Hello, as the title states I have found a way to bypass the password with the pin, pattern, and password option on the lockscreen without doing a factory data reset. I have not tried face unlock, I will try it soon. I would first like to thank Kosborn for his p2p-adb which bothe helped and gave me the idea. His p2p-adb can be located here.
I will also be adding this feature to Kosborn's p2p-adb soon as well.
Now to get down to it.
What you will need:
Phone with eithier 'USB Debugging" enabled or a Custom Recovery
ADB
A file editor (I use Notepad++)
Basic adb skills
*If you already have "USB Debugging enabled please skip to Step 5*
Step 1)
If the phone does not have USB Debugging enabled you need to flash a custom recovery to the phone. I will not post a step to step guide to on how to flash a custom recovery, just google it.
Step 2)
When you have the custom recovery flashed to the phone boot into recovery mode and mount /system. In CWM it can be found under "Mounts and Storage"
Step 3)
When /system is mounted pull build.prop and open it with the file editor I mentioned above.
Code:
adb pull /system/build.prop
You will have to add one line into the build.prop file for adb to be enabled when you reboot the phone
Add the line below to the build.prop file.
Code:
persist.service.adb.enable=1
Save build.prop file.
Now we have to push the file back to the phone so
Code:
adb push build.prop /system/build.prop
adb shell chmod 0644 /system/build.prop
Step 4)
Reboot phone
Run command below and you should see you device attached, If not make sure you have the correct drivers installed.
Code:
adb devices
Step 5)
Using adb type the following commands
Code:
adb shell mv /data/system/gesture.key /data/system/gesture.key.bak
adb shell mv /data/system/password.key /data/system/password.key.bak
Step 6)
Reboot phone
You should now be able to unlock your phone without having any password. And more importantly with having all of your data on the phone still.
If you found this helpful please hit the thanks button.
RESERVED
So this will work on any device correct?
---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------
With either pin lock or pattern?
prairiedogn said:
So this will work on any device correct?
---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------
With either pin lock or pattern?
Click to expand...
Click to collapse
In theory yes. I can't be for sure. It won't hurt it
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.
eduds said:
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.
Click to expand...
Click to collapse
That will work as well the reason why I used adb shell mv /data/system/gesture.key is to keep the file there when i was testing just incase but it could be removed as well.
not trying to be too much of a smart-butt, but heres the full version to do it, what u did is the basic commands, but leaves an empty pin/pattern for ANY input will be correct, heres each command (new line=new command):
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update secure set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
update secure set value=0 where name='lockscreen.lockedoutpermanently';
.quit
busybox rm /data/system/gesture.key
busybox rm /data/system/cm-gesture.key
busybox rm /data/system/password.key
busybox rm /data/system/cm-password.key
busybox rm /data/system/locksettings.db
busybox rm /data/system/locksettings.db-wal
busybox rm /data/system/locksettings.db-shm
reboot
some kernels+file-systems(or user actions) convert databases to "wal", or "shm" so they will have different names, as for some newer CM-based rom builds, the pattern, gesture unlock (if implemented), and sometimes pin get put into a different file "cm-***.key" but pin+password goes into "cm-password.key";
u need to only do first two commands(adb shell, and the cd), then skip to after the .quit if u ARE NOT locked out, if u are u need to do ALL these commands, and if it says "file/directory not found" or simmalier errors when doing the "gesture.key","cm-gesture.key","cm-password.key", the "locksettings.db-wal" +"locksettings.db-wal"; just ignore those errors as u dont have the configurations stored in there like some other custom roms do =)
i found and compiled this list from my app i made, if u heard about it "SMS Tasks", and this is acually the exact code (in adb shell form, not in java command line with added characters, voids, etc...) to unlock the phone remotely =), idk why people tell me not to share this code, as its good for users to have so they dont lose their data incase of forgotten passwords on devices stored in their dressers/storages for ages and got out for whatever reason (maybee a new rom-tree was born for it and u want to see it in action, idk =S) but use this if u want, if not u can ignore this post, just wanted to share this with u incase u want to add some to the OP as the commands u do some roms might not fully unlock (it will erase pass/pin, but some roms keep the config that its still set, but any pass (even one characters+a single_space, or one-three dot patterns), so if anyone got those errors, or want more understanding on what files are used, this is my most resent list of things to delete by what i see used on rom developer's github's anyways =S
but hope this helps any of u in any ways =)
much simpler way
download aroma file manager from
http://forum.xda-developers.com/showthread.php?t=1646108
flash aroma file manager in cwm with system mounted
browse to data/system
delete gestures.key
delete password.key
restart
of course you will need aroma file manager on the root of your sd card so download it and put it there now for safe keeping
you can always put it there via a card reader or pop your sd card into another phone if your phone is already locked
Using Aroma File Manager would be the easiest way!
Thanks for the share Marcussmith2626!
There is a way to do this without USB Debugging enabled nor Custom Recovery installed, as long as stock Android system recovery <3e> "backup user data" option is working:
- create a backup
- modify the backup file
- root the phone
- restore backup
root is not required for backup, but for restore. i prefer restore from custom recovery. but i have done this without flashing, too.
please see this link
Android system recovery <3e> alternative restoring program
i know this is an old thread, but im trying to bypass the screen where it says that youve tried your pattern too many times on a zte z932l (also known as the rapido) for a friends sister. She really just wants the pictures that are stored on the internal memory is all because they are of her kids. Any ideas on how to get this done? I would up on this thread because i was hoping that usb debugging had been enabled, but it hasnt
no "backup user data" option in Android system recovery <3e> i guess? if you can't create a backup then my friend, this is the hardest case for unlocking... if playstore is working and wifi enabled, you can unlock using Android Device Manager first. if this not help, check if fastboot is working. you can boot custom recovery with "fastboot boot recovery.img" if no fastboot mode available, find any way to make a backup of usrdata partition (maybe in download mode?) once you have a backup, its easy to modify and restore (as long as FRP lock is disabled)
with usb debugging enabler you can modify a rom and flash it via odin (without losing data???), and with Android Multi Tools you can unlock the screen. if this is possible for samsung devices, then there should be a way for other phones, too. another way is to enable adb via sideload, if someone will create such app.
and of course, if fastboot mode is available, the easiest way is booting a custom recovery without flashing it. then just delete /data/system/locksettings.db* files from adb or with aroma file manager (try calung version 1.80)
Related
NOTE: This is a work in progress. While I have completed this guide myself SEVERAL times to ensure accuracy, It is possible that typos or errors in understanding exist. Please use at your own risk, and expect NOTHING from me. I will do my best to update this guide and improve the formatting as I find time. Feel free to leave feedback!
I cannot stress this enough: always have backups of any important information. While we may not be able to do full image-based backups until after root, you can still make sure we aren't deleting needed data. While yes, Google should hold your most important data and allow you to sync at any time, what would you do if Google went down? And I've even had trouble using the "Offline" function for some of the Apps. Therefore, Make a copy of everything on your SD card and read this excellent guide from Lifehacker about how to backup Google Apps data: Lifehacker
You will need an SD card. I recommend AT LEAST an 8GB Class 4. Most actually recommend a Class 6 for use with apps2sd, but I just wanted to let you know that it would still work with a Class 4. For those unaware, apps2sd allows you to save internal phone memory by placing after-market applications onto your SD card. Most users notice a speed benefit from this.
If you would like to purchase a Class 6 SD card, you can get a one here with three sizes available (4GB, 8GB, 16GB):
A-DATA MicroSDHC Class 6 Turbo With SD Adapter
To ensure the best possible load, perform a factory reset, and WIPE your SD card!
Code:
Menu > Settings > Security > Factory data reset > Reset phone > Erase everything
TRUE FACTORY RESET (UN-ROOT)
If you, like me, have already rooted and are trying to perform this process over again, you will unfortunately have to download the original ROM and flash it in Windows.
Download: RUU_Hero_C_Sprint_1.29.651.1_signed_release.exe
Run in Windows (I used XP through VMWare Fusion), and this will return the phone to the TRULY factory loaded state. Any other Factory data reset will simply reload the last ROM image saved, which, if you rooted and loaded MoDaCo, would be MoDaCo. I am encouraging you to follow this process to avoid any problems that may exist while the phone is rooted or loaded with the unofficial ROM. And even if you perform this process as a first-time rooter, it certainly wont hurt!
ROOT HERO [MAC]
(This is the process that allows modifications to occur on your phone):
The guide I follow and can verify is this:
Rooting CDMA Hero [Mac]
I do not use Windows as a primary platform, so I would recommend following this guide if you are on Windows:
How to root the CDMA Hero (DETAILED Windows guide)
You should be able to return to this guide after you have successfully completed the root process on Windows. Continue from the section "NANDROID BACKUP" below.
Per the purpose of this guide, I will detail my exact steps from the "Rooting CDMA Hero [Mac]" post. Thanks ajones7279!
Plug in your phone
Download Android SDK: http://developer.android.com/sdk/index.html
Unpack, Rename the extracted folder to "AndroidSDK" (This is case sensitive!), and Move it to "Applications" (I consider the Android SDK a set of applications.)
Open TextEdit, Click Format>Make Plain Text, then copy and paste the following:
Code:
export PATH=${PATH}:/Applications/AndroidSDK/tools
Save as: ".bash_profile"
On Phone: Go to Settings > Applications > Development>USB Debugging and make sure the option is checked.
On your Mac: Download asroot2: http://zenthought.org/tmp/asroot2
Save this file into: /Applications/AndroidSDK/tools
Open Terminal and run the following commands (You can copy and paste):
Code:
cd /Applications/AndroidSDK/tools
adb push asroot 2 /data/local
adb shell chmod 0755 /data/local/asroot2
adb shell
/data/local/asroot2 /system/bin/sh
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4775 su
exit
exit
At this point, the phone has root access.
Download: http://rapidshare.com/files/303797523/recovery-RA-heroc-v1.2.3.img
Save this file into: /Applications/AndroidSDK/tools
Go back to your terminal and type:
Code:
adb push recovery-RA-heroc-v1.2.3.img /sdcard/
adb shell
su
flash_image recovery /sdcard/recovery-RA-heroc-v1.2.3.img
exit
exit
adb shell reboot recovery
Now, the phone will reboot into recovery mode. To preserve our freshly rooted state, we will make a Nandroid backup.
NANDROID BACKUP
*NOTE: These steps assume that you have already entered Recovery Mode on the phone through Terminal "adb shell reboot recovery" or the "Quick Boot" app.*
On phone: Using the trackball, scroll down and select "Nandroid v2.2 backup". This will create a backup of the phone in its freshly rooted state to your SD card, under the nandroid directory.
After it completes the backup, we want to make sure that we have the backup "backed up" by copying it to our Mac (Just in case anything happens to the SD card!).
Select "USB Mass storage on"
After your SD Card appears, copy the contents of the "nandroid" folder to anywhere you wish on your Mac (You are using Time Machine right?)
Once the copy is complete, eject the sdcard in mac and select "USB Mass storage off" on the phone.
NOTE: Nandroid does not backup the contents of your SD card. If you don't want to lose what's on your SD card, MAKE A BACKUP COPY!
From this point forward, if you do something that seems to really mess with the phones functionality, you can simply go back to your Nandroid backup!
RESTORE NANDROID BACKUPS
Select "Nandroid v2.2 restore" *THIS WILL ERASE EVERYTHING ON YOUR PHONE*
Your phone will be returned to the condition it was in as of the last Nandroid backup. You can control which backup is restored by deleting the unwanted, time-stamped folders within the "nandroid" directory on your SD card. If you leave only one time-stamped backup folder, that is the backup that will be restored.
Note that this will leave the custom Recovery ROM we loaded (recovery-RA-heroc-v1.2.3.img) in place.
I actually perform a Restore after every Backup. While this takes extra time, you know your Backup is intact and not corrupted in any way!
If you are looking for a complete factory reset, you will need to scroll up to "TRUE FACTORY RESET (UN-ROOT)"
PREPARE SD CARD FOR APPS2SD (A2SD)
For those unaware, apps2sd allows you to save internal phone memory by placing after-market applications onto your SD card. Most users notice a speed benefit from this.
Select "Wipe SD: fat32+ext2+swap" *THIS WILL ERASE EVERYTHING ON YOUR SDCARD*
Select "USB Mass storage on"
The mounted drive should now be empty. Double-check that it was partitioned correctly by opening Disk Utility and verifying 3 partitions on the sdcard: NONAME, disk1s2, and disk1s3. Close Disk Utility.
LOAD Unofficial MoDaCo 1.2c Core ROM
Forum Post: Unofficial MoDaCo 1.2
Download: Unofficial MoDaCo 1.2c Core
Save this file into: your SD card. (the root of your SD card, probably named "NONAME" if you didn't change it. You can change it to whatever you want though.)
Save the file as: "update.zip" (Or rename it)
Eject your sdcard and Select "USB Mass storage off"
Select "Apply sdcard:update.zip"
Select "Reboot system now"
If it successfully loaded, you now have a fresh load of the Unofficial MoDaCo 1.2c ROM! Congrats!
I would recommend that you create another Nandroid backup. Scroll back up to "NANDROID BACKUP" and follow the steps over again and come back to this point.
Now you are ready for the workarounds!
Guide: Workaround Issues (Unofficial MoDaCo 1.2c)
Why'd you make another guide?
nice guide man, no need to respond why you made another guide, the more the merry, nicely detailed as well
Shhhhhh.
I was just curious because there are like six...
I made another guide because while many of the forum posts acomplish bits and pieces, my guide provides the overall picture. Root, ROM, and Backup. And my upcoming "Workarond Issues" guide will collect scattered information in a similar fashion.
I find it ironic that I thanked you for your contribution and you find this guide excessive. Would you prefer that I removed the guide?
No not at all. Yours is nice and concise. There's just a lot, that's all. That's why I said it would be nice if a moderator could have merged all the ones that were already written at the end of mine. Didn't mean any harm.
Ah, I see what you mean. To be honest, I am also making this guide for self reference. If most all of the information I need is together its easier to help myself as well as my friends and the community. Thanks again for all your contributions.
Just to raise awareness, Nandroid does NOT back up your apps if you are using AppsToSD as in MoDaCo. You must back up your apps separately.
True, thanks for the heads up. I'll work on a separate guide that details how to backup your other apps. I believe that anything after-market can be backed up and restored through ASTRO though, and this is much easier for most than adb and Terminal commands (push/pull).
The whole 1.56.651.2 Firmware update is also making me wait to post any further guides, as some of my worksarounds may prove useless. It looks like we still have the Apps Renaming and Reverting issue though, and I didn't see the Sprint admin adress such issues specfically.
?
ok i did the update to the hero. and now found out about rooting(im new to all this) do i run that program you put in the beginning with windows? and then does that rom resolve the issue with battery with sms and other things the OTA update fixed? or should i get another rom or .img idk what to call it really and what does RUU stand for?
Alright,
A couple things to add to this guide, for the complete noob, as I can try to explain it a little more clear.
This should be done prior to doing anything within the guide.
First, connect your phone to your computer and mount your sd card. This can be done by connecting the usb cable, then on your phone, drop down the menu and chose, connect to p.c., Mount SD card. Make a folder and backup your entire sd card to this folder. Once done, delete everything off the card. if you don't, you will run into format and partitions errors later in the guide.
Eject the sd card on the computer, and end usb sharing on the phone. remove the USB cable from the computer.
Next, on the phone Go to Settings > Applications > Development>USB Debugging
Make sure that USB debugging is NOT CHECKED. If its checked later in the guide you will run into errors pushing the files onto the phone.
At this point you can start the guide from the beginning, under the main heading Root Hero [MAC]
I am running OSX 10.6.2 so i ran into a couple of issues.
Next. Under the part where you have to create the .bash file. This file should be saved in your user folder.
/Users/USERNAME where USERNAME is the name of your user account.
For instance my User account is Hamspiced so my user folder is:
/Users/Hamspiced/
when saving the file, uncheck "if no extension is provided, use .txt".
Next, I couldn't copy paste the code because it wasn't parsed properly. This is what i had to do.
And this should be a direct copy paste into terminal. If you don't know how to access terminal click the spyglass in the upper right hand of the screen, and type in terminal. then you should be able to directly copy paste this text.
Code:
cd /Applications/AndroidSDK/tools
./adb push asroot2 /data/local
./adb shell chmod 0755 /data/local/asroot2
./adb shell
/data/local/asroot2 /system/bin/sh
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4775 su
exit
exit
As stated you should have root access on the phone. you can verify this by downloading Terminal emulator from the Market, then running the app. Once inside the app if you hold Menu, you should bring up the onscreen keyboard. if you type in "su" (stands for super user) it will change the prompt from $ to #. If yours does not change, start over, something went wrong. If it did change then you can proceed to the next part of this guide.
Next the guide is trying to put the recovery Image to your phone. This doesnt restore your phone, it just puts the recovery portion to it, and it allows you to do all the cool things to your phone, like allow you to create backups, restore backups, and load customs roms.
again i ran into issues with parsing the correct format so these are copy pastes from terminal.
Code:
./adb push recovery-RA-heroc-v1.2.3.img /sdcard/
./adb shell
su
flash_image recovery /sdcard/recovery-RA-heroc-v1.2.3.img
exit
exit
adb shell reboot recovery
If you get an access denied error pushing the recovery image, its because you had debugging turned on prior to connecting your phone to the computer. it must be off, then turned on once the phone is connected.
This will result in headaches, and endless google searching with no results.
Follow the rest of the guide regarding the Nandroid backup this backs up the entire phone settings. you want to save the raw phone backup as well as the backup after you load the rom. both are incredibly important!
Prepare SD Card for Apps2sd….
If when you checked Disk Utility and your SD card didnt partition properly follow these steps.
You must erase everything on your sd card for these steps to work. I ran into errors creating the partition. What i had to do was in the recovery mode chose factory recovery. when the phone restarted i had to go to Settings>Security>Factory Data Reset.
This restored EVERYTHING. THe phone, Sd Card, Etc. Everything was lost, however since in the begining, we made a backup of the SD card, and then we made a backup of our phone, we are fine.
Restart the phone in recovery mode once this finishes and restarts. (Hold Home and Power to turn on)
Next chose Part SD: fat32+ext2+swap this will partition the card properly. Then choose restart phone.
Once the phone restarts, we have to go through the normal steps that we did once we first received the phone for its first bootup. connect it to the computer, transfer over the Nandroid backup that should be saved from the first time you saved it on your phone. then restart the phone again in recovery mode.
Now you need to restore the nandroid backup. since you transferred it over, its the only nandroid backup there is, it will restore the phones origional settings. from here you can load the official MoDaCO rom fine on the SD card that is now formatted properly.
These are about all the issues and resolutions i ran into. Hopefully it helps someone else.
Guess it's subjective. I think I haven't turned off USB Debugging since shortly after I got the phone and didn't run into any problems. It's always on before I plug it in and I haven't ran into any errors while pushing a file to my sd card. Also didn't erase my sd card before I formatted (did back it up though of course) and everything went smooth. Dunno. It's always good to hear from diff people though. Also just edited my thread, thanks for the heads up.
need help rooting htc hero from sprint
i have 1.5 firmware bb version is 1.04.01.09.21 kernel version 2.6.27-533ce29dhtc [email protected] build number1.56.651.2 cl85027software 1.56 cant get root on this device can someone please help me
quis5550 said:
i have 1.5 firmware bb version is 1.04.01.09.21 kernel version 2.6.27-533ce29dhtc [email protected] build number1.56.651.2 cl85027software 1.56 cant get root on this device can someone please help me
Click to expand...
Click to collapse
Try here
http://forum.xda-developers.com/showthread.php?t=581686&highlight=root+mac
First, excellent guide! Personally, I used Universal Androot (snipurl.com/uaroot) to root my Hero, but this was a huge help in getting the SDK installed!
I'm running into a problem while trying to do the Nandroid backup. When I try to flash the recovery image, I get the following error message....
AJBlue98$ ./adb shell
$ cd /sdcard/
$ su
# flash_image recovery recovery-RA-herocv1.6.2.img
flash_image: not found
Click to expand...
Click to collapse
I even try the command with the leading "./" and I get essentially the same thing...
# ./flash_image recovery recovery-RA-herocv1.6.2.img
./flash_image: not found
Click to expand...
Click to collapse
I'm running the latest official Sprint 2.1 ROM on my Hero and Terminal on Mac OS X Snow Leopard 10.6.4 on a late-2009, 17 in. MacBook Pro. Oh, and I installed the Android SDK into another directory (had it installed before I found this tutorial), so here's my $PATH...
-bash: type: /opt/local/bin:/opt/local/sbin:/Users/AJBlue98/soylatte/bin:/Users/AJBlue98/android-sdk-mac_86:/opt/local/bin:/opt/local/sbin:/opt/local/bin:/opt/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/texbin:/usr/X11/bin: not found
Click to expand...
Click to collapse
Am I missing something? I'll really appreciate the help!
—Adam
ajblue98 said:
First, excellent guide! Personally, I used Universal Androot (snipurl.com/uaroot) to root my Hero, but this was a huge help in getting the SDK installed!
I'm running into a problem while trying to do the Nandroid backup. When I try to flash the recovery image, I get the following error message....
I even try the command with the leading "./" and I get essentially the same thing...
I'm running the latest official Sprint 2.1 ROM on my Hero and Terminal on Mac OS X Snow Leopard 10.6.4 on a late-2009, 17 in. MacBook Pro. Oh, and I installed the Android SDK into another directory (had it installed before I found this tutorial), so here's my $PATH...
Am I missing something? I'll really appreciate the help!
—Adam
Click to expand...
Click to collapse
yeah, you're missing the "flash_image" binary on your phone lol search xda for it and push it to /system/bin, then try the command again.
regaw_leinad said:
yeah, you're missing the "flash_image" binary on your phone lol search xda for it and push it to /system/bin, then try the command again.
Click to expand...
Click to collapse
Thanks, regaw_leinad, for the lead! I found a copy of the flash_image file and copied it to my Android SDK folder, but when I try to push it to my phone, I get this:
AJBlue98$ ./adb push flash_image /system/bin
failed to copy 'flash_image' to '/system/bin/flash_image': Permission denied
failed to copy 'flash_image' to '/system/bin/flash_image': Read-only file system
Click to expand...
Click to collapse
(I rebooted the phone and tried again after my original post. The error message changed. BTW I'm connected via USB with debugging turned on and "Charge only" selected as my connection type.)
I've tried running adb as root, but I get this:
AJBlue98$ ./adb root
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Again, any help will be greatly appreciated!
—AJBlue98
ajblue98 said:
Thanks, regaw_leinad, for the lead! I found a copy of the flash_image file and copied it to my Android SDK folder, but when I try to push it to my phone, I get this:
(I rebooted the phone and tried again after my original post. The error message changed. BTW I'm connected via USB with debugging turned on and "Charge only" selected as my connection type.)
I've tried running adb as root, but I get this:
Again, any help will be greatly appreciated!
—AJBlue98
Click to expand...
Click to collapse
ok type
adb shell
then
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
to mount it as r/w
then try the flash image command again.
Adb root or adb remount won't work, because your boot.img isn't patched yet.
regaw_leinad said:
ok type
adb shell
then
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
to mount it as r/w
then try the flash image command again.
Adb root or adb remount won't work, because your boot.img isn't patched yet.
Click to expand...
Click to collapse
Okay, I did that. I'm still charge-only and debugging turned on, and here's what happened.
(N.B.: I'm on a Mac, so I have to include "./" before running an application in the current directory. Also, I'm including "AJBlue98" in front of my "$" prompts to differentiate my Mac's local prompts from the adb shell prompts.)
AJBlue98$ ./adb shell
$ mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount: Operation not permitted
Click to expand...
Click to collapse
So I tried these few things...
$ su
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /sdcard/
# mv flash_image /system/bin
failed on 'flash_image' - Cross-device link
# exit
$ exit
AJBlue98$ ./adb shell su mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
AJBlue98$ ./adb push flash_image /system/bin
failed to copy 'flash_image' to '/system/bin/flash_image': Permission denied
Click to expand...
Click to collapse
Now I'm completely flummoxed. As always, please help and thanks in advance!
Update: I got frisky, so I tried this, just for the heck of it...
AJBlue98$ ./adb shell
$ su
# cd /sdcard
# ./flash_image recovery /sdcard/recovery-RA-heroc_v1.2.3.img
./flash_image: permission denied
# chmod 755 ./flash_image
# ./flash_image recovery /sdcard/recovery-RA-heroc_v1.2.3.img
./flash_image: permission denied
# su ./flash_image recovery /sdcard/recovery-RA-heroc_v1.2.3.img
Permission denied
Click to expand...
Click to collapse
Update 2:
I got some help at irc.twit.tv from a good soul in the #twitlive channel, who pointed me to ROM Manager (downloadable from the Market). That just did the whole backup, hey-presto, no flash_image BS required.
Thanks for the help anyway, all!
ajblue98 said:
Okay, I did that. I'm still charge-only and debugging turned on, and here's what happened.
(N.B.: I'm on a Mac, so I have to include "./" before running an application in the current directory. Also, I'm including "AJBlue98" in front of my "$" prompts to differentiate my Mac's local prompts from the adb shell prompts.)
So I tried these few things...
Now I'm completely flummoxed. As always, please help and thanks in advance!
Update: I got frisky, so I tried this, just for the heck of it...
Update 2:
I got some help at irc.twit.tv from a good soul in the #twitlive channel, who pointed me to ROM Manager (downloadable from the Market). That just did the whole backup, hey-presto, no flash_image BS required.
Thanks for the help anyway, all!
Click to expand...
Click to collapse
sweet, glad you got it worked out
there were a few errors in what you did above, but looks like you got everything working without it, so that's good
Requirements:
- ClockworkMod Recovery on your device
- Know how to reboot into recovery
- Have Android SDK (adb) installed - and familiar with the concept of what it does, and know how to access it via command line - if not look around, it's everywhere on how to do this.
Disclaimer:
- What you do is your fault
Optional:
- Ability to discern what, and what not to remove
Synopsis:
This is a good technique if you're receiving 'read only' errors while trying to remove apps - namely located in /system/app
[size=+3]Method:[/size]
- Reboot into recovery - it's been said in other threads it's best to DISCONNECT USB, power down, boot into recovery and THEN replug the USB connector.
- Using the clockwork menu - navigate down to 'partitions menu' using your volume down button - then hit the power button
- From the partitions menu, select 'mount /system' and hit the power button
- From your Android SDK tools directory - check 'adb devices' - this should indicate your phone is connected and in 'recovery' mode.
e.g.:
Code:
$ adb devices
List of devices attached
HT06BR007742 recovery
- Type 'adb shell' - this will put you into a command line for your phone
- From the command shell: 'cd /system/app'
- To get a list of what you can remove, type 'ls'
- To remove an .apk - type 'rm FileName.apk'
- When you're done, it's suggested you use the clockwork menu to reboot the phone ('back to the main clockwork menu, and 'reboot device')
Further example / note:
Once logged in via 'adb shell' and the system dir is mounted via clockwork:
Code:
/system/app # ls |grep "ATT"
ATT_Maps.apk
ATT_Navigator.apk
/system/app # rm ATT_Navigator.apk
Also, a side note, you can see all available commands for this shell by typing:
Code:
ls /sbin
The list is quite comprehensive.
I hope this helps someone
thanks thinice !
Added to the sticky roll-up.
I'm not 100% on this but I was able to uninstall whatever I wanted through Titanium Backup, including the ATT bloatware once I was rooted.
I am not sure about the Titanium Backup method. I restored to stock rom with root and used Titanium backup to remove some apps. They showed as removed, however when I reboot the phone the apps are back and not removed. I could not get Titanium backup to remove the apps with root alone.
removing AT&T Radio
I have searched the forum and have not yet found the answer to this question...I have removed all of the AT&T apps that I want to remove, except, which apk is AT&T radio?
You talking about fm radio on a sense rom?
Sent from my HTC Liberty using XDA App
Ah, no I'm using my HTC Aria with the stock image. I've rooted it though, and I'm just getting rid of the included AT&T apps I do not want. This one shows up as "AT&T Radio". Just trying to figure out which apk to remove in order to remove this app.
what apps are SAFE to remove without effecting HTC Sense or Aria? we need to make a list of files/apps safe to remove. i heard one user saying removing HTC stocks caused error issues when it tried to sync.
Hello also any luck with change the radio to activate for 1700 mhz UMTS ?
wdlamb said:
Ah, no I'm using my HTC Aria with the stock image. I've rooted it though, and I'm just getting rid of the included AT&T apps I do not want. This one shows up as "AT&T Radio". Just trying to figure out which apk to remove in order to remove this app.
Click to expand...
Click to collapse
AndroidMusic.apk
Thanks, that was exactly what I was looking for.
I've worked on this a few hrs now. I got Clockwork Recovery to work. Figured out HTC Sync was reverting the phone to stock recovery somehow. Removed that though...
Have rerun Unrevoked, and I can get into clockwork. I'm not interested in changing to different ROM now, just removing ATT crap.
When I try sideloading instructions/alternate method for removing ATT stuff, I get an error in cmd:
C:\android\tools>adb remount
remount failed: Operation not permitted
adb devices returns:
List of devices attached:
<myserial#> device
Any ideas? Have I not completed the root access procedure? I thought it was part of the Unrevoked process.
ahren37 said:
I've worked on this a few hrs now. I got Clockwork Recovery to work. Figured out HTC Sync was reverting the phone to stock recovery somehow. Removed that though...
Have rerun Unrevoked, and I can get into clockwork. I'm not interested in changing to different ROM now, just removing ATT crap.
When I try sideloading instructions/alternate method for removing ATT stuff, I get an error in cmd:
C:\android\tools>adb remount
remount failed: Operation not permitted
adb devices returns:
List of devices attached:
<myserial#> device
Any ideas? Have I not completed the root access procedure? I thought it was part of the Unrevoked process.
Click to expand...
Click to collapse
Yes, I think I was getting the same problem so I did a sequence of steps in some weird sequence to actually change it. It went something like this:
1. Make sure your PATH variable is set to Tools folder of Android SDK
2. Boot your phone into Clockwork and connect to PC
3. On your phone go to Partitions Menu and mount /system, then mount USB storage
3. Go to command prompt on your PC change your drive to phone/SD card drive (whatever that is, F:\ in my case)
4. adb remount
5. unmount /system
6. mount /data, mount USB storage
7. adb pull /data/data/com.android.providers.settings/databases/settings.db C:\settings.db
where C:\ is the main PC drive
8. change to C:\
9. echo update secure set value = 1 where name = 'install_non_market_apps';|sqlite3 settings.db
10. change to F:\
11. adb push C:\settings.db /data/data/com.android.providers.settings/databases/settings.db
12. Unmount everything, reboot and sideloading should work
sorting and backup
To see which files take the most space, use du with sort:
Code:
du * | sort -n
If concerned about deleting an important app, try moving it to the sd card instead. First mount the sdcard with the recovery menu, then:
Code:
mkdir -p /sdcard/backup/system/app
mv /system/app/something.apk /sdcard/backup/system/app
Thanks for the guide!
Great I'll try this tonight. Thanks
Sent from my HTC Aria using XDA App
I'm getting errors when attempting to remove the ATT_Navigator and ATT_Maps.
/system/app # rm ATT_Navigator.apk
rm ATT_Navigator.apk
rm: can't remove 'ATT_Navigator.apk': Directory not empty
Same error for both. Any suggestions?
I'm running Liberated 2.1 and ClockworkMod 2.5.0.1.
asiancuta said:
what apps are SAFE to remove without effecting HTC Sense or Aria? we need to make a list of files/apps safe to remove. i heard one user saying removing HTC stocks caused error issues when it tried to sync.
Click to expand...
Click to collapse
Yeah, I think it'll be nice to have a master list so future people won't have to mess with backups.
some I'm curious about is Mobi TV, Mobile banking, Mobile Video, Peep, and mostly if it'll be okay to remove the htc twitter widget.
the only program i ran into any issues with removing was the defalut mms app. i decided to see what would happen if i got rid of that app and replaced it with handcent or chompsms. those programs could still send messages, but i couldn't receive any.
the easiest way to compile a list like that is browse the forums for any preexisting knowledge, then just start testing things for yourself. make a nandroid backup of your rom as it sits, start removing programs, boot normally and see what happens! if theres no errors after you've removed the desired apk, make a new backup, reboot into recovery and keep going at it.
Dislcaimer: this is for educational purposes only,you shall not use this on other people phones without permission under any circumstances,and am not responsable to any misuse of this hack
Click to expand...
Click to collapse
ok so not long ago i had a problem with a locked android device with a pattern and i managed to unlock it using adb,so here's how in case you were stuck one day with a locked device.
the device needs to have usb debugging enabled in case usb debugging isn't enabled and you have cwm you can run the same instructions from cwm,root is not required (though it will be so better if the device was rooted)
this was tested on:gingerbread,ice cream sandwich and jelly bean.
both method are through adb.
method 1:
Code:
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit
-AND/OR-
method 2:
Code:
adb shell rm /data/system/gesture.key
and that's a video showing how method 2 is done (thanks to melvinchng) : http://www.youtube.com/watch?v=tVJ7T2oC_Zs&feature=player_embedded
you can try both of them,here is how i managed to remove the lock:
1- run the first method.
2-reboot
3-run the second method
4-reboot
NOTES:
-in the first method each line is a seperate command so click enter after typing each line.
-in the second method type all the command and then press enter.
-after running both methods and rebooting you may see the pattern lock,that doesn't necessarily mean it doesn't work,just try any random pattern and it may unlock then remove the pattern from settings.
-this may and may not work,it may work on some devices and don't on others,so all you can do is trying it but i can't assure it will work.
a small donation would be much appreciated thank (check my signature)
But What if i remember the password well enough, but didnt have data enabled the moment it got locked?
Explained elaborately here>>>http://forum.xda-developers.com/showthread.php?p=29963687
It will unlock either (Loook at the time of message above - I am time traveler )
i have better method than bot the above ones
look for smudges on the phone
Do the files need to be restored or are they just the user data for the pattern locks?
This is really great...
i wonder how do you discover this
you must be a hacker
Or you could boot into recovery backup data
wipe factory reset and reboot
Could try restoring data but most likely restore pattern lock
Or simply enter your gmail address as requested
2nd option...
if you have Custom recovery
use AROMA File Explorer and you can do the same thing through the recovery
or adb through the recovery
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Method #1 FAIL:
1|[email protected]:/data/data/com.android.providers.settings/databases $ ll
opendir failed, Permission denied
255|[email protected]:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
Error: unable to open database "settings.db": unable to open database file
Method #2 FAIL:
[email protected]:/data $ ll /data/system/gesture.key
-rw------- system system 20 2012-08-11 04:51 gesture.key
[email protected]:/data $ rm /data/system/gesture.key
rm failed for /data/system/gesture.key, Permission denied
(I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I'd encrypt my phone and use a passphrase instead)
This is a useful guide, thanks, I will try it :good:
So I guess if Debugging wasn't previously enabled, you have no chance to unlock it...
I've noticed a locked Archos tablet in a shop (probably some stupid shopper locked it) and when I saw this thread announced on the first page I was thinking of helping the shop owner. But I guess I cannot.
Have a nice day!
I don't know whether this method can use on neither:
Rooted
Installed Busybox
Rom Version Older or Newer than CM7
This method require ADB Debugging On & A PC & A tool Provided
I found this trick a long time ago
I come for sharing
Click to expand...
Click to collapse
Download the By-pass security Hack.7z
http://www.mediafire.com/download.php?li2686c3jenmen6
Click to expand...
Click to collapse
Primary Step for all method:
Click to expand...
Click to collapse
Extract it to anywhere using 7-zip.
Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
Navigate to Browse data tab, At table there, click to list down the selection & selete secure
Instruction To Remove Pattern Lock:
Click to expand...
Click to collapse
Now, find lock_pattern_autolock, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove PIN Lock:
Click to expand...
Click to collapse
Now, Find Or Create lockscreen.password_type, double-click & change it's value to 65536, Apply changes!
Now, find lock_pattern_autolock, Delete Record, If doesn't exist, Ignore
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove Password Lock:
Click to expand...
Click to collapse
Now, find lockscreen.password_salt, Delete Record
Now, find lockscreen.password_type, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
hmmm i hope those thief's don't find these thread lol
zmore said:
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Click to expand...
Click to collapse
Nor does either method work on unrooted Galaxy Nexus with stock Jelly Bean. Yay stock Android.
mixtapes08 said:
hmmm i hope those thief's don't find these thread lol
Click to expand...
Click to collapse
don't leave usb debugging checked on then.
I advise you guys to also post your Android version. My opinion is that the security hole that permits this hack has been removed in JellyBean, maybe even in an earlier version.
I will try it too a little later, just for the fun's sake.
aussiebum said:
don't leave usb debugging checked on then.
Click to expand...
Click to collapse
If you have forgotten to leave USB debugging enabled, reboot your phone into recovery and do the same. No USB debugging required.
You may however need to mount the partition being accessed by this method, and you can do that only if you have a custom recovery installed (which you more-than-likely have, since you're here on XDA). Just go to 'Mounts and Storage' and mount /data. Then use the method just the normal way. Cheers!
Useful guide for sure. Will keep this as reference!
Does this only work for the pattern unlock or will it also work on the password or the PIN unlock screen?
I can confirm that it is working on a CM7.2 Motorola Defy.
Thanks m.sabra!
I am not responsible for anything that may come of or from this information. Use at your own risk!
Step #1)
Create security lock through Settings (pattern, pin, password).
Step #2)
Add VPN connections
Step #3)
Plug the phone in and run these commands (requires adb to be setup properly and drivers). I am sure there is a way to do this directly on the phone but this is easier for me.
Commands to remove security:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=0 where name='lockscreen.password_type';
.exit
exit
Finished!
For me no reboot was required and you do not have to restore pattern in order to create more VPN connections.
Optional Step:
If you decide that you want to restore the security run the one that fits you.
Commands to restore pattern:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=65536 where name='lockscreen.password_type';
.exit
exit
Commands to restore pin:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=131072 where name='lockscreen.password_type';
.exit
exit
Commands to restore password:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=262144 where name='lockscreen.password_type';
.exit
exit
Great! Thank you!
really helpful, i've been fed up with stupid design.
Brilliant, does it also work for ICS?
I don't have an ICS device. If I can find someone that is willing to let me take a look at their ICS device I can see.
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
P30SiNa said:
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
Click to expand...
Click to collapse
Hmm did notice that before I will see whats up with that,
portnoy.vitaly said:
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
I am not sure but I would imagine so. I would try with pattern lock and not PIN or Password.
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Just tried this. Added vpn, removed lock pattern. It went back to slide, worked fine.
Rebooted, not visiting VPN settings it's asking me to enter credential storage...any ideas how I can a) get past this without wiping my wifi/vpns, or b) remove this but keep my vpns and slide lock?
sorset said:
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Click to expand...
Click to collapse
Same here.
Works great, thanks for sharing :good:
spumanti said:
Same here.
Works great, thanks for sharing :good:
Click to expand...
Click to collapse
Works for me, too, until I reboot :/
Doesn't work. Apparently it's problem with sqlite.
soinfo_relocate(linker.cpp:1013): cannot locate symbol "sqlite3_enable_load_extension" referenced by "sqlite3"...CANNOT LINK EXECUTABLE
Any help please?
Use Script Manager to make this done on every boot.
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard
2. Use Script Manager to run it on boot and enable su (root).
3. Test it by running it from script manager and see if it runs correctly. You can try enabling PIN and it should be disabled after running this.
4. Final test: reboot your phone and see if PIN/password is disabled.
Keep in mind this gets executed after everything else, so if you try to wake your phone right away, you might still see the PIN prompt.
Another way without script manager:
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard as 99pinremove
2. Run the following using adb:
Code:
adb shell
su
mount -o remount rw /system
cp /sdcard/99pinremove /etc/init.d/99pinremove
chmod 755 /etc/init.d/99pinremove
chown root:shell /etc/init.d/99pinremove
exit
exit
In 4.4 there is no such file
Code:
/data/system/locksettings.db
.. any ideas?
Guys I need some help !!
I have official firmware in my phone S7 edge ( Android 7.0 G935F ) but once i tried to root it and it was stuck in boot logo so i went to a store for a suppose unroot ,but know e cant use Samsung health app because gives me an error. I already searched this error and just have to change the tima value to 0 in build.prop
My real question is can I edit build.prop to fix this error without root or do i have to root my device again to fix this error ??
Please help
thanksssss, waiting 4 answers
Your phone KNOX is ticked 0X1 that's why not working, you must root your phone and edit built prob, edit line TIMA=0 and will work
so i have to root it again ?? i have some problems (fear) doing it again because i don't know how to do it right
Or othe way to make it work. But need to be Root. Delete v5 restar install v4. Loging abd update. Done
I would recommend you the recovery mode if you don't want root the phone again. You have full access to system files in recovery mode, but only if it is mounted.*
Many stock recoveries don't have option to mount system partition or don't have adb access for commands. You might want a custom recovery for this. And no, you don't need root for custom recovery. So now all you need to do is, boot into recovery (custom preferred), mount system and then using adb, pull the build.prop file:
adb pull /system/build.prop <path to save file>
Now edit the file you just extracted and save it*
Push it back to your phone via adb
adb push <path to your file> /system/build.prop
You're not done yet. You need to set permissions too. So open she'll via terminal
adb shell
Now from shell, set the right permissions
chmod 644 /system/build.prop
And you're done
Reboot your phone and see the changes