Related
Hi, this is my first post here, after many years as a lurker. I have recently encountered an issue for which there doesn't seem to be a solution.
I have lost data (mainly photos and videos) after I accidentally deleted them, when I set up my cloud account, a long story that I won't bore you with..
In every single instance of similar issues over the years with all my android phones, [starting with the mighty HTC G1, and through many HTCs and now finally to the Huawei p20 pro],I have come up against a data loss that is genuinely non-recoverable.
All other android phones will allow 3rd party sofware access (sometimes with a small quick root install) to the phone.
The huawei is the first phone I have encountered that deliberately inhibits this. In order to get root access, I have to factory reset the phone.
This is a major issue, and one that I think would have put me off purchasing this phone had I known about it.
There simply is no way to retrieve lost data on a phone if you had not rooted it prior to the data loss.
How frustrating it is, to know that due to me being a silly billy and setting my cloud to delete local pics after upload, (then deleting the cloud thinking I had local copies), has cost me dearly.
The pics are still there to be recovered, but i can not ever get access.. to my own data, on my own phone, due to the firmware.
I think its time to finally go Samsung.
Please someone tell me I've missed something obvious, and that there is a way to retrieve these pics?
Tal.
I want to get my bootloader code first
I purchased two VS995's last year for myself and my wife from Verizon, and up until recently it worked great. Last month, I entered a boot loop that wouldn't stop and took it to a repair shop.
While looking into fixes that might work before contacting a shop, I remember reading that the V20 was encrypted by default as well as that by requiring a user to input a PIN during boot your device also was encrypted.
I assumed this would hinder recovery efforts and that I was throwing money away by taking it to a repair shop, but was assured that it wouldn't matter during a chip off recovery, since no data is stored encrypted.
I am familiar with data recovery from broken hard drives and partitions on both Linux and Windows, but I'm not sure about how the process works with encrypted file systems and chip off methods on Android devices.
If anyone could offer any information on if the above is correct regarding the encrypted file system and it not being a problem, or how to deal with it if it is, I would really appreciate it.
My thought process was to get an image of the file system and load it into either something like BlueStacks as the local file system to extract data off that wasn't backed up to the cloud (Quickmemos, current browser session on Chrome, the list goes on and on), or mount it using linux like any other partition.
I'm not sure if I can go in and ask the repair shop to specifically make a binary image of the chip so that I can recover the data myself or not and provide them with a flash drive, but I figure it's worth a shot. I used my phone in place of a computer, and had pictures of my family's social security information that my work had requested as well as internal documents I had to learn as a manager when I was promoted. I figured they were protected by the boot up password until I could back them up, and the phone died a few days before my scheduled backup. Anyone who repair phones for a living have any thoughts on how to request specific things from a phone repair place or how you want your data handled?
I appreciate all the help, and apologize for the long winded post. I wanted to try to cover everything in one shot I also forgot to mention that the phone is 100% stock. Thanks in advance!
userdata (all your actual data) certainly is encrypted by default (though rooting usually disables the encryption), requiring a pin at boot or not is just changing how the real encryption key is stored ( encryption key of the encryption key). AOSP article goes into some more detail.
No idea how shops handle it, I've just done a bit of research on it before.
Hello friends and users of XDA forum. First I'm from Hong Kong and join XDA for more than 10 years, please accept my apprologize my poor english.
The story started from 6 years ago, during these days I changed over 20 phones. The first time I changed my mobile phone was image files and viedo files that I captured from IP cam some sensitive captures disappeared. Initially, I thought the problem of my LG-E988. So, I brought a new Phone LG-(forgot) DS. For the first few days. It looks perfectly fine, but the problems came back again. I beliveryed that it may caused by virus/malware/trojan, so I tried almost all different virus scanner avaliable, nothing was found. And sometimes I lost email, SMS message and GPS turned on by itself. I also saw the mobile screen changed itself, even took photos and videos. I told these to my family, because I have parkinson desease. So they believe I have organic psychosis and send me to hospital. Then I was trapped in hospital half a year because my wife lie and doctor did not believe what actually happened.
Over these 6 years, my computers all affected similar trojan (bootkit), It still there after fresh installed once infected. The mobile and computer can work offline, all photos and video files that copied in or out of computer / mobile will be damaged. These forum for mobile, so I concentrate on mobile trojan's issue, if you need solutions how I solve the problem, please feel free to ask.
I don't have much information about the trojan, but i have some clues can share.
(1) the trojan is not an apk nor zip package that installed by TWRP or any recovery.
(2) the trojan seems can be "inject" to any andriod systems and any brand, any model.
(3) the mobile seems must be opened physically. it must be injected into different partitions.
(4) Sometimes it works by root the mobile and install any ROM and the trojan will gone.
(5) I recently fixed a Samsung SM-A715F and I found an encrypted partition in adb shell.
(6) some files are set to some permissions even root can not copy, open, or chmod.
(7) the trojan will not infect other mobiles at same network or NFC, Bluetooth, Wifi.
(8) again, the trojan and see/listen using camera in realtime, see what you are doing, see your position, listen to background noise, the word you are typing or take full control of your phone, heat up your cpu and even turn your roaming on and transmit hundred of giga byte data.
I'm a programmer that I can write a little java program, root my mobile and install my favourite ROM, but not able to trace / detect / delete such trojan and where the data goes. Any expert can help me to doing that? It destory my family by capture something that my wife should not see. I still have a LG V20 and a honor 8A (JAT-L29) are infected. Please what to do next, or what you need.
Thanks for every one and sorry for my poor english.
boyfriend3088 said:
Hello friends and users of XDA forum. First I'm from Hong Kong and join XDA for more than 10 years, please accept my apprologize my poor english.
The story started from 6 years ago, during these days I changed over 20 phones. The first time I changed my mobile phone was image files and viedo files that I captured from IP cam some sensitive captures disappeared. Initially, I thought the problem of my LG-E988. So, I brought a new Phone LG-(forgot) DS. For the first few days. It looks perfectly fine, but the problems came back again. I beliveryed that it may caused by virus/malware/trojan, so I tried almost all different virus scanner avaliable, nothing was found. And sometimes I lost email, SMS message and GPS turned on by itself. I also saw the mobile screen changed itself, even took photos and videos. I told these to my family, because I have parkinson desease. So they believe I have organic psychosis and send me to hospital. Then I was trapped in hospital half a year because my wife lie and doctor did not believe what actually happened.
Over these 6 years, my computers all affected similar trojan (bootkit), It still there after fresh installed once infected. The mobile and computer can work offline, all photos and video files that copied in or out of computer / mobile will be damaged. These forum for mobile, so I concentrate on mobile trojan's issue, if you need solutions how I solve the problem, please feel free to ask.
I don't have much information about the trojan, but i have some clues can share.
(1) the trojan is not an apk nor zip package that installed by TWRP or any recovery.
(2) the trojan seems can be "inject" to any andriod systems and any brand, any model.
(3) the mobile seems must be opened physically. it must be injected into different partitions.
(4) Sometimes it works by root the mobile and install any ROM and the trojan will gone.
(5) I recently fixed a Samsung SM-A715F and I found an encrypted partition in adb shell.
(6) some files are set to some permissions even root can not copy, open, or chmod.
(7) the trojan will not infect other mobiles at same network or NFC, Bluetooth, Wifi.
(8) again, the trojan and see/listen using camera in realtime, see what you are doing, see your position, listen to background noise, the word you are typing or take full control of your phone, heat up your cpu and even turn your roaming on and transmit hundred of giga byte data.
I'm a programmer that I can write a little java program, root my mobile and install my favourite ROM, but not able to trace / detect / delete such trojan and where the data goes. Any expert can help me to doing that? It destory my family by capture something that my wife should not see. I still have a LG V20 and a honor 8A (JAT-L29) are infected. Please what to do next, or what you need.
Thanks for every one and sorry for my poor english.
Click to expand...
Click to collapse
It sounds to me that your computer is the main problem and I assume you connect the phone to it so the phone gets infected.
Regarding computer and virus the best thing to do is to format and reinstall the Operative System.
Regarding the phone, hard reset and no more problem.
mobnoob said:
It sounds to me that your computer is the main problem and I assume you connect the phone to it so the phone gets infected.
Regarding computer and virus the best thing to do is to format and reinstall the Operative System.
Regarding the phone, hard reset and no more problem.
Click to expand...
Click to collapse
Thanks for the reply. Nope, plug-in into a computer won't infect the phone, but if debug turn on, it might be ture. But I'm 100% sure hard / factory reset, wipe cache won't clean the trojan. I did it million times with no apps was installed but still clear the trojan. it's not done by install an apk. according to infected 20+ phones, 80% of the phone's cover were openned. I believe they downloaded "EEPROM" boot partition and add a small portion of code. If I root the phone, sometimes i can see an unknown encrypted partition. And administrator can't access most of the files on root. The only solution is root the phone and wipe everything then, put stock rom from other sources install, but it's risky. Any others methods or suggestion to check or verify the ROMs are original stock ROM?
Please help me! Thanks!
#The attach file is rooted phone /root_files, but most file can't be copied.
1. A Factory Reset - as its name implies - simply turns device into state when it was shipped by manufacturer, means all user-data / user-apps get wiped, system apps get reset to their original state if they got upgraded.
2. Wiping the Cache deletes only temporary system data, but not temporary user-app data.
Hence it should be obvious these 2 named actions will eliminate a trojan or other malware the Android device got infected with. But with the help of an activated Google Play Store they can re-install themselves.
Trojans ( hidden apps ) can easily get found on Android device.
FYI:
What all types of Trojans have in common is that they can only get onto the end device with the help of the user.
Trojans are not only found in email attachments. They can also piggyback on supposedly free programs. Therefore, it is once again important not to use dubious sources for software downloads such as codec packs or cracked programs, even if you might save a few bucks. The damage that can be caused by Trojans often exceeds the value of the software if it had been purchased regularly.
By the way, a Trojan should not be confused with a virus. Viruses reproduce independently, while a Trojan is merely a door opener - but with potentially devastating consequences.
So far he has deleted all the bookmarks that I saved from this site. The phone RCS doesn't work anymore. They can listen to phone call and terminate them and spoof incoming calls. I sent one phone to Samsung to be reviewed. At the end of 3 week review they sent me a check for the phone and I bought another one from ATT and I still have this problem. So I would appreciate it if someone could give me some direction for this Flip 3. I like the phone. I am a engineer and designed a few devices using ESP32's. So I know how to flash. I just need to lock this phone down and I will deal with the computer problem later...
Infections across multiple platforms is almost unheard of... what did Samsung find?
It isn't an infection. They are exploiting both devices. I run Norton 360 on both systems. It only slowed them down. And they are 24/7 on me like ex NSA. They haven't stolen anything but they are malicious. Samsung never said. The only thing that said is to buy a different phone. ATT has a open fraud case open because they saw the Tag phone and I changed the phone number several times like some drug dealer with different sim cards.
I feel like I am in the movie Enemy of the State except I am Will Smith and Gene Hackman rolled up into one.
cjdee1 said:
It isn't an infection. They are exploiting both devices. I run Norton 360 on both systems. It only slowed them down. And they are 24/7 on me like ex NSA. They haven't stolen anything but they are malicious. Samsung never said. The only thing that said is to buy a different phone. ATT has a open fraud case open because they saw the Tag phone and I changed the phone number several times like some drug dealer with different sim cards.
Click to expand...
Click to collapse
AT&T has an open fraud case on you... or "them"?
Did malicious things? Losing bookmarks is pretty common and usually has nothing to do with being hacked.
Change Google account and password.
Reset all other accounts the same way on a clean Android. Allow no one physical access to the device and most importantly be careful what you install and download.
Most users don't need a hacker to stalk them; they do it themselves by careless installs and downloads. I'll remind you that XDA is a site filled with hackers... mostly peaceful.
I'm sorry for your troubles, most days hacking isn't needed. Really to get into someone's account these days you need personal information which is freely givin on social media and whatnot. You should get with Google and do a massive security checkup. Change password turn on 2FA...the whole swizzle. If all else fails, create a new account completely separate from the affected account/device and start fresh
I opened the Fraud case. They provided the documentation. This has been going on since last year. There was a white paper that came out in November how the media player was being use to hack in. I deal with this problem every day. One would think they would give up. I have another 20 computers in my office that I am replacing once I get my end under control.
Hmm... maybe move all your info to a new account (make the account on a different IP address so like have a friend make it maybe) cuz from my understanding- the hacker finds you on even a new phone? delete the accounts that are being hacked and uh- idk what else really
delete the apps that are being infected
Purge everything from everywhere and start fresh. Honestly Norton and other programs for virus protection aren't really helpful anymore. I do not see a point in using them when Microsoft does a great job just on their own. It's possible that it could be the cause most of the time anti-virus programs that aren't part of the main OS are the problem
Also another note, anything with a Snapdragon and made for the US is locked down. Means no flashing no anything. Best bet for a device us find a good old phone that has a lot of support and flash anything on it
Dr.Lost said:
Also another note, anything with a Snapdragon and made for the US is locked down. Means no flashing no anything. Best bet for a device us find a good old phone that has a lot of support and flash anything on it
Click to expand...
Click to collapse
If you go below Android 9 you will introduce a slew of high risk vulnerabilities including some the worst rootkits. If you're really concerned use the latest version of 12 with fully active scoped storage and the mess that it is...
In general don't use wifi on Androids.
Keep bluetooth off if not using.
Install only vetted apps. Scan with online Virustotal.
Keep all downloads in the download folder until vetted. Scripted malware jpegs, pngs are real and may evaded conventional detection. If they get into a database they will raise hell until deleted; open all jpegs in download folder before transferring them and check for changes in that folder
Keep all email in the cloud, avoid downloading any attachments unless absolutely necessary.
If malware is suspected, delete it or factory reset within 2 hours. Reset passwords.
Time stagger backups so they don't all get infected if there is an incident. Backup redundantly to 2 or more hdds that are physically and electronically isolated from each other and the PC. Use only a known clean PC to access those backups... cross platform malware jumping is rare, cross drive jumping is not.
blackhawk said:
Infections across multiple platforms is almost unheard of... what did Samsung find?
Click to expand...
Click to collapse
Unheard of? Absolutely not, rare on a cell phone, maybe? I don't know really but it is possible especially if OP pissed off the government
Good luck OP
When it comes time to switch to a new phone, ATT should be moving you to a new account with a fresh SIM. Don't transfer anything. Install anything you had fresh and set it up fresh. If they are giving you a new SIM or attaching the new phone to the same account and someone gained access to the account, they're still being fed every new number and IMEI.
As for pictures and stuff, get a USB-C compatible hard drive. Move it to that. Make sure your virus scanner on the computer is updated and either yank the LAN cable or turn off the router before connecting and scanning it. Once it's clean, connect the drive to the new phone and not the computer.
Sounds like someone cloned your ESN and SIM based on what they were doing. Synced items could be manipulated through a PC hack and one good run of the right software with your phone on the same network made it a phone issue.
Oh, and if they didn't or don't already do it, make sure ATT logs your previous devices "lost or stolen" to blacklist the IMEI. That should also make a clone useless for as long as it's a clone.
if you are suspecting a hack, then report to samsung members app > get help > error report asap for help from samsung's hacking issue team
luigi90210 said:
Unheard of? Absolutely not, rare on a cell phone, maybe? I don't know really but it is possible especially if OP pissed off the government
Good luck OP
Click to expand...
Click to collapse
If you download malware files a PC is suspectable to, yes, but generally an infection on an Android doesn't cross platform infect a PC.
It's important to nip any malware in the bud and to isolate that device immediately to limit damage. Any device with malware that I can't erraticate completely within 1 to 2 hours gets nuked, data and all, factory reset. Data is restored then via offline backups.
My PC never has internet access and that's one less huge vector for infection. Even then my backup data drives are isolated from the PC unless in use... multilayered security.
If the DOD, AEC, FBI etc are interested in you, you'll never know it unless they want you to know. When on stake out they always operate as teams. One team is high exposure to gain maximum information and maybe detected but a second picket fence approach team is already in place if the primary team is exposed. Of course they share all knowledge gleaned. The second team you will likely never detect.
Fun fact; field FBI Agents blend in, can be wearing blue jeans, orange vest, 3 piece, anything but low key and drive midrange priced cars that are slightly dirty. The way you ID them is by their behavior and at times location.
If you're not on their menu they may even have a benign friendly conversation with you. They are interesting to chat with.
There is an app on the phone com.qualcomm.atfwd Is that a valid program for this phone. I got my old CDMA phone up on t mobile I had the data turned off because it was useless to me. I came back home and I saw the 2 forks moving. The data was turned on and Norton firewall blocked entry and I had the wifi in airplane mode on the computer. Now I have skills, the average person would never know. This is why I need a phone that I can lock down.
I believe it started with the phone and then I used samsung pc software which hacked the computers that I used. I have all the 25 zip files from one phone before it got a change to load. Anybody interested in them?
The phones have 422 files installed.
cjdee1 said:
There is an app on the phone com.qualcomm.atfwd Is that a valid program for this phone. I got my old CDMA phone up on t mobile I had the data turned off because it was useless to me. I came back home and I saw the 2 forks moving. The data was turned on and Norton firewall blocked entry and I had the wifi in airplane mode on the computer. Now I have skills, the average person would never know. This is why I need a phone that I can lock down.
Click to expand...
Click to collapse
WiFi Screen mirroring.
cjdee1 said:
There is an app on the phone com.qualcomm.atfwd Is that a valid program for this phone. I got my old CDMA phone up on t mobile I had the data turned off because it was useless to me. I came back home and I saw the 2 forks moving. The data was turned on and Norton firewall blocked entry and I had the wifi in airplane mode on the computer. Now I have skills, the average person would never know. This is why I need a phone that I can lock down.
I believe it started with the phone and then I used samsung pc software which hacked the computers that I used. I have all the 25 zip files from one phone before it got a change to load. Anybody interested in them?
The phones have 422 files installed.
Click to expand...
Click to collapse
Interested in potentiality infected files?
Wanna do malware jpeg swap?
Seriously... scan them with online Virustotal.
I guess that could start over as a last resort. The funny thing is I don't do anything illegal. Who ever it is will be wasting time and costing me time. I am sure they are getting screenshots but I don't think that they do it live. On the PC I have zero'd out the drive but the bios is another way. It started when I backup the phone using different computers on my network.
cjdee1 said:
I guess that could start over as a last resort. The funny thing is I don't do anything illegal. Who ever it is will be wasting time and costing me time. I am sure they are getting screenshots but I don't think that they do it live. On the PC I have zero'd out the drive but the bios is another way. It started when I backup the phone using different computers on my network.
Click to expand...
Click to collapse
Is the router updated and secured? Lock it down even if you need help to set it up.
On the PC you should try to ID what the malware is and make sure the databases are clean of it before reloading. Protect all backup drives until the PC is known clean.
The bios can easily be reflashed.
Background:
A person I know, dropped his phone (Android Oreo or above) into the water while at a beach. He tried keeping the phone in a bag of rice etc., but he can't get it to work. It won't even start. Samsung support said he'd need to replace the motherboard. He does not want the phone working again, but he wants the vacation photos from the phone. In Bangalore, there are some data recovery services that say they can recover the data for him (one of them mentioned some Spider technology).
Primary question:
Is the data recovery team's claim that they can recover the photos, actually legitimate? Can the photos be recovered from the phone in such a situation? How would they do it? Since the data on the phone would be encrypted (a password was needed to unlock the phone), would the data recovery team use a motherboard from a similar phone, connect it to the data storage and ask him to type his password to be able to access the data? If instead they removed the NAND storage and connected it to another board, wouldn't it be impossible to access the data without typing the phone's unlock password to decrypt it?
Concerns:
They might be bluffing, and this could just be a way to get paid for the "effort" that they put in to try recovering the data even if they can't eventually do it.
The data recovery team could clone the data and use brute-force techniques to gain access to any other data.
They could misuse any payment information stored on the phone.
They may view WhatsApp chats or other WhatsApp data stored (he says his WhatsApp is protected by fingerprint recognition).
if privacy is the main concern here, do it through samsung, through the official means. whats more important, the price of a motherboard or their privacy ?