I investigated that issue in a German Android Help Forum and came to the, sad, conclusion that, despite the improvements in security, in Android L it is NOT possible to set a simple easy convenient Lock Screen Password or Lock Screen pattern AND use a DIFFERENT hard to guess long code/passphrase Password for the FDE/Bootup authentication.
One would need that possibility; to make an offline attack which can be run with a lot of hardware support, very hard, but provide enough convenience in every day use.
AFAIK this is the case in CM, but I couldn’t figure out a way in stock Android Lollipop 5.0.1.
Is there a way to achieve this in stock (1) with apps(2), with root(3), and lastly with an xposed module(4)?
Related
Surfing the daily news I stumbled upon a short article about Micro Systemations XRY (Danish article), a tool meant for use by the law enforcement, military and intelligence agencies. It can pull every last detail out of the phone, by first rooting/jailbraking the device, and then bruteforce the Pin lock. After this, it should be pretty much "open" and ready to get ripped. It works on just about any type of (cell)phone you might have around, including all smartphones running one of the major operating systems - such as Android, IOS, WP7 etc...
More info:
http://www.msab.com/
http://www.forensicswiki.org/wiki/.XRY
See it in action:
v6.2 smartphone support video
In the hands of the right people/instance this is a very useful tool, but it could potentially be a threat if it gets out to the public.
And now to my question; What would be the best way to secure a device from something like this??
The first thing that comes to my mind would be to either use a pin code of 5+ numbers, as the bruteforce attack would be much longer or using the pattern lock if you are on an Android phone.
The second thing would be just as simple as keeping the device updated, so older exploits would be patched up by the manufacturer.
And how about the device encryption from Android 4.0, would it have any impact on this or would that also be circumvented by the rooting procedure?
from what i've gathered they need to get root to then find out your pin. They also mentioned that in previous videos that they used to use super1click to gain root.
I wonder how far they would get with a non-rooted,pin-enabled phone that has USB debugging turned off?
sidenote: the youtube video alludes to multiple access routes; wifi, bluetooth and USB (the desire in the video looks like it does not support bluetooth rooting though), I thought it was worth mentioning if it changes anything
nzdcoy said:
I wonder how far they would get with a non-rooted,pin-enabled phone that has USB debugging turned off?
Click to expand...
Click to collapse
Exactly, and I guess that almost all (Androids atleast) comes with USB debugging disabled by default..
Please use the Q&A Forum for questions &
Read the Forum Rules Ref Posting
Moving to Q&A
Hey everyone,
I have IBM Lotus Traveler on my phone for work email, and it forces a password-protect lock screen. If it ran through basic Exchange Services email, I would have lots of possible options to disable/bypass the lock screen requirement.
Unfortunately, it is a stand-alone app with Device Administrator control. I have freakin' scoured the internet trying for a work-around, and have still not been able to find anything.
Below is a link to several deeper methods that I thought "may" work. While it's on a Miui site, I don't think you need to be running a Miui rom to make these commands work, but I don't know. And while I know Android fairly well, I'm not an expert and not that up-to-speed with ADB functions and programming. If someone could check out this link and see if there is potential there...or if it would be a waste of my time, any input would be appreciated.
http://en.miui.com/thread-5684-1-1.html
Also, if anyone has any other input or direction on disabling device admin permissions, or maybe fooling the administrator on the app, anything that may work, that would be great to know as well.
Any help would be hugely appreciated- thanks!
bump for input...
2nd bump for some interest?
Zero input or perspective?
They are all about Android 4.3 and upper.
A pair of questions about unrooting/locking/unlocking/booting.
1) What are the benefits of rooting other than being able to a) set custom cpufrequency policies, b) being able to update your phone (to custom new ROMs like cyanogenmod) when your OEM has decided to stop supporting it, c) full filesystem access, d) tuning sysctl parameters?
I don't like the fact the rooting totally breaks Android's security model.
2) Do I understand correctly that a locked phone is the phone in which you cannot overwrite/replace/customize vmlinuz? or there are even stricter limitations?
3) Do I understand correctly that in order to change e.g. /etc files you don't really need a custom ROM, you can boot into TWRP and replace/edit/remove the needed files?
4) Why does unlock wipe all your data?
5) If the phone is locked, how bootloader/firmware understands that our bootloader is untempered? Does the bootloader have a digital signature? I have this question because let's imagine that I 1) unlock 2) change vmlinuz (allow superuser) 3) lock?
6) How does "oem lock" verifies that system data is genuine? Or it simply wipes everything clean? Does Android has some (RO) partition which always contains a genuine virgin ROM you cannot meddle with?
7) If I do "unlock" on my Nexus device, without changing anything or installing any 3d party bootloader (like TWRP), will I be able to update to new official ROMs via OTA updates?
8) Why every "lock" manual says that I need to upload a genuine official ROM - what if I've changed it and made it "rooted"?
Storage.
Why does Android has so many partitions?
What method is used to break the internal storage into partitions? Is it some kind of partition table (MS-DOS, GPT) or it's hardware based?
1. The purpose of rooting is to give you an access level equal to the product's development team. Rooting is basically an unofficial way of doing exactly what the developers are doing on a daily basis. You can either consider that people are going to root and that the community adds value and bug fixes to your product by independent development (Android); or you can actively take measures to lock down root access and maintain a a gateway to development in the belief that this doctrine maintains a unified experience, protects security of intellectual material, and provides better overall security (Apple).
There's pros and cons to each side. With the Android thought, you are offloading a lot of your development burden onto the community and getting R&D, patches, and extending product life in return - for free. You take the risk of lowered security, but usually make it back because the community is a larger workforce with greater man hours and a vested interest in the product. They provide you with answers to problems you don't even know about as long as you listen.
With the Apple thought, you maintain a strong control on making the product do exactly what you want. This makes the product work exactly as expected, which can be easier for the user. However, your design has to be VERY good for the community to accept it. You also suffer in that you lock the community out from enhancing your product, so you HAVE to be the one coming up with all the ideas. Also, if the community finds a breach in your security, it can be devastating. Look at how much energy and money Apple pours into preventing jailbreaks.
I wouldn't be too worried about the 'break in security model' as you say, unless the Android platform becomes fraught with virii. After all, consider that unix on your PC is essentially the same thing, and you request root access on it to install certain things.
2. I'll let someone else chime in with a better answer
3. with root access you don't need a custom ROM, you just need the ability to access root permission and a file browser that will get you to protected areas.
4. I'm not sure I'm thinking about the same stuff as you here. Rooting doesn't wipe anything from what I remember. Replacing the ROM does, but that's because the ROM 'installer' doesn't have anything to preserve user settings. I don't consider this weird since Windows didn't have a really decent migration package built into the installer until windows 8.
5. There's a counter that iterates. Research trianglemod for an example of this topic.
6. It's hard to say what the OEM has for tools without them releasing the tools to the public. They, of course, are going to have better tools than us. No, there is no read only partition that I'm aware of that contains a full ROM that you can dump back in place. I've gone so far as to fully wipe my Galaxy S3 to the point where it only had clockworkmod and a boot screen that never went away. If I went much further, I could probably brick the phone, requiring an external programming program. A full brick would remove interface to your PC, which I believe is a possibility.
7. A new OEM ROM update will do one of three things:
a. update the phone to the new ROM and most likely break all the apps
b. update the phone and wipe everything
c. partially update the phone to a state where it won't boot due to a corruption (I've been here, lol)
8. not sure what we are talking about here
9. Android is based on linux. Linux is designed with specific partitions to handle different tasks for storage, memory access, stuff like that. If you aren't happy with the design, you are free to do something else - you don't have to use Android on an Android phone, you can probably put FreeBSD or Slackware or something, or write your own kernel.
"I wish I could say that I'd anticipated this possibility in advance
and created a fake password that unlocked a completely
innocuous partition on my phone, but I wasn't nearly that
paranoid/clever." (c) Cory Doctorow
Thats clever indeed.
I'm sure no mobile OS has been having that back to 2007 - certain plousible deniability solution for mobile devices.
Yet there is no apps with that kind of functionalities on the market.
Aslo while searching I discovered one interesting work which would solve storage side matters:
users.encs.concordia.ca/~mmannan/student-resources/Thesis-MASc-Skillen-2013.pdf
I'm not a developer and I have no clue how to:
- split and store user profiles on differect partitions
- be able to decrypt one of those on demand and allow user to login into desired one depending on the pattern / pin has been entered
Are you guys aware of any an existing solutions for Android?
Thank you!
Hello all! First off, this is my first day as a new member on this forum, which I should've done long ago honestly! This forum has helped me a lot and given me insight on many problems I've faced as I delve further into Android development. With any luck, one day I can return the favor to other inspiring developers as well!
Introductions aside, I am helping develop an app for the company I work for which requires a connection to many different devices which all broadcast a hidden Wi-Fi network. The way I see it, the easiest solution is to add the networks manually through the Wi-Fi settings on Android devices, however it is long and tedious and lends to human error (I have to manually copy over SSIDs and long PSK strings). I have also come to understand that each Android device has a "wpa_supplicant.conf" file, containing all the saved networks for that device.
I am working with an array of different phones, all running some version of Android, and I need a way to add networks en masse instead of one-by-one. Is there any way that I can:
1.) set-up a "wpa_supplicant.conf" file with all the preexisting networks and PSKs,
2.) gain temporary root access to edit the ".conf" file already present (or even bypass the need for root access), and then
3.) replace each ".conf" file for that device with the updated version.
This is all assuming that the process is relatively the same per each device, which I have also come to understand is not always the case. If this cannot be done, any insight into an alternative solution would also be much appreciated! Once again, I am just trying to avoid mulling through manual setup and inevitably entering something in wrong (I've got to be somewhat dyslexic). Kudos!
- Tristan Wright