Related
hi
two security features are keeping me away from a custom rom, i'd like your opinion about that.
First is the password that prevent booting with a password.
Second is, if someone install a new system it can't be used without providing the correct google accout and password.
I use those two protection on my phone.
I was wondering if they can be bypassed?
If he install a twrp boot then he erase the password boot protection?
Then he can install a custom ROM that will not be "locked" until he give the proper google account ?
Thanks.
Hello. I have a google pixel 4a with custom os called ARCANE OS. I want to install graphene, but to do so, I need to OEM unlock it to unlock a bootloader. Problem is, in arcane os settings there is nothing about OEM unlocking, or going into developers mode. Is it possible to OEM unlock the phone in other ways ? Now if I connect it to pc, adb doesn't recognize it. If i go to adb sideload mode, then it recognizes it, but when uploading the custom os I got ant error which means that my bootloader is locked.
Hello,
Only a few lines down in this same section you have a thread with exactly the same problem as you :
Is it bricked? Cannot flash stock Android to remove ArcaneOS
I recently purchased a used Pixel 4a, and I now understand why the seller was offering such good price for it and why he refused to respond to me now I have it. This phone has ArcanseOS 10 installed, which has only 3 apps installed... Setting...
forum.xda-developers.com
Ok, so, to start things of with, have you heard of the ANØM (or Anom) phone before? Or the Anom sting? Basically, it’s a government phone made by the FBI & AFP, which was sold to criminals by undercover agents (and yes, all this that I’m saying is real!!!) and a few years later, the AFP and the FBI did this huge sting and arrested all users of the phone.
I heard of a phone in the UK that was 'target marketed' towards those who demand privacy above all else. Was uncrackable, stinger detection, full end to end encryption and an n on. Was set up and and allowed to run for several months with the law actually runnin' all the servers and workin' the intel, logging everthing 24/4. Let the dealers comfy and start TRUSTING it...calls, texts, emails...all of it...then brought hammer down one day and started busting...took like weeks.
LTsmash11 said:
Hello. I have a google pixel 4a with custom os called ARCANE OS. I want to install graphene, but to do so, I need to OEM unlock it to unlock a bootloader. Problem is, in arcane os settings there is nothing about OEM unlocking, or going into developers mode. Is it possible to OEM unlock the phone in other ways ? Now if I connect it to pc, adb doesn't recognize it. If i go to adb sideload mode, then it recognizes it, but when uploading the custom os I got ant error which means that my bootloader is locked.
Click to expand...
Click to collapse
Wasn't arcane os a os made by government for spying on ppl
LTsmash11 said:
Hello. I have a google pixel 4a with custom os called ARCANE OS. I want to install graphene, but to do so, I need to OEM unlock it to unlock a bootloader. Problem is, in arcane os settings there is nothing about OEM unlocking, or going into developers mode. Is it possible to OEM unlock the phone in other ways ? Now if I connect it to pc, adb doesn't recognize it. If i go to adb sideload mode, then it recognizes it, but when uploading the custom os I got ant error which means that my bootloader is locked.
Click to expand...
Click to collapse
Arcane OS is the ROM preinstalled on the Anom honeypot devices distributed by law enforcement. These phones included a degoogled Android ROM with a chat platform used to log messages of the people on it, many of which were criminals. As it was created by undercover cops, the domain name anom.io was ironically siezed by the Department of Justice.
Hello. Looking at different forums for answers on this subject, I've found many people who also want to root their Hot Pepper VLE5 devices. I really want to root this thing, and in most forums instead of answering the question, people point out that this device is cheap and not worth rooting. I have tried ADB root, which returns with something like "cannot root production builds", and so I went to see how to change that. Spoiler, that also requires root. Then I saw the push/pull command and SuperSU tutorial, but once again you need root to do that, and to be honest, why would you put that on your device if you already have root?? I'm not exactly sure about how the twrp and magisk stuff works but from what I've seen those also require some kind of super user access or something. I have unlocked the bootloader with ADB, which is one problem out of the way, but I'm running out of options and need some help with it, if anyone wants to help, that is. I need root on this because it is currently the only device I have, besides a laptop made for Windows Vista running 7 Ultimate on it (I have a better PC, just not with me), and I want to do WiFi pentesting and other things because I'm very interested in cyber security and such and it's becoming difficult to find anymore help with this. I really am not concerned with the specs limiting the usage of the device, I just want a solution and there's many others I have found with the same issue.
Thank you for your time.
Only devices running Android of build type ENG and/or USERDEBUG can get rooted, AFAIK.
Only devices running a properly rooted Android can apply command "adb root" what allows you to write to device's /system partition.
To unlock device's bootloader you have to apply the appropriate Fastboot commands: You can't unlock the bootloader via ADB. At least I never have heard or read that this would be possible.
jwoegerbauer said:
Only devices running Android of build type ENG and/or USERDEBUG can get rooted, AFAIK.
Only devices running a properly rooted Android can apply command "adb root" what allows you to write to device's /system partition.
To unlock device's bootloader you have to apply the appropriate Fastboot commands: You can't unlock the bootloader via ADB. At least I never have heard or read that this would be possible.
Click to expand...
Click to collapse
It allowed me to unlock it with ADB or Fastboot or something I forget, it was something via the command line
PulseJaymes said:
It allowed me to unlock it with ADB or Fastboot or something I forget, it was something via the command line
Click to expand...
Click to collapse
1. https://android.tutorials.how/adb-fastboot-installation/
2.
Unrelated, i just sent a DM to user diplomatic asking/offering a low bounty for sharing their mediatek temp-root exploit... They has already posted for other CPU architectures (incl armv8), but not the armv71, which iiuc is what the VLE5 runs on.
Idk diplomatic hasnt been active in a couple months so we'll see if they respond.
jwoegerbauer said:
Only devices running Android of build type ENG and/or USERDEBUG can get rooted, AFAIK.
Only devices running a properly rooted Android can apply command "adb root" what allows you to write to device's /system partition.
To unlock device's bootloader you have to apply the appropriate Fastboot commands: You can't unlock the bootloader via ADB. At least I never have heard or read that this would be possible.
Click to expand...
Click to collapse
@jwoegerbauer
Thanks for the info.
Sounds like the OP did use Fastboot commands.
Their OP question was on rooting... I have the exact same device, so am wondering:
If I unlocked the bootloader (via Fastboot tool commandline),
Can i then break the stock boot image to either:
A.) replace it (eg. with Lineage OS), and/or
B.) extract and patch the existing stock ROM?
(Note, the mgfr oem does not provide any updates nor firmware images, neither ota nor otherwise of any kind.
So i have to work strictly w what is on the device.
Another Q:
If i replace the stock rom w lineage and cannot backup the stock rom first.... Will i need to worry about drivers for Android (eg. wifi/bluetooth chips, GPU, etc.) ? I'm used to working w windows or linux, is why i ask..)
while I have no experiance with qualcomm devices, the procedure is near identical to mediatek devices, so to back up your system partition just boot into EDL mode and read the flash using a qualcomm flashing tool. Then, unpack the system image throw in a su binary under /system/sbin/ repack it and flash it!
it's optional to then install magisk or supersu for a root manager for security.
That's atleast how I mangled my cellphone and did unspeakable things to the system!
I just got this phone using it as a backup right now till I can fix my other phone so I'm assuming nobody got it rooted?
I found this VLE5 if this helps anybody I haven't tried it yet but I see the VLE5 on there
I see that I can add user-settable root of trust to the bootloader so I can set custom secure boot keys like PCs at https://source.android.com/docs/security/features/verifiedboot/device-state , so I think I can use a user modified init_boot image (including the magisk patched one) by signing it with my own keypair.
Also, I know that some manufacturers require 7 days for new devices to be unlocked (like Xiaomi) or do not allow user unlock at all. However, authorized repairers can flash signed factory system images without unlocking it. I guess it is implemented by internal (read-only) root of trust. But can I do this with user-settable root of trust part so I can become authorized repairer to my own device?
P.S. I am using a bootloader-unlocked Pixel 4 XL as my major phone now. I have bought a Pixel 7 Pro but not yet switched to it. I am looking for a method to take both security and scalability into account.
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
s3axel said:
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
Click to expand...
Click to collapse
The reason why I am aiming for a re-locked bootloader is that everyone can flash a modified image at bootloader. An evil maid or cop may be able to flash a trojan boot image when I am not with my phone.
Hi,
While going around this forum, i saw a lot that people where claiming that an unlocked phone had it's data fully secure if it was encrypted. Is it actually the case ?
From what i understand, a phone isn't encrypted with your pin code / password. It first generates keys, encrypts the phone with them, and then cyphers these keys using your code. The keys are then stored in a special partition of the phone's memory.
(And thus, if the phone needs be wiped, either remotely or because of too many failed attempts, it just deletes this partition)
Normally, it would be impossible to brute force a lock screen, since the phone will prevent more than ~ 15 attempts. However, with an unlocked device, couldn't an attacker with sufficient knowledge of the hardware be able to use the ability to flash custom boot images / roms to access these keys, and brute force them, bypassing the lock screen ? A sufficiently powerful computer could be able to brute force a 4, 6 or even 10 digits AES key in hours, if not minutes.
So :
1) Is this correct, and how the android encryption works ?
2) if it is, is there any device specific protections to prevent that ?
3) is there any ways to counterbalance that threat with an unlocked device, other than setting a 10 characters password ?
Thank you.
Short answer:
If phone's bootloader is unlocked, someone could take your phone, flash a malicious ROM that contains keystroke loggers or something, and then return the phone to you and wait for you to type your PIN or decryption password. It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
xXx yYy said:
It'd be better to keep the bootloader locked whenever you don't actually need to flash things via Fastboot.
Click to expand...
Click to collapse
I guess this wanders into device specificness, but, at least for my device, pixel 6a, i read that you should never re-lock a bootloader without a completely stock firmware / boot image. So, how can you protect your bootloader while keeping your phone rooted ?
What has a device's bootloader to do with device's Android OS ? Nothing!
xXx yYy said:
What has a device's bootloader to do with device's Android OS ? Nothing!
Click to expand...
Click to collapse
The lockability of the bootloader depends on the signing of the OS!?
you are right. do not lock bootloader on pixel devices. imagine device is fully stock and locked, now some OTA brick device and recovery mode not able to unbrick by sideloading full OTA image - this is nightmare. google's solution is to RMA device, they do not provide any flash tool other than fastboot or WebUSB flash tool (via adb lol)
on the other hand, encryption is secured against bruteforce by gatekeeper (in TEE). as long as your device is powered off your data remains encrypted, unless you decrypt with credentials (we won't talk about the .dismiss() bug on decrypted devices)