Related
I have compiled this guide from the other one posted on this forum, the discussion therein, and my own knowledge. If you have any suggestions on making it better or to correct any mistakes I may have made please let me know.
This guide is intended for Windows and includes detailed instructions. It will cover the steps necessary to root, flash the new recovery image, create a full backup. This will work with software versions 1.29.651.1 and 1.56.651.2 (aka Android 1.5). If you have updated to 2.1 please following this guide here. I am not responsible for any damage done to your phone using this guide. Root at your own risk.
I have put to together a video on YouTube for you to follow along as well. The version numbers of certain files are now outdated in the video so change file names as necessary.
If you own a non-Sprint Hero, you will need to do some extra steps. Follow the guide in the How to Root Non-Sprint CDMA Hero thread.
Step 1: Download the Android SDK from http://developer.android.com/sdk/index.html The Windows file is called android-sdk_r06-windows.zip. Extract the files to your C: drive so that you now have the folder C:\android-sdk-windows
Step 2: Download the asroot2 exploit file from http://forum.xda-developers.com/attachment.php?attachmentid=244212&d=1257621154 Extract asroot2.zip to C:\android-sdk-windows\tools folder.
Step 3: Download the Hero recovery image from http://forum.xda-developers.com/showpost.php?p=4898505&postcount=1g Place this file in C:\android-sdk-windows\tools as well.
Step 4: Make sure USB Debugging is off by going to Settings>Applications>Development. Now connect the phone to your PC via USB cable.
Step 5: Mount your sdcard; Browse to the HTC Sync folder and install HTC Sync on your pc. After it is done installing unmount the sdcard then enable your USB debugging.
Step 6: Open a command prompt by clicking the Start button and typing cmd into the search box and pressing enter or found under All Programs>Accessories.
Step 7: You will now enter a series of commands which I will place inside code boxes to indicate the entire command. You may copy and then paste them into the command prompt window by right clicking. Only enter one command at a time.
1:
Code:
cd C:\android-sdk-windows\tools
2:
Code:
adb devices
If you've been following this guide you will see your phone's serial number. If you get "device not found" error, you either need to make sure you the drivers were properly installed or make sure you enable USB debugging AFTER you connect the USB cable. Continue on once you get the proper phone serial output.
3:
Code:
adb push asroot2 /data/local/
4:
Code:
adb shell
5:
Code:
chmod 0755 /data/local/asroot2
6:
Code:
/data/local/asroot2 /system/bin/sh
You should see an output that says:
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pope_inode_info layout
Opening: /proc/857/fd/3
SUCCESS: Enjoy the shell.
#Now for a few last commands.
7:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
8:
Code:
cd /system/bin
9:
Code:
cat sh > su
10:
Code:
chmod 4755 su
You are now officially rooted. A few more steps and you will have flashed the recovery image.
11:
Code:
exit
12:
Code:
exit
13:
Code:
adb push recovery-RA-heroc-v1.6.2.img /sdcard
Pushing is equivalent of copy the file to the root of your sdcard. By the time you finished reading this it should be done. You'll know its done because the ouput will say something like transferred X bytes in X secs.
14:
Code:
adb shell reboot
This will cause the phone to restart automatically. Wait till it is fully booted to continue.
15:
Code:
adb shell
16:
Code:
su
17:
Code:
cd /sdcard/
18:
Code:
flash_image recovery recovery-RA-heroc-v1.6.2.img
FLASHING TO THE RECOVERY TAKES SEVERAL SECONDS-- BE PATIENT. ENTER THE NEXT COMMAND ONLY AFTER THE COMMAND PROMPT RETURNS TO THE # (ROOT SYMBOL).
19:
Code:
reboot recovery
Step 8: This is the last command; you may now close the cmd prompt. This will cause your phone to boot into recovery mode; it should take no longer than 30 secs. The third option on the list is "- Backup/Restore"; select it. Now, select the first option "- Nand backup". The phone will prompt you to press HOME to confirm which is want you want to do. The backup will begin. You will see the screen say, "Performing backup : .........." When done, the bottom of the screen will say "Backup complete!" and you will be given the menu options again. Go back to the main menu and select reboot system. Rebooting your phone after installing the new recovery image may take several minutes.
Step 9: Once your phone is fully booted, mount the sdcard. You will see a folder called "nandroid"; I highly recommend you copy this to your pc in case you lose your sdcard data or reformat it. Your phone is rooted, 100% backed up, and ready to install a custom rom if you wish!
wow dude,
instructions worked great on Win7
i was able to download the missing usb_drivers by running SDK Setup in C:\android-sdk-windows, and selecting the usb driver from the available packages. I was unable to download the index for the SDK Setup program until I enabled "force http://" in the settings menu.
had to copy over asroot again after i ran SDK Setup (that program deleted it from the directory)
your instructions worked like a charm. total time spent rooting this thing after finding your post: 18 minutes.
(you might want to add a line there in the "mount and copy over the zip file step" to backup the nandroid folder from your SDCard to your comp just as a backup of your stock phone image)
anyway.. cheers!
izanagi said:
wow dude,
i'm about to follow these instructions. thank's for the precise list!
(btw, about to try it on Win7.. may have to change some folder pathing but we'll see)
okay.. typo on the first command in parentheses, and I'm missing the usb_drivers folder (do you have it / can sent it to me) so am unable to install the device in win7.
Click to expand...
Click to collapse
Heh, thanks for the misspell heads up. I did my rooting from Win7 pc; it automatically installed correct drivers for me. To check go to the Control Panel>View devices and printers. You see one device named "Android Phone". Otherwise as far as Ive heard installing HTC Sync installs proper drivers.
izanagi said:
*** edit had to copy over asroot again after i ran SDK Setup (that program deleted it from the directory)
**** edit: all done.. your instructions worked like a charm. total time spent rooting this thing after finding your post: 18 minutes.
(you might want to add a line there in the "mount and copy over the zip file step" to backup the nandroid folder from your SDCard to your comp just as a backup of your stock phone image)
anyway.. cheers!
Click to expand...
Click to collapse
Thank you for taking the time help make my guide better. I'm very glad to know there are little to no hiccups.
When I do step 5, instead of:
5. "/data/local/asroot2 /system/bin/sh"
You should see an output that says:
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pope_inode_info layout
Opening: /proc/857/fd/3
SUCCESS: Enjoy the shell.
#
I get:
[1] Killed /data/local/asroot2 /system/bin/sh
Any suggestions? Should I just be quiet until there is an Eris specific way to do this?
When I do step 5, instead of:
5. "/data/local/asroot2 /system/bin/sh"
You should see an output that says:
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pope_inode_info layout
Opening: /proc/857/fd/3
SUCCESS: Enjoy the shell.
#
I get:
[1] Killed /data/local/asroot2 /system/bin/sh
Any suggestions? Should I just be quiet until there is an Eris specific way to do this?
detox702 said:
When I do step 5, instead of:
5. "/data/local/asroot2 /system/bin/sh"
You should see an output that says:
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pope_inode_info layout
Opening: /proc/857/fd/3
SUCCESS: Enjoy the shell.
#
I get:
[1] Killed /data/local/asroot2 /system/bin/sh
Any suggestions? Should I just be quiet until there is an Eris specific way to do this?
Click to expand...
Click to collapse
This guide is for the CDMA Hero not the Eris!
When I go to apply the rom I get an white screen with skateboarding androids on the bottom and the prompt to erase data yes/no. I press the home key and the Hero reboots without asking to "Apply sdcard:choose zip". This is done from the boot menu. Does the rom load automatically? Did I do something wrong? I got root with no problem. A tip; to make it easier and to avoid spelling mistakes copy and paste the rooting commands from the instructions. Made it go faster too. Thanks in advance.
Never mind. I held down Home and Power at
the same time instead of Home THEN power! ARRGH! Loading up now as I type. Sorry.
ELIMINATED said:
When I go to apply the rom I get an white screen with skateboarding androids on the bottom and the prompt to erase data yes/no.
I press the home key and the Hero reboots without asking to "Apply sdcard:choose zip".This is done from the boot menu.
Does the rom load automatically? Did I do something wrong? I got root with no problem.
A tip; to make it easier and to avoid spelling mistakes copy and paste the rooting commands from the instructions. Made it go faster too. Thanks in advance.
Click to expand...
Click to collapse
yuck... break up your sentences, that's alot of crap to throw on someone all at once... and the bold doesn't help it any.
check to see if you have the custom recovery installed....
-turn off phone
-hold vol down + power
-should search for some stuff then give three options
-press "home" to enter recovery image
do you see "!" and a phone.... does it just hang or do you see a green/yellow menu?
At the end of his post he says he figured it out. He wasn't holding down home key
None of this is working for me at all... I'm not sure what I'm doing wrong, but every time I enter ANY of the commands into the prompt all I get is "cannot find the path specified".
For reference, i have done everything in this guide to the letter, everything is downloaded, unzipped to the correct location, USB drivers installed, etc etc. Not sure what's wrong.
EDIT: I figured it out.. user error, awesome. Worked great, thanks for this!
awesomeindeed said:
None of this is working for me at all... I'm not sure what I'm doing wrong, but every time I enter ANY of the commands into the prompt all I get is "cannot find the path specified".
For reference, i have done everything in this guide to the letter, everything is downloaded, unzipped to the correct location, USB drivers installed, etc etc. Not sure what's wrong.
EDIT: I figured it out.. user error, awesome. Worked great, thanks for this!
Click to expand...
Click to collapse
"cd C:\android-sdk-windows\tools" is actually "cd C:\android-sdk_r3-windows\tools"
is that where you are stuck?
thank you TS. I've been lurking xda for a couple years now when i had the mogul and tp. First time on an android device. Thank you for your time in helping me.
someone buy this man a drink!!!
Invaluable piece of work right here, helped me get it done in no time at all....real clear concise and very helpful....REQUEST THIS BE A STICKY!!!!!
fenske09 said:
"cd C:\android-sdk-windows\tools" is actually "cd C:\android-sdk_r3-windows\tools"
is that where you are stuck?
Click to expand...
Click to collapse
That was the name of the zip file not the extracted folder.
Please help, I followed all of your instructions, I received no errors however I can't boot the recovery image. I checked and it is in the sd card, but every time it just hangs at the HTC logo
I downloaded a terminal emulator and typed su and it gave me # so I assuming I am rooted?!
newtodroid said:
Please help, I followed all of your instructions, I received no errors however I can't boot the recovery image. I checked and it is in the sd card, but every time it just hangs at the HTC logo
I downloaded a terminal emulator and typed su and it gave me # so I assuming I am rooted?!
Click to expand...
Click to collapse
Redownload the recovery image and reflash it. The one you're using probably became corrupt during DL or something.
theresthatguy said:
Redownload the recovery image and reflash it. The one you're using probably became corrupt during DL or something.
Click to expand...
Click to collapse
also make sure you have the heroc version there's a hero and heroC, i messed that up once and had similar results
new ROM
So i loaded the custom ROM, and i followed all the istructions as listed on this guide. When i rebooted my phone, a bunch of my apps started Force Closing on startup.
did i miss something, or do something wrong?
if i reinstall them on the new ROM will they work right?
thanks for any insight
kristaps said:
So i loaded the custom ROM, and i followed all the istructions as listed on this guide. When i rebooted my phone, a bunch of my apps started Force Closing on startup.
did i miss something, or do something wrong?
if i reinstall them on the new ROM will they work right?
thanks for any insight
Click to expand...
Click to collapse
you converted your sd card to fat32,ext2,swap and now the apps are looking for the program on your sd card,
turn off your phone
take out sd card
turn on phone
uninstall app
turn off phone
put in sd card
turn on phone
reinstall app
this should fix you
Dislcaimer: this is for educational purposes only,you shall not use this on other people phones without permission under any circumstances,and am not responsable to any misuse of this hack
Click to expand...
Click to collapse
ok so not long ago i had a problem with a locked android device with a pattern and i managed to unlock it using adb,so here's how in case you were stuck one day with a locked device.
the device needs to have usb debugging enabled in case usb debugging isn't enabled and you have cwm you can run the same instructions from cwm,root is not required (though it will be so better if the device was rooted)
this was tested on:gingerbread,ice cream sandwich and jelly bean.
both method are through adb.
method 1:
Code:
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit
-AND/OR-
method 2:
Code:
adb shell rm /data/system/gesture.key
and that's a video showing how method 2 is done (thanks to melvinchng) : http://www.youtube.com/watch?v=tVJ7T2oC_Zs&feature=player_embedded
you can try both of them,here is how i managed to remove the lock:
1- run the first method.
2-reboot
3-run the second method
4-reboot
NOTES:
-in the first method each line is a seperate command so click enter after typing each line.
-in the second method type all the command and then press enter.
-after running both methods and rebooting you may see the pattern lock,that doesn't necessarily mean it doesn't work,just try any random pattern and it may unlock then remove the pattern from settings.
-this may and may not work,it may work on some devices and don't on others,so all you can do is trying it but i can't assure it will work.
a small donation would be much appreciated thank (check my signature)
But What if i remember the password well enough, but didnt have data enabled the moment it got locked?
Explained elaborately here>>>http://forum.xda-developers.com/showthread.php?p=29963687
It will unlock either (Loook at the time of message above - I am time traveler )
i have better method than bot the above ones
look for smudges on the phone
Do the files need to be restored or are they just the user data for the pattern locks?
This is really great...
i wonder how do you discover this
you must be a hacker
Or you could boot into recovery backup data
wipe factory reset and reboot
Could try restoring data but most likely restore pattern lock
Or simply enter your gmail address as requested
2nd option...
if you have Custom recovery
use AROMA File Explorer and you can do the same thing through the recovery
or adb through the recovery
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Method #1 FAIL:
1|[email protected]:/data/data/com.android.providers.settings/databases $ ll
opendir failed, Permission denied
255|[email protected]:/data/data/com.android.providers.settings/databases $ sqlite3 settings.db
Error: unable to open database "settings.db": unable to open database file
Method #2 FAIL:
[email protected]:/data $ ll /data/system/gesture.key
-rw------- system system 20 2012-08-11 04:51 gesture.key
[email protected]:/data $ rm /data/system/gesture.key
rm failed for /data/system/gesture.key, Permission denied
(I use faceunlock + pattern (mostly to keep my kid outta my phone), but if I actually cared more about security I'd encrypt my phone and use a passphrase instead)
This is a useful guide, thanks, I will try it :good:
So I guess if Debugging wasn't previously enabled, you have no chance to unlock it...
I've noticed a locked Archos tablet in a shop (probably some stupid shopper locked it) and when I saw this thread announced on the first page I was thinking of helping the shop owner. But I guess I cannot.
Have a nice day!
I don't know whether this method can use on neither:
Rooted
Installed Busybox
Rom Version Older or Newer than CM7
This method require ADB Debugging On & A PC & A tool Provided
I found this trick a long time ago
I come for sharing
Click to expand...
Click to collapse
Download the By-pass security Hack.7z
http://www.mediafire.com/download.php?li2686c3jenmen6
Click to expand...
Click to collapse
Primary Step for all method:
Click to expand...
Click to collapse
Extract it to anywhere using 7-zip.
Open SQLite Database Browser 2.0.exe in SQLite Database Browser.
Run pull settings.db.cmd inside By-pass security Hacks folder to pull out the setting file out of your phone.
Drag settings.db and drop to SQLite Database Browser 2.0.exe program.
Navigate to Browse data tab, At table there, click to list down the selection & selete secure
Instruction To Remove Pattern Lock:
Click to expand...
Click to collapse
Now, find lock_pattern_autolock, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove PIN Lock:
Click to expand...
Click to collapse
Now, Find Or Create lockscreen.password_type, double-click & change it's value to 65536, Apply changes!
Now, find lock_pattern_autolock, Delete Record, If doesn't exist, Ignore
Close & save database
Run push settings.db.cmd and reboot your phone
Instruction To Remove Password Lock:
Click to expand...
Click to collapse
Now, find lockscreen.password_salt, Delete Record
Now, find lockscreen.password_type, Delete Record
Close & save database
Run push settings.db.cmd and reboot your phone
hmmm i hope those thief's don't find these thread lol
zmore said:
FWIW, on CM10 neither method works as non-root. Yay CyanogenMod.
Click to expand...
Click to collapse
Nor does either method work on unrooted Galaxy Nexus with stock Jelly Bean. Yay stock Android.
mixtapes08 said:
hmmm i hope those thief's don't find these thread lol
Click to expand...
Click to collapse
don't leave usb debugging checked on then.
I advise you guys to also post your Android version. My opinion is that the security hole that permits this hack has been removed in JellyBean, maybe even in an earlier version.
I will try it too a little later, just for the fun's sake.
aussiebum said:
don't leave usb debugging checked on then.
Click to expand...
Click to collapse
If you have forgotten to leave USB debugging enabled, reboot your phone into recovery and do the same. No USB debugging required.
You may however need to mount the partition being accessed by this method, and you can do that only if you have a custom recovery installed (which you more-than-likely have, since you're here on XDA). Just go to 'Mounts and Storage' and mount /data. Then use the method just the normal way. Cheers!
Useful guide for sure. Will keep this as reference!
Does this only work for the pattern unlock or will it also work on the password or the PIN unlock screen?
I can confirm that it is working on a CM7.2 Motorola Defy.
Thanks m.sabra!
I am not responsible for anything that may come of or from this information. Use at your own risk!
Step #1)
Create security lock through Settings (pattern, pin, password).
Step #2)
Add VPN connections
Step #3)
Plug the phone in and run these commands (requires adb to be setup properly and drivers). I am sure there is a way to do this directly on the phone but this is easier for me.
Commands to remove security:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=0 where name='lockscreen.password_type';
.exit
exit
Finished!
For me no reboot was required and you do not have to restore pattern in order to create more VPN connections.
Optional Step:
If you decide that you want to restore the security run the one that fits you.
Commands to restore pattern:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=65536 where name='lockscreen.password_type';
.exit
exit
Commands to restore pin:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=131072 where name='lockscreen.password_type';
.exit
exit
Commands to restore password:
Code:
adb shell
sqlite3 /data/system/locksettings.db
update locksettings set value=262144 where name='lockscreen.password_type';
.exit
exit
Great! Thank you!
really helpful, i've been fed up with stupid design.
Brilliant, does it also work for ICS?
I don't have an ICS device. If I can find someone that is willing to let me take a look at their ICS device I can see.
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
P30SiNa said:
When I restart my phone, it needs a password to access VPN menu. what should I do? I don't want to run these commands every time I restart my phone. any solutions?
Click to expand...
Click to collapse
Hmm did notice that before I will see whats up with that,
portnoy.vitaly said:
does it work with exchange password policy as well?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
I am not sure but I would imagine so. I would try with pattern lock and not PIN or Password.
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Just tried this. Added vpn, removed lock pattern. It went back to slide, worked fine.
Rebooted, not visiting VPN settings it's asking me to enter credential storage...any ideas how I can a) get past this without wiping my wifi/vpns, or b) remove this but keep my vpns and slide lock?
sorset said:
Says that "sqlite3: not found" ....
I justd used Forget password option and entered pin , then i didnt choose any options , and the pattern removed
Click to expand...
Click to collapse
Same here.
Works great, thanks for sharing :good:
spumanti said:
Same here.
Works great, thanks for sharing :good:
Click to expand...
Click to collapse
Works for me, too, until I reboot :/
Doesn't work. Apparently it's problem with sqlite.
soinfo_relocate(linker.cpp:1013): cannot locate symbol "sqlite3_enable_load_extension" referenced by "sqlite3"...CANNOT LINK EXECUTABLE
Any help please?
Use Script Manager to make this done on every boot.
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard
2. Use Script Manager to run it on boot and enable su (root).
3. Test it by running it from script manager and see if it runs correctly. You can try enabling PIN and it should be disabled after running this.
4. Final test: reboot your phone and see if PIN/password is disabled.
Keep in mind this gets executed after everything else, so if you try to wake your phone right away, you might still see the PIN prompt.
Another way without script manager:
1. Make this a batch file:
Code:
#!/system/bin/sh
echo "update locksettings set value=0 where name='lockscreen.password_type';" | sqlite3 /data/system/locksettings.db
and save it to your sdcard as 99pinremove
2. Run the following using adb:
Code:
adb shell
su
mount -o remount rw /system
cp /sdcard/99pinremove /etc/init.d/99pinremove
chmod 755 /etc/init.d/99pinremove
chown root:shell /etc/init.d/99pinremove
exit
exit
In 4.4 there is no such file
Code:
/data/system/locksettings.db
.. any ideas?
Hello, as the title states I have found a way to bypass the password with the pin, pattern, and password option on the lockscreen without doing a factory data reset. I have not tried face unlock, I will try it soon. I would first like to thank Kosborn for his p2p-adb which bothe helped and gave me the idea. His p2p-adb can be located here.
I will also be adding this feature to Kosborn's p2p-adb soon as well.
Now to get down to it.
What you will need:
Phone with eithier 'USB Debugging" enabled or a Custom Recovery
ADB
A file editor (I use Notepad++)
Basic adb skills
*If you already have "USB Debugging enabled please skip to Step 5*
Step 1)
If the phone does not have USB Debugging enabled you need to flash a custom recovery to the phone. I will not post a step to step guide to on how to flash a custom recovery, just google it.
Step 2)
When you have the custom recovery flashed to the phone boot into recovery mode and mount /system. In CWM it can be found under "Mounts and Storage"
Step 3)
When /system is mounted pull build.prop and open it with the file editor I mentioned above.
Code:
adb pull /system/build.prop
You will have to add one line into the build.prop file for adb to be enabled when you reboot the phone
Add the line below to the build.prop file.
Code:
persist.service.adb.enable=1
Save build.prop file.
Now we have to push the file back to the phone so
Code:
adb push build.prop /system/build.prop
adb shell chmod 0644 /system/build.prop
Step 4)
Reboot phone
Run command below and you should see you device attached, If not make sure you have the correct drivers installed.
Code:
adb devices
Step 5)
Using adb type the following commands
Code:
adb shell mv /data/system/gesture.key /data/system/gesture.key.bak
adb shell mv /data/system/password.key /data/system/password.key.bak
Step 6)
Reboot phone
You should now be able to unlock your phone without having any password. And more importantly with having all of your data on the phone still.
If you found this helpful please hit the thanks button.
RESERVED
So this will work on any device correct?
---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------
With either pin lock or pattern?
prairiedogn said:
So this will work on any device correct?
---------- Post added at 10:55 PM ---------- Previous post was at 10:55 PM ----------
With either pin lock or pattern?
Click to expand...
Click to collapse
In theory yes. I can't be for sure. It won't hurt it
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.
eduds said:
When I had to use I typed "adb shell rm /data/system/gesture.key", not "adb shell mv /data/system/gesture.key" and that worked well.
Click to expand...
Click to collapse
That will work as well the reason why I used adb shell mv /data/system/gesture.key is to keep the file there when i was testing just incase but it could be removed as well.
not trying to be too much of a smart-butt, but heres the full version to do it, what u did is the basic commands, but leaves an empty pin/pattern for ANY input will be correct, heres each command (new line=new command):
adb shell
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update secure set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
update secure set value=0 where name='lockscreen.lockedoutpermanently';
.quit
busybox rm /data/system/gesture.key
busybox rm /data/system/cm-gesture.key
busybox rm /data/system/password.key
busybox rm /data/system/cm-password.key
busybox rm /data/system/locksettings.db
busybox rm /data/system/locksettings.db-wal
busybox rm /data/system/locksettings.db-shm
reboot
some kernels+file-systems(or user actions) convert databases to "wal", or "shm" so they will have different names, as for some newer CM-based rom builds, the pattern, gesture unlock (if implemented), and sometimes pin get put into a different file "cm-***.key" but pin+password goes into "cm-password.key";
u need to only do first two commands(adb shell, and the cd), then skip to after the .quit if u ARE NOT locked out, if u are u need to do ALL these commands, and if it says "file/directory not found" or simmalier errors when doing the "gesture.key","cm-gesture.key","cm-password.key", the "locksettings.db-wal" +"locksettings.db-wal"; just ignore those errors as u dont have the configurations stored in there like some other custom roms do =)
i found and compiled this list from my app i made, if u heard about it "SMS Tasks", and this is acually the exact code (in adb shell form, not in java command line with added characters, voids, etc...) to unlock the phone remotely =), idk why people tell me not to share this code, as its good for users to have so they dont lose their data incase of forgotten passwords on devices stored in their dressers/storages for ages and got out for whatever reason (maybee a new rom-tree was born for it and u want to see it in action, idk =S) but use this if u want, if not u can ignore this post, just wanted to share this with u incase u want to add some to the OP as the commands u do some roms might not fully unlock (it will erase pass/pin, but some roms keep the config that its still set, but any pass (even one characters+a single_space, or one-three dot patterns), so if anyone got those errors, or want more understanding on what files are used, this is my most resent list of things to delete by what i see used on rom developer's github's anyways =S
but hope this helps any of u in any ways =)
much simpler way
download aroma file manager from
http://forum.xda-developers.com/showthread.php?t=1646108
flash aroma file manager in cwm with system mounted
browse to data/system
delete gestures.key
delete password.key
restart
of course you will need aroma file manager on the root of your sd card so download it and put it there now for safe keeping
you can always put it there via a card reader or pop your sd card into another phone if your phone is already locked
Using Aroma File Manager would be the easiest way!
Thanks for the share Marcussmith2626!
There is a way to do this without USB Debugging enabled nor Custom Recovery installed, as long as stock Android system recovery <3e> "backup user data" option is working:
- create a backup
- modify the backup file
- root the phone
- restore backup
root is not required for backup, but for restore. i prefer restore from custom recovery. but i have done this without flashing, too.
please see this link
Android system recovery <3e> alternative restoring program
i know this is an old thread, but im trying to bypass the screen where it says that youve tried your pattern too many times on a zte z932l (also known as the rapido) for a friends sister. She really just wants the pictures that are stored on the internal memory is all because they are of her kids. Any ideas on how to get this done? I would up on this thread because i was hoping that usb debugging had been enabled, but it hasnt
no "backup user data" option in Android system recovery <3e> i guess? if you can't create a backup then my friend, this is the hardest case for unlocking... if playstore is working and wifi enabled, you can unlock using Android Device Manager first. if this not help, check if fastboot is working. you can boot custom recovery with "fastboot boot recovery.img" if no fastboot mode available, find any way to make a backup of usrdata partition (maybe in download mode?) once you have a backup, its easy to modify and restore (as long as FRP lock is disabled)
with usb debugging enabler you can modify a rom and flash it via odin (without losing data???), and with Android Multi Tools you can unlock the screen. if this is possible for samsung devices, then there should be a way for other phones, too. another way is to enable adb via sideload, if someone will create such app.
and of course, if fastboot mode is available, the easiest way is booting a custom recovery without flashing it. then just delete /data/system/locksettings.db* files from adb or with aroma file manager (try calung version 1.80)
So I just spent a few hours digging into this and thought someone might need it sometime down the line.
My wife's job uses a Kindle Fire HD 10 and they have a parental lock on it. Today they needed to change a Wi-Fi setting and couldn't remember the lock password.
The following tutorial will use adb to temporarily root your Fire, update the database to corrupt the lock, and create a new Parental Lock.
What you'll need:
ADB
mtk-su (Download from the first post here, don't worry about using their tutorial since I'll reiterate it here)
1. After you download mtk-su, push it to your device
Code:
adb push path/to/mtk-su /data/local/tmp/
2. Open an adb shell and cd to the data/local/tmp folder
Code:
adb shell
cd /data/local/tmp
3. Write executable permissions to the script
Code:
chmod 755 mtk-su
4. With the screen on, run the script:
Code:
./mtk-su -v
5. You should now be at a root shell (you can tell by the # instead of the $ symbol). Read the mtk-su thread for debugging if you don't get a root shell.
6. Get to your databases folder:
Code:
# cd /data/data/com.android.providers.settings/databases
7. Send some commands to your settings.db to overwrite those parental password values:
Code:
sqlite3 settings.db "insert into secure values(NULL,'parental_password_exist', '0');"
sqlite3 settings.db "insert into secure values(NULL,'parental_control', '0');"
sqlite3 settings.db "insert into secure values(NULL,'com.amazon.parentalcontrols.changed', '0');"
8. Delete the original password salt and key files via:
Code:
rm ./data/securedStorageLocation/com.amazon.parentalcontrols/files/*
9. Congrats, your parental controls are now corrupted! Your WiFi, among other things probably, will not work! Head over to your Settings and click on Parental Controls. Turn them on and create a new password. Now everything will work again.