hi first of all i'm not a dev and i don't know much about deep functions, so i write this question as a regular user and to find answers that can be advanced in nature but should be easy to understand.
there are flashable zips available to break the lock screen security and to gain access to android device and access all apps with accounts logged in and everything else!
first of all i want to secure my device from any weak points like this, i don't want anyone to bypass my lock screen, but as i talked to a person about it, it looks like i can't survive this "Lock Screen Security Bypass" hack which removes some keys to break the lockscreen security.
then there was a suggestion to not root / unlock bootloader, not to flash custom recovery and not to turn on usb debugging. well even if i do that, there is still a possibility to unlock bootloader from odin mode and or may be flash something from there to break lock screen security, and gain root access and then flash this security bypass zip.
so what i can think is the only way to survive is to encrypt whole device? am i right?
and if i have to encrypt my whole device including ext-sdcard then will all the tweaks work? like xposed framework and it's apps etc? will my phone eat more battery? if i encrypt my device will i survive this lock screen bypass hack ?
please give your opinions by looking at all the possibilites. thanks in advance.
or may be if there is a way to put a password on custom recovery as well as all other modes from where someone can flash things into my phone?
i never heard of anything like that, but why no one is thinking about it?
no one?
Sent from my GT-N7100
Does android/S7 have anything equivalent to apples find my phone which effectively turns it into a brick when stolen? If so, how?
In the Google app settings there is a phone finding service you can activate, and some CSCs have "Find my mobile" which allows you to remote wipe / brick etc
but does this stop the device from being wiped if stolen and activating like apples activation lock does?
lofty5 said:
but does this stop the device from being wiped if stolen and activating like apples activation lock does?
Click to expand...
Click to collapse
Yes, provided you keep the bootloader locked.
EDIT: Technical term is FRP(Factory reset protection), and it's tied to the Google account used to set up the device
This is what i was thinking, that the boot loader has to be locked in order to do this. would keeping the phone rooted be an option or make it insecure?
Could i do this on a region that isn't my csc without bricking the phone? I'm pretty sure that as long as the source files are stock samsung any region should work. Can download mode be protected?
I'm currently backing up my device after which i am enabling all the security options and am going to try to hack into the phone to see if its worth doing or not. If it can be broken easily id rather keep it unprotected for convenience, but if i can protect the phone I'd rather do this as i lost my phone a couple of years ago and there was no protection on it at all nor on the sd card, which sucked.
bump
Root almost always requires a modified boot image which will immediately be blocked by a relocked bootloader. So root and FRP cannot coexist as they counteract each other. FRP itself is not CSC locked, only the remote control features. There are ways around it but they are mostly only present in older firmware, which is blocked by bootloader downgrade fuses. So yeah, pretty unbreakable if the device remains full Knox stock.
Hint: anything confidential should never be stored on the external card, or should be encrypted if it is (eg. Turn on encryption in titanium backup). Internal memory is always encrypted on stock firmware.
Edit: Download would work as usual. So basically what would happen is if a malicious firmware was flashed the bootloader will block it at boot and trip the Knox fuse, essentially burning all data on the device. If the crooks are smart they can still make use of the device, but most aren't so you should be safe
I'm using Cerberus, it can disable the shutdown/reboot menu on the lockscreen.
CurtisMJ said:
Root almost always requires a modified boot image which will immediately be blocked by a relocked bootloader. So root and FRP cannot coexist as they counteract each other. FRP itself is not CSC locked, only the remote control features. There are ways around it but they are mostly only present in older firmware, which is blocked by bootloader downgrade fuses. So yeah, pretty unbreakable if the device remains full Knox stock.
Hint: anything confidential should never be stored on the external card, or should be encrypted if it is (eg. Turn on encryption in titanium backup). Internal memory is always encrypted on stock firmware.
Edit: Download would work as usual. So basically what would happen is if a malicious firmware was flashed the bootloader will block it at boot and trip the Knox fuse, essentially burning all data on the device. If the crooks are smart they can still make use of the device, but most aren't so you should be safe
Click to expand...
Click to collapse
I had it rooted last night with magisk and boot loader locked, however it did refuse to boot due to modification and frp locked after a factory reset, but worked fine prior to this.
is it not worth doing if not fully knox stock?
I only really use root these days for titanium backup and perhaps ad blocking.
How difficult is it for a hacker to get back into the phone, I mean iPhones are practically impossible to get back into if on the latest firmware.
Blacky25 said:
I'm using Cerberus, it can disable the shutdown/reboot menu on the lockscreen.
Click to expand...
Click to collapse
is your boot loader locked and rooted?
lofty5 said:
is your boot loader locked and rooted?
Click to expand...
Click to collapse
Yes it is, I know it is also possible to delete everything but when I really loose my phone I will hope that people without the knowledge find my phone.
lofty5 said:
I had it rooted last night with magisk and boot loader locked, however it did refuse to boot due to modification and frp locked after a factory reset, but worked fine prior to this.
is it not worth doing if not fully knox stock?
I only really use root these days for titanium backup and perhaps ad blocking.
How difficult is it for a hacker to get back into the phone, I mean iPhones are practically impossible to get back into if on the latest firmware.
Click to expand...
Click to collapse
About as difficult as an iPhone to crack provided it's on latest firmware with a locked bootloader, even preventing reuse. FRP remains fully operational irregardless of Knox warranty status. It's possible to keep encryption while rooting (though this depends on strictly "close to stock" firmware, specifically by using a stock kernel binary. Ramdisk mods like Magisk or SuperSU are fine) to retain the data protection so thieves wont be able to deduce anything about you, but as long as the bootloader is unlocked a thief could always just wipe and reuse the device.
CurtisMJ said:
About as difficult as an iPhone to crack provided it's on latest firmware with a locked bootloader, even preventing reuse. FRP remains fully operational irregardless of Knox warranty status. It's possible to keep encryption while rooting (though this depends on strictly "close to stock" firmware, specifically by using a stock kernel binary. Ramdisk mods like Magisk or SuperSU are fine) to retain the data protection so thieves wont be able to deduce anything about you, but as long as the bootloader is unlocked a thief could always just wipe and reuse the device.
Click to expand...
Click to collapse
I am now back to full stock with no root. It’s not the same now as when i first started rooting back on the arc s, back then you could literally do nothing without it, things so basic such as a firewall. I only at this minute have one issue.
How in god’s name do you do a full backup of apps WITH data. I have helium but it refuses to backup most of them, it’s not a big deal now as i have re-setup the programs it wasn't compatible with. However, it would be handy to know for future reference, is there anything that can do a full backup with app data that doesn’t require root? If not, never mind I guess.
lofty5 said:
How in god’s name do you do a full backup of apps WITH data. I have helium but it refuses to backup most of them, it’s not a big deal now as i have re-setup the programs it wasn't compatible with. However, it would be handy to know for future reference, is there anything that can do a full backup with app data that doesn’t require root? If not, never mind I guess.
Click to expand...
Click to collapse
Not quite sure as I've always been rooted. Kies or Google Cloud Sync might be sufficient?
CurtisMJ said:
Not quite sure as I've always been rooted. Kies or Google Cloud Sync might be sufficient?
Click to expand...
Click to collapse
is the latest s7 fw protected against this attack?
https://forum.xda-developers.com/sa...galaxy-on5-metropcs-sm-g550t1-t3439557/page13
and root junkies hack?
lofty5 said:
is the latest s7 fw protected against this attack?
https://forum.xda-developers.com/sa...galaxy-on5-metropcs-sm-g550t1-t3439557/page13
and root junkies hack?
Click to expand...
Click to collapse
Only one way to find out An easy way to test would be to see if the phone responds to the USB command to dial the number, so no need to reset to check.
Hi, im forget the pattern code, i already use the fingerprint code to unlock the phone, but when i try to enable the iris unlock, the phone asks me for the unlock pattern.
Is there any way to remove the pattern without factory reset the phone or losing the data?
Are you rooted?
somewhere on xda i think there is a zip you can push to your device to remove the pattern.
Brief about phone
I need to open this phone without losing data. This is PIN locked phone[Deceased Person's Phone]
Developer Mode Disabled
Any way to unlock it.
Via
ADB
I need how to root it and remove its pin number any how.
While rooting there should not contain any risk that involves data wipe.
New update
I cant flash twrp via odin
Custom Binary block by FRP lock
Question: If i flash orginal stock rom would it delete all the files and setting stored in phone
There should not be any data loss coz it needs to open phone of deceased person.
Did you unlock the phone?
I am in a similar position with my samsung J700F.
Did you find any success mate?
cruelgrimz said:
Brief about phone
I need to open this phone without losing data. This is PIN locked phone[Deceased Person's Phone]
Developer Mode Disabled
Any way to unlock it.
Via
ADB
I need how to root it and remove its pin number any how.
While rooting there should not contain any risk that involves data wipe.
New update
I cant flash twrp via odin
Custom Binary block by FRP lock
Question: If i flash orginal stock rom would it delete all the files and setting stored in phone
There should not be any data loss coz it needs to open phone of deceased person.
Click to expand...
Click to collapse
Hi,
While going around this forum, i saw a lot that people where claiming that an unlocked phone had it's data fully secure if it was encrypted. Is it actually the case ?
From what i understand, a phone isn't encrypted with your pin code / password. It first generates keys, encrypts the phone with them, and then cyphers these keys using your code. The keys are then stored in a special partition of the phone's memory.
(And thus, if the phone needs be wiped, either remotely or because of too many failed attempts, it just deletes this partition)
Normally, it would be impossible to brute force a lock screen, since the phone will prevent more than ~ 15 attempts. However, with an unlocked device, couldn't an attacker with sufficient knowledge of the hardware be able to use the ability to flash custom boot images / roms to access these keys, and brute force them, bypassing the lock screen ? A sufficiently powerful computer could be able to brute force a 4, 6 or even 10 digits AES key in hours, if not minutes.
So :
1) Is this correct, and how the android encryption works ?
2) if it is, is there any device specific protections to prevent that ?
3) is there any ways to counterbalance that threat with an unlocked device, other than setting a 10 characters password ?
Thank you.
Short answer:
If phone's bootloader is unlocked, someone could take your phone, flash a malicious ROM that contains keystroke loggers or something, and then return the phone to you and wait for you to type your PIN or decryption password. It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
xXx yYy said:
It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
Click to expand...
Click to collapse
I guess this wanders into device specificness, but, at least for my device, pixel 6a, i read that you should never re-lock a bootloader without a completely stock firmware / boot image. So, how can you protect your bootloader while keeping your phone rooted ?
What has a device's bootloader to do with device's Android OS ? Nothing!
xXx yYy said:
What has a device's bootloader to do with device's Android OS ? Nothing!
Click to expand...
Click to collapse
The lockability of the bootloader depends on the signing of the OS!?
you are right. do not lock bootloader on pixel devices. imagine device is fully stock and locked, now some OTA brick device and recovery mode not able to unbrick by sideloading full OTA image - this is nightmare. google's solution is to RMA device, they do not provide any flash tool other than fastboot or WebUSB flash tool (via adb lol)
on the other hand, encryption is secured against bruteforce by gatekeeper (in TEE). as long as your device is powered off your data remains encrypted, unless you decrypt with credentials (we won't talk about the .dismiss() bug on decrypted devices)