Hello folks,
idk if anyone of you guys had a hard time with the same annoying 'feature' on ics roms which forces you to set a PIN/password/pattern lock when you try to install enterprise certificates into your credential storage.
As for myself I need some of these certs to log into the WLAN at my university (which is 802.1x protected). But I don't feel the need of locking my phone.
So I exploited this to go around setting a password for the secure lock screen.
-------------------------------------------------------------------------------
Prerequisites are a rooted phone, a root file browser or adb tools and apparently your certificates.
I tested this on AOKP build 38 and 39 on a rooted HTC Sensation XE and will check this on two other devices the upcoming week.
UPDATE: seems to work even easier, I made the changes inline since the previous workaround did not work in every case.
Step 1:
Download the certificates to your SD card and/or install directly via browser/email etc. Do as you are asked and set up a PIN/password/pattern lock. Remember it
Step 2:
now with your root file browser go to /data/misc/ and recursively copy the folders keychain and keystore to a save place.
These are the folders containing the certificate files.
(See [System settings > security > Trusted credentials] for installed certificates)
With adb tools you can for example do this:
Code:
adb shell
su
cp -R /data/misc/keychain /sdcard/certificates/
cp -R /data/misc/keystore /sdcard/certificates/
Step 3:
Go to [System settings > security] and click [Clear credentials] at the bottom of the menu. Now your previously installed certs are wiped and you are free to set the lock method to [none], [slide] or [face lock] again.
Step 4:
Finally fire up your root file browser again, set /system as read/write and copy the in Step 2 backed up directories back to /data/misc/. They are now installed as the before but since CertInstaller.apk does not get involved, noone forces you to lock your phone.
in adb shell:
Code:
cp -R /sdcard/certificates/* /data/misc/
Now you should be able to find your newly added certificates in the System list under [System Settings > Security > Trusted credentials] in the [User] tab and thus be able to log into your desired WLAN.
I hope this helps some people out there. When I get deeper into developing maybe I will find a 'cleaner' method for this.
have a good night,
.eXa
Thank you for sharing! I have been really looking for this kind of hack.
Sadly I can't use it as my certificate has a different structure: it seems to install 3 files in /data/misc/keystore/
The files are 1000_USRCERT_Polimi ; 1000_USRCERT_Polimi and .masterkey
I tried copying these files to the new directory and even changing the file extension but it did not work.
I don't know if this issue is rom or certificate related.. anyway I am using a stock rom on samsung galaxy s3.. perhaps samsung manages differently certificates..
Have you any clue on this? Thank you!
hey, thanks for the reply.
alright, I figured something new, maybe try the updated version of the tutorial and pls tell me if that works for you.
greetings
.eXa said:
hey, thanks for the reply.
alright, I figured something new, maybe try the updated version of the tutorial and pls tell me if that works for you.
greetings
Click to expand...
Click to collapse
You were fast! and I think you made it: I can now select the certificate in the wifi options dialog (so it's correctly installed).. but I can't test the access to the network until monday.. Anyway I am convinced that it made the trick and it was really simple, I must say.
Thank you so much , this will be useful to many people!
Your trick helped me only partially. It allowed me to install the certificates just fine. But as soon as I try to connect to any 802.1x protected Wi-Fi network, the phone bugs me again with setting the screen lock. So I need a workaround for accessing the key storage.
I tried it and sadly it does not work: it asks me a password to activate the credential storage.. only problem is that I never set a password for it so I can't insert it and use the certificate. Too bad but I think it depends on the certificate.. anyway thank you very much for the help provided!
so, back from vacation.
@grgur: in your setup it is the 802.1x wlan that forces you by corporate policy to lock your phone. i am still trying to figure this out, i will try and search the system where stored wlan access points are stored. update will come as i find a solution to this.
@grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.
since i am in the middle of learning for my exams i have really no time to go on with my android studies... it seems like in the long haul someone has to "fix" the app that handles phone lock and device policies. i know who the bad boy is but i am lacking time right now, so hopefully i get this done by the end of august.
i'll keep you up to date with my progress.
greetings
Is there a one-click fix for this yet? Bloody annoying...
Working great on stock rooted JellyBean nexus 7. Muchos grazis!
As soon as i go back to university (politecnico di milano) i will use your suggestion! Has anyone already tried with polimi wifi network?
.eXa said:
@grievous: which version of android are you on? try clearing your credential storage first, then set up the password and then add the certificates. after that proceed with my tutorial.
Click to expand...
Click to collapse
pippodream said:
As soon as i go back to university (politecnico di milano) i will use your suggestion! Has anyone already tried with polimi wifi network?
Click to expand...
Click to collapse
I was using a samsung stock rom 4.0.4 and the tutorial worked but when trying to connect again it asked me for a credential pwd (that I never set). Now I'm on CM10 so there should be no problem. As soon as I get to Polimi I'll try
doesn't work for me (SGS2 AOKP JB)
Hi!
I've tried to apply this solution to my device (SGS2 AOKP JB), but after clearing the credentials and copying back the keystores/keychains the user credentials cannot be found (Trusted credentials > User is empty).
Could anyone please help me with this one?
Thank you in advance.
zsszabolcs said:
Hi!
I've tried to apply this solution to my device (SGS2 AOKP JB), but after clearing the credentials and copying back the keystores/keychains the user credentials cannot be found (Trusted credentials > User is empty).
Could anyone please help me with this one?
Thank you in advance.
Click to expand...
Click to collapse
I have the same problem. And unfortunately I didn't find solution for that.
Wysłane z Android 4.1.2 za pomocą Tapatalk 2
In fact i was really searching for this i will try this tomorrow !
Sadly exchange with client certificate refuses to work after trying this hack It says that it can't found the cert it needs..
I have found the permanent solution !!!
I hope this will solve everyone's problem here.
These are the steps I have done after installing Eduroam certificates from my university:
1. Obviously I have installed CA
2. I had to choose which lock screen style will I use (I only could have choose between pattern, PIN, and password), it doesn't matter which lock screen style you choose between those three.(FYI I have chosen pattern)
3. After that I have failed to swipe my lock pattern correctly 15 times
4. The "Unlock with your Google account / unlock with your PIN/password" screen appeared.
5. Choose the "Unlock with your Google account" and type in your username and password
6. After that the "Choose your lock style" screen appears. DO NOT CHOOSE ANY OF THEM, since swipe still can't be chosen
7. Just press back to exit this menu.
8. Lock your screen and unlock it ---> You have swipe unlock enabled along with the CA certificates !!!
bubr3g said:
I have found the permanent solution !!!
I hope this will solve everyone's problem here.
These are the steps I have done after installing Eduroam certificates from my university:
1. Obviously I have installed CA
2. I had to choose which lock screen style will I use (I only could have choose between pattern, PIN, and password), it doesn't matter which lock screen style you choose between those three.(FYI I have chosen pattern)
3. After that I have failed to swipe my lock pattern correctly 15 times
4. The "Unlock with your Google account / unlock with your PIN/password" screen appeared.
5. Choose the "Unlock with your Google account" and type in your username and password
6. After that the "Choose your lock style" screen appears. DO NOT CHOOSE ANY OF THEM, since swipe still can't be chosen
7. Just press back to exit this menu.
8. Lock your screen and unlock it ---> You have swipe unlock enabled along with the CA certificates !!!
Click to expand...
Click to collapse
It won't work for me. After 10 failures it says that I have to wait 30 seconds for another try. I have Samsung Galaxy SII with Omega v21 (based on Samsung-stock Android 4.2.1).
TrojanPL said:
I have the same problem. And unfortunately I didn't find solution for that.
Wysłane z Android 4.1.2 za pomocą Tapatalk 2
Click to expand...
Click to collapse
Same thing here. Although files are backup up, there is no certificate showing up on the list. It would be great if someone found a solution, this lock is driving me nuts.
Hi, this seems almost too easy, and it's more of a workaround than a solution, but it works:
Try to login to your network
Accept the request to set up the mandatory screen lock and set one up (any kind)
Connect to your network
Go into Android settings/Security and change the screen lock type to None
Your network credentials are now saved and there is no longer a screen lock.
astarothcy said:
Hi, this seems almost too easy, and it's more of a workaround than a solution, but it works:
Try to login to your network
Accept the request to set up the mandatory screen lock and set one up (any kind)
Connect to your network
Go into Android settings/Security and change the screen lock type to None
Your network credentials are now saved and there is no longer a screen lock.
Click to expand...
Click to collapse
The last time I tried this with my CyanogenMod install, removing a pattern/password/pin was not possible because of the certificates. Only after removing the certificates, the screen-lock-type could be changed to a non-pattern/pin/password type.
Hi,
I have been trying to troubleshoot this problem for some time. The basic problem is that every time the device is shutdown/reset the existing wifi data including known hotspots and passwords is lost.
I have tried factory resetting the tablet (Samsung Note 10.1 SM-T520), along with flashing various stock 4.4.2 Roms (i.e. different release dates and different countries). The tablet was purchased in the US and gifted to my mum in New Zealand, it originally had a stock US rom and now has the NZ rom loaded. Unfortunately Samsung's warranty required us to ship the tablet back to the US to investigate the problem (they would not look at it in NZ as it was not from NZ).
Based on some other threads, I thought it was a problem with the wpa_supplicant.conf file. So I rooted the phone using CF root through odin. I have looked at the wpa_supplicant.conf file and noticed that every time the device is shutdown/reset the
Code:
network={
}
section is removed.
When the device is turned on and I enter the network password the wpa_supplicant.conf file will be updated with the network information and as I said when shutdown this information is removed.
The wpa_supplicant has read/write privilages and user is set to system and group is set to wifi (I did not change these), this is the same for the wpa_supplicant.bak.conf which is created on reboot/shutdown (the bak file doesn't keep the network data on reset either)
In the data/misc/wifi/sockets folder (which the wpa_supplicant.conf references) are the following 4 files:
p2p0
wlan
wpa_ctrl_2719-7
wpa_ctrl_2719-8
This has been an ongoing problem for a year now and has driven me to the point of insanity.
Also, the problem was not originally solely related to the wifi data but also other common settings (i.e. app positioning on the home screen, stored settings), however, after some tinkering and flashing various stock roms some of the problems I was having before I have not been able to re-produce. I am waiting until the battery runs out to see if my home screen will return to the default factory state along with other settings which initially was part of the problem.
Any help or advice would be much appreciated I am happy to do any troubleshooting that may shed some light on the problem. The tablet is current rooted with a stock NZ room running 4.4.2.
Thanks
So an update, with some success
I read another thread that suggested the /efs/ss_data file could be causing the problem. Although this file does not exist... however as part of the troubleshooting process to see if this file might be causing the problem the following was suggested
There is most likely a problem with the phone's /efs/ss_data file. I think it's basically a key for decryption of your Wi-Fi passwords and other things in secure storage.
Root is required for this fix.
First we need to confirm it's a problem with secure storage.
Install BuildProp Editor from Play Store
Set ro.secure.storage=false
Reboot, setup Wi-Fi & reboot again
WiFi should now remember passwords if there was an issue with secure storage.
Now let's fix the secure storage issue since we know what's broken.
Set ro.secure.storage=true using BuildProp Editor
Backup EFS using TWRP/CWM recovery
Delete ss_data in /efs using ES File Explorer in root mode
Reboot, setup Wi-Fi and reboot again
Your Wi-Fi passwords should be remembered now on any ROM/kernel, non rooted and without edits to build.props
Click to expand...
Click to collapse
I didn't have the exact entry as per above but changed ro.securestorage.support to false and my wifi password seems to have saved. At least on one reset test.
As a side note, previously my apps weren't updating automatically and my gmail was not responding, now both seem to be working. Everything I have tested so far that had known problems seems to be working.
Now I have ejected the microSD and have not tested it with it in the device, I'm on 3% battery so running it dead before I do more testing.
Can someone shed any more light on how this problem has occurred and what is the permanent fix? (I cannot delete the ss_data file as the advice above suggests as the file does not exist??!!?
Hello,
I got a little problem with my phone (so freak... I'm explaining)
I got a router before but now I changed it, because I switched to another operator. But it feels like the Wi-fi of my phone is not agree with that.
I "forget" the now inexisting router I had and connect to the new one...
...But I do this each time I turn off then on Wi-fi, and even after switching off the device with enabled Wi-fi!
For now I just have to remember one Wi-Fi router (and, thank you Kika Keyboard developers who made an extensive clipboard where I can store my password <3) but figure out what it will be when I'll have to save more passwords! So yes it's annoying. And I also already lost at leat 8 router passwords because of this strange cr*p.
Fortunately I got a Wi-fi retriever app but this is not auto connecting and this is no longer working!
That was the last point: even the router password retriever app is acting like I didn't connect to a new router since its last analyze!
So could you help me fix this annoying bug?
For now I got an hypothesis: I got XPosed and a device ID changer app.
And it contains an useless but impossible to disable option that is "changing the SSID"
Default configuration make your phone to display your SSID. But not with the local variable where your actual SSID is displayed! No, with the SSID you got when you installed the app. So you can connect to another Wi-fi and still got the same SSID (perfectly useless)
Rest of my theory is that messing up with SSID display may cause network state not to be saved properly. But this is only a supposition. And this is hard to figure it...
So to corroborate this theory, a subquestion: What is the local Android variable where SSID is stored? Tried %WIFI, %SSID but it doesn't work. And I didn't found it after a quick search.
Thank you in advance!
Sorry for wasting your time with so much text :/
https://android.stackexchange.com/questions/124792/my-phone-stopped-remembering-wifi-passwords
There are also people conplaining this problem.
In the link pasted on the top, there is a possible fixes for some fortunate people... But actually this doesn't work for me.
-First, ro.secure.storage or ro.securestorage. thing does not exist on my device. I don't even know if it existed on my device.
-Second, there is something about /efs/ss_data, a file that also not exists on my device.
So I don't know if it's because Samsung built it differently or it has been removed. Keep checking...
After a check of my backups I saw that I got none of the file and property mentionned before.
So I'm unable to know where is the problem...
Atronid said:
After a check of my backups I saw that I got none of the file and property mentionned before.
So I'm unable to know where is the problem...
Click to expand...
Click to collapse
If you're saying that you looked in build.prop but you don't see any lines that say ro.securestorage, you can add those lines if they don't exist. Just edit build.prop and type the line in at the bottom then save build.prop and reboot the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
If you're saying that you looked in build.prop but you don't see any lines that say ro.securestorage, you can add those lines if they don't exist. Just edit build.prop and type the line in at the bottom then save build.prop and reboot the device.
Click to expand...
Click to collapse
This is what I did. Uneffective.
Why? Because I never got this prop before.
I checked my backups where the Wi-fi worked perfectly in case all of this would be due to the fact that this prop vanished because of a dark and random informatic process. And after checks I finally realized that I never had this prop...
Same thing for the file I mentionned before, located in /efs. I didn't lose it because I basically never got it.
So... This means that my device save Wi-fi informations by another way. And because I don't know this way, I cannot fix it...
(Device: Samsung Galaxy Core Prime SM-G361F AOG1 build.
Pre-rooted firmware, release date 23 February.
Latest Xposed Frameworks, Custom build by Wanam )
Atronid said:
This is what I did. Uneffective.
Why? Because I never got this prop before.
I checked my backups where the Wi-fi worked perfectly in case all of this would be due to the fact that this prop vanished because of a dark and random informatic process. And after checks I finally realized that I never had this prop...
Same thing for the file I mentionned before, located in /efs. I didn't lose it because I basically never got it.
So... This means that my device save Wi-fi informations by another way. And because I don't know this way, I cannot fix it...
(Device: Samsung Galaxy Core Prime SM-G361F AOG1 build.
Pre-rooted firmware, release date 23 February.
Latest Xposed Frameworks, Custom build by Wanam )
Click to expand...
Click to collapse
If you got a different router but kept the same network name and password and didn't change anything on your device, that might be the issue, your device is probably looking for your original router because the information you originally saved was saved while the other router was in use.
Try backing up your apps, app data and settings but don't backup your wifi settings or saved wifi information. Then boot to recovery and factory reset and wipe cache and dalvik/ART. Then reboot the device, when it boots to system, try connecting and signing into your network again and see if it saves it correctly.
If the backups you are talking about are nandroid backups created in TWRP, you can also try doing an advanced restore in TWRP, you can restore just the data from your previously working backup without restoring everything else.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Thank you, I'll try this out
Droidriven said:
Try backing up your apps, app data and settings but don't backup your wifi settings or saved wifi information. Then boot to recovery and factory reset and wipe cache and dalvik/ART. Then reboot the device, when it boots to system, try connecting and signing into your network again and see if it saves it correctly.
If the backups you are talking about are nandroid backups created in TWRP, you can also try doing an advanced restore in TWRP, you can restore just the data from your previously working backup without restoring everything else.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Well, tried what you told me and this didn't end well...
I used to make a factory reset of my phone. The problem was fixed. When I connected to the wifi first time, now each time I disabled and re-enabled it automatically reconnected (auto-connect is miraculous lol)
Then I flashed data back with TWRP recovery (backup by Nandroid app because I got a classical TarFork error with TWRP 2.7.0.1...)
When rebooting to Android it spammed 1M layers of various program crash message box.
Then using TWRP I reflashed this time everything I got then rebooting to Android the bootloader freezed.
I thought my phone was dead until I realized I could boot to recovery again. So I flashed an older backup and lost some data (fortunately I backed up SMS and apk).
My device is safe now, but this misadventure taught me lots of things:
-When I did a factory reset data has been erased, but system still the same and it reworked. So maybe an app is locking my Wi-fi like this. But which?
-Nandroid backup app is NOT reliable. If your device isn't clearly identified your backups are corrupt. Gotta erase all Nandroid backups I made.
Solved. Bug due to a bad TWRP backup. Made a fresh install and everything is fine now.
Thread closed.
Hi,
How can I recover from the settings of my android phone a APN password stored on an existing access point saved on my android Samsung work phone?
My device is not rooted and I cannot install app files outside of google store.
The APN is not readily available on the internet as is work
Appreciate advise on method could use to extract this password from the settings.
Would a backup of the device and then extracting the system directory to discover the apn config file work?
dreambro2 said:
Hi,
How can I recover from the settings of my android phone a APN password stored on an existing access point saved on my android Samsung work phone?
My device is not rooted and I cannot install app files outside of google store.
The APN is not readily available on the internet as is work
Appreciate advise on method could use to extract this password from the settings.
Would a backup of the device and then extracting the system directory to discover the apn config file work?
Click to expand...
Click to collapse
Edit: you should provide more info about the phone and android version if you want help
Thanks,
Its a Galaxy Cover 5 Android Version 11. One UI version 3.1
When go into Connections->Mobile Networks->Access point Names->Select the Apn->
There is a APN password already there and I want to copy this or reveal it.
Is this possible?
Thanks for your help