[Q] Unlock Android Device - General Questions and Answers

Hi. I'm doing a search in my university about android security.
1. is it possible obtain acess the information of the user if the device android has lock? I tought if i has a recovery custom, i do the backup of the rom, and i restore, when the device restart the informations (log calls, sms, photos) will be in the memory and it will be necessary digit the password to unlock device?
2. if i do a wipe (not data), in reboot the password will be necessary? (wipe system maybe)
3. plug the device in a pc with linux, i can acess some information (log calls, sms...)?
if this ideia isn't impossible, exist a way of the obtain some information of user?
thanks

1. If the device has a passworn/pin lock and a stock recovery, you won't be able to access any data. If it has a custom recovery, you can boot into it and do a backup to gain data. If you apply that backup to a new device, it will still have the password lock as all settings and data remain intact.
2. Yes, any setting is in the /data partition.
3. You won't be able to access and data if the phone is locked.

Related

HELP! Device does not accept PIN during boot after TWRP and SuperSU install.

Hi All,
Today I wanted to install LinageOS on my S7. Before that I wanted to backup my data using Titanium Backup.
To get the full function of Titanium Backup I wanted to root the device before that.
I installed TWRP using heimdall and installed SuperSU from the external SD card.
Then I booted again and during boot the device asked me as usual for my pin (black screen, only pin input and emergency calls possible, NOT the pin input on the lock screen).
But when I entered my pin as usual the device said that the pin is invalid (it is the correct pin).
After several tries I got a message that after 8 more tries my data get will get erased permanently... ;-((
So long story short, does anyone has an idea of how I can decrypt my data on the data partition now???
Things to mention and tried so far:
* During the install of SuperSU the /data partition can not be mounted.
(Also adb shell twrp decrypt your_password does not work because of this I think)
I think this is because TWRP can't decrypt data partitions on Samsung Phones which is a known problem.
But this does not seem to be a problem for SuperSU.
* After I couldn't boot because of the problem the first time I also installed no-verity-opt-encrypt-5.1 in hope for a fix, didn't solve the problem either (But I am not shure if it adds to the problem after reading to a lot of postings today).
* I am not sure if it has to do, that asking for the PIN during boot was enabled in Settings on the device. But there was no hint, that this could be a problem in the instructions I used.
https://wiki.lineageos.org/devices/herolte/install
and
https://forum.xda-developers.com/galaxy-s7/development/recovery-official-twrp-herolte-t3333770
* I am not shure if this all has to do with dm-verity
see: https://twrp.me/devices/samsunggalaxys7.html[/QUOTE]
This device uses dm-verity!
This means that swiping to allow system modifications will prevent you from being able to boot if you are using the stock kernel. In order to bypass dm-verity's boot prevention, you will have to install a kernel that has dm-verity disabled in the fstab.
Click to expand...
Click to collapse
I am also not shure if Dm-verity and Forced Encryption Disabler is already included in SuperSU.
* Versions used:
Buildnumber: NRD90M.G930FXXU1DQEF
Baseband: G930FXXU1DQD7
twrp-3.1.1-0-herolte.img
SR3-SuperSU-v2.82-SR3-20170813133244.zip
no-verity-opt-encrypt-5.1.zip
* I also tried to make a backup of the encrypted partitions but copying of the partitions using TWRP and adb does not work because the phone gets reconnecting ca. every 45 seconds. And it seems it is not possible to decrypt an encrypted android partition on linux or windows even with the correct pin. (right?)
* The only thing I found is this, but I am not shure if this is the way to go, besides I don't know how to get the encrypted partitions of the phone.
http://www.forensicswiki.org/wiki/H...ypting_Samsung_Full_Disk_Encryption_.28FDE.29
I also saw as similar post like that today, but I have a pin and no password and I need to unlock my data partition with the correct pin (right?).
So does anyone has an idea how to decode the data partiton or to access my data in any way?
If I will be able to get my data of the device I could simply flash LinageOS and everything should be fine.
Thanks!

FRP Lock Removal TWRP,CWM on All Android's

FRP Lock Removal Methods
MTK Devices & SP Flash Tool
Download a scatter file for your device.
Open Android_Scatter.txt file
Find FRP Partition information
Copy FRP Start & Length from Scatter File.
Open Android_Scatter File in SP Flash Tool.
Go to Format Tab.
Select Manual Format Option.
Select Region = EMMC_USER.
Begin Address = Get From Scatter File.
Format Length = Get From Scatter File.
Press Start.
Turn Off your device.
Place a USB Cable into the PC.
Place the other End into your device.
Wait for Format OK.
Remove the USB Cable.
Reboot into Recovery using Button Combo ( usually hold Volume Down + Power )
Navigate to Factory Reset .
Complete a Factory Reset and Reboot.
Other Devices & Custom Recovery
Download FRP Destroyer.zip
Reboot to custom recovery.
Wipe Data, Cache & Dalvik cache.
Select Install Zip.
Navigate to FRP Destroyer.zip.
Flash FRP Destroyer.zip.
Wait for reboot.
Other Methods of Removal
Edit System Build.prop
Extract Flashable ZIP File
Open System/Build.prop
Comment Out FRP Line
Code:
ro.frp.pst=
by adding a # to the start.
Comment Example :
Code:
#ro.frp.pst=
After Removal Measures
Wipe Data & Factory Reset.
Do Not Connect to WiFi during Setup Process.
Remove SIM Card to ensure no Internet Access.
After Setup is Completed, Reinsert the SIM Card.
After Setup is Completed, Use WiFi Again.
Warnings & Disclaimers
THE INFORMATION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE INFORMATION.
Tips
You can get the FRP mount point address from getprop
Code:
getprop ro.frp.pst
Zip will now automatically do the getprop...
Great awesome dude, this is what I've been looking for. Thanks a lot:good::good:
This is an interesting post, thank you.
I tried for a long time to learn where the FRP flag is stored and gave up after I dd'd /dev/zero to the frp partition of a galaxy S7 and it was still locked.
Seems there is a little more to it, no? Care to explain what the "disable" binary does?
Also, I wouldn't be surprised if FRP flag is stored in quallcomm trustzone or similar protected storage on newer devices.
anyone tested? this looks good! though can it work without custom recovery??
Can i boot TWRP via fastbook instead of having to rely on installed TWRP?
I have a device with FRP that is completely OEM.
No good for me.
Have a factory device with FRP.
So cant get to Fastboot Mode to Boot TWRP.
Can't flash TWRP as it's blocked by FRP.
So this is kinda useless.
Thanks anyways.
welp
i tried every way in this post and none of them worked,
starting to think there really ins't a way to get this crap off, it cost me some serious money too.
the .zip files just said "no google key" and "no tee key" in the top right with no context as to how the ZIP works.
SPFlash did what it said it would do... but FRP was just better saying on the phone lmao
I messed up and did a full wipe through TWRP on a MI5 without realising FRP was a thing.
Gave this a go but it didn't work. I actually managed to remember the account details the phone was linked to afterwards. But even with the correct account details it wouldn't pass the FRP screen. I'm not 100% sure if it was because I ran this tool -- but a warning -- it didn't work for me and might cause issues if you do eventually get hold of the Google account details.
The ROM i was installing was LineageOS 16, apparently they now enforce FRP (probably to keep Google happy). To get the phone working i flashed an old LineageOS 14.1 zip i had from Jan 2018 (i knew there was a reason i keep old files) which didn't enforce FRP.
After the old ROM booted I did a factory reset through the System menu (i also had logged in with the account i remembered, but that is probably not required), whatever the Android factory reset does it clears the FRP flag. When i wiped and installed Lineage 16 again through TWRP the setup process was normal.
The solution to FRP seems to be to get hold of a ROM that doesn't enforce Googles crap, and do a factory reset within Android. Obviously you need TWRP or another custom bootloader already installed.
@Zillinium
Can you or anyone help me with putting an Alcatel signature to the FRP_Destroyer zip files so I can flash it by adb sideload and in the standard recovery. The device has no adb or fastboot that works and all the exploits I have seen to get in to chrome and use other software to get into settings etc - have been patched. Obviously USB Debugging is not enabled
adb sideload sends the file and it fails on the signature missing
phatfish said:
I messed up and did a full wipe through TWRP on a MI5 without realising FRP was a thing.
Gave this a go but it didn't work. I actually managed to remember the account details the phone was linked to afterwards. But even with the correct account details it wouldn't pass the FRP screen. I'm not 100% sure if it was because I ran this tool -- but a warning -- it didn't work for me and might cause issues if you do eventually get hold of the Google account details.
The ROM i was installing was LineageOS 16, apparently they now enforce FRP (probably to keep Google happy). To get the phone working i flashed an old LineageOS 14.1 zip i had from Jan 2018 (i knew there was a reason i keep old files) which didn't enforce FRP.
After the old ROM booted I did a factory reset through the System menu (i also had logged in with the account i remembered, but that is probably not required), whatever the Android factory reset does it clears the FRP flag. When i wiped and installed Lineage 16 again through TWRP the setup process was normal.
The solution to FRP seems to be to get hold of a ROM that doesn't enforce Googles crap, and do a factory reset within Android. Obviously you need TWRP or another custom bootloader already installed.
Click to expand...
Click to collapse
I did a similar thing but without the need for an old lineageOS build. Just install lineageOS without gapps, factory reset from there and then you can reinstall with gapps.
So if your phone can have a custom rom without gapps FRP should be easy to bypass.
Zillinium said:
FRP Lock Removal Methods
MTK Devices & SP Flash Tool
Download a scatter file for your device.
Open Android_Scatter.txt file
Find FRP Partition information
Copy FRP Start & Length from Scatter File.
Open Android_Scatter File in SP Flash Tool.
Go to Format Tab.
Select Manual Format Option.
Select Region = EMMC_USER.
Begin Address = Get From Scatter File.
Format Length = Get From Scatter File.
Press Start.
Turn Off your device.
Place a USB Cable into the PC.
Place the other End into your device.
Wait for Format OK.
Remove the USB Cable.
Reboot into Recovery using Button Combo ( usually hold Volume Down + Power )
Navigate to Factory Reset .
Complete a Factory Reset and Reboot.
Other Devices & Custom Recovery
Download FRP Destroyer.zip
Reboot to custom recovery.
Wipe Data, Cache & Dalvik cache.
Select Install Zip.
Navigate to FRP Destroyer.zip.
Flash FRP Destroyer.zip.
Wait for reboot.
Other Methods of Removal
Edit System Build.prop
Extract Flashable ZIP File
Open System/Build.prop
Comment Out FRP Line
Code:
ro.frp.pst=
by adding a # to the start.
Comment Example :
Code:
#ro.frp.pst=
After Removal Measures
Wipe Data & Factory Reset.
Do Not Connect to WiFi during Setup Process.
Remove SIM Card to ensure no Internet Access.
After Setup is Completed, Reinsert the SIM Card.
After Setup is Completed, Use WiFi Again.
Warnings & Disclaimers
THE INFORMATION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE INFORMATION.
Tips
You can get the FRP mount point address from getprop
Code:
getprop ro.frp.pst
Zip will now automatically do the getprop...
Click to expand...
Click to collapse
Thank you.

[Q] Prevent encrypted device wipeout from too many failed passwords?

Hi there!
TL;DR: Forgot encryption password, only have 10 tries left before data wipe, how can I backup my phone to get 10 more tries if I don't manage to find the password within 10 tries?
For context:
*ROM: Lineage 14 official build
*Custom recovery: TWRP
*Bootloader: Unlocked
*The phone is not rooted.
*No SD card port.
*The phone is encrypted with a password (not a PIN)
*I don't remember the exact encryption password, so I can't get past the password prompt after booting. But I am sure I can find it if I keep trying. It might take me more than 10 tries to enter all variations though.
*I can't access or mount /data from TWRP (nor can I get past the password promt after booting) without the password.
*After entering the wrong password multiple times, the password prompt says I only have 10 tries left before the data gets wiped, and I must avoid this at all costs. (Since Android 6 or 7, there is a limited number of tries before the phone gets wiped)
My question is: How can I make a backup of the phone in it's current state, so that even if I don't manage to enter the right password after booting the phone 10 times, I can restore the phone in it's current state and still have 10 more tries (and eventually repeat this if I still don't manage to find the password after 20 tries)?
I have found some tutorials that show how to backup /dev/block/mmcblk0, but they require root (I can't install anything in my phone since it's encrypted...). And I am not even sure if it will work to restore the phone in it's "10 tries left".
I also don't have access to /data partition from TWRP without entering the password (it shows "0MB") so I can't backup the /data partition from TWRP.

Problems with de-encrypted userdata partition

Pre Story
I have a couple of Unihertz Atom Mini (Android 9) as Pet Tracker, its the best option for my usage.
The application setup for each device is very complicated so i decided doing one stockrom for all.
After successful rooting the device and permanent de-encrypting the data partition, i stuck with some problems.
first i used a pin in the stockrom, a restore on a second device did result with not beeing able to unlock the device - pin is correct but can not unlock.
So i did a new stockrom image without a pin, the restore worked, system runs fine, but now it seems the system cannot set a pin code.
for the backup restore operations i use sp tools / readback / download and for the userdata partition TWRP over OTG. The atom mini has no sd_card slot
If i restore all partitions, i get also these Chinese letters in the middle of the screen, by restoring only the default partitions not.
(Yes i did a backup before of each device to be sure not losing the device depending nvram
any suggestion how to fix this?

How to back up / recover app data from phone with broken screen

Hi,
I have a Moto G4 Plus and the screen has broken. It no longer lights up or responds to touch. I can get access to the screen with Vysor, and to the shell with adb.
It is running a custom ROM (Arrow OS 10 UNOFFICIAL / 3.10.108-lk.r17) and I have flashed TWRP too.
I want to back up some data from some apps to my new phone (Moto G50 stock ROM: Android 12). I've tried:
Google backup - some apps and data are backed up and can be restored. There are some that are not included and there is not an option to include them
App Backup & Restore from the Play store - failed to install on the new phone.
adb backup -apk [name.of.app] - installs but data is missing on new phone.
Titanium Backup - needs root. I've tried installing Magisk but it says it installs but then says the device is not rooted.
Is there any way I can recover my data?
thanks
comiconomenclaturist said:
Hi,
I have a Moto G4 Plus and the screen has broken. It no longer lights up or responds to touch. I can get access to the screen with Vysor, and to the shell with adb.
It is running a custom ROM (Arrow OS 10 UNOFFICIAL / 3.10.108-lk.r17) and I have flashed TWRP too.
I want to back up some data from some apps to my new phone (Moto G50 stock ROM: Android 12). I've tried:
Google backup - some apps and data are backed up and can be restored. There are some that are not included and there is not an option to include them
App Backup & Restore from the Play store - failed to install on the new phone.
adb backup -apk [name.of.app] - installs but data is missing on new phone.
Titanium Backup - needs root. I've tried installing Magisk but it says it installs but then says the device is not rooted.
Is there any way I can recover my data?
thanks
Click to expand...
Click to collapse
You should be able to boot into TWRP and connect to adb while in TWRP.
Or, try these:
[Tool][Windows] Control a device with a broken screen. Now with touchscreen support!!
I would like to present you my little program written in Visual Basic. This tool lets you use your device through your Windows pc even if your touchscreen doesn't work or you can't see anything. It uses [email protected], which wasn't made by me...
forum.xda-developers.com
[TOOL] ADB Data Recovery (recover data from a phone with broken screen)
**UPDATE** NEW VERSION THIS RELIES ON ADB COMMANDS, SO IF YOU DO NOT HAVE USB DEBUGGING TURNED ON, OR A CUSTOM RECOVERY TO BOOT TO, THEN IT WILL NOT BE AS SIMPLE AS JUST RUNING THE PROGRAM. Another user was having issues because he had an...
forum.xda-developers.com
Broken Android data recovery tool can help you do this. However, as you said, those tool require you to root the phone before recover data. Maybe you could go to phone repair shop for help.

Categories

Resources