[Resolved] Tested Android Device Manager Lock -> PIN not accepted on device - General Questions and Answers

Preface: I have rooted my device before (TWRP, Magisk).
Because I go on vacation, I wanted to try out the Android Device Manager for locating, locking and purging my Android smartphone..
I registered Android Device Manager app with device administrators.
I went to the Google Device Manager website (https://www.google.com/android/find), have chosen my smartphone and hit lock. The website asked me about PIN, info text and telephone number to display. I pasted (not typed!) "1234" in all of the three fields. The PIN box was masked but was showing 4 asterisks for 4 characters ("1234"). I hit lock and the issue begun.
After 1-3 seconds my smartphone locked up (yay) and showing info text + telephone number (both "1234" as pasted) and I tapped the PIN field to enter the PIN. I entered "1234" and the smartphone just vibrates and the PIN field was emptied.
I tried "1234" several times until the dialog shows "only 2 more tries" (or similar).
I shutdown the smartphone and created a full backup with TWRP and copied the backup and data files to an external USB stick.
Question: Can I remove/reset/change the Google Device Manager PIN? Either with ADB/Root/TWRP/whatever? I tried the website but while in the locked state it only shows the fields for info text and telephone number.
Device Info:
OnePlus 3T (OxygenOS 4.1.6)

Somehow I found a "solution" which make me thing this is completely useless.
After performing the backup with TWRP I restarted the device into normal mode.
I was asked about the device password (not Device Manager PIN). I saw the "locked by Device Manager" in the background. I have entered my device password (not the Device Manager PIN) and everything was unlocked!
Why on earth is there a Device Manager PIN when "the system" is using the device password anyway?

burnersk said:
Somehow I found a "solution" which make me thing this is completely useless.
After performing the backup with TWRP I restarted the device into normal mode.
I was asked about the device password (not Device Manager PIN). I saw the "locked by Device Manager" in the background. I have entered my device password (not the Device Manager PIN) and everything was unlocked!
Why on earth is there a Device Manager PIN when "the system" is using the device password anyway?
Click to expand...
Click to collapse
Hello
Because the one who stole it maybe able to decrypt your device ?
++ you could have deleted pin files from twrp

Related

SnooperStopper - Android device ecryption password manager and failed unlock monitor

SnooperStopper
Android device ecryption password manager and failed unlock attempts monitor
SnooperStopper allows you to have different device encryption password than
screen unlock pattern/PIN/password. You can have strong device encryption
password (which you only need to enter once after booting your device) but
simple pattern/PIN/password for unlocking your screen.
If attacker tries to guess your simple pattern/PIN/password, he has only
few tries (default is 3) after which the device is rebooted and he needs
to enter your strong device encryption password again.
Where to get it:
Google Play
Eutopia.cz F-Droid Repository
Project on GitHub
Why is it needed:
Android always sets device encryption password same as screen unlock pattern/PIN/password.
This is very unfortunate, because you should have encryption password as strong
as possible, but nobody wants to enter long password all the time just to unlock screen.
There is Android issue #29468
requesting different passwords for encryption and screen lock, but it seems to be
ignored by Google (it is there from 2012 and recently marked Obsolete by Google).
How to use it:
After installation, start SnooperStopper and grant it superuser permissions. Then
enable device admin in app, which allows SnooperStopper to monitor failed screen
unlock attempts and reboot device if maximum number is exceeded.
Whenever you change your screen unlock pattern/PIN/password, Android also changes
your device encryption password, so you have to set your strong encryption
password again. SnooperStopper automatically opens window where you can change it
right after you change your screen unlock pattern/PIN/password, so you should never
forget about it.
Requirements:
Android >= 4.0.3
enabled device encryption (Settings => Security => Encrypt phone )
root (Android doesn't allow apps to change device encryption password or reboot your device without root access)
Credits:
Whole device encryption password changing code is taken from Nikolay Elenkov's
Cryptfs Password Manager.
XDA:DevDB Information
SnooperStopper, App for all devices (see above for details)
Contributors
Mikos, Nikolay Elenkov
Source Code: https://github.com/xmikos/SnooperStopper
Version Information
Status: Stable
Current Stable Version: 1.3
Stable Release Date: 2016-03-21
Created 2015-07-13
Last Updated 2016-03-21
Hello,
Thanks for your great tool, this really fills the gap between a safe encrypted and a everyday easy to use device.
Unfortunately I can't change the encryption password on my maguro galaxy nexus device.
When I try to change my encryption password I get the message cannot get super access
For a short time the root access symbol lights up and disappears.
Snooper Stopper is listed in the device admin list. My nexus (which runs on slim rom lollipop ) asked me whether I would like to give root access to snooper stopper and I agreed.
I'd really like to help to fix this bug so I can use your tool.
Many greetings
Michael
P.S. Already opened a issue at github before I found this thread on xda
mischasworld said:
Unfortunately I can't change the encryption password on my maguro galaxy nexus device.
When I try to change my encryption password I get the message cannot get super access
For a short time the root access symbol lights up and disappears.
Snooper Stopper is listed in the device admin list. My nexus (which runs on slim rom lollipop ) asked me whether I would like to give root access to snooper stopper and I agreed.
Click to expand...
Click to collapse
Like I said on GitHub (writing it also here for reference):
It is problem with SELinux policy. if you have Android >= 5.0, you also need sepolicy-inject utility (you can find it here: setools-android with sepolicy-inject) or supolicy (part of SuperSU - but SuperSU is not opensource, so I highly discourage it).
New version 1.3 is compatible with Android 6 and CyanogenMod 13. Also starting from version 1.1 sepolicy-inject tool is included into SnooperStopper, so you don't need to install any external utility.

Encryption not asking for unlock on boot?

Hey guys,
A few days ago I encrypted my device running the latest Exodus 5.1 with standard kernel. The first few boot ups I had to draw a pattern for boot (in TWRP as well). Now, after a week or so, it doesn't ask me for my pattern anymore. Not on normal system boot, neither in TWRP. But in settings it still tells me encryption is enabled.
Wth? What am I doing wrong?
Cheers
Settings -> lockscreen -> screen lock -> tap on pin / password / pattern (whatever you have set up) -> next screen you can choose if pin/password/pattern should be prompted for at device boot.
Oh, I see. Stupid me. Actually it's good that this is disabled because TWRP unfortunately does not support my 4x4 pattern (any workarounds got this btw?).
But with this option disabled, is the encryption still useful? Probably not right? So if someone steals my shutdown device he can simply access data through TWRP or booting it up, right? Encryption would be useless in this case?
Twrp does support pattern unlock for decrypt since version 2.8.6.0. If your pattern is to swipe the first row from left to right, this would be password "1 2 3" (just like you are swiping over a dialpad).
If you want to secure your data, then you must use a pin/password/pattern lock. If you don't use it, there is no real benefit using encryption.
Yes, TWRP supports 3x3 patterns, but not my 4x4 pattern. So is there any possibility unlocking your pattern via code then? Would it be like this then:
1 2 3 4
5 6 7 8
9 10 11 12
13 14 15 16
And where do I type the code then?
I use a 4x4 pattern lock. I just don't use the option that it has to be entered before boot (after unlocking the SIM card you have to unlock via pattern).
Sorry I misread. Twrp still can only decrypt 3x3 patterns. If your pin/password/pattern is not prompted for at device boot, someone could still access your data through twrp (and e.g. copy it to usb-otg).
Okay thanks. Then I'll hope TWRP is going to be able to decrypt 4x4 soon, so I can enable the boot decrypt. I don't want to go back to 3x3 neither get locked out of my system if I need TWRP to restore, update or whatever.

Samsung Flow: Failed Registering Fingerprint ROOTED

Hi all!
I am trying to get Samsung Flow to work with my Windows 10 Pro laptop but I keep on getting stuck at the Failed to register fingerprints part and I can't seem to get passed that screen no matter what (registered) fingers I use.
Could it be because I'm Rooted and using a custom ROM + kernel?
Thank you!
I am having the same issue on rooted a5 2017
Pls help!
xxxrichievxxx said:
Hi all!
I am trying to get Samsung Flow to work with my Windows 10 Pro laptop but I keep on getting stuck at the Failed to register fingerprints part and I can't seem to get passed that screen no matter what (registered) fingers I use.
Could it be because I'm Rooted and using a custom ROM + kernel?
Thank you!
Click to expand...
Click to collapse
satnavpt said:
I am having the same issue on rooted a5 2017
Pls help!
Click to expand...
Click to collapse
Are you on the Creators Update? I believe I read you need to be on it for it to work or that might have been to sync between your phone and PC. Could be Know is tripped and it needs a secure login to work.
i'm on creators update (build 16237) and use a NON rooted s8+.
i get the same error, so there must be something else wrong!
A. For Windows Pro > enable secondary authentication
1. Select search box on the Windows task bar
2. Enter "gpedit.msc" and press enter key
3. Go to the "Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Secondary Authentication Factor -> Allow Companion device for secondary authentication"
4. Double-click the "Allow Companion device for secondary authentication"
5. Select "Enabled"
6..Select search box on the Windows task bar.
7. Enter “gpupdate /force” and press enter key
B.The phone return an authentication error code.(my phone was rooted and registered the fingerprint after reset to defaults)
qwess said:
A. For Windows Pro > enable secondary authentication
1. Select search box on the Windows task bar
2. Enter "gpedit.msc" and press enter key
3. Go to the "Local Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Microsoft Secondary Authentication Factor -> Allow Companion device for secondary authentication"
4. Double-click the "Allow Companion device for secondary authentication"
5. Select "Enabled"
B.The phone return an authentication error code.(my phone was rooted and registered the fingerprint after reset to defaults)
Click to expand...
Click to collapse
I'm having the same problem on my g935FD (Galaxy S7 Edge Duos, exynos) I walked through your steps to enable secondary authentication but still got the same error. I also have rooted and installed a custom rom. Do I need to restart my phone/computer?
I'm not sure what the second part of your message means. Do you have to reset your phone?
I tested with two phones(S6 Edge and Note 5), both with root, the registration issue on both, fingerprint scan fail in Windows side.
After I reset one to factory settings (only wipe cache partition does not work) with unroot complete (My Note 5), the registration of the fingerprint in PC worked very well.
Debug log can be sent to the developer:
[How to collect Samsung Flow logs]
1. Download "SamsungFlowLogCollector" , unzip
2. Launch "SamsungFlowLogCollector.exe"
3. Check the "Turn on/off logging" check box.
4. When "The reboot is required to take effect." popup show, select the "Yes" button.
5. Restart your device.
6. Reproduce the problem steps. Launch Samsung Flow. Try to register device.
7. Launch "SamsungFlowLogCollector.exe" again.
8. Select the "Collect Logs" button.
9. Uncheck the "Turn on/off logging" check box.
10. Share the created file(.sfel) to developer..
I'm on a galaxy s6 (7.0) rooted with magisk. I also get the same error .I tried to use magisk hide but this does not seem to matter.
register fingerprint fails with rooted phones!
For rooted devices the only way to register is:
1.Delete fingerprints saved on mobile device.
FLOW apps > Try to register device (without fingerprint)
2.After device has successfully registered with CDF (companion device framework), set it back a fingerprint to unlock phone.
Logging into windows is possible if the mobile device is unlocked- with fingerprint.
Tested with:
Windows : Samsung Flow app v.2.0.79.0, Driver v.2.0.1.6
Android: Samsung Flow v.2.0.41
sorry 4my bad english
---------- Post added at 11:22 PM ---------- Previous post was at 10:57 PM ----------
saluja04 said:
Do I need to restart my phone/computer?
Click to expand...
Click to collapse
No need for restart PC, just update group policy:
Select search box on the Windows task bar.
Enter “gpupdate /force” and press enter key
saluja04 said:
Do you have to reset your phone?
Click to expand...
Click to collapse
yes and unrooted.
qwess said:
register fingerprint fails with rooted phones!
For rooted devices the only way to register is:.....
Click to expand...
Click to collapse
thanks for sharing, i'm able to connect without fingerprints. added fingerprints back and so far, no issue.
just delete old pin code ,and re-create a pin
XDACXW said:
just delete old pin code ,and re-create a pin
Click to expand...
Click to collapse
Thanks alot man! I have struggled with this for a month or so! Such an easy thing. Thanks!!
i have a rooted Samsung galaxy s8+ and i get an error saying samsung flow doesnt work on rooted devices, Is there any way to bypass that?

Brute-forcing the unlock code with ADB

Hi everyone,
I've had the nasty surprise of my pattern not being recognized a few days ago. Might be a memory corruption (bit flip from cosmic rays ) or just a very rare bug. Either way, I've won the lottery, because this hasn't happened in 4 years ...
My aim is to unlock the phone without losing internal storage data.
Fortunately, the fingerprint unlock still worked for three days, so I've:
- enabled USB debugging and approved my PC
- backed-up to SD card with Samsung's Smart Switch and did a backup via USB with adb backup (not sure how safe that is)
Currently the fingerprint doesn't work anymore, it forces me to unlock with the pattern. Haven't restarted yet to see if my original pattern will be restored, out of fear that ADB won't work anymore or the backup I did wasn't good enough and I've lost my chance to do a good backup. I'm waiting for my brute-force to finish (more on that below) and some replies from you guys .
My phone is:
Galaxy S8 (Android 9 - firmware G950FXXS5DSJ1 build date Sep 30 2019)
not rooted
My main question is, does this command silently fail after a number of attempts?
adb.exe shell locksettings verify --old xxxxxxx
I've written a script that loads the pattern combinations from file (kudos to delight.im for sharing the list) and saves the command output to file. I've tested it on Android 10 (updated nov 2020) and it throttles after 4 requests - command output is "Request throttled". On my locked phone (Android 9) it appears to never throttle, the output is always "Old password 'xxxxxxx' didn't match".
Found this comment of alecxs on StackOverflow where he says:
there is a 30 seconds timeout after x attempts (timeout may increase) and twrp will silently fail during this waiting period (even with the right pin) - it can even wipe your data (depends on gatekeeper settings and device).
Click to expand...
Click to collapse
Does this apply also to the locksettings verify command?
Can I view the "gatekeeper" settings somewhere?
If you've got any other suggestion on how to unlock the phone or do a better backup before factory reset, please feel free to write!
Thanks a lot!

[GUIDE] Restore IMEI number after an NVRAM clear

This thread will go over restoring the IMEI number if you cleared the NVRAM (or fully formatted your phone). The official tool to use is the SN Writer tool from Mediatek but as the P60 processor is not compatible with that, I had to search for alternative ways.
First the legal blerb:
IT IS ILLEGAL TO FLASH A DIFFERENT IMEI NUMBER THAN THE ONE IT CAME WITH (AS FOUND ON THE SIM TRAY OR BOX).
I AM NOT RESPONSIBLE FOR ANY DAMAGE OR LEGAL AFFAIRS CAUSED BY USING THIS GUIDE. IF YOU DO BLAME IT ON ME THEN I WILL LAUGH AT YOU!
Now the guide.
You will need:
- The phone
- A USB cable
- A Windows computer (I used Windows XP, I will get to that later.)
- The drivers linked below (no other drivers seem to work properly or at all.)
- MauiMETA (linked below.)
Part 1: driver installation
These are essential to get the phone to be recognized
- Remove the phone if it's plugged in.
- If using Windows Vista or newer, disable driver signature enforcing (look up online if you don't know how to). For Windows XP there is no such limitation, you can just click a "continue anyway" button.
- Download and extract the drivers (linked below).
- Run "Install Drivers.bat" and follow instructions.
- Reboot the computer to be sure.
Part 2: installing MauiMETA
You will need this tool to start the phone to META mode and write the IMEI numbers.
- Download the setup program.
- Install the software by following on-screen instructions.
Part 3: getting the phone to go into meta mode
- Turn off the phone completely.
- REMOVE THE SIM CARD JUST IN CASE!
- Open the MauiMETA program on your computer.
- Check if the device select is set to "Smartphone" and if the drop-down in the top left is set to "IMEI Download"
- Click "reconnect" and plug in the phone.
- Wait until the phone displays "=> Meta mode" and the application either says "connected" or displays an error box.
Don't be scared of the error box. Just close it. Another may pop up, close that too. If the MauiMETA program displays a few boxes that say something with 6771, it's been detected and the IMEI Download tool is about to open.
Part 4: downloading an IMEI number to the phone
I would again like to warn you that flashing the non-original IMEI is illegal!
If the tool asks if it should find the database itself, click yes. There is no database you can load yourself, so the built-in one will work fine.
- Find your IMEI number(s). They should start with "35".
- Put in the IMEI number to the tool. The middle box is where you start typing. The very last number will need to go in the small box to the right. If you have a dual SIM model, there will be a submenu called "SIM_2" which you can find at the top of the tool.
- Click the "Download to phone" button and it should flash the IMEI numbers.
- When everything is done, hold the power button of the phone for about 10 seconds until it boots into the OS.
If everything went right, you should have a working phone now. I still need to figure out how to restore WiFi and BlueTooth MAC addresses, but the random ones the OS give you should do fine. Also ignore the NVRAM Error 0x10 wifi network, it indicates both are gone. Also some UI bits and pieces might be wrong on the latest Android because for example the notch values were loaded into device-specific partitions.
My device is oneplus nord 2 . When i am using the maui meta software , my phone is always connected on COM6 port and in the maui meta software i can only see COM1 , USB COM and DIAG COM . When i connect the phone the COM6 is displayed and after that when i click on reconnect the maui meta software says please connect cable to target and power on when the phone is already in meta mode. Can you please help me with that ?
BennoMP said:
This thread will go over restoring the IMEI number if you cleared the NVRAM (or fully formatted your phone). The official tool to use is the SN Writer tool from Mediatek but as the P60 processor is not compatible with that, I had to search for alternative ways.
First the legal blerb:
IT IS ILLEGAL TO FLASH A DIFFERENT IMEI NUMBER THAN THE ONE IT CAME WITH (AS FOUND ON THE SIM TRAY OR BOX).
I AM NOT RESPONSIBLE FOR ANY DAMAGE OR LEGAL AFFAIRS CAUSED BY USING THIS GUIDE. IF YOU DO BLAME IT ON ME THEN I WILL LAUGH AT YOU!
Now the guide.
You will need:
- The phone
- A USB cable
- A Windows computer (I used Windows XP, I will get to that later.)
- The drivers linked below (no other drivers seem to work properly or at all.)
- MauiMETA (linked below.)
Part 1: driver installation
These are essential to get the phone to be recognized
- Remove the phone if it's plugged in.
- If using Windows Vista or newer, disable driver signature enforcing (look up online if you don't know how to). For Windows XP there is no such limitation, you can just click a "continue anyway" button.
- Download and extract the drivers (linked below).
- Run "Install Drivers.bat" and follow instructions.
- Reboot the computer to be sure.
Part 2: installing MauiMETA
You will need this tool to start the phone to META mode and write the IMEI numbers.
- Download the setup program.
- Install the software by following on-screen instructions.
Part 3: getting the phone to go into meta mode
- Turn off the phone completely.
- REMOVE THE SIM CARD JUST IN CASE!
- Open the MauiMETA program on your computer.
- Check if the device select is set to "Smartphone" and if the drop-down in the top left is set to "IMEI Download"
- Click "reconnect" and plug in the phone.
- Wait until the phone displays "=> Meta mode" and the application either says "connected" or displays an error box.
Don't be scared of the error box. Just close it. Another may pop up, close that too. If the MauiMETA program displays a few boxes that say something with 6771, it's been detected and the IMEI Download tool is about to open.
Part 4: downloading an IMEI number to the phone
I would again like to warn you that flashing the non-original IMEI is illegal!
If the tool asks if it should find the database itself, click yes. There is no database you can load yourself, so the built-in one will work fine.
- Find your IMEI number(s). They should start with "35".
- Put in the IMEI number to the tool. The middle box is where you start typing. The very last number will need to go in the small box to the right. If you have a dual SIM model, there will be a submenu called "SIM_2" which you can find at the top of the tool.
- Click the "Download to phone" button and it should flash the IMEI numbers.
- When everything is done, hold the power button of the phone for about 10 seconds until it boots into the OS.
If everything went right, you should have a working phone now. I still need to figure out how to restore WiFi and BlueTooth MAC addresses, but the random ones the OS give you should do fine. Also ignore the NVRAM Error 0x10 wifi network, it indicates both are gone. Also some UI bits and pieces might be wrong on the latest Android because for example the notch values were loaded into device-specific partitions.
Click to expand...
Click to collapse
My device is oneplus nord 2 . When i am using the maui meta software , my phone is always connected on COM6 port and in the maui meta software i can only see COM1 , USB COM and DIAG COM . When i connect the phone the COM6 is displayed and after that when i click on reconnect the maui meta software says please connect cable to target and power on when the phone is already in meta mode. Can you please help me with that ?

Categories

Resources