[Q] Help, Android system encryption, too many characters - Security Discussion

Well crap! I finally decided to make the jump to encrypt my phone, Samsung Galaxy S4 using the built-in Android encryption.
I was a little disappointed that the password I choose to boot my phone is the same password I use to wake my phone. I either have to choose an annoyingly long password every time I turn on the screen, or an insecure password at boot, because they're one in the same.
I found a genius work around that could separate the passwords and fix the problem, here:
niki.hammler >o< .net/w/index.php?title=Android_Device_Encryption&oldid=1400
Worked amazing. In a nutshell, it uses Secure Settings/Tasker to change the device PW to a 4-digit pin, and then uses Terminal emulator and "cryptfs changepw" to change only the encryption keyphrase. Couldn't be happier.
One problem has just occurred, however. Using Terminal to change the cryptfs password, I made a bad mistake. I fed it a password that is 17 characters long and it was happy to take it. Turns out, Android only supports 16 characters, so when I reboot my phone, I can only type in 16 characters. I tried entering just the first 16, but it's a no go. I'm completely locked out. No clue what I can do. Please help!

I guess there's no way around it....

Related

[Q] android brute forcing

Hello,.
I'm using a nexus 4 with encryption (completely stock android 5.1), but with a short pin for easy accessibility. Now as far as i know, if a thief gets hold of my phone, they can easily bruteforce the pin and gain access to everything stored on my phone, rendering the encryption useless.
What is a good way to actually secure an android phone with encryption, without completely giving up on usability (like having to type a 10+ character password every time you want to check your messages)?
Also, is there a way to make the decryption password you have to enter when starting up the phone different from the pin used for screen unlock?

Password/pin security issue!

I already posted here about an issue where both my wife's and my GS7E's had a login issue where our pin/password would not be accepted, but with new info thought this should stand alone. It happened again this morning. I awoke to a request for my password to "protect" my fingerprints. The password like the pin in the previous 2 incidents is not accepted. My phone is locked and it seems after contacting both Sprint and Samsung? The only option is a factory reset. I spoke to a rep at Sprint and she said this is a known bug and they are receiving many calls about it. Sometimes, after rejecting the password/pin repeatedly it will suddenly work, but I'm already at the 1hr between tries point. I even tried to use the google dashboard but it will not replace the password because the phone is already locked with a password. I have removed security from my wife's phone to prevent this. I will do the same with my phone when I gain access. After loving the phone, I'm now at a point where I'm considering returning both for either G5's or holding out for the HTC 10 which should be released within my 30 day window. I don't know if this is specifically fingerprint related or pin/password? If you don't want to face a factory reset? You may want to consider turning off login security till a fix is found. Waking up with a locked device and no way of fixing without completely wiping the same is not conducive to a good day.
Why not just use Fingerprint with pattern backup?
its the update APC thats warned about in this forum
it breaks all kinds of stuff
(I posted this in the other topic but will post it here as well to help further discussion)
Yeah, it's the strangest thing. This happened to me as well only it was a password and not a pin. I honestly thought it was a mistake on my part. About a day after initially getting the device and setting up the fingerprint and password, my phone died ( I was using Gear VR and it didn't alert me that battery was even low), and when I rebooted it said something like " enter password for storage encryption" or something of the sort. I assumed it was my unlock password but it wasn't working....
So I looked all over the internet and all I could find were recommendations to try your normal unlock password. I tried and tried until I got the dreaded "you have 9 attempts remaining before factory reset" popped up. That's when I thought back to when I first set up the password and how I wasn't used to the edge of the screen yet. So I kept accidentally hitting keys on the edge while I was typing (because normally you can rest your hand on the edge, but on this if you do that you're pressing the edge of the screen). So I tried my exact password with one of the characters as a common "typo" that I kept making for that letter. And voila! It worked! Now the weirdness continues.
At this point I'm happy I figured it out but found it SO odd that I typed that password so many times and input a typo.... I must had used that password at least 15 times over that day....the odds of me doing a typo every time..slim. So the whole thing felt extremely sketch so I immediately went to change the password (and just turn off security in general, don't need it, just was playing around with fingerprint and needed password) after it booted up. And, of course, even with the typo the pass no longer worked. I tried it until the wait time between each try was an hour, heh. I tried all sorts of typo variations of the password, but to no avail. But, at least the phone was now ON. So I was able to backup my SMS, Apps, Settings, Themes, etc and prepare for the factory reset. What a wild ride.
I have no idea why it even happened in the first place. I never turned on any encryption and I never turned on "require password on boot up." Those settings were even toggled off when I checked while the phone was still on. (couldn't see all settings without password though).
Even weirder, I have no idea why the password with the typo even worked that one time to get it to boot. That same password never worked again.
IDK how widespread this is, but be CAUTIOUS and back up the things that you need to. Also, sign up for a Find My Mobile type service to unlock your phone and give you remote access should happen to you. Or just disable the security altogether until they announce a bug fix for this issue. I thought I was the only one with this issue and chalked it up to a weird freak occurrence. So thanks for the topic as I now know it wasn't just me.
corey52 said:
(I posted this in the other topic but will post it here as well to help further discussion)
Yeah, it's the strangest thing. This happened to me as well only it was a password and not a pin. I honestly thought it was a mistake on my part. About a day after initially getting the device and setting up the fingerprint and password, my phone died ( I was using Gear VR and it didn't alert me that battery was even low), and when I rebooted it said something like " enter password for storage encryption" or something of the sort. I assumed it was my unlock password but it wasn't working....
So I looked all over the internet and all I could find were recommendations to try your normal unlock password. I tried and tried until I got the dreaded "you have 9 attempts remaining before factory reset" popped up. That's when I thought back to when I first set up the password and how I wasn't used to the edge of the screen yet. So I kept accidentally hitting keys on the edge while I was typing (because normally you can rest your hand on the edge, but on this if you do that you're pressing the edge of the screen). So I tried my exact password with one of the characters as a common "typo" that I kept making for that letter. And voila! It worked! Now the weirdness continues.
At this point I'm happy I figured it out but found it SO odd that I typed that password so many times and input a typo.... I must had used that password at least 15 times over that day....the odds of me doing a typo every time..slim. So the whole thing felt extremely sketch so I immediately went to change the password (and just turn off security in general, don't need it, just was playing around with fingerprint and needed password) after it booted up. And, of course, even with the typo the pass no longer worked. I tried it until the wait time between each try was an hour, heh. I tried all sorts of typo variations of the password, but to no avail. But, at least the phone was now ON. So I was able to backup my SMS, Apps, Settings, Themes, etc and prepare for the factory reset. What a wild ride.
I have no idea why it even happened in the first place. I never turned on any encryption and I never turned on "require password on boot up." Those settings were even toggled off when I checked while the phone was still on. (couldn't see all settings without password though).
Even weirder, I have no idea why the password with the typo even worked that one time to get it to boot. That same password never worked again.
IDK how widespread this is, but be CAUTIOUS and back up the things that you need to. Also, sign up for a Find My Mobile type service to unlock your phone and give you remote access should happen to you. Or just disable the security altogether until they announce a bug fix for this issue. I thought I was the only one with this issue and chalked it up to a weird freak occurrence. So thanks for the topic as I now know it wasn't just me.
Click to expand...
Click to collapse
FYI, find my mobile services will allow you to lock an unlocked device with a new password, but will not allow you to lock an already locked device. So far, it appears that using a pattern as the fingerprint backup is immune to the issue, pin and password are not. ALSO, the issue can go away and your pin/password is accepted, even after many tries. The worst case scenario is when this happens after a restart, when you must use your backup method (pin, password or pattern) instead of a fingerprint.

CM13, disabling periodic password request

Dear All,
my phone is periodically requesting password insead to accept the fingerprint (every 2 days?). Because i have a very long passphrase, encrypted device with boot-password this "feature" has 0 benefit for me. As touchsceen typing-hater (this is pure digital paralympics) i really get frustrated when i have to type in this passphrase. Is there any way to get rid of this "feature"? I don't want to switch back to a simple PIN.
If your talking about passphrase on boot, you can disable it by re-setting up you password, and the first thing it asks you is if you want secure boot
Sorry, i though i was writing in english but it seems that it was mandarin. Absolutely not, i mean the unlock password.
? no, it periodically locks the device down for more security. When this happens does it read "password needed for security" or something like that?
Yes, and this is just senseless. I've replaced the A9 by a S7, so doesn't interest anymore.

Locked out of Galaxy S7, can't afford to lose data on phone, need help now.

Hi,
Yesterday I set a fingerprint lock on my S7. It prompted me to enter a backup password and some other password, both with different requirements (one only had to be 4 letters, one was longer and had a number) and the longer one had to be confirmed whereas the shorter one did not. I set this up and tested it a few times, everything seemed to work great. Later I let my phone idle and it turned the screen off on its own for the first time, ever since then the phone has not been able to recognize my fingerprint. It doesn't even say "No match", it just acts like I'm not even putting a finger on it at all.
Tried over and over and eventually tried the backup password, which for some reason is the shorter one without a number. I put in what I am absolutely sure I put in, and it wouldn't take it. Tried a couple more times, even got so desperate as to emulate potential typing errors I might have made (since no confirmation for that password) and nothing worked.
Eventually I hit the timed lockout and I had to stop trying things then. So I went online and searched and discovered Google's Android Device Manager. I heard that if you lock the phone with it you can unlock it through the same manager and the phone will be unlocked. First thing that was odd was that ADM didn't give me an option to enter a password, just a contact message and phone number. I still put in a message and hit lock, and... nothing changed on ADM at all.
Now my phone shows the stupid message every time I wake it up and every few seconds on the lock screen (I can still attempt to unlock the phone with the password and use phone/camera though), but ADM doesn't even give an option to unlock, just change the locked message. I can't even get rid of the damn lock by changing it to blank. I heard Samsung offers a similar service but I never made a Samsung account and apparently one is required to use it.
Beyond that the only solution I've found is wiping the phone (which I can easily do, because there's an option in ADM for it which presumably works), which I really don't want to do since I have a lot of pictures and data on the phone that aren't backed up that I would absolutely hate to lose.
To make things worse it appears that this issue is specific to my phone/the S7/Samsung phones/something, as I have my old Nexus 4 listed in ADM as well and going through the options for it I see it has the ability to define a password, but no such thing for the S7. I really have no clue where to go from here, tons of googling hasn't found me any method I haven't already tried or can't do.
I'd be so grateful if someone here would at the very least find a way for me to recover data before wiping it to get rid of the lock.

Getting lockscreen password from Redmi Note 9S possible?

Phone information:
It's a Redmi Note 9S (miatoll)
Phone has LineageOS (https://wiki.lineageos.org/devices/miatoll/) on it
Open bootloader
USB debugging is enabled
It is on and the lockscreen password has already been entered a few times
Story:
Got the Redmi Note 9S used for my girlfriend, installed LineageOS on it and unfortunately forgot to disable USB debugging. So it was in the state as described above in "Phone Information". The phone was found by my girlfriend's mother and because the mother didn't know she had such a phone, she wanted to know what she was doing with the phone. So the mother went to a friend and this friend found out the password of the phone within 5min according to the description of my girlfriend. So he really got the password displayed on the PC. The password was very strong and looked like "Z6u$e2%&Fq!k26W2", so he didn't bruteforce it.
I know he did it using fastboot and then maybe installed something over it. My girlfriend said he had a terminal open on his computer with green font color. I was shocked that he did it so easily, which is why I really wanted to know how he did it. Did over 18 hours of research, read through many forums, read up a lot on reddit and it was all about removing the password at most, but not about getting the password.
Question:
How did he do that? Is such a thing even possible?
I would also like to hear your guesses on how he did it or do you think my girlfriend lied to me? but I can't imagine that and I don't know why she would do that. The whole thing was several months ago, but I'm dying to know how!!!
don't believe storytelling. who uses "Z6u$e2%&Fq!k26W2" for lock screen? have you even tried it's possible to set? mine only allows [A-Za-z0-9]
Password storage in Android M
General Android discussion, some focus on Android security. Updates about my WWWJDIC, Kanji Recognzier and Hanzi Recognizer apps.
nelenkov.blogspot.com
aIecxs said:
don't believe storytelling. who uses "Z6u$e2%&Fq!k26W2" for lock screen? have you even tried it's possible to set? mine only allows [A-Za-z0-9]
Password storage in Android M
General Android discussion, some focus on Android security. Updates about my WWWJDIC, Kanji Recognzier and Hanzi Recognizer apps.
nelenkov.blogspot.com
Click to expand...
Click to collapse
The password I wrote was just to symbolize how strong the password was. How the actual password is, I do not know, only that it was 16 characters long. Maybe I got it wrong with my writing, sorry English is not my native language
however, iloveyou$unshine is not a strong password and can be bruteforced with rainbow tables and crypto miners. keep in mind you must enter password every time you grab your phone. you must have paranoid girlfriend
aIecxs said:
however, iloveyou$unshine is not a strong password and can be bruteforced with rainbow tables and crypto miners. keep in mind you must enter password every time you grab your phone. you must have paranoid girlfriend
Click to expand...
Click to collapse
It wasn't such a password. The password was random like in my post. Whether with special characters or not, I do not know. I will ask her again. This was also not her main phone, but should only serve as a second phone to not be tracked so strongly as with stock Android or IOS.
In the meantime, she has a Google Pixel 7 Pro with GrapheneOS. She is not paranoid. She and I are increasingly concerned about our privacy and don't want to be permanently tracked by Google or anyone else.
don't ask her. if you don't believe in bruteforce you should let show you the magic from her mother's friend. maybe he's working for qualcomm or chinas government
aIecxs said:
don't ask her. if you don't believe in bruteforce you should let show you the magic from her mother's friend. maybe he's working for qualcomm or chinas government
Click to expand...
Click to collapse
So the only way that comes to your mind is that he did it via Bruteforce? Do I understand you correctly? and you don't believe that the password was that strong and since I wrote again that it was a relatively strong password you believe that he had the available power to do it?
He doesn't even work in IT, just in a supermarket

Categories

Resources