Database Info

[Q] Unlock PC with phone (NFC)

Heya,
So I had this idea where I'd unlock my PC with my phone. Here's how I thought it could work:
I have 2 users on my PC, me and my girl, however, on the same account, so no need to switch accounts. Depending on which phone I use to unlock it (via NFC, no idea how) it should:
For me:
- Unlock screen
- Run certain apps
- Set skype to online from away
- Play music
For girl:
- Unlock screen
- Run certain apps
- Leave skype away
- Play music
Upon removal of the phone from the dock (?) it should lock the pc and kill the apps etc. I know how to task all this but here are the questions:
- How do I lock my PC in such manner that it can't be accessed in any other way other then unlocking it with NFC (screen/keyboard/mouse lock, processes online should still be running)?
- How do I trigger all this with an NFC tag?
Thanks!

Loldawg said:
Heya,
So I had this idea where I'd unlock my PC with my phone. Here's how I thought it could work:
I have 2 users on my PC, me and my girl, however, on the same account, so no need to switch accounts. Depending on which phone I use to unlock it (via NFC, no idea how) it should:
For me:
- Unlock screen
- Run certain apps
- Set skype to online from away
- Play music
For girl:
- Unlock screen
- Run certain apps
- Leave skype away
- Play music
Upon removal of the phone from the dock (?) it should lock the pc and kill the apps etc. I know how to task all this but here are the questions:
- How do I lock my PC in such manner that it can't be accessed in any other way other then unlocking it with NFC (screen/keyboard/mouse lock, processes online should still be running)?
- How do I trigger all this with an NFC tag?
Thanks!
Click to expand...
Click to collapse
Do research lazy bum
Sent from my Nexus 7 using xda app-developers app

androidsoccer said:
Do research lazy bum
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
I think I looked over all threads that come up when you search for NFC on the forums >.> But sure, I'll look more

I don't believe there's any technology that would allow you to do that, currently. There'd have to be much tighter integration between your phone and desktop OS and I think if anyone is going to do that it's probably going to be Apple and not a random Android phone vendor.
I thought about the experience that you're trying to create and I think one way that could be realized in the future is if your phone IS your whole PC, and docking your phone just connects it to external resources: monitor, keyboard, mouse, speakers, and other peripherals. When you're done, you just undock and someone else can dock their phone in. There could be kiosks for this in internet cafes and at the airport where you can work and charge your phone at the same time. Maybe the dock would connect you to wired internet service too, so while you were docked you didn't need to worry about mobile data coverage and usage. Phones are relatively limited in storage space but with network-attached storage and cloud-hosting you could have access to all the data you need.
Well those are my thoughts. Sorry I couldn't give you a solution but it might be 10 years too early for one.

Damn. It sounded so good locking your pc with something you carry rather then having an usb just to unlock it. Oh well thanks for the reply I hope someone looks into it. Would enhance work security too, even if someone gained access to your work pc they would still need your phone to abuse it.
Thanks again!
Sent from my Nexus 7 using Tapatalk HD

The Idea isn't bad at all.
What you would have to do to get it to work is to write your own CSP to allow Windows to use your device as it:s logon credential.
IT's the same framework that smartcard pluggins andd so on uses so it's not impossible. MS built in the capability to extend the login functions but it won't be easy

mace2442 said:
The Idea isn't bad at all.
What you would have to do to get it to work is to write your own CSP to allow Windows to use your device as it:s logon credential.
IT's the same framework that smartcard pluggins andd so on uses so it's not impossible. MS built in the capability to extend the login functions but it won't be easy
Click to expand...
Click to collapse
I'm basically looking to lock screen/keyboard/mouse only, not necessarily log out the user, as I want background programs to keep running. Now I have no idea if a PC can know which phone is tapped into the NFC. Basic idea would be to have sticker/reader on the desk, put the phone there and use PC. Upon removal, the PC would be locked. From what I understand, NFC has 2 modes (like connected and not) so it wouldn't be a battery drain. Or would it

Loldawg said:
I'm basically looking to lock screen/keyboard/mouse only, not necessarily log out the user, as I want background programs to keep running. Now I have no idea if a PC can know which phone is tapped into the NFC. Basic idea would be to have sticker/reader on the desk, put the phone there and use PC. Upon removal, the PC would be locked. From what I understand, NFC has 2 modes (like connected and not) so it wouldn't be a battery drain. Or would it
Click to expand...
Click to collapse
locking/unlocking is handled through the same components as login/logout so it will be the same type of
code/system calls anyway It will be a lot less for only locking so it will be easier though :good:

mace2442 said:
locking/unlocking is handled through the same components as login/logout so it will be the same type of
code/system calls anyway It will be a lot less for only locking so it will be easier though :good:
Click to expand...
Click to collapse
Aye =) I'm gonna dive into this, my dev is busy with some other work, but I think he can pull this off. Would be interesting to see it anyway, maybe do a GUI with basic functions like login skype to this user, play this music, open up this chrome etc.. Does a dime on effectivness with shared computers @ work or at home.
Next step might be to make user specific files - Sonya/Download for instance - inacessible for anyone but the owner.
If anyone knows an open source project that has some of the lock functions already, but is made for USB locks or anything, do let me know it will speed up the process. I plan on sharing the app here for free anyways ^.^
Cheers

Phone wiping after misentering passwords multiple times

Maybe I am just missing something very obvious but it seems like there is no option to wipe the phone after misentering the password multiple times (BB or iphone style)?
I know it can be done with Exchange policies but it will be a cold day in hell before I go THAT route...

nupi said:
Maybe I am just missing something very obvious but it seems like there is no option to wipe the phone after misentering the password multiple times (BB or iphone style)?
I know it can be done with Exchange policies but it will be a cold day in hell before I go THAT route...
Click to expand...
Click to collapse
It's not a standard option in Android (I for one am glad - I've accidentally wiped my work Blackberry more than once when inebriated). Android Device Manager (or the Motorola equivalent) both allow a manual remote wipe from a PC or another Android Device.
It's possible for apps to monitor incorrect password entries (no root required just a Device Administrator Permission), although I'm not sure if an automated wipe is possible without root. Take a look around the play store to see if anything meets your needs.
I use the automation app MacroDroid along with Secure Settings (both in the playstore) on my unrooted MotoG. The way I've got it set up is that 3 failures to enter correct PIN changes it to Password mode, a further 3 failures will prevent the phone from waking up (by automating a screen lock associated with the screen coming on). As-well as that it will automatically take and email to me front and rear camera photos, and the phones location on the change from Pin to Password, and again on the change to 'Lockdown' mode. I can send it an SMS with a special message in the text to get it to repeat this. I'm toying with the idea of setting it to shout 'Thief!' repeatedly at full volume when someone tries to turn on the screen when it's locked down

It is not exactly that what you were asking for. But i just wanted to mention also Cerberus here.
It brings a lot of nice features to control your phone remote.

Making the S8+ completely theft proof

Hey!
It's my first post here so it this isn't the best place for such a question then by all means mods pls move the thread to where it should be
Basically, where I'm currently living (Brazil), things tend to get pretty violent and phone thefts are very common. Now the thing is, if it's an iPhone usually the thieves just throw it away, as once it's locked it becomes useless. When it comes to Android though, some of them will dig deep trying to access your info like pictures, passwords, bank information, among other things. They even manage to break IMEI locks and stuff. I got my S5 stolen recently and the information theft part put me through hell. Yet, I'd much rather have an S8+ then any other iPhone currently, so my question is how could I completely theft proof it?
I'm not really worried about them restoring the phone and reselling it, more about them accessing the data inside of it. I know the SD card can be protected through cryptography (although would accept "stronger" tips if there are any). When it comes to apps, aside from the basics of trusting what you install and stuff, are apps like Cerberus, Knox 2.0, or other Samsung features I'm not aware of, any good against someone who knows what they're doing? Is there a way to disable airplane mode or power offs? Also what is probably my strongest concern: is there a way to completely not allow system changes through a computer, like the one that removes the lock screen?
Being a programmer and computer science undergrad student (although not specializing in security nor mobile), I'd have no problem if the solutions would involve some coding or tweaking, just as long as they prove to be effective.
So, would you guys have any tips on how to completely secure the data given those concerns?

The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.

You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.

Gary02468 said:
You can set the phone to require a password to decrypt it when it's restarted. You can encrypt the SD card too. You can set it to lock instantly when the screen turns off. And you can use only a password to unlock it (no biometrics), which is the most secure option (if you use a suitable password). Finally, you can set the phone so that you can wipe it remotely, or to wipe itself after a number of consecutive incorrect password attempts. But even without the last two measures, your data will be unreadable without your password.
Unfortunately, though, if thieves are violent enough, they may be able to coerce you into divulging the password. If they succeed, they have full access to your phone.
Click to expand...
Click to collapse
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
xile6 said:
The sd card can be Encrypted and if you have a password lock (fingerprint irsi etc...) then it will ask for that before it will unlock the phone.
Also they have a remote wipe. You can log i to google and remote wipe your phone when you found out its been stolen.
Click to expand...
Click to collapse
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such

I use smart Lockscreen protector to prevent somebody putting my phone to airline mode or shutting it down ( It won't help phones with removable battery)

If you have the phone encrypted and have the require pin on boot set. And you have the Qualcomm version that is locked down you have nothing to worry about.
Even the iPhone 7 has been jail broken or rooted the S8 with the Qualcomm chip is one of only a few phones that have not been hacked. It's actually WAY more secure than an iPhone.

lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
The phone is completely encrypted, so if you set it to require a password to restart and to turn the screen back on, then its contents are unreadable without the password regardless of how you connect to it.

lvrma said:
...
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
If you have a lock screen set you can lock the status of your phone(wifi state, airplane mode, power settings). This way you have to unlock it to toggle these modes.

I just ran across this, some good advice.
http://thedroidguy.com/2017/04/setu...security-features-tutorials-1071462#Tutorial1

lvrma said:
What about stuff like that Dr. Fone Toolkit that supposedly removes the lock screen? From the quick look I took it seems it somehow patches the Android on the phone to remove the lock screen. Is there some sort of system encryption/lock to avoid that kind of stuff when connected to a computer?
Click to expand...
Click to collapse
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless... Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/

BratPAQ said:
Like you, I'm interested with this topic, but unlike you, I would like the theief to have a useless phone if they cant unlock it. So that they would think twice the next time they want to steal an android. Else they would just continue stealing since you just put the phone on download mode, connect to a computer and root it.
About your question. Isnt disabling usb debugging mode on developer option block that risk? Also in my note 4, enabling knox will prevent your device from being rooted, at least thats what i understand from the description. i wonder where it is in s8.
speaking of knox, s8 has "Secure folder". its like a secured environment within a phone. Everything you put in here will be protected by knox. Apps, accounts, files, etc. And it would ask for another security to access it(pattern/pin/password).
you mentioned cerberus app, it has a function than can wipe device memory and wipe sd card via SMS command. so if you are fast enough, while the thief is running away and before he pulls out your sim card from the phone, you can send an sms command to wipe data.
Since you mentioned you are a programmer, this may be interesting to you, locking download mode and recovery mode on android to prevent thief from flashing hack to your phone. but this require a bit of patience if android isnt your forte.
https://ge0n0sis.github.io/posts/20...-mode-using-an-undocumented-feature-of-aboot/
Click to expand...
Click to collapse
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.

the easiest way to encrypt sd and phone, enable adoptable storage.

cantenna said:
the easiest way to encrypt sd and phone, enable adoptable storage.
Click to expand...
Click to collapse
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
lvrma said:
Usually they just put it on airplane mode though, so google remote wipe is useless[.] Which is why I was looking for more of an offline fix through cryptography and such
Click to expand...
Click to collapse
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).

Gary02468 said:
How is that easier than just selecting the Settings options to encrypt the SD card and to require a password to unlock upon restart?
---------- Post added at 06:08 AM ---------- Previous post was at 05:11 AM ----------
Yes, and even without airplane mode, they can physically enclose the phone to block all electronic signals. Encrypting the phone (and SD card), using a secure password as the sole unlock method, affords the strongest protection against all attacks (except coercing the password from you).
Click to expand...
Click to collapse
oh yea, may bad, i often assume everyone on xda is here because there interested in unlocked boot loaders, root and custom kernels. My recomindation applies only to people who have unlocked pandor's box only.
the method of encyption you suggested the isnt availble for users like me but we can enable adoptable storage which does encrypt the system by other means and it is compatible with root, etc

dynospectrum said:
Don't put your phone anywhere besides your pocket. Get a cover that makes it look like as different phone with a cracked screen.
Click to expand...
Click to collapse
Where can you get/ how can you make such a cover?
Also sometimes when I'm in bad Areas, I go to developer options and turn on some of the screen update stuff, so it flashes the screen purple a lot and make it look messed up.

Forgot PIN - Sat in a drawer and died. Please help

So, I just went to a music festival and wanted to use my Mate 9 instead of my OnePlus 6t for recording. I did a format of the device and set up very few things to get it usable over the weekend - signed into Google and Facebook primarily. I did not enable developer options, or set ADB as I didn't think anything of it.
Got home, let it sit on my nightstand and upload photos to the cloud... FORGOT TO PLUG IT IN BEFORE BED.
It sat there, got tossed in a drawer while cleaning and the other day, I wanted to finish uploading the rest of the media. Plugged it in, charged it and powered on, only to get a pesky "PIN required when you restart device" even though the phone is actively recognizing my face.
I cannot for the life of me figure out the PIN that I set, and none of my videos uploaded from the concert, so I really don't want to wipe the device. I figured that there was some backdoor through Google that would allow me to log in, verify myself, and unlock the phone from the other side, but I cannot find anything.
Is there any way to recover or disable the PIN so I can get my stuff off? I've emailed Huawei, but they have yet to reply to me, and searching hasn't yielded anything helpful aside from "Do THIS if you forget your PIN to reset it" videos which show people just mindlessly wiping their devices.
Please help.

If have twrp then ur problem easy solve and wat firmware.

I don't have TWRP . It was just factory reset and I don't know what firmware. I didn't think I'd have this issue. I can't believe I didn't write the pin down. If I at least knew how long it was, that would help too. But as I type in potentials, it allows around 15 characters before telling me it's incorrect. I can't remember if this would mean it's that long, or if it allows you to type out past password character length

The only real backdoor is if you had gone in and decrypted the device at some point, in which case you might be able to use TWRP or the like to access /sdcard and extract the media.
Without that, all of the media is in credential encrypted storage, meaning that your PIN is absolutely required: the encryption key for the data is behind your PIN.
Your other options are pretty much to brute force the PIN, or give up on the media. I wouldn't be surprised if there are utilities out there for it assuming that the device was unlocked (and your PIN entry sounds like something that's close to AOSP, not EMUI, as EMUI exposes the length of the PIN, so it probably is), but they're not anything I've ever had to look for.

Yeah, so full story... I have a OnePlus 6t, but it records concert audio like crap. It's blown out and distorted. The Huawei was able to record heavy bass drops front.row by the speakers without any distortion. I dug it out of my drawer, factory reset it, loaded a few apps on for the weekend, and logged into Google and Facebook.
I did not alter many settings, turn on Dev mode, or enable ADB. I don't even know what version of EMUI or Android is on there because I don't know if it had any updates..
I was hoping that with the Android Recovery service, there was some way to select the device and reset the lock, with 2 step verification via OTP or something else similar. But the only option is built around the phone being lost/locked out, and not in the owners possession... Which sucks.

I'm still needing a way to get my media off of this device. Can anyone help?!

Getting lockscreen password from Redmi Note 9S possible?

Phone information:
It's a Redmi Note 9S (miatoll)
Phone has LineageOS (https://wiki.lineageos.org/devices/miatoll/) on it
Open bootloader
USB debugging is enabled
It is on and the lockscreen password has already been entered a few times
Story:
Got the Redmi Note 9S used for my girlfriend, installed LineageOS on it and unfortunately forgot to disable USB debugging. So it was in the state as described above in "Phone Information". The phone was found by my girlfriend's mother and because the mother didn't know she had such a phone, she wanted to know what she was doing with the phone. So the mother went to a friend and this friend found out the password of the phone within 5min according to the description of my girlfriend. So he really got the password displayed on the PC. The password was very strong and looked like "Z6u$e2%&Fq!k26W2", so he didn't bruteforce it.
I know he did it using fastboot and then maybe installed something over it. My girlfriend said he had a terminal open on his computer with green font color. I was shocked that he did it so easily, which is why I really wanted to know how he did it. Did over 18 hours of research, read through many forums, read up a lot on reddit and it was all about removing the password at most, but not about getting the password.
Question:
How did he do that? Is such a thing even possible?
I would also like to hear your guesses on how he did it or do you think my girlfriend lied to me? but I can't imagine that and I don't know why she would do that. The whole thing was several months ago, but I'm dying to know how!!!

don't believe storytelling. who uses "Z6u$e2%&Fq!k26W2" for lock screen? have you even tried it's possible to set? mine only allows [A-Za-z0-9]
Password storage in Android M
General Android discussion, some focus on Android security. Updates about my WWWJDIC, Kanji Recognzier and Hanzi Recognizer apps.
nelenkov.blogspot.com

aIecxs said:
don't believe storytelling. who uses "Z6u$e2%&Fq!k26W2" for lock screen? have you even tried it's possible to set? mine only allows [A-Za-z0-9]
Password storage in Android M
General Android discussion, some focus on Android security. Updates about my WWWJDIC, Kanji Recognzier and Hanzi Recognizer apps.
nelenkov.blogspot.com
Click to expand...
Click to collapse
The password I wrote was just to symbolize how strong the password was. How the actual password is, I do not know, only that it was 16 characters long. Maybe I got it wrong with my writing, sorry English is not my native language

however, iloveyou$unshine is not a strong password and can be bruteforced with rainbow tables and crypto miners. keep in mind you must enter password every time you grab your phone. you must have paranoid girlfriend

aIecxs said:
however, iloveyou$unshine is not a strong password and can be bruteforced with rainbow tables and crypto miners. keep in mind you must enter password every time you grab your phone. you must have paranoid girlfriend
Click to expand...
Click to collapse
It wasn't such a password. The password was random like in my post. Whether with special characters or not, I do not know. I will ask her again. This was also not her main phone, but should only serve as a second phone to not be tracked so strongly as with stock Android or IOS.
In the meantime, she has a Google Pixel 7 Pro with GrapheneOS. She is not paranoid. She and I are increasingly concerned about our privacy and don't want to be permanently tracked by Google or anyone else.

don't ask her. if you don't believe in bruteforce you should let show you the magic from her mother's friend. maybe he's working for qualcomm or chinas government

aIecxs said:
don't ask her. if you don't believe in bruteforce you should let show you the magic from her mother's friend. maybe he's working for qualcomm or chinas government
Click to expand...
Click to collapse
So the only way that comes to your mind is that he did it via Bruteforce? Do I understand you correctly? and you don't believe that the password was that strong and since I wrote again that it was a relatively strong password you believe that he had the available power to do it?
He doesn't even work in IT, just in a supermarket