Hi,
after reading some information about the FRP, a perhaps possible way to bypass it on Samsung devices came into my mind:
After all, the only thing one has to do is somehow managing to open the settings app. From there, one can do a factory reset which will erase the FRP partition. There are already lots of ways to do so, mostly by exploiting "holes" in the UI.
And of course, the FRP is never really secure; as it relies on the inaccessibility of the phone's internal storage. So if one is able to write the flash by some means (for example JTAG), getting rid of the FRP is pretty much straightforward.
This to be said, just to assure you that I don't plan anything malicious. I'm just curious about Samsung's and Android's security measures, and I don't own any recent Samsung device (with FRP) to try it myself.
But now my thoughts: If FRP is active, from what I read one could not boot unsigned binaries flashed by Odin. But Odin seems to flash these images; it appears that it just blocks the boot.
The next point that flashing+booting modified firmware without triggering the Knox flag is possible. From what I read, the kernel and recovery must stay stock. Apps can change. So I assume that it behaves similar with FRP.
This brought me to an idea: Maybe one could modify a stock image so that one could get to a settings screen, flash it via Odin, boot it, open settings, do the factory reset, and do whatever you want form there.
As a modification, I would suggest just deleting the Gapps from the image; then the phone will never ask for a google account. Or put in one of the apps commonly used to bypass FRP by USB OTG.
The key question is: Will the device boot the modified image, or will one get the "Custom binary blocked by FRP" error?
Related
I'll start by discussing why the phone became unusable, move to what I've tried to fix it, and then move into questions about solutions.
Root Process:
I began by rooting my Galaxy s7 SM-G930V Snapdragon (Chainfire method). Installed the fixed and debloater with no problems. (secureboot was not enabled at this point). KNOX did not trip.
Magisk:
After rooting process. Enabled password protection, which automatically started secureboot. Installed Magisk and allowed root privileges; required reboot. Which is where the problem begins.
KNOX:
Obviously, with root privilege system changes and secureboot enabled, KNOX froze startup processes. I was lazy, and didn't want to lose the work put in to gain SuperSU, and tried to use some exploits to bypass FRP lockout. One of these attempts triggered a factory reset, which I did not want (Like I said.. I was being lazy, and didn't want to have to redo all the settings and logins I'd just redone after root). I forced the phone to shut down, and broke the system. lol..
Attempts to repair:
- After about 4 hours of exploring exploits, I finally gave in, and attempted factory reset. Phone wiped data, but the recovery data seems to be corrupted, cannot be fixed by factory reset, or erased entirely, because the process continued no further than the wipe.
- Tried Samsung SmartSwitch (Replacement for Kies), but device was not recognized, and would not accept IMEI (Serial), nor would it allow any emergency recovery without these.
- Acquired stock firmware, and attempted flash with Odin. (BL, AP, CP, CSC) and received message "FAIL! (Auth)" (PC side), and "SW REV CHECK FAIL: [aboot]Fused 4 > Binary 1 [1]eMMC write fail: aboot" (Device side). Which I assume means that secureboot is blocking flashing from ODIN..
- Attempted to flash firmware from SD - Secureboot will not allow updating from SD or from ADB.
Repair (possible?): So, my question is this: Has anyone experienced this, or is there any kind of advanced solution to this? I am of low to mid-level computer programming expertise. I do not understand the theory behind what I was doing, just the process itself. Is there any way to reset the device to stock functionality, and if so.. How?
Hello! Does
Odin Fails with eMMC write fail error.
Hello everyone. I just purchased a Sprint Note 4 (SM-n910P) that has Android 5.1.1 currently installed. While I know there is no current chainfire autoroot for this version of android, I was planning on downloading to 5.0.1 using the ROM file...
forum.xda-developers.com
help you?
[Solved] Accidentally disabled OEM, "Custom binary blocked by FRP lock" on boot
Hi, so I was setting up a new game that refused to startup. A little bit of research and I found I needed to disable developer options to start it because of some protections it had. I did that and after it still didn't work I decided to restart my phone. Being an idiot, I completely forgot that I need developer options, specifically OEM Unlock enabled, for my phone to startup. I've looked up the issue a bit and it seems like I need to reinstall the stock ROM to fix this, but I'm not sure. So as for my main question, Is there a way for me to fix this, ideally without loosing data, root, xposed framework, Twrp recovery, all that? Also what will I lose/have to redo if that is not possible? I'm at class right now so I won't be able to try anything for a couple hours but I will as soon as I can.
Odin mode information as I can still boot into that (can't boot into Twrp it seems like)
Product name: SM-G920P
Current Binary: Custom
Current Status: Custom
FRP Lock: On
EDIT: Alright so I did more research once I got home and solved the issue using this thread. I literally just did this soo I havn't played around with it much but the important things are that I was able too keep all of my data, including app data. The only thing I know I lost was root (not sure about xposed or TWRP yet), but that's a small price to pay for getting this issue sorted.
Hey everyone,
I am new to the programming scene and this forum.
Anyways, I run a repair business in Ontario and have repairs come in daily. In particular today, I had a Samsung Galaxy S7 come in for repair and the issue the customer explained was they forgot their pin or pattern lock. I used to be able to use TWRP and go into the system and delete the gesture.keys without losing all data but I read up on the new technology now with Knox and bootloader and I was told flashing TWRP on the Galaxy s7 without bootloader unlocked will cause bootloop. All I need is to get into TWRP to delete those keys because customer CANNOT lose any DATA (very important). Is there anyway to get TWRP on the Canadian variant without wiping or causing a boot loop. I don’t need root. Just need access to the system files from recovery to delete that key file. Unless someone else can chime in and offer another solution, but please HELP!
ghostnetworksolutions said:
Hey everyone,
I am new to the programming scene and this forum.
Anyways, I run a repair business in Ontario and have repairs come in daily. In particular today, I had a Samsung Galaxy S7 come in for repair and the issue the customer explained was they forgot their pin or pattern lock. I used to be able to use TWRP and go into the system and delete the gesture.keys without losing all data but I read up on the new technology now with Knox and bootloader and I was told flashing TWRP on the Galaxy s7 without bootloader unlocked will cause bootloop. All I need is to get into TWRP to delete those keys because customer CANNOT lose any DATA (very important). Is there anyway to get TWRP on the Canadian variant without wiping or causing a boot loop. I don’t need root. Just need access to the system files from recovery to delete that key file. Unless someone else can chime in and offer another solution, but please HELP!
Click to expand...
Click to collapse
If the bootloader on that device is locked, you won't ever be able to use TWRP at all, not ever, not by any means.
If you know exactly what firmware build number thay had installed before this happened, you can try flashing that exact version of stock firnware via Odin. As long as the firmware that you flash does not contain a different(upgraded/downgraded) bootloader, it "shouldn't" wipe their personal data but it does wipe the user settings(pin/pass in this case). When flashing via Odin, the user data does not get wiped unless the bootloader on the device is upgraded or downgraded during the flashing process. Their data should stay intact if you use the firmware version that is already on the device.
If the bootloader is locked, then regardless of what you do, flashing the firmware is the only way you're going to fix this, whether it wipes their data or not. Flashing the current firmware that is already on the device is really your only option.
Sent from my LGL84VL using Tapatalk
TWRP
I’ve managed to reset the password because cudtomerbhad her Samsung account linked to the phone. Logging into Samsung online gives you the option to remotely unlock the pattern. She now has all her data and password is gone. Thanks for the quick reply regardless
ghostnetworksolutions said:
I’ve managed to reset the password because cudtomerbhad her Samsung account linked to the phone. Logging into Samsung online gives you the option to remotely unlock the pattern. She now has all her data and password is gone. Thanks for the quick reply regardless
Click to expand...
Click to collapse
Ah yeah, I forgot about that option because I don't use the Samsung account feature on my phones. Plus, I was looking from a perspective of what could be flashed or not without causing data loss.
Sent from my LGL84VL using Tapatalk
Hi All
I have an S7 Exynos with latest Magisk installed and everything has been working flawlessly till I decided this early morning, for not any particular reason(except my increasing amount of grey hair ), to lock the "developer options". I think I have done the same maybe a couple of years ago though cannot remember how I had solved it.
Obviously my phone was instantly locked.
Would someone be able to link a good working solution with being able to keep data and apps? I am a bit desperate as my work is starting again tomorrow.
Thanks a lot.
look at frp bypass
Costum binary blocked by FRP lock is a protection, whene you do a factory reset from recovery. the only way you get this message is with odin.
this one works for me on s7, s7 edge and s6 tab
Thanks @Dagobert
I will have a look at it now and see if it is not too scary. See my S7 FRP
kiwigi said:
deleted as repeated post
Click to expand...
Click to collapse
Do you have acces to the phone?
kiwigi said:
deleted as repeated post
Click to expand...
Click to collapse
If you have acces to the phone then backup your data do a factory reset. Then you can flash whatever you want. Frp lock is a google protection with a google account. Whene you do a factory reset from settings you wipe the frp.
What is Google FRP?
FAQ for Samsung Mobile Device. Find more about 'What is Google FRP?' with Samsung Support.
www.samsung.com
I have access to the phone via PC/Odin only. No booting as per image above. I wand to keep Data and Apps
I assume I have to flash stock with home csc to be able to enter the phone again? Then root again, if I so wish?
Yup. Maybee a long shot but try Flashing your former firmware with Odin, using HOME_CSC. I think thats the solution
More info on that in this topic
Help! How to flash without losing data?
Good day! My phone got stuck on breathing Samsung logo after my phone updates. Now the only option I have in mind is to restore factory data. But I have some important files in my phone that is very essential in my work. I know I have read that...
forum.xda-developers.com
hmm., done the flashing with the files plus home csc and it asks for password, which I have entered without success. I know the password and it justs does not accept it.
See the factory reset warning and the FRP lock still being on now.
I'm desperately trying to avoid wipping data and apps.
edit: unfortunately I had to format/reinstall as I could not find a workable option.
Hey,
I have a bunch of devices that are enrolled with an MDM. They don't have a standard Google account activated since these are meant to be company owned, which means no FRP activated through Google.
The issue at hand is that if I factory reset through the recovery mode and then start the phone there is nothing blocking the device from being used as a normal device. This is not good enough because and I need some way to make the process harder to dissuade malicious intent.
One way to do this is with a Custom ROM. https://www.hexnode.com/mobile-devi...id-devices-in-hexnode-mdm-by-configuring-rom/ https://www.hexnode.com/blogs/the-big-hows-of-managing-custom-android-os-in-the-workplace/
So that leaves me with a question if it's possible to take the stock ROM and just add the MDM APK with the configuration. As I understand, this would always then boot into the MDM configuration, leaving any other option of the table. (As long as the device is not flashed with stock ROM again.)
Another option, which I can't see if possible is if the whole Recovery Mode menu can be disabled/locked with a passcode, making it not possible to do a wipe through this way.
Appreciate all the help I can get with this as I'm new to this scene!
the mdm devices are running bythe admin mdm policies, the admin must enable or disable features from the phone or add more security steps
tutibreaker said:
the mdm devices are running bythe admin mdm policies, the admin must enable or disable features from the phone or add more security steps
Click to expand...
Click to collapse
I've tested this with Scalefusion, Hexnode and had a chat with SOTI.
All of them say that it's not possible to lock or disable the access to the Recovery Menu that you can access by holding the Power button + Volume up and then Wiping the data and restarting the phone as a new device.
If there would be a way to disable this menu, then that would be great. But according to them they can't do that since it might brick the phone.
So now it's either solving a solution myself for this or trying Samsung Knox devices that offer more options regarding this problem.