Related
There are a couple other ways posted for folks who have forgotten lockscreen password or pattern, but this methods REMOVES the PIN. for pattern and password follow other methods
This method requires root access and debugging enabled.
*if debugging is not enabled it can be done from any custom recovery
-reboot recovery and follow code
PIN
Code:
adb shell
# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
sqlite> update secure set value=65536 where name='lockscreen.password_type';
sqlite> .exit
# exit
adb reboot
step one
Code:
adb shell
make sure you have # in the command prompt/terminal (if not type su)
step two
Code:
sqlite3 /data/data/com.android.providers.settings/databases/settings.db
you will now see sqlite>in command prompt/terminal
step 4
Code:
update secure set value=65536 where name='lockscreen.password_type';
still sqlite>
step 5
Code:
.exit
you will see the # again
step 6
Code:
exit
you will now be in the path/to/adb command prompt/terminal again
step 7
Code:
adb reboot
Enjoy full access to the device
Now lets say you think your wife is cheating on you (which she probably is) and you want to check her sext messages but return the PIN back when you are done.
Code:
adb shell
# sqlite3 /data/data/com.android.providers.settings/databases/settings.db
sqlite> update secure set value=131072 where name='lockscreen.password_type';
sqlite> .exit
# exit
adb reboot
I find this a bit scary, how would you normally prevent ADB or Recovery hacking like this if your device gets stolen?
BrotherG said:
I find this a bit scary, how would you normally prevent ADB or Recovery hacking like this if your device gets stolen?
Click to expand...
Click to collapse
I recommend Avast Anti Theft.
When your device gets stolen, the new owner will take the sim card out and put his in huh?
Well, anti theft sends a pre-entered number a warning that an other SIM is in it. Via sms commands, you can turn GPS on, send the location, block root and stuff.
It wont be deleted as it is a system app
I use it.
Thanks for the job, needed this for hacking my bros phone xD
Greets!
hahaha. .... these Feds could of used this method. They couldnt get past the lockscreen. Great read here.
How a Pimp’s Android Pattern Lock Foiled the Feds
http://gizmodo.com/5893410/how-a-pimps-android-pattern-lock-foiled-the-feds
Looks like CyanogenMod is working on securing ADB
Security and You
March 16th, 2012
jeagoss
1
Many of you may not give it a second glance, but among all the furor and concern about permissions requested by market apps and privacy, all Custom ROMs (CyanogenMod included) ship with one major security risk — root!
We have been struggling with how to handle this for quite a bit, and took a first step with the first public CyanogenMod 9 alpha builds, by disabling the previously-default root access over USB. You can still get adb root access by running “adb root” in terminal, should you ever need it.
We recently merged 3 patches into CyanogenMod 9, to further address this: http://goo.gl/eCjDV http://goo.gl/oWAFI and http://goo.gl/34vai.
What follows is an explanation of the changes, how they affect you and our reasoning behind them.
What do the patches do?
They disable root selectively and in a configurable way. Users will be able to configure their exposure to root as:
Disabled
Enabled for ADB only
Enabled for Apps only
Enabled for both
How does this change affect the usage of your device, and root apps you have installed?
On a default CyanogenMod installation, root usage will have to be explicitly enabled by the user. This means that the user is fully aware that any application that uses root may perform actions that could compromise security, stability and data integrity. Once enabled, the process mirrors that of the current process, apps that request root will be flagged by the SuperUser.apk and the user will have to grant selective access.
Why the change?
At CyanogenMod, security has always been one of our primary concerns, however, we were hesitant to make a change that might disrupt the current root ecosystem. With CyanogenMod 9 we have the opportunity to do things better, whether its the code in the OS, UI/UX, or security – we are taking this time to do things with a fresh approach.
Shipping root enabled by default to 1,000,000+ devices was a gaping hole. With these changes we believe we have reached a compromise that allows enthusiasts to keep using root if they so desire but also provide a good level of security to the majority of users.
What concerns remain?
Many of you reading this are savvy enough to note a remaining hole in this approach – recovery and unlocked bootloaders. The bootloaders are out of our hands, there is little to nothing we can do on that front.
Regarding recovery – with unlocked bootloaders, a malicious user could just flash a new recovery image (without any potential security we could apply) or just dump the data partition. This however, requires physical access to the device. As such, the security standards for this are highly reliant on you, the device owner. Data encryption is available in ICS to safeguard your data. (Warning for emmc only users – encrypted /data means recovery will be non-functional.)
The onus is on you to secure your device; take care of your possessions, and this risk is minimal. Always make sure you take devices out of your car before you go into the mall and remove them from pockets before washing laundry. Common sense is a basic security tool.
But Why?
We honestl
Click to expand...
Click to collapse
Source: http://www.cyanogenmod.com/blog/security-and-you
mDroidd said:
I recommend Avast Anti Theft.
When your device gets stolen, the new owner will take the sim card out and put his in huh?
Well, anti theft sends a pre-entered number a warning that an other SIM is in it. Via sms commands, you can turn GPS on, send the location, block root and stuff.
It wont be deleted as it is a system app
I use it.
Thanks for the job, needed this for hacking my bros phone xD
Greets!
Click to expand...
Click to collapse
All true, if speaking of a casual thief- maybe you left the phone on the bar and someone couldn't resist the temptation. A couple of months ago my wife's phone was recovered in such an occasion- got an sms from Avast Theft Aware with the new number, contacted the rather surprised "honest finder" and he decided to return it back to us.
Anyway, two weeks ago went scubadiving and when returning to the car found the window broken and sure, among other stuff (wallets, scuba gear etc) also both our phones were stolen. However, this time it looks like the thieves were not quick to put their own sim card. Actually, it looks like they've removed the batteries, thrown the sim cards away (the're useless anyway as the carrier blocks the sim).
Since then, no signs whatsoever that the phones have been turned on, sims replaced or that someone has tried to type wrong security pin or whatever- no sms notifications, no emails, no webtracking, nothing.
My guess- the thieves sell them for a small fee (20% of street price?) to some lab or someone who knows "how to deal with it"- do a good wipe (not just factory reset) and remove whatever stuff was installed- system app or not- then put them on market for sale as second hand. Or maybe they just wait with patience a few weeks until you stop looking for it?
So, sometimes these apps like Avast, Cerberus and the such work, sometimes not. Better to keep the phone safe and not rely on it being stolen by a stup!d thief...
On the bright side, one can consider it as an opportunity for upgrade
irst I typed in :
sqlite3 /data/data/com.android.providers.settings/databases/settings.db
However, in spite of what he stated, sqlite>in command prompt doesn't appear.
Instead, I get
/system/bin/sh: sqlite3: not found
how do i set sqlite working?
I'm unable to launch sqlite3 from adb shell
I can manually launch sqlite from the folder but not in cmd
You have to install sqlite3 - https://play.google.com/store/apps/details?id=ptSoft.util.sqlite3forroot&hl=en
Is there a tutorial for a password locked screen too?
Is there another way to bypass the pin code lockscreen? Cus´ I´m always stucking on:
" /sbin/sh: sqlite3: not found "
I have installed sqlite from market
any idea?
whoa, you guys are amazing, this worked like a charm on a password locked tablet
polaroid pmid70c
this is a scary concept if you value your android device consider installing a paid service like dyndns and install the paid version of real vnc onto the device and have ssh setup as well this would help to recover your phone in the event it becomes stolen you could ssh into it launch apps view and control the phone remotely via vnc hell even take pictures ,, turn on gps all sorts of cool things
holm94 said:
Is there another way to bypass the pin code lockscreen? Cus´ I´m always stucking on: " /sbin/sh: sqlite3: not found " I have installed sqlite from market
Click to expand...
Click to collapse
your phone is root enabled? Superuser or SuperSU app installed? Connect USB and run "adb root" and that works?
Try this installer app again https://play.google.com/store/apps/details?id=ptSoft.util.sqlite3forroot&hl=en
I flashed the root feature with SuperSU update zip file in recovery mode, and rebooted.
I grabbed a 'sqlite3' binary made for ARM cpu from the 'net and manually pushed it to my phone's /system/xbin/ directory.
1. unzip this sqlite3 file
2. power on device in custom recovery mode, ('factory mode' also may work, such as in some chinese phones, including my Jiayu)
3. connect USB cable, and in recovery mode, mount the /system directory and any other directorys you will use (see screenshot)
4. open a command prompt (terminal) on computer and run these commands
Code:
[I]adb root[/I]
[I]adb remount[/I]
[I]adb push sqlite3 /system/xbin/sqlite3[/I]
[I]adb shell[/I]
[I]chmod 755 /system/xbin/sqlite3[/I]
[I]sqlite3 -h[/I]
...
exit
adb reboot
* alternate method: if #4 'adb root' does not work, then turn on phone to normal running mode and do:
Code:
adb push sqlite3 /data/local/tmp/sqlite3
adb shell
su
mount -o rw,remount /system
cp /data/local/tmp/sqlite3 /system/xbin/
rm /data/local/tmp/sqlite3
chmod 755 /system/xbin/sqlite3
sqlite3 -h
...
exit
exit
adb reboot
"exit" twice for alternate method.
All this can be done over Wifi instead of USB via a SSH server app.
^_^
I can run all the commands fine, but the PIN lock is still there on my phone after reboot. Android 4.2.1, Jiayu Chinese ROM. So method does not work.
help me, im stuck at " error: device unauthorized. Please check the confirmation dialog on your device."
I know this is super old thread but I used this method and combination with other commands I found on internet to bypass my lockscreen on att samsung galaxy s7 phone I had forgotten pin code on.
I was using fingerprint for a couple of months and rebooted phone for an update and it requires pin code first time before using fingerprint again and I had flat out forgot it. When it got to 1 hour wait between input retrys I searched and found this and other methods. I read no methods work unless rooted.
Luckily and thank God I'm rooted and usb debugging turned on and I have adb installed configured and have used with phone before....thank God. Because pretty much every and anything else on the phone is turned off on phone so I keep off the grid.
I know I'm dragging this out but I want to document and reiterate the value of xda. I will try and remember exactly what I did and may just redo it to be sure and list my exact steps.
One thing, I don't have sqlite3 curser when connecting with adb....I have hero2qltatt or something like that .....I'll get corrected with an edit when I go thru again to make sure.
Also, once I got past lockscreen, when I went into setting/lockscreen&security/ on the phone it still showed pin,fingerprint as security but somehow which still baffles me there was a pick for 'swipe' available....but I still don't know how that happened or how it appeared but I kept trying different pin codes to try to reset that which now there were no limits or time delays but still couldn't remember and then I saw a pick for 'swipe' and that solved it all. I rebooted again to be sure and perfect. Then I went in to recovery and wiped cache and now my phone is back exactly as before.
I wrote down the pin code this time.
Eventually soon I will rerun my steps and document exactly and maybe there is already a more recent account but I found this one first and it pretty much worked....thanks.
OK this is what I used:
adb shell
cd data/system
su
rm *.key
reboot
I am not responsible for anything that may come of or from this information. Use at your own risk!
Step #1)
Create security lock through Settings (pattern, pin, password).
Step #2)
Add VPN connections
Step #3)
Plug the phone in and run these commands (requires adb to be setup properly and drivers). I am sure there is a way to do this directly on the phone but this is easier for me.
Commands to remove security:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=0 where name='lockscreen.password_type';
.exit
exit
Finished!
For me no reboot was required and you do not have to restore pattern in order to create more VPN connections.
Optional Step:
If you decide that you want to restore the security run the one that fits you.
Commands to restore pattern:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=65536 where name='lockscreen.password_type';
.exit
exit
Commands to restore pin:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=131072 where name='lockscreen.password_type';
.exit
exit
Commands to restore password:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=262144 where name='lockscreen.password_type';
.exit
exit
Great! Thank you!
really helpful, i've been fed up with stupid design.
Brilliant, does it also work for ICS?
I don't have an ICS device. If I can find someone that is willing to let me take a look at their ICS device I can see.
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
P30SiNa said:
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
Click to expand...
Click to collapse
Hmm did notice that before I will see whats up with that,
portnoy.vitaly said:
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
I am not sure but I would imagine so. I would try with pattern lock and not PIN or Password.
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Just tried this. Added vpn, removed lock pattern. It went back to slide, worked fine.
Rebooted, not visiting VPN settings it's asking me to enter credential storage...any ideas how I can a) get past this without wiping my wifi/vpns, or b) remove this but keep my vpns and slide lock?
sorset said:
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Click to expand...
Click to collapse
Same here.
Works great, thanks for sharing :good:
spumanti said:
Same here.
Works great, thanks for sharing :good:
Click to expand...
Click to collapse
Works for me, too, until I reboot :/
Doesn't work. Apparently it's problem with sqlite.
soinfo_relocate(linker.cpp:1013): cannot locate symbol "sqlite3_enable_load_extension" referenced by "sqlite3"...CANNOT LINK EXECUTABLE
Any help please?
Use Script Manager to make this done on every boot.
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard
2. Use Script Manager to run it on boot and enable su (root).
3. Test it by running it from script manager and see if it runs correctly. You can try enabling PIN and it should be disabled after running this.
4. Final test: reboot your phone and see if PIN/password is disabled.
Keep in mind this gets executed after everything else, so if you try to wake your phone right away, you might still see the PIN prompt.
Another way without script manager:
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard as 99pinremove
2. Run the following using adb:
Code:
adb shell
su
mount -o remount rw /system
cp /sdcard/99pinremove /etc/init.d/99pinremove
chmod 755 /etc/init.d/99pinremove
chown root:shell /etc/init.d/99pinremove
exit
exit
In 4.4 there is no such file
Code:
/data/system/locksettings.db
.. any ideas?
This thread is made in an effort to root the ZTE Grand X 4 (Z957). At this point I've made some progress by using the Dirty Cow exploit to access a root shell via ADB, but have been unable to install su to the system partition.
Notes: stock rom, no custom recovery.
Exploit method:
Follow the instructions posted by Arinerron on GitHub regarding CVE-2016-5195 (under 10 posts, cannot share direct link)
When successful you will see "[email protected]:/ #" as your shell prompt, however the session will hang after any command. That said, /system/run-as is still updated allowing you to do the following:
$ adb shell
[email protected]:/ $ run-as
uid run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
you have access to the android system as root within this shell, but this is where I'm getting stuck. I'm not able to find a way to mount the system partition as read/write, and as such unable to install su. Also note that you will need to run the exploit again anytime you reboot the device. I have tried the following methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
At this point I'll share what I've been able to do so far and see if anyone else has ideas for a next step.
Have you figured out how to root the z957.
This worked on my ZTE GrandX Max Plus to permanently disable the write protection on the system partition.
Good luck!!
reboot disemmcwp
If you ever want to re-enable being blocked from mounting system rw:
reboot emmcwpenab
Any luck on this root? I am looking to buy a phone on Cricket, but I need one that I can root.
Bump? Would love to see root here!
Bump, I've tried but I also get stuck on the same three methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
Grand X 4
has anyone successfully rooted the grand x ?!
Thought I would post an update: Still no success on my end.
"Rooting" is easy, but breaking out of the selinux context to do anything is hard. ie. I expanded on timwr/CVE-2016-5195 by trying to use vikiroot to break out of the u:r:shell:s0 context. To do this adb push the vikiroot exploit to /data/local/tmp and then use the timwr method to run that exploit as root:
[email protected]:/ # /data/local/tmp/exploit
Unfortunately I could only get the reverse shell to work as a glorified echo. If anyone knows where I could find some c++ code for running a shell in android for me to work off of I'm willing to see how much further I can get in that direction.
As disemmcwp doesn't work I'm wondering if ZTE found a different way to lock down the system partition? Interestingly there is an OEM-specific settings button that is greyed out (find it at *#*#4636#*#*).
I'm running firmware from Wind/Freedom Mobile so I can access the bootloader and unlock it, but I can't install SU or anything from stock. Additionally, there is no TWRP released for this phone yet. I have no idea where to find the board config files for this phone. Without a custom bootloader I'm not sure how to make permanent changes to the rom at this point.
Thanks for your work on this. Stock Rom is pretty clean, but root would be great on this.
I've tried many different ways to root this phone. For weeks, I've tried. Nothing. I personally think that there is no way to, not now at least.
Don't know if this will help but, I found that they lock the bootloader under the developer settings!
Has anyone tried a one click root application like KingoRoot ?
Or is this more for doing it on your own without a service like that?
Previously I had tried a series of one click solutions but I haven't found any that support this device yet. Typically they use the same exploits we've tried to use the hard way
After slacking for awhile I was finally able to poke around some of the internals of the phone in FTM mode using qualcomm developer tools. Lots of nifty things in the embedded file system and plenty of opportunities to flash new boot loaders and roms to the device for those of you who have a locked bootloader, but unfortunately I haven't been able to extract a copy of the stock rom or bootloaders. I'm still lacking the information I need to compile a new one for the phone.
Where I stand:
Can create a root shell, cannot remount system as read/write for permanent root in stock rom.
Can install new boot loader, no twrp or other found for this hardware.
Can compile new twrp, no boardconfig files (handy to avoid bricking your phone)
Can explore EFS and access chip via FTM, not sure how or if possible to download current rom / bootloader from here.
Happy for any tips on what to try next!
Can you tell me which tools you used? I looked at the Qualcomm site and there are plenty to choose from.
If you can get those tools off of the site maybe I'll message you about grabbing a few items on my Christmas list! QPST includes the tools necessary, and the tools to backup the 425 should you accidentally brick your phone (basically impossible to truly brick a qualcomm if you have the right tools). Archive.org has a copy, don't remember where to find the driver pack but you'll need that too (and a windows build).
Read through some notes on marshmellow and sounds like you have to remount system from recovery. I'm camping for the next month but will try talking to the TWRP team about porting a bootloader to the phone when I get back.
Let me know if you make any headway!
try this adb command and see if you get a qualcomm serial port after reboot
Code:
adb reboot edl
if that doesnt work try
Code:
adb reboot bootloader
then run the attached
How did you get into diag mode? Just do the temp root method and setprop sys.usb.config diag,adb?
https://freeandroidroot.com/root-zte-grand-x-4/
This page claims to have a root method but does it actually work? I've tried twice with no success.
How's everyone here? I also am awaiting root for this device. It really needs some shine on it's mid levelness. So here is my friend's zte warp 7 work for root. He also got some killer roms for the Huawei ascend XT. He does great work. I'm sure if he had a grand x 4 he could move this along. Just a suggestion. This man can this done. Just a suggestion for all of us. https://forum.xda-developers.com/showpost.php?p=72560392&postcount=246
---------- Post added at 11:31 PM ---------- Previous post was at 11:10 PM ----------
https://forum.xda-developers.com/member.php?u=7934375
Anyone root this phone yet?
Sent from my Z956 using XDA-Developers Legacy app
Hi, how are you? Well, here I bring you a small tutorial that will help those who forgot the pattern, pin or password of their phone this tutorial to say that goes for all samsung
steps to follow:
1 TWRP recovery installation
2 computer dodgers we use ABD
Commands # abd shell
We look for the file gesture.key in the path data/system
We finally delete that file (gesture.key)
# rm gesture.key
3 Restart the phone manually and go.
In order to make it easier for them, here is a video.
video: youtu.be/in-MG0dir8I
Thank you : Funvitor
Is there way to enter /data/system/users/0/settings_ssaid.xml without root ?
beacuse this app must need same ssaid in other devices i need to enter /data/system/users/0/settings_ssaid.xml see ssaid without root pls help me
Android ID can be changed with the help of ADB through the following command
Code:
adb shell "settings secure put android_id [my_new_android_id]"
where ROOT isn't required.
xXx yYy said:
Android ID can be changed with the help of ADB through the following command
Code:
adb shell "settings secure put android_id [my_new_android_id]"
where ROOT isn't required.
Click to expand...
Click to collapse
no i want see ssaid first without root after that i will change with other device rooted
OMG
Then simply revise the command as follows
Code:
adb shell "settings get secure android_id"
Hint: Become familiar with Android's system ( LINUX ) commands.
I need app developer help will give you enough money have a problem that I want to solve
This app can be accessed from another device only once a month.
It uses a value called ssaid, which is different for each device.
What I want is to bypass this ssaid value
It seems that this value is stored on the server