Related
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Elanguescence said:
Hello,
I have a TC55 from Motorola Solutions (i.e. the enterprise division that does not belong to Google). It is a rugged phone with a big battery (4400 mAh), but certainly not the sleekest design. Not sure if there is much interest in this kind of device, and I am certainly no developer - but in case anyone is investigating the TC55, here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
I heard my company is planning to go with these soon for entry level supervisors such as myself. I'm trying to figure out exactly what it is. All the specs and brochures from Motorola keep calling it a mobile computer in a smartphone "form factor" but never actually call it a phone. I didn't see anything in any of the specs to lead me to believe for sure that it was a phone or if it was just an Android computer in a smartphone form factor.
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Thanks.
- Byron
bfollowell said:
Anyway, I just wanted to confirm, that, you're certain this is a phone, correct?
Click to expand...
Click to collapse
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Elanguescence said:
Yes, definitely. You can call and get called, and you can send and receive SMS. It also supports wired headsets, and it is supposed to work with Bluetooth headsets, though I do not have any to test.
Click to expand...
Click to collapse
Thanks for the info but it looks like mine is going to be crippled.
Sort of a let-down really. Yes, it "can" be a phone. Or without a sim card it can be a really powerful Android based mobile computer. That's what it is going to be for most of us. Only a few supervisors with area management approval are going to get units with the phone features working. Still cool. Just not as cool as I'd thought it was going to be.
- Byron
bfollowell said:
Thanks for the info but it looks like mine is going to be crippled.
Click to expand...
Click to collapse
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Elanguescence said:
I see, sorry to hear that. It sounds weird to me to do that, but then again I have no clue about this type of work.
Maybe the crippling could be worked around or undone by people with good Android knowledge - but I suppose it might not be the best idea to go against company policy.
Click to expand...
Click to collapse
I don't think they're doing anything all that special to cripple it. They just won't all have sim cards or a cell plan. Pretty much as simple as that.
I won't be doing anything to circumvent that though or rooting it or anything like that. It's not like it's a gift and it belongs to me or anything. After almost 22 years, I've kind of grown to like my job and getting a paycheck every two weeks.I'd kind of like to keep it for another 15 or 20 years. Who knows, maybe my manager will decide that I need cell service with mine.
I work for a large automaker in the U.S. We have over 2.8 million square feet under roof. Personally, I can be anywhere on in the plant, on the roof, in pits & sub-basements underneath or anywhere on or near the 50 acre plant site at any given time. A lot of what I need to do on a daily basis is through our intranet portal. They're putting in something like 500 new wi-fi repeaters/extenders all around the plant as well. They're purchasing these for over 300 first line supervisors at my site alone. I'm pretty sure they're doing this corporate-wide so I hate to think what they're spending on these things as a corporation. I'm sure it would bankrupt many small nations! In addition to giving us portal access away from the desk, these are meant to replace our aging industrial radio system. As expensive as these are, they're still much cheaper than $1.5 to $2k per person for a radio that has no other built-in functionality and these do seem pretty ruggedized.
Still a shame about the phone functionality though.
- Byron
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
FYI, in case anyone's wondering, there is a version with Google apps on the way (if it isn't already orderable).
Sent from my Moto X
tfnico said:
Can you see what browser it comes with? Can you install (untrusted) APKs directly without rooting it?
Click to expand...
Click to collapse
Browser is a standard one, which comes with other devices. Name is Browser.apk and version is 1.0.9
It's possible to install unsigned APK's without rooting.
google account
Hi,
I got stucked with trying to get google calendars from my google account to TC55.
I found one solution to setup google account as a corporate one, but it's not available anymore due to change in google policy.
I can setup google mail via email account, but that doesn't bring me my calendars to the device.
I tried to install gapps but without success.
Is there any other way?
Thanks.
Motorola work on google apps for TC55.There is in beta.
Elanguescence said:
... here are two things I found so far:
It does not come with any Google apps: no Maps, no Gmail, no Play store and so on.
It is easily rooted with Framaroot using the Gandalf exploit.
(I cannot post this info into the Framaroot thread due to my low post count).
Anyway, maybe this helps someone. I will be happy to try to answer any questions about the TC55, but keep in mind I am no pro and I am not keen in messing around in its internals much more than I have done already.
Click to expand...
Click to collapse
Obviously u rooted, can u install gapps in it?
RjCode said:
Obviously u rooted, can u install gapps in it?
Click to expand...
Click to collapse
No idea, I haven't tried. As far as I understand gapps are usually installed via flashing a zip from recovery, and the stock recovery of the TC55 does not have that option, it only allows reflashing a whole image, if I understand it correctly. Either way, I have come to appreciate the open source alternatives and do not want to get Google on my phone, so I will not try, sorry.
However, going by this thread over at the Motorola support forum, it seems it won't take long until there is official gapps support:
https://developer.motorolasolutions.com/thread/4989
Motorola has now released a TC55-firmware with Google apps. Here are the release notes:
https://atgsupportcentral.motorolasolutions.com/content/emb/docs/ReleaseNotes/Release%20Notes%20-%20%20TC55_RevAPlus_GMS_01%2074G_v10.htm
According to the support email they sent me, to get the actual release you need to perform the following arcane ritual:
Resolution Type is : Software Download
Resolution Id is : 95562
Resolution Title is : TC55 Update Image v1.74 with GMS (Google Mobile Service) Release Note & Factory Reset & Enterprise Enabler package
restrictedSW :
T55N0JGMVRUEN17400.zip 321 MB TC55 OS Recovery Update package
T55N0JGMVAUEN17400.apf 321 MB TC55 OS update package file for deployment using MSP
If you require access to OS files for TC55 1.74 GMS then call the local Support Desk and provide following information:
a. Site ID
b. Serial #(s)
c. Phone #
d. Customer name (First and Last)
e. E-mail address
Click to expand...
Click to collapse
Don't ask me what the local support desk number is, or the site ID, or why they have to make this so complicated.
Hi Elanguescence,
I think I screwed up my tc55 by enabling the multiuser function without first creating the white list. Now all the users (with admin rights) does not have access to all the programs, including Applock Administrator and Multiuser administrator.
To cut things short, do you know of a way to reset the device? I don't mind setting it to factory default and start over. I've googled it and some said to launch Rapid Deployment and scan a barcode from there... but my Rapid Deployment just says "Service Not Ready, Please Wait" and get stuck there.
Any help appreciated. Thank you.
Any TC55 users here? Should be getting my unit w/ GMS soon... How do you guys like it?
Is the bootloader locked?
Sent from my Moto X
Hey!
I want to Buy one TC55 for me. Normally i hate Android and the Google stuff on the Phone but some Motorola Salesman told me there is a version with out.
Now i use an Sybian Device. That mean i am "offline" the hole time and when i need Internet the Phone connect the the Internet.
So how about that phone can i work "offline" to?
I will also use an VPN Tunnel to block on my backend all Connnection i dont want. Does all Data trough this VPN Tunnel ?
How about the Barcode Scanning does it work good?
I know for 2D i need to use the Cam but how works it when i am in some other Application?
Nobody?
Ok. I just bought a TC55 from a Friend and I was wondering if someone would post the update to get GSM and the Factory Reset packages. I went to the page and it requires all the information posted above before. Mine is rooted, but i am trying to install GAPS but the recovery is the basic and cannot. I manually installed Google Play and the Google Play Services but Google Play services keep crashing and the Play Store will not connect, any ideas ?
the are 2 versions one with google s... service and the other without.
So i belive you have the first?
(Can i ask you some question about that phone?)
I believe nothing is secure in my phone including passwords, security pin and even what i'm typing now. Recently, my facebook acct got hacked too.I think my phone is being keylogged. So, I did the following things:
1.First of all, I resetted mydevice
2. Then, I even changed the rom
But, still I feel insecure. I want to know is there any way that the keylogging is kernel masked? Do I need to update the kernel? I need to know about the things I should do to make sure that my phone is completely keylogger free. Please help!
dreamer04 said:
I believe nothing is secure in my phone including passwords, security pin and even what i'm typing now. Recently, my facebook acct got hacked too.I think my phone is being keylogged. So, I did the following things:
1.First of all, I resetted mydevice
2. Then, I even changed the rom
But, still I feel insecure. I want to know is there any way that the keylogging is kernel masked? Do I need to update the kernel? I need to know about the things I should do to make sure that my phone is completely keylogger free. Please help!
Click to expand...
Click to collapse
Im no expert in this subject, but what I would do is Flash a new Rom and kernel, then Monitor packets send and recieved by the phone with an app, or with a router. The rooting method also matters. So, Flash the original OEM Software first. Rooting methods that harvest IMEIs have been reported. So, dont go with the "one clickers" to root your device method, but do it the Long way.
I am curretly also using a Firewall in my phone and also my Connection goes through a router with a Firewall.
Normally, I never enter sensitive data when in a dangerous enviroment, such as an unprotected Caffe WiFi.
If you are concerned about a keylogger, then you should be more concerned on how you got your device infected.
I usually refrain from using the Google Appstore. I mostly use Open Source programs/apps that can be compiled or tested
You should look into Fdroid, which Hosts open source apps, not many, but there are some.
Tell me what to do?
My phone is over heating too. So I installed network log from play store and watched the log. I found my phone sending and receiving packets through kernel.
I have uploaded the screenshots with this. Please have a look and tell me is this normal or if it isn't, what to do?.
Also, before unlocking the lock screen shows some messages as in the screenshot. But, after unlocking there is no such messages exist.
Please help.
dreamer04 said:
My phone is over heating too. So I installed network log from play store and watched the log. I found my phone sending and receiving packets through kernel.
I have uploaded the screenshots with this. Please have a look and tell me is this normal or if it isn't, what to do?.
Also, before unlocking the lock screen shows some messages as in the screenshot. But, after unlocking there is no such messages exist.
Please help.
Click to expand...
Click to collapse
I'm not sure about the message in your lockscreen but the IP's in your kernel log seem to be corresponding with these domains:
Host 24.9.193.104.in-addr.arpa. not found: 3(NXDOMAIN)
Host 233.127.230.115.in-addr.arpa. not found: 3(NXDOMAIN)
Host 54.213.160.61.in-addr.arpa. not found: 3(NXDOMAIN)
Host 108.213.160.61.in-addr.arpa. not found: 3(NXDOMAIN)
233.24.249.123.in-addr.arpa domain name pointer error-cdnzz-com.cdnzz.net.
188.200.125.74.in-addr.arpa domain name pointer sa-in-f188.1e100.net.
As you can see, the first 4 are unresolved, hence there is no domain linked to the IP.
The last 2 do have a domain linked, but I'm have no idea if they are used for malicious stuff.
But like shadowcore said, shouldn't you be more concerned about where you got this infection from?
After resetting and reinstalling a new rom, there are little places left for a logger/malicous-app to have been hiding.
What you could do is install OSMonitor. This is yet another logging app, but it provides you with a list of all the current running processes and connections, with the option to watch it, or kill it. Maybe you can use this to filter out any loggers still on running your device. You can find it on the Play Store.
You can also restrict networktraffic with AFWall+, which is a firewall app. It takes some time to configure, but it does wonders.
Also: Unclefab has written a really good tutorial about securing your phone, in a multitude of ways.
It's here: http://forum.xda-developers.com/general/security/tuto-how-to-secure-phone-t2960077
Traffic through the kernel is normal see:
Code:
https://github.com/ukanth/afwall/wiki/FAQ#34-why-the-kernel-need-an-internet-connection-all-the-time-afwall-shows-appid--11-blocked
You should probably install afwall+ to restrict internet access to some apps.
Hey guys, new here, sorry can't post in recoveries section.
I recently bought a Pixel off ebay and the guy that sold it to me bought it off Gumtree. The original seller left all his stuff on it and the guy i bought it off couldn't even access the phone because it had a passcode lock on it. He tried contacting the owner but he never responded (yayyy).
Then there's me, because I'm smart and was like I CAN JUST FACTORY RESET IT, which kicked in the FRP. Unfortunately Google has had fun developing this phone to be super secure and although I no longer have a passcode to worry about, I can't bypass the FRP and I don't know the original owner's account details.
Here's some details:
USB Debugging is OFF
Only option I have on ADB is sideload
Bootloader is LOCKED
Phone is NOT ROOTED
Currently running 7.1.1
Phone is CARRIER unlocked (I can receive calls and use my data when trying to log into my gmail, which doesnt work because I have to use original account).
Is there any solution to bypass this? Much appreciated. I tried to go through google because I bought the phone off ebay and so the FRP prevents them as I didn't buy it directly off google. Am trying to track down the original owners details via my ebay seller to hopefully force the owner to comply. Any way I can get around this would be amazing.
josiedalek said:
Hey guys, new here, sorry can't post in recoveries section.
I recently bought a Pixel off ebay and the guy that sold it to me bought it off Gumtree. The original seller left all his stuff on it and the guy i bought it off couldn't even access the phone because it had a passcode lock on it. He tried contacting the owner but he never responded (yayyy).
Then there's me, because I'm smart and was like I CAN JUST FACTORY RESET IT, which kicked in the FRP. Unfortunately Google has had fun developing this phone to be super secure and although I no longer have a passcode to worry about, I can't bypass the FRP and I don't know the original owner's account details.
Here's some details:
USB Debugging is OFF
Only option I have on ADB is sideload
Bootloader is LOCKED
Phone is NOT ROOTED
Currently running 7.1.1
Phone is CARRIER unlocked (I can receive calls and use my data when trying to log into my gmail, which doesnt work because I have to use original account).
Is there any solution to bypass this? Much appreciated. I tried to go through google because I bought the phone off ebay and so the FRP prevents them as I didn't buy it directly off google. Am trying to track down the original owners details via my ebay seller to hopefully force the owner to comply. Any way I can get around this would be amazing.
Click to expand...
Click to collapse
If I understand your situation correctly, you have e a rough road ahead of you. The Google kill switch can only be disabled by the legitimate Google account holder, before the phone was reset.
If this was easily unlocked, it wouldn't be an option worthwhile. Basically, if you get it unlocked then Google has wasted their time on developing that feature.
I don't think you'll be getting into that phone and honestly, I hope you don't because then that means mine is less likely to be stolen since it is worthless without my credentials
For years, we've all learned to disable Find My iPhone before we sell an IOS device. Similarly, we have to deactivate Google's kill switch prior to factory reset a Marshmallow or Nougat device. It's really a good anti-theft implementation by Google. It's too bad that many sellers, for whatever reason, don't do it before selling.
I can enter the full OS, but can not enable ADB nor add a new account. Any insight?
Bypass tut not tested on Android 7 but works on marshmallow
https://www.youtube.com/watch?v=7OldC6kzuYk
http://rootjunkysdl.com/files/Apps/FRP/com.rootjunky.frpbypass-1.0.apk
*$M3RT$* said:
Bypass tut not tested on Android 7
https://www.youtube.com/watch?v=7OldC6kzuYk
http://rootjunkysdl.com/files/Apps/FRP/com.rootjunky.frpbypass-1.0.apk
Click to expand...
Click to collapse
Scary, but the logic makes perfect sense. I can see it being very useful for honest people.
josiedalek said:
Hey guys, new here, sorry can't post in recoveries section.
I recently bought a Pixel off ebay and the guy that sold it to me bought it off Gumtree. The original seller left all his stuff on it and the guy i bought it off couldn't even access the phone because it had a passcode lock on it. He tried contacting the owner but he never responded (yayyy).
Then there's me, because I'm smart and was like I CAN JUST FACTORY RESET IT, which kicked in the FRP. Unfortunately Google has had fun developing this phone to be super secure and although I no longer have a passcode to worry about, I can't bypass the FRP and I don't know the original owner's account details.
Here's some details:
USB Debugging is OFF
Only option I have on ADB is sideload
Bootloader is LOCKED
Phone is NOT ROOTED
Currently running 7.1.1
Phone is CARRIER unlocked (I can receive calls and use my data when trying to log into my gmail, which doesnt work because I have to use original account).
Is there any solution to bypass this? Much appreciated. I tried to go through google because I bought the phone off ebay and so the FRP prevents them as I didn't buy it directly off google. Am trying to track down the original owners details via my ebay seller to hopefully force the owner to comply. Any way I can get around this would be amazing.
Click to expand...
Click to collapse
I came up with a way to remove FRP for this device. I currently have the only video up on youtube so it should be easy to find. I cant post links yet so just search google or youtube for "google pixel frp bypass" and it will come up. It involves the use of a USB-C OTG adapter and the dirtycow exploit. It actually works for a truly universal frp bypass for every device vulnerable to the device. The entire process is done on a bootloader locked, usb debugging off, no internet connection and no other device (besides the usb). Enjoy, it took me weeks to figure it out lol.
trjv said:
I came up with a way to remove FRP for this device. I currently have the only video up on youtube so it should be easy to find. I cant post links yet so just search google or youtube for "google pixel frp bypass" and it will come up. It involves the use of a USB-C OTG adapter and the dirtycow exploit. It actually works for a truly universal frp bypass for every device vulnerable to the device. The entire process is done on a bootloader locked, usb debugging off, no internet connection and no other device (besides the usb). Enjoy, it took me weeks to figure it out lol.
Click to expand...
Click to collapse
I'm curious to see if the OP will have luck with this
magnumtripod said:
I'm curious to see if the OP will have luck with this
Click to expand...
Click to collapse
I posted this in the dirtycow forums section but I figure it has relevance here as well. Sorry if this is considered double posting.
This method wont help you to root the device, just to bypass FRP. Since dirtycow doesn't persist after a reboot (I think) it wont help as far as gaining root. However it will help you to modify files on the device. I also realized that it only has the power to overwrite files that the current user has read access to, despite whether the filesystem is mounted read-only. With this in mind I was looking over my Nexus 6P and checking to see which files had read access as user and realized that GoogleLoginService.apk and GoogleLoginService.odex both fall under this category. The files are located at /system/priv-app/GoogleLoginService and associate with Google Account Manager when installed as a system app. When the data is corrupted you can install Google Account Manager as a user app, which changes the location and file names to /data/app/com.google.gsf.login-1/base.apk and base.odex. If you corrupt these files at this point then try to disable and uninstall and select replace with the factory version it wont have anything to "replace with the factory version" and tell you that uninstall failed. Once this happens you can reinstall GoogleAccountManager.apk which will again install as a user app, which will then let you perform a full successful uninstall of Google Account Manager. At this point you have full control to be able to downgrade to a previous version of Google Account Manager without it telling you that "data is corrupted" and from there perform the web sign in activity. I've tested on multiple devices and multiple versions and this works on every single device on every version of Android including the latest 7.1.1 as long as it is not on the most recent December 5 2016 security patch since dirtycow was removed with those updates.
trjv said:
I posted this in the dirtycow forums section but I figure it has relevance here as well. Sorry if this is considered double posting.
This method wont help you to root the device, just to bypass FRP. Since dirtycow doesn't persist after a reboot (I think) it wont help as far as gaining root. However it will help you to modify files on the device. I also realized that it only has the power to overwrite files that the current user has read access to, despite whether the filesystem is mounted read-only. With this in mind I was looking over my Nexus 6P and checking to see which files had read access as user and realized that GoogleLoginService.apk and GoogleLoginService.odex both fall under this category. The files are located at /system/priv-app/GoogleLoginService and associate with Google Account Manager when installed as a system app. When the data is corrupted you can install Google Account Manager as a user app, which changes the location and file names to /data/app/com.google.gsf.login-1/base.apk and base.odex. If you corrupt these files at this point then try to disable and uninstall and select replace with the factory version it wont have anything to "replace with the factory version" and tell you that uninstall failed. Once this happens you can reinstall GoogleAccountManager.apk which will again install as a user app, which will then let you perform a full successful uninstall of Google Account Manager. At this point you have full control to be able to downgrade to a previous version of Google Account Manager without it telling you that "data is corrupted" and from there perform the web sign in activity. I've tested on multiple devices and multiple versions and this works on every single device on every version of Android including the latest 7.1.1 as long as it is not on the most recent December 5 2016 security patch since dirtycow was removed with those updates.
Click to expand...
Click to collapse
Yeah so I'm Zhythe on YouTube I was actually already talking to you on there before I checked this thread. I have Dec 5 security patch is there anything you can do to get around it that doesn't involve dirtycow? :/
josiedalek said:
Yeah so I'm Zhythe on YouTube I was actually already talking to you on there before I checked this thread. I have Dec 5 security patch is there anything you can do to get around it that doesn't involve dirtycow? :/
Click to expand...
Click to collapse
oh hey whats up! nice to see you here as well im still trying to fix my pixel since it bricked when trying to update it haha. Been a little distracted though this morning since phonlab hase stolen my method and now he and rootjunky are passing it off as if they found it first without giving me credit for it and charging to teach the method. serious backstabbing right there. but once i get this pixel up and running again i'll find a method and host it from my website so no copycats rip me off.
trjv said:
oh hey whats up! nice to see you here as well im still trying to fix my pixel since it bricked when trying to update it haha. Been a little distracted though this morning since phonlab hase stolen my method and now he and rootjunky are passing it off as if they found it first without giving me credit for it and charging to teach the method. serious backstabbing right there. but once i get this pixel up and running again i'll find a method and host it from my website so no copycats rip me off.
Click to expand...
Click to collapse
Hey! Yeah that's such a dog move by both of them seriously... not cool. No worries I'll keep an eye on your website for updates Best of luck!
Check this out!!
See what I mean? Haha idk why I ever wanted to be a part of this place anyways lol. Nothin but disrespect since the moment I posted the method.
trjv said:
See what I mean? Haha idk why I ever wanted to be a part of this place anyways lol. Nothin but disrespect since the moment I posted the method.
Click to expand...
Click to collapse
Yeah I totally ignored it :/ dw you're so much better and obviously smarter cause you did it before them
NBreunig3 said:
Check this out!!
Click to expand...
Click to collapse
Hi @NBreunig3!
trjv said:
See what I mean? Haha idk why I ever wanted to be a part of this place anyways lol. Nothin but disrespect since the moment I posted the method.
Click to expand...
Click to collapse
You could report that YouTube video and show/link to your source of where you first posted the method. Get them to take them down!
Frp google pixel
can be reseted with XTC2CLIP if u have unlocked bootloader i tested on my device.
warrior26ro said:
can be reseted with XTC2CLIP if u have unlocked bootloader i tested on my device.
Click to expand...
Click to collapse
@warrior26ro I stated clearly the bootloader was locked. XTC2CLIP is also for HTCs. Please don't post unless you've read the question properly.
Technically the Google Pixel is an HTC device since they are the manufacturers of them. Not that that helps the situation any more or less to know just figured I'd mention it lol. You can even issue some proprietary HTC fastboot commands on Pixel devices, but I haven't gotten them to do anything special from using them. Commands such as fastboot oem rebootRUU makes the phone reboot but not into anything special that I've noticed, just reboots the phone. I'm sure there are others but that one in particular is definitely HTC only lol.
On a side note I'm still diligently working on a method for the newer devices every day. It's only a matter of time before I get it lol. While on the subject at least here's a couple thoughts if anybody has any insight...
I've been looking at other binary commands to gain a foothold of, sort of like the whole idea behind run-as that the dirtycow peeps use. After installing Nethunter on my 6P I noticed that there is another command with potential privilege abuse called "procmem". It doesn't need superuser privileges to use nor does it only respond to ROOT or SHELL users, so its basically universally allowed from "untrusted app" users (i.e. termux, terminal emulator, material terminal, etc.). The only thing is that I'm pretty sure that command is only installed with a proper busybox installation, and further it only has the proper setuid bit needed + standard user permissions (that I've seen) when installed into /system/xbin. So basically my idea is to leverage a modified procmem binary to gain (insert something here) that might lead to (insert something else here) lol. Not really a whole plan but I figure if I can find a way to get procmem into /system/xbin on a non-rooted device then at least I have something to work with lol. Otherwise I've also been looking into a way to become SHELL user without using "adb shell". I know that with the Moto 360 there was some fancy adb command to enable native adb support but I can't seem to remember how to go about it. So yeah, thats all I've got so far lol.
Hello,
I have a lg ls775 and under the user security certificates there is one called sprfw01. I have no idea why or what its for. Im on the sprint network. Is there a way i can inspect the cert or atleast figure out whats using it? Any info is greatly appreciated. Thnx guys!
Could this be from pairing my phone with some device ie. Smart watch or another phone?
Its actually under User credentials. Hope that can jog anyones memory as to what this may be.
I'm currently using the same phone as you and on the same carrier, and just noticed this user credential the other day as well. I didnt recognize it so I deleted it. I'm afraid I cant tell you if it really affected my device as it was already giving me some issues before I deleted the credential. At the time, and again today, I looked for the same answer as you and haven't found any additional information on it, so I can't be much help with exactly why it's there or what put it there.
However, I may be able to help put your mind at ease since I did happen to do a factory reset today and even though I deleted it before, it was back afterward. So my guess is that its not dangerous. (again, thats my opinion, hopefully someone can confirm if I am correct)
Some details to that lead me to think it's safe:
My LG G6 isn't rooted, and was not before the redo. (so technically nothing should have been able to reinstall it that was nefarious)
I didn't install any potentially shady apps when I did the factory reset ( at time of writing this, just a few big name apps from the play store, no random restored apks or anything like that).
I pulled my SD card out before the wipe and haven't put one back in yet, so that rules out something left over on there working itself back in somehow.
I allowed google to "restore" my most recent backup it made, but the most recent backup was AFTER I removed the credential so it shouldn't have been on there (google backups seems to restore very little anyway, and requests all backed up app downloads from the Play store) .
I have connected it to my home secured wifi.
No bluetooth connections yet.
No sharing to any devices or NFC usage, etc.
So from all of that, I believe it is either a Sprint thing, an LG UI thing, or something specific to the LG g6 model, and built into the factory settings. That's just my thoughts, but I thought maybe my experience might make you feel a little more at ease. Hopefully someone can reply with what the heck it actually is though, because little things like not being able to figure out the source of this drive me crazy even after all of that.
Just an update, I was looking through my LG V30+ and found the same credentials stored on this device too. No additional details on it's purpose were really gained from it though. Picture attached.
"User Credential" "sprfw01" also on LG ls 775
I saw the same thing and I searched "sprfw01" . I was wondering what it was. I also have this "User Credential" on an LG ls 775 on Sprint.
Passwords Saved Credential
I did some research into this and what I see is it's a credential from when you saved your passwords for an example unlock screen & any passwords like I have to specific websites.
Jusy my thoughts...
*Any good unlock or root for the ls993?
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
The Android community isn't what it used to be that's for sure. No help, no suggestions. Just nothing.
BLEEDCOLORYOU said:
Okay so ive been battling this for sometime. I'm starting to get a little more knowledgeable but still don't know what to do with all this.I experienced this first back in 2015 then I completely made a switch. Well now I'm back to same issues.
The problems I'm experiencing is it's happening on all the devices I have. The phone I'm on now bought brand new from metropcs. and not even a day 30minutes later I get an update for the phone. I new not to install or download. But it inventively did. Now it's sitting on my storage wanting me to move files to root.
LET ME MAKE THIS CLEAR. NON OF MY DEVICES ARE ROOTED.
to make this short. My devices seem to have a Bluetooth admin. And connects to any Bluetooth device without me knowing.
So far from what I see chromium and stage fright is a big part of what I'm seeing.
I'm attaching some pictures to give more detail look. And it's not just my Android devices it's my Xbox one S as well.
looking to completely remove. I'm not trying to waste money on switching networks or completly going Mia.
Fast responses please.
Sincerly,
-Desperate androidian
Click to expand...
Click to collapse
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Ref his other post
https://forum.xda-developers.com/general/security/security-global-family-credientals-t3665851
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
IronRoo said:
I'm no expert but I'm struggling to see your exact issue you seem to think you have, is it just t your Bluetooth is switching on. All those licences, security certs, file locations etc look normal to me (without checking numbers or being able to compare to same phone os etc) though I have disabled many of those certs eg the Turkish ones etc & my Bluetooth files are different but I can find ref hill those locations online eg Xieomi phones
You appear to have a ZTE, please give model number and current OS & rev (must be stock I suppose). ZTE was found with a backdoor in older phones, sending data to China, so it's possible, & some Chinese phones also update their apps without notification. But as you say your whole network appears compromised so the source may be something else, like your router/modem, or Bluetooth as you think (though some apps require Bluetooth admin permission legitimately, you can disable it as an Admin). Tell us what behaviors you are seeing that you believe are malicious. New phone update soon after you turn on is quite common, as I'm sure you know.
When I had a quick look at your log it did have a lot of activity going to the US DOD, would you expect this, as well as the usual google & Facebook connections. Though (perhaps) strangely also to a server from a small marketing company here in Australia, but I'm no expert even if I looked at your log line by line I wouldn't understand it all.
Things to try. Run a reputable antivirus. Boot into safe mode, so only system apps run, is it still happening? Can you turn off anything that is listed as a device admin? Try run a root checker app. Even if it all comes back negative you may still have a problem as a port may already have been opened and malicious app self deleted or something. Use an app like Fing to see if any device you don't recognise are connected to your network.
You may be able to block some activity if it's not going through root with a firewall eg NetGuard no root firewall, start with everything blocked.
Above are just some general hints, without knowing specifics I can only suggest you backup any stuff you want to keep then factory reset everything & change ALL passwords to strong ones (no good just adding a number on the end of your old ones!), better still reflash all firmware (updates if available) to overwrite everything. This incl your internet access points eg router, and only reconnect to the net/networks after you have done them all (one at a time preferably then you may be able to identify source of problems)
That turned out a lot longer than I intended!
Click to expand...
Click to collapse
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
And code.auroa? What is this
BLEEDCOLORYOU said:
Thank-you. Now for a better visual. There's to many apps.
And if u can give me links to apps that will help.
And on my oneplus one the Bluetooth thing says :1002 sharing or midi or something.
Click to expand...
Click to collapse
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection, it only scans apps on demand, so you should run a good antivirus also)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
---------- Post added at 05:12 AM ---------- Previous post was at 05:02 AM ----------
BLEEDCOLORYOU said:
And code.auroa? What is this
Click to expand...
Click to collapse
edit: not Firefox then.
org.codeaurora.bluetooth is a legit part of Bluetooth .... Well unless it's flagged by virustotal then it probably is a malicious app just given a common name to try and hide
IronRoo said:
I don't have that phone so can't really tell what is a suspect app or not, especially just from screen shots.
Here use this app to run on demand scans against the virustotal database (this is not an "antivirus app" like Avast so offers no protection)
https://play.google.com/store/apps/details?id=com.funnycat.virustotal
it should flag any suspect apps and you can submit any unknown ones you are worried about.
Click to expand...
Click to collapse
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
BLEEDCOLORYOU said:
Okay but what is provisioning? Code auroa smartcard services googleplay for instance apps and
And IV never encrypted this phone.
Click to expand...
Click to collapse
And alot of the overlay apps n simtoolkit are all questionmarked
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function, not sure what you mean). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
BLEEDCOLORYOU said:
And IV never encrypted this phone.
Click to expand...
Click to collapse
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
IronRoo said:
ser my edit above re aurora
sometimes virustotal will have 2 or 3 antiivirus companies flag a file, these are probably false positives so probably nothing to worry about (though could just be a new submission, other companies should soon update if real malicious code, check back in a day or two). If lots of companies flag an apk then you haven a problem.
It looks like you have a problem whit overlays (unless it's an app your phone company installs for that function). You should install a proper antivirus app like Avast, malwarebytes etc as a first step, hopefully it can remove malicious apk
---------- Post added at 05:51 AM ---------- Previous post was at 05:37 AM ----------
Doesn't matter, encrypting phone only protects unauthorised access to your data. Once it is unlocked anyone can view your stuff. And once a malicious app is on your system it can shall read all your data even if you had encrypted it as it's unencrypted when you use it
Click to expand...
Click to collapse
Okay so now I'm trying to post screenshots of when I'm connected to wifi and it's not letting me
Pairwise cyphers and
Group cyphers
Sim_num
?
BLEEDCOLORYOU said:
And alot of the overlay apps n simtoolkit are all questionmarked
Click to expand...
Click to collapse
Tap those with question marks to submit to virustotal for analysis
IronRoo said:
Tap those with question marks to submit to virustotal for analysis
Click to expand...
Click to collapse
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
BLEEDCOLORYOU said:
/sys/fs/selinux/class/appletalk_socket/perms
Not suspious?
Click to expand...
Click to collapse
Now I'm not stupid, this is facts. I just need defined and solution!!!
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
IronRoo said:
No these are normal library files. Stagefright "the malicious exploits" were called this as it was the stagefright framework it exploited. Everyone has these files, here are mine below.
You need to use tools like antivirus to identify bad files but even that is no guarantee as there is the possibility the original malicious file could have self deleted and, for example, just left open ports which would not be found as a "virus" but still allow remote access to your device.
If you cannot identify the actual exploit on your phone then the best solution is probably to just reflash the stock rom as this will wipe & overwrite everything. But if a malicious file is left on your SD card or another networked device you could soon be infected/compromised again. That is why I said before if you can't identify the source of your infection you really need to factory reset or reinstall all OS on all devices affected including your home router etc (or maybe it's your work or public network) and change all passwords.
Click to expand...
Click to collapse
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
BLEEDCOLORYOU said:
Pairwise cyphers and
Group cyphers
Sim_num
?
Click to expand...
Click to collapse
These are for encryption of your connection, not your phone
BLEEDCOLORYOU said:
I'm on a video bridge network I got the direct TV setup with 2 wireless setups. Both secure from what I know.
Click to expand...
Click to collapse
I'm no coding/security guru, but I have worked on telecoms, military electronics, etc but my coding & network security knowledge is limited.
I would run this app Fing to check your local network, are there any unknown devices connected?
https://play.google.com/store/apps/details?id=com.overlook.android.fing
note: this only finds currently connected devices, so you'd want to do this several times & especially when you see suspect behavior.
Also check for open ports, easiest way is probably this site, it will scan the first 1000 ports or so (select all)
https://www.grc.com/
go to shields up
but you really need to scan ALL possible ports with a tool like Zenmap (for PC) if you think you are compromised
https://nmap.org/zenmap/
However it's not clear to me if you ever installed a proper antivirus and whether it found and deleted anything? Virustotal seemed to find some suspect apks, I had a quick look at Trendmicro database but it didn't list details of the one it found in your screenshot, but the fact some of those antivirus companies called the suspect apk names with "joke" in it may suggest it's just a joke app your mate has installed, though probably not a joke app if your other devices are really also compromised, from memory there is also real malware with that name which may be able to infect other devices. Running a proper antivirus should easily find and clean any "joke" app on your phone & hopefully any real malware. If you've done this and still seeing indications you are compromised then do what I suggested above. (Also repeat malware checks on other devices and removable storage media)
You should also log into your router as admin and check settings, are you using a secure router password? Is firmware up to date. Is firewall set up correctly? Also close any open ports that you don't use. Turn off remote admin, if router has it. Etc etc what do your router logs show (turn on more detailed logging if necessary) Factory reset or reinstall firmware if you think changes have been made to your router by someone else.
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Spidder77 said:
Hi I am having same issues. Exact same behaviors regardless of new phones new carrier and all accounts being unconnected in name. Google etc. This is extreme. Its via bluetooth I agree something with esims or virtual sims for use of wifi access and or signal piracy for media. The DOD files are also something I am familier with seeing. Code Aurora was also a govt project way back. Its Interesting thst I have Verizon files loading on at & t phones and sprint loading on Verizon. Whatever this is has managed to infiltrate my computers as well. Its relentless. Its impressive and sophisticated. Please please help.
Click to expand...
Click to collapse
I'm having the same issmy ues. Did anyone ever resolve or figure out what is happening? I think I'm under investigation by the DOD and they own my devices. My uploads/downloads are blocked, internet searches filtered, pics/screenshots of evidence deleted off my phone, etc.