in EU, if the phone is taken in another country this lock is useless), even if I am able to protect my data with many programs that lock the phone when it's urned on. I was thinking about something that makes the device not usable at all, for example a password-locked bootloader to prevent unauthorized flashing. What do you think about it, is it makeable? Does it makes sense or is it simply a bad idea?
Click to expand...
Click to collapse
Intel has implemented anti theft technology (Intel AT) for laptop processor which locks down the hardware itself but no such solution for mobile processor. Just hope that Intel/ other manufacturers brings it to mobile processor in the future

At least I was thinking that before flashing with ADB or with RUU could be checked if the PC is logged in with the same google account on the phone...phones cost to much and are too easy to be stolen =s but in my opinion it's impossible to do something like that in unofficial way, manufacters could care about that but they don't...I wrote a couple of e-mails to some manufacters, some of them answered that they are not interested in that.

Related

Remote task29 as security

Hi Guys
Is there a application that could execute a remote task29 if phone gets stolen?
Most of theves are dump so would not know how to put the OS back on.
The normal way of IMEI blocking does not work, some networks will not care to block, some will not communicate to others so it will be blocked for example on O2 but not t-mobile... We all also know that you just need to sell a IMEI blocked unit abroad.
Two functions would need to be present:
Function 1 a remote wipe so you send a txt message.
Function 2 is to wipe the phone if new sim is inserted and password is not provided. Such software would need to be able to cook itself in to rom.
Second possibility for Function 2 is each time new sim is inserted a txt message is sent on pre-arranged mobile number and then use remote wipe.
lookout mobile security has that feature of remote wipe.
www.mylookout.com
antivirus, remote wipe, and gps locator all work.
nrfitchett4 said:
lookout mobile security has that feature of remote wipe.
www.mylookout.com
antivirus, remote wipe, and gps locator all work.
Click to expand...
Click to collapse
It is not even remotely the same as even if you do wipe the device it is still usable, there is just you data erased. I am talking OS erased so phone does not work, so you can get it to bootloader and only if you know how.
ruscik said:
It is not even remotely the same as even if you do wipe the device it is still usable, there is just you data erased. I am talking OS erased so phone does not work, so you can get it to bootloader and only if you know how.
Click to expand...
Click to collapse
considering you cannot even task29 unless you are synced to a computer, how do you suppose this can be accomplished???
nrfitchett4 said:
considering you cannot even task29 unless you are synced to a computer, how do you suppose this can be accomplished???
Click to expand...
Click to collapse
I am not a software developer but I would say a app that works just before OS boots.
TBH task29 seems like the best idea as if you were to get the phone back you could get it back online but any app that would brick the phone remotely is what one needs.
I am quite certain something like that could be done.
why not have it flash a bricking radio from sd card or within the rom, if the command is send?
how about an app then makes the phone transform into a plane and fly back to you?
its impossible what you are asking for afaik
davidgk said:
how about an app then makes the phone transform into a plane and fly back to you?
its impossible what you are asking for afaik
Click to expand...
Click to collapse
Bolox I can flash radio or OS from SD card. All a app would need to do is get phone to bootloader on command and have, as suggested, a bricked rom for radio on SD card. A bricked radio rom would not need to be big in size so a cab installer would work.
Its a very good idea, hope some1 can do it..
my hats off to you sir, a very good idea!
Now if there is only a developer skilled enough to realise it!
ruscik said:
Bolox I can flash radio or OS from SD card. All a app would need to do is get phone to bootloader on command and have, as suggested, a bricked rom for radio on SD card. A bricked radio rom would not need to be big in size so a cab installer would work.
Click to expand...
Click to collapse
but what does this achieve for you???
A phone wiping program would wipe personal data.
What would bricking the phone do except make the phone unusable?
You'll still be out a phone...
nrfitchett4 said:
but what does this achieve for you???
A phone wiping program would wipe personal data.
What would bricking the phone do except make the phone unusable?
You'll still be out a phone...
Click to expand...
Click to collapse
Might be so, but if knowledge gets around that more and more phones can (and will) be bricked remotely once stolen, why steal?
I think it would be a very useful feature on any phone.
So I agree with the question for such an app.
Regards,
nrfitchett4 said:
but what does this achieve for you???
A phone wiping program would wipe personal data.
What would bricking the phone do except make the phone unusable?
You'll still be out a phone...
Click to expand...
Click to collapse
Well why do you fit a alarm on a car when it is gone it is gone, why do you put alarm in a house when they come they come.
Something odd with this statement. Why would you think it is ok for some one who stole my phone to use it when I had to work for it?
For me best solution would be to have it wired with C4 and 5s in to first phone call boom!!!
As that would be illegal second option brick the phone.
ruscik said:
Well why do you fit a alarm on a car when it is gone it is gone, why do you put alarm in a house when they come they come.
Something odd with this statement. Why would you think it is ok for some one who stole my phone to use it when I had to work for it?
For me best solution would be to have it wired with C4 and 5s in to first phone call boom!!!
As that would be illegal second option brick the phone.
Click to expand...
Click to collapse
Since when does a car alarm or home alarm burn down my house or car? That is essentially the same thing. If someone breaks into my house and steals my 60" dlp, I can't remote detonate it either.
I'm guessing that I don't understand. Maybe it is my long history with cdma phones that had esn's that could be blocked making the phones worthless (usually) once stolen.
Ill build it .... i just need a few beta testers?
Any takers?
jk.. i actually like the idea of disabling my phone if i knew it was gone for sure. .but i dont think i would be comfortable running around with this bomb in my phone unless i knew how to fix it.. and a bricked radio (easiest remote detonate solution) is obviously unfixable.
you know I was hoping this topic was headed in a different direction. like the phone company or microsoft running ras commands. like injecting and changing your files around so when you go to flash the seed will be planted for later execution. but dude if your phone gets stolen beat the punk bastards ass. or make sure you have handset protection. stupid topic. its just gonna add to the bricked my phone posts but not before they go on a couple of paragraphs of how they know what there doing but this and but that. wow then its gonna keep spreading like a ****ing plauge of dumb ass questions instead of keeping their cocksucker shut and read and learn. if your not f-ing it up, then your not learning.
i remember the sony ericsson p910, p990, and p1i could have set a sim password that works the same way the bios password works on most laptops with this feature... once the sim changed or the phone is flashed, the password must be entered to boot into the OS, personally i think this should be standard on every mobile OS...
and regardless how much times you reinstall windows, flash the bios, or remove the bios battery, the password remains, kinda annoying but at least it works
There are already some really good apps available for if your phone is lost or stolen. I don't know the names off the top of my head but I did some help on development on one 2 years ago and it was quite advanced and will send you silent text containing the new IME number if changed and the GPS location. Rendering the phone useless would be stupid in my opinion if you intend on retrieving it. let the security software do it's job and be happy to get your phone back.

How safe are used phones?

I am looking to buy a used captivate soon and I had an alarming thought..
To make purchases from google market you do have to enter credit card info..
So what if someone bought the phone, installed monitoring software on the phone, turned around and sold it.. They could break even on cost.. *AND* if they were lucky when someone else went to use the phone.. they would get the cred card info of that person..
And on ebay/craigslist... its not like you could pin it back to the person very easily..
Assuming I bought a phone and master reset it would that fix any possibly problems? I know in windows you reinstalling the OS will usually wipe just about anything out..
However, I know that if you have root.. on a phone you can do far more.. I don't know if having root would be enough to put something on the phone that could not be gotten rid of with a simple master reset.
I am sorry if this sounds paranoid.. But, I am a comp sci major.. Software security isn't my specialty.. but, I am hoping to dev for phones soon and think this is a pretty fair question, since the information is handled differently in linux (and I suppose now android) than it would be on a comp running windows xp for example..
I am asking because i know even after a master reset some things linger on most phones... so if someone installed a keylogger of some sort.. would it be able to survive a master reset?
x.x
Just because you're paranoid doesn't mean the're not after you.
Sent from my SGH-T959 using XDA App
Lol... Let me put it this way.. I once read an article hear with some one talking about how he doesn't want "google knowing where he is" and "google reading his mail" ect ect ect.
And I understand privacy concerns.. but, he was well.. reaching the point of flat out goofy.
I am asking based on what I perceive to be a valid fear looking at it from a logical perspective.
If someone installed some sort of keylogger for the phone, would it be able to survive a master reset?
I mean I know that whats on your sim card is not usually deleted.. and I forget if this phone has dedicated or removable memory or some combination of both..
However, assuming its a 16gb removable.. You could hypothetically install it to the flash memory.. If its not removable.. I am less certain how that dedicated storage is handled on phones. I know that you generally format a hard drive before installing an os.. or it gets partitioned off..
So if a logger was installed onto the dedicated/removeable memory would it be partitioned off and allowed to continue working?
If I didn't see valid cause for concern I wouldn't be here.. But, I'm sure the devs around here know more about this and can give a good answer!
If this is all coming to my mind... I'm sure some crazy cracker out there has already thought of and either created/working on implimenting it.
google will nevr read your mail. google is your friend!
if you have a virus on it or think you have, plug it in your computer and scan with av software.
i don't think that a virus could survive master reset.
and why are you worrying about this? ive bought second hand phones before and they have been ok.
try eBay.
You don't seem to have read my thing properly.
What I am trying to say is I have read an thread with a guy who was paranoid google was going to read his mail ect.
What I am saying is I'm worried about a second hand person creating a virus.
I could be wrong but, plugging the phone into a computer would do absolutely nothing as far as antivirus protection if I'm worried about protecting the phone.
The reason why is because anti virus protection only picks up virus's it is designed to pick up.
It is designed to pick up viruses that are a threat to computers.
I would imagine that computer anti virus software would worry about a different set of exploits than a linux based phone.
Making scanning with a computer completely useless.
yes, keylogger can survive hard reset. you have to reflash your phone completely to be sure. or don't provide your credit card number in any market
Hard reset and reflash official software. Everything will be like it just rolled out of the factory.
Pretty silly thing to ask really.
obviosuly if teh key logger was cooked into the rom then a master reset wont do sweet FA as it would simply be re-installed with the rom.
As mentioned your only way is flash the phone with a fresh rom.

[Q] Why not an eFuse?

So I just read about HTC new attempt at blocking custom firmware, most likely due to people bricking there phones and sending them back to T-Moble, Sprint, ect...
If HTC and other company's really have an issue with custom roms why dont they just implement some sort of eFuse if an unsigned/encrypted firmware/bootloader/recovery ect gets flashed over it will burn out and mark the phone as being altered but still usable?
Thoughts?
Its also possible that they are implementing this to help against people that think they know how to root phones from actually doing it. It could be to save the "average user" from screwing up and smurfing up their phones, so that way they dont get a bunch of phones back from tard buckets that can't follow directions on how to root. It also may be a tactic to say "just try our new UI and see if you like it while someone who is good with code takes more time to root." Because if there was no locks then the folks on xda would root the phone and never look back at what the manufacturer has put on the phone and worked hard to do. Just my .02 but i could be wrong.
Morder Chemiker said:
Its also possible that they are implementing this to help against people that think they know how to root phones from actually doing it. It could be to save the "average user" from screwing up and smurfing up their phones, so that way they dont get a bunch of phones back from tard buckets that can't follow directions on how to root. It also may be a tactic to say "just try our new UI and see if you like it while someone who is good with code takes more time to root." Because if there was no locks then the folks on xda would root the phone and never look back at what the manufacturer has put on the phone and worked hard to do. Just my .02 but i could be wrong.
Click to expand...
Click to collapse
I take issue with "the manufacturer has put on the phone and worked hard to do"
If they had any sense they would make the phone way more sleek and functional before sending out to us. They do not, They just send out the "7/11" version of what the phone is capable of, and do that because they do not want to put the money into the research. Ergo ....XDA is born............
oka1 said:
I take issue with "the manufacturer has put on the phone and worked hard to do"
If they had any sense they would make the phone way more sleek and functional before sending out to us. They do not, They just send out the "7/11" version of what the phone is capable of, and do that because they do not want to put the money into the research. Ergo ....XDA is born............
Click to expand...
Click to collapse
Perhaps I should have put that in quotes. They're just making minor changes, slapping a revison number on it and pushing it out to the masses. However they, being the manufactures, would consider this "working hard" part. I'm not supporting what they push out because there is WAY more talent from the devs here on XDA that put in more work and make things better.
Rather than HTC taking a page from Motorola's customer-hostility, there is an easy way for this to be done:
I'd recommend HTC use the fastboot oem-unlock method, with a well-written out warning screen on the device that once you tap OK, all your data hits the bit bucket [1], the phone is unlocked, and if you want any service on this device, the phone will need to be completely reflashed with a stock ROM from the cellular carrier who sold the device.
This way, it keeps the dummies from bricking their phone, while the dedicated modders can spend time working on better ROMs and not having to deal with eFuses and other crap.
[1]: It may seem bad that unlocking the phone for ROMs causes a purge of data, but just in case really clever malware tries to trigger an oem unlock, it would be completely removed from the device.

What is best way to make phone literally UNSTEALABLE??

Hi,
Recently my phone got stolen. It was HTC Desire. And I never thought it would happen, so was not prepared for it to happen.
And now in wake of that I was wondering what is the best mechanism available to recover lost phone.
To be precise, I am looking for something which will work even if thief removes the SIM, SDCard, does a factory reset, or install an entirely fresh ROM.
And if it could.. send an SMS/Email to a fixed destination (with phone number and GPS location) upon request/fixed-event in the background, it would be great.
So that virtually, the Phone would be unstealable as long as someone uses it with a new SIM(send SMS) or connects to internet (Email) even after wiping everything clean and installing a fresh ROM.
Complete protection is not possible, unless there is some option from the phone manufacturer build-in.
And I think even that can be circumvented.
However if your phone is rooted, you can install some apps which hide themselves and even survive a factory reset.
Lookout Security & Antivirus
Cerberus anti theft
And I think most thieves are not that smart to flash a new rom.
cool.aquarian said:
Hi,
Recently my phone got stolen. It was HTC Desire. And I never thought it would happen, so was not prepared for it to happen.
And now in wake of that I was wondering what is the best mechanism available to recover lost phone.
To be precise, I am looking for something which will work even if thief removes the SIM, SDCard, does a factory reset, or install an entirely fresh ROM.
And if it could.. send an SMS/Email to a fixed destination (with phone number and GPS location) upon request/fixed-event in the background, it would be great.
So that virtually, the Phone would be unstealable as long as someone uses it with a new SIM(send SMS) or connects to internet (Email) even after wiping everything clean and installing a fresh ROM.
Click to expand...
Click to collapse
Lizard said:
Complete protection is not possible, unless there is some option from the phone manufacturer build-in.
And I think even that can be circumvented.
However if your phone is rooted, you can install some apps which hide themselves and even survive a factory reset.
Lookout Security & Antivirus
Cerberus anti theft
And I think most thieves are not that smart to flash a new rom.
Click to expand...
Click to collapse
Lizard is right. It's not possible to do what listed. Only way to make it unstealable is to chain it to yourself
It's pretty hard, unless the guy who's steals your phone is a noob
// sent from a galactic Ars Sss
Lizard said:
Complete protection is not possible, unless there is some option from the phone manufacturer build-in.
And I think even that can be circumvented.
However if your phone is rooted, you can install some apps which hide themselves and even survive a factory reset.
And I think most thieves are not that smart to flash a new rom.
Click to expand...
Click to collapse
Yes, Thief himself may not be that smart, but where I belong to, stealing phones is a well-known racket.
So they have people who specifically know how to handle stolen phones.
Plus the police/manufacturer/carrier here is not of much help afterwards to track the thief down or block the IMEI.
Thanks for the links. Though they may not be exactly what I am looking for, any level of protection is better than none.
I am hoping someday there could be a better means to have more control/personalization of phone at hardware level.
like permanently associating phone's hardware identity with the online profile of original owner.
Complete protection is not possible..
There are many apps that can give phones position by sending an sms but thief r smart..
First they do is a reset..
Sent from my GT-I9100G using xda app-developers app
I'd say you're looking at this the wrong way. Software to locate a stolen phone is a measure that can only possibly help if your phone has already been stolen.
Better to think about how your phone was stolen and what you can do to prevent that from happening. Stop it being stolen before it is actually out of your hands.
Buy a GPS locator and embed it into the phone physically, if anything small enough is even available to the average consumer...
It would have to be fed power from the battery as well, which is far from impossible of course, but still quite the ordeal.
And since your police is obviously useless, learn to fight or buy a gun
Sent from my GT-I9000 using xda premium
Pennycake said:
Better to think about how your phone was stolen and what you can do to prevent that from happening. Stop it being stolen before it is actually out of your hands.
Click to expand...
Click to collapse
Trust me.. in my case, the theft was done in a very planned way by two guys (with one guy distracting me, and other guy snipping-off the phone from within my car at a busy traffic signal...
More than losing the phone, I am pissed about how it all happened..
I was considering teach those fu**ers a good lesson.
Locking your phone in Ft. Knox would still have the potential of disappearing.
Sent from my Amazon Kindle Fire using xda app-developers app

Securly AntiTheft protection

Hey all!
After my second phone, my beloved OnePlus 7 Prom was stolen. I have been wondering why there is no proper protection against stealing the phones. iPhones are locked to their account they are activated with..
why does google not implement something like this to their android devices ? In germany is also not possible to track an phone by its IMEI, expect its part of a proper ciriminal act. I was a little bit upset by the fact, that someone can steal your phone, just do an hard / factory reset from the bootloader and can continue using your phone. In this case, the only good thing is that your personal data is wiped.
Imaging someone would have accsess to your personal data on your phone, its much more worse than losing a few hundert euros. Anyway, i am feeling uncomfortable with the fact, that something like this routine is surely working like a charm (éven in germany!) and a easy way to make money.
So if not the providers, the government or google is protecting you from this to happen - i think i should do it on my self.
So my idea was to install to use something like cerberus and install it to the system partition via root access. Now my only concern is, if i rooted my phone, i would possible make it easier to bypass the screenlock of the phone or not ?
Would be great if you would share your thoughts on this!

Categories

Resources