I'm using a nexus 4 completely stock and unrooted and I've been looking for a way to use a separate password for device decryption when booting android, and when unlocking the screen. I know there is a sticky regarding this, but it was written some time ago and it requires root (which i want to avoid).
So, long story short: on unrooted stock android 5.1, is it possible to have one password for decryption and a different one for screen unlocks?
Related
I've seen many different rooting methods for the nexus s but unfortunately they don't allow rooting without unlocking the bootloader like the samsung vibrant allows is there anyway I can root my phone without unlocking the bootloader?
why I don't want to unloack the boot loader because I'm fine with the stock ROM on my nexus s. I was really into installing ROMs and things with my Vibrant but the Nexus S feels really complete so I feel like I don't need to unlock my boot loader
Also for the first time I have decent signal in my house after switiching from my blackberry to android so I don't wanna change my baseband and my battery life is good too so I don't want to mess with the kernel
Nope, can't root w/o unlocking bootloader anymore.
Sent from my Nexus S using XDA App
If it means anything, u can re-lock the bootloader just as easily as u can unlock it.
Also, u can unlock and root without messing with baseband or kernel.
Sent from my Nexus S
anishs said:
I've seen many different rooting methods for the nexus s but unfortunately they don't allow rooting without unlocking the bootloader like the samsung vibrant allows is there anyway I can root my phone without unlocking the bootloader?
why I don't want to unloack the boot loader because I'm fine with the stock ROM on my nexus s. I was really into installing ROMs and things with my Vibrant but the Nexus S feels really complete so I feel like I don't need to unlock my boot loader
Also for the first time I have decent signal in my house after switiching from my blackberry to android so I don't wanna change my baseband and my battery life is good too so I don't want to mess with the kernel
Click to expand...
Click to collapse
You don't have to change any of those things with an unlocked boot loader. Unlocking the boot loader does only one thing, unlock the boot loader. It doesn't need a custom rom. You don't even have to install a custom recovery if you don't want to.
All stock OTAs will continue to work as well - it will just allow you to load a custom recovery and the su binary if you please, with the ability to relock at any point in the future if desired.
One of the features of the nexus line of phones (and upcoming unlockable boot loaders) is that you aren't reliant on finding an exploit to elevate privileges in order to gain root access - you simply unlock the boot loader and you are free to do as you please (or not do if you choose).
Have a look here
This method
http://forum.xda-developers.com/show....php?t=1479831
worked perfectly on my i9023 running stock ICS.
Hi,
I just got a gs3 a few days ago with verizon and read up about what I could do with it.
I have root with supersu, busybox, terminal emulator and safestrap.
I wanted to flash cm 11 onto it, but with the new OTA Update from Samsung earlier this year I found out it was impossible with Knox and Verizon locking it down.
However, whenever I attempt to run roms flashed using Safestrap such as eclipse the boot sequence goes Press power button -> Vibrate once -> Release power -> Vibrate -> Samsung Galaxy SIII screen -> Safestrap -> Black Screen.
I don't know what I'm doing wrong, but nothing is working at all, is there a rom I can use? (preferably with an UI similar to that of CyanogenMod's KK) or am I stuck with Samsung's UI and Verizon's bloatware?
I also saw a lot of TW but I don't know what the people in the forums are talking about when they mention this.
Also, forgive my ignorance on the matter of programming and such but, is there a way to unlock the bootloader?
I hear it's encrypted and locked by Verizon. Is it possible to write a new firmware over the Encrypted Verizon one and use that instead?
Thanks for even reading this, A reply would mean a lot to me!
GeneralKwai said:
Hi,
I just got a gs3 a few days ago with verizon and read up about what I could do with it.
I have root with supersu, busybox, terminal emulator and safestrap.
I wanted to flash cm 11 onto it, but with the new OTA Update from Samsung earlier this year I found out it was impossible with Knox and Verizon locking it down.
However, whenever I attempt to run roms flashed using Safestrap such as eclipse the boot sequence goes Press power button -> Vibrate once -> Release power -> Vibrate -> Samsung Galaxy SIII screen -> Safestrap -> Black Screen.
I don't know what I'm doing wrong, but nothing is working at all, is there a rom I can use? (preferably with an UI similar to that of CyanogenMod's KK) or am I stuck with Samsung's UI and Verizon's bloatware?
I also saw a lot of TW but I don't know what the people in the forums are talking about when they mention this.
Also, forgive my ignorance on the matter of programming and such but, is there a way to unlock the bootloader?
I hear it's encrypted and locked by Verizon. Is it possible to write a new firmware over the Encrypted Verizon one and use that instead?
Thanks for even reading this, A reply would mean a lot to me!
Click to expand...
Click to collapse
Its now bootloader locked and no you can't unlock it. Your stuck with a permanent locked bootloader. You can however flash BL(bootloader locked) roms via safestrap
And no you cannot run a new firmware other than the safestrap bootloader locked ones
From my CM11 S3
hi first of all i'm not a dev and i don't know much about deep functions, so i write this question as a regular user and to find answers that can be advanced in nature but should be easy to understand.
there are flashable zips available to break the lock screen security and to gain access to android device and access all apps with accounts logged in and everything else!
first of all i want to secure my device from any weak points like this, i don't want anyone to bypass my lock screen, but as i talked to a person about it, it looks like i can't survive this "Lock Screen Security Bypass" hack which removes some keys to break the lockscreen security.
then there was a suggestion to not root / unlock bootloader, not to flash custom recovery and not to turn on usb debugging. well even if i do that, there is still a possibility to unlock bootloader from odin mode and or may be flash something from there to break lock screen security, and gain root access and then flash this security bypass zip.
so what i can think is the only way to survive is to encrypt whole device? am i right?
and if i have to encrypt my whole device including ext-sdcard then will all the tweaks work? like xposed framework and it's apps etc? will my phone eat more battery? if i encrypt my device will i survive this lock screen bypass hack ?
please give your opinions by looking at all the possibilites. thanks in advance.
or may be if there is a way to put a password on custom recovery as well as all other modes from where someone can flash things into my phone?
i never heard of anything like that, but why no one is thinking about it?
no one?
Sent from my GT-N7100
Hello. What's the easiest way to backup everything (and I mean everything, including detailed app data) before unlocking my bootloader? I want to flash a custom kernel with minimum modifications to anything else, and obviously I want to take a backup of everything before I lose them with the unlock process, but I haven't been able to find a way to do so on a stock ROM that's not even rooted.
Or is there a way to root my phone before I unlock it?
I've never had a OnePlus device before, so here I am, asking dumb questions. :silly:
Also, one more question (in three parts, sorry!): since some of the newer apps, especially banking apps, have started using stricter safety procedures, they can detect an unlocked (or even merely rooted) device, and so they don't work. 1) Is there any way I can use a custom kernel on a locked (or relocked) bootloader? 2) Is it possible to use a custom kernel on an unlocked phone that's not rooted? 3) If neither of the two is possible, how can I prevent said apps from detecting my unlocked bootloader and rooted phone?
Thank you very much in advance for taking the time to answer all of my questions.
Hi,
While going around this forum, i saw a lot that people where claiming that an unlocked phone had it's data fully secure if it was encrypted. Is it actually the case ?
From what i understand, a phone isn't encrypted with your pin code / password. It first generates keys, encrypts the phone with them, and then cyphers these keys using your code. The keys are then stored in a special partition of the phone's memory.
(And thus, if the phone needs be wiped, either remotely or because of too many failed attempts, it just deletes this partition)
Normally, it would be impossible to brute force a lock screen, since the phone will prevent more than ~ 15 attempts. However, with an unlocked device, couldn't an attacker with sufficient knowledge of the hardware be able to use the ability to flash custom boot images / roms to access these keys, and brute force them, bypassing the lock screen ? A sufficiently powerful computer could be able to brute force a 4, 6 or even 10 digits AES key in hours, if not minutes.
So :
1) Is this correct, and how the android encryption works ?
2) if it is, is there any device specific protections to prevent that ?
3) is there any ways to counterbalance that threat with an unlocked device, other than setting a 10 characters password ?
Thank you.
Short answer:
If phone's bootloader is unlocked, someone could take your phone, flash a malicious ROM that contains keystroke loggers or something, and then return the phone to you and wait for you to type your PIN or decryption password. It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
xXx yYy said:
It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
Click to expand...
Click to collapse
I guess this wanders into device specificness, but, at least for my device, pixel 6a, i read that you should never re-lock a bootloader without a completely stock firmware / boot image. So, how can you protect your bootloader while keeping your phone rooted ?
What has a device's bootloader to do with device's Android OS ? Nothing!
xXx yYy said:
What has a device's bootloader to do with device's Android OS ? Nothing!
Click to expand...
Click to collapse
The lockability of the bootloader depends on the signing of the OS!?
you are right. do not lock bootloader on pixel devices. imagine device is fully stock and locked, now some OTA brick device and recovery mode not able to unbrick by sideloading full OTA image - this is nightmare. google's solution is to RMA device, they do not provide any flash tool other than fastboot or WebUSB flash tool (via adb lol)
on the other hand, encryption is secured against bruteforce by gatekeeper (in TEE). as long as your device is powered off your data remains encrypted, unless you decrypt with credentials (we won't talk about the .dismiss() bug on decrypted devices)