Related
Hey folks!
So I got my happy shiny TF300T (red, snazzy-like) and dock from a recent Woot sale. Naturally I go to root it, and find all the guides/tools necessary to do so (not a pro, but not my first rodeo). After some frustration and failed efforts, I discover that my issue (unlocker not connecting) is not uncommon, so I go through the rigamarole of contacting Asus and have given my serial and wifi MAC to their support. I'm on JB 4.1.1, and was using Unlocker Tool v7.
There have been several oddities leading up to this, however. The s/n rubbed off of the sticker on the bottom just in the 15 minutes of handling it before I knew I'd need it. Never fear, right? I just check the Settings > About Phone > Status section. Looks legit, so I go to register it to my Asus account. No dice. Talking to a support rep, I'm informed my serial is 1 character short of what it might need to be. I dig up the box and find the s/n on that, however it does not match what is displaying on the device, and ADB reports it as being this 'short' serial. I'm presuming it got muxed up during the repair/refurb process (it's a refurb).
Loading into the bootloader, I see four icons, RCK (recovery I presume?), the Android logo (to boot into the regular OS), a USB icon (I'm guessing this has to do with Fastboot or something but am unsure), and the Wipe Data option. Is it possible this device is already unlocked, as I'm not sure it would have the USB icon if not (I've not had a lot of luck really looking around for info on the 'stock' bootloader just yet).
I guess my first question is, what are the details of these bootloader options, and what might be my steps for proceeding if there is in fact a critical mismatch of serials? I'll note the serial on the box is grossly different from the truncated serial on the device itself, though the one on the box registered to my account without issue.
My second question is, can I do anything about this mismatch of serials on my own, or am I doomed to have to try to RMA, foot those costs, and hope it ends up working out as I'm expecting?
Looking forward to your helpful replies!
EDIT: It is build 10.4.2.9-20120809
SwingBlade said:
Hey folks!
So I got my happy shiny TF300T (red, snazzy-like) and dock from a recent Woot sale. Naturally I go to root it, and find all the guides/tools necessary to do so (not a pro, but not my first rodeo). After some frustration and failed efforts, I discover that my issue (unlocker not connecting) is not uncommon, so I go through the rigamarole of contacting Asus and have given my serial and wifi MAC to their support. I'm on JB 4.1.1, and was using Unlocker Tool v7.
There have been several oddities leading up to this, however. The s/n rubbed off of the sticker on the bottom just in the 15 minutes of handling it before I knew I'd need it. Never fear, right? I just check the Settings > About Phone > Status section. Looks legit, so I go to register it to my Asus account. No dice. Talking to a support rep, I'm informed my serial is 1 character short of what it might need to be. I dig up the box and find the s/n on that, however it does not match what is displaying on the device, and ADB reports it as being this 'short' serial. I'm presuming it got muxed up during the repair/refurb process (it's a refurb).
Loading into the bootloader, I see four icons, RCK (recovery I presume?), the Android logo (to boot into the regular OS), a USB icon (I'm guessing this has to do with Fastboot or something but am unsure), and the Wipe Data option. Is it possible this device is already unlocked, as I'm not sure it would have the USB icon if not (I've not had a lot of luck really looking around for info on the 'stock' bootloader just yet).
I guess my first question is, what are the details of these bootloader options, and what might be my steps for proceeding if there is in fact a critical mismatch of serials? I'll note the serial on the box is grossly different from the truncated serial on the device itself, though the one on the box registered to my account without issue.
My second question is, can I do anything about this mismatch of serials on my own, or am I doomed to have to try to RMA, foot those costs, and hope it ends up working out as I'm expecting?
Looking forward to your helpful replies!
EDIT: It is build 10.4.2.9-20120809
Click to expand...
Click to collapse
The 4.1 bootloader which you have uses volume up on usb to allow fastboot access. You have the rest correct.
Look in the upper left of the screen while booting and if the tablet is unlocked you will see unlocked.
I suggest not using the wipe data on the bootloader menu instead you can use factory reset in settings (this is just for future info).
There is a US Asus rep who posted somewhere in the tf300 forum that he would take info from US users and try to get the serial number issues resolved.
I'll have a look around and report if I find the thread.
---------- Post added at 07:57 PM ---------- Previous post was at 07:45 PM ----------
The author of this post should be able to give you some advice.
http://forum.xda-developers.com/showpost.php?p=41796589&postcount=8
tobdaryl said:
The 4.1 bootloader which you have uses volume up on usb to allow fastboot access. You have the rest correct.
Look in the upper left of the screen while booting and if the tablet is unlocked you will see unlocked.
I suggest not using the wipe data on the bootloader menu instead you can use factory reset in settings (this is just for future info).
There is a US Asus rep who posted somewhere in the tf300 forum that he would take info from US users and try to get the serial number issues resolved.
I'll have a look around and report if I find the thread.
---------- Post added at 07:57 PM ---------- Previous post was at 07:45 PM ----------
The author of this post should be able to give you some advice.
http://forum.xda-developers.com/showpost.php?p=41796589&postcount=8
Click to expand...
Click to collapse
Much appreciated tobdaryl!
SwingBlade said:
Much appreciated tobdaryl!
Click to expand...
Click to collapse
Good Luck!
Hi
Hopefully my title/question isn't too cryptic.
I am a Note 4 user and have been flashing ROM's (thank you Dr.Ketan) and RECOVERY's for a few years now, but on a fairly basic level - so I'm no programmer.
However the issue I have today, that I cannot seem to resolve, is with my wife's Samsung J3 (J320FN) on 5.1.1 stock.
She's let our daughter play with it and our daughter has put a password on the lockscreen but can't remember what it was (or more likely won't tell us what it is).
My initial thought was to install TWRP then view data/system to delete the 3 lockscreen files. Voila! I've done this before on her previous J3 (that she destroyed when she dropped it down the toilet).
However on her new J3 I didn't have the foresight to enable USB debugging or OEM unlock so when I go to flash TWRP, it fails due to FRP.
I've researched on here / Youtube / other sites and can see various methods of getting around this (e.g. rootjunky's method) but they involve going into stock recovery and performing a factory reset / wipe.
But we don't want to wipe the data.
My wife hasn't backed up her phone via KIES and when I asked her for her password for her Samsung account or Google account to see if she had backups online, I got that blank look that a non-technical person gives you when you ask them for their password to help them out with something.
So ultimately we want to get past the lockscreen password to get into the phone, clear the lockscreen password, back up her data / images etc., and reset her Samsung account password (if she set one up) and the Google password.
Am I missing the obvious here? Can it be done? Can TWRP be installed in a manner that bypasses FRP?
Any thoughts would be most appreciated.
Thanks
Spanker333
Update: I tried flashing the stock ROM which "seemed" to work, but it didn't change anything. The phone still booted to the password screen.
http://www.rootjunky.com/universal-samsung-frp-bypass/
---------- Post added at 06:30 PM ---------- Previous post was at 06:29 PM ----------
Doesnt require a reset at least I don't think. I just did this on a s7 edge last week and can confirm it works. I used NFC android beam to beam the apk to the s7 edge that way it was in the internal storage of the s7
---------- Post added at 06:32 PM ---------- Previous post was at 06:30 PM ----------
If it's just a lock screen issue try wondershare dr fone android recovery. Theres an option to bypass lock screen
Thanks for the reply droseofc
I tried your link and used Realterm (as per rootjunky instructions) but because the phone was locked, the commands brought up a locked error.
I tried Android Beam to send a file and then I tried by bluetooth (the J3 has bluetooth switched on). But nothing. I think it is because it locked at the password stage that it won't allow anything to be received that way.
I do own a copy of Dr/Fone Wondershare and I did try that before, however there are only certain phones supported for some features and the J3 isn't one of them.
It's a tough nut to crack!
I shall keep trying.
Cheers!
If you could get into the samsung account online theres a feature on samsung find my phone to unlock the phone screen. Id try resetting samsung password, usually some type of verification is only needed and most of the time a reset link sent to the email on account. What about calling the phone to bypass the lock screen, or if you flash twrp and access the files through twrp to make a backup or hook to pc and drag and copy folders wanted kept. On some phones if the password is entered wrong a certain amount of times itll prompt for a backup pin which may b easier. Although on some phones factory reset automates after a certain amount of incorrect attempts too.
Spanker333 said:
Thanks for the reply droseofc
I tried your link and used Realterm (as per rootjunky instructions) but because the phone was locked, the commands brought up a locked error.
I tried Android Beam to send a file and then I tried by bluetooth (the J3 has bluetooth switched on). But nothing. I think it is because it locked at the password stage that it won't allow anything to be received that way.
I do own a copy of Dr/Fone Wondershare and I did try that before, however there are only certain phones supported for some features and the J3 isn't one of them.
It's a tough nut to crack!
I shall keep trying.
Cheers!
Click to expand...
Click to collapse
---------- Post added at 08:23 AM ---------- Previous post was at 08:20 AM ----------
Reread title and realize twrp is what ur trying to do. If usb debugging is enabled there are adb commands you can send to phone to access frp setting
---------- Post added at 08:26 AM ---------- Previous post was at 08:23 AM ----------
Lol and reread post, no usb debugging. You could try factory recovery and pull a backup using adb. Idk if usb debugging has to be enabled for factory recovery or not. If you reflashed a stock file it shouldve completely wiped internal storage. What is the lock screen exactly
Hi
I had tried adb to try and sideload a rootjunky apk but that didn't work (probably because I didn't really know what I was doing lol).
Yes, the TWRP wouldn't install because of the FRP.
We got the Google account password (reset it) and then went to Android Device Manager > Lock and set a new password.
Just when I did that there was a small blue message under the ADM that stated that the phone was now locked BUT since it already had a password on the lock screen the new one wouldn't be needed.
I thought that ADM would set a new password lock for the phone because that's what I had seen in some Youtube videos. But apparently it will set a new password for the lock screen if the previous lock method was code or pattern - but not if there was already a password.
I tried the "calling the phone > answering > backing out of the phone app" method, but that didn't work.
I tried entering the password multiple times to get the 30 second wait, hoping that after trying this many times I would get an option of "Forgot Password" and a reset link. But nope. Not having it.
I wish I had thought of trying to get into a Samsung account but the wife seemed adamant that she hadn't set one up to start with so that wasn't at the forefront of my mind.
So I went recovery > wipe / factory reset in the hope that I could use my Dr.Phone to recover deleted files. A bit of a long shot but worth a go as that programme has done wonders in the past.
However, due to FRP when I am at the setup screen I am asked to enter the email address associated with the Google Account that was on the phone before. To be expected of course. However entering the Google account login details isn't working now so I've just been to my local Maplins (like Radio Shack I guess) and bought an OTG adaptor.
I'm now going to try and follow another one of rootjunky's videos to bypass the FRP (I tried the most recent one where he used another phones wifi to tether to but it wouldn't work).
I've not heard of the adb. Idk command you mention but I'll do a search on it to see how it is used.
What a ton of messing to get to this stage. But I like doing this stuff anyway so the challenges are welcome.
Once the OTG method works I need to root the phone to get Dr.Fone to work as from previous experience with the old J3, it needs root to work.
Having fun!
Cheers
(PS. "What is the lock screen exactly" - the screen that comes up after boot and prompts you for a password / pattern / code to get to the home screen. Not sure if that is what you meant in your question though).
Idk if u tried this method but i did successfully after a reset done the way you did and to bypass the same dilemma you describe. http://www.bane-tech.com/samsung-frp-bypass-universal-method/ the trickiest part is probably catching the phone in time after the call screen pops up after entering commands in realterm. I suggest watching the video and pausing as you go to make sure each step is done.
Spanker333 said:
Hi
I had tried adb to try and sideload a rootjunky apk but that didn't work (probably because I didn't really know what I was doing lol).
Yes, the TWRP wouldn't install because of the FRP.
We got the Google account password (reset it) and then went to Android Device Manager > Lock and set a new password.
Just when I did that there was a small blue message under the ADM that stated that the phone was now locked BUT since it already had a password on the lock screen the new one wouldn't be needed.
I thought that ADM would set a new password lock for the phone because that's what I had seen in some Youtube videos. But apparently it will set a new password for the lock screen if the previous lock method was code or pattern - but not if there was already a password.
I tried the "calling the phone > answering > backing out of the phone app" method, but that didn't work.
I tried entering the password multiple times to get the 30 second wait, hoping that after trying this many times I would get an option of "Forgot Password" and a reset link. But nope. Not having it.
I wish I had thought of trying to get into a Samsung account but the wife seemed adamant that she hadn't set one up to start with so that wasn't at the forefront of my mind.
So I went recovery > wipe / factory reset in the hope that I could use my Dr.Phone to recover deleted files. A bit of a long shot but worth a go as that programme has done wonders in the past.
However, due to FRP when I am at the setup screen I am asked to enter the email address associated with the Google Account that was on the phone before. To be expected of course. However entering the Google account login details isn't working now so I've just been to my local Maplins (like Radio Shack I guess) and bought an OTG adaptor.
I'm now going to try and follow another one of rootjunky's videos to bypass the FRP (I tried the most recent one where he used another phones wifi to tether to but it wouldn't work).
I've not heard of the adb. Idk command you mention but I'll do a search on it to see how it is used.
What a ton of messing to get to this stage. But I like doing this stuff anyway so the challenges are welcome.
Once the OTG method works I need to root the phone to get Dr.Fone to work as from previous experience with the old J3, it needs root to work.
Having fun!
Cheers
(PS. "What is the lock screen exactly" - the screen that comes up after boot and prompts you for a password / pattern / code to get to the home screen. Not sure if that is what you meant in your question though).
Click to expand...
Click to collapse
---------- Post added at 02:24 PM ---------- Previous post was at 02:18 PM ----------
As for lock screen i was meaning more like was it pin, pattern, password, fingerprint etc. But since you are passed that id recommend the method that involves frp apk to phone, you may have a hard time with that without nfc, u may be able to sideload it using stock recovery and hooking to a pc, idk if the pc will recognize it as storage though. There are adb commands to send files to a phone, you may be able enter adb via recovery. Unless u have a sd slot or a usb that also has the phone mini usb on other end and u could put apk on usb and plug usb into phone and navigate to it when needed.
---------- Post added at 02:29 PM ---------- Previous post was at 02:24 PM ----------
Once you got that all done id recommend using deft to recover files, its a linux distro, free and can be used without installing aka live. Its said to be used by law enforcement and military. Theres also a manual download which id suggest having just in case. Itd be the most thorough way of recovery but also requires a bit of focus as its advanced. Otherwise there are several android recovery programs, most working the best if phone is rooted.
ironically I received a J3 j320r that is google lock out. Basically i fix or clean/upgrade pcs/cells just by word of mouth and today got the j3. definitley can not use that root junky method, the realterm shows error on each command send. it does have a sd card slot though, but need to access dialer somehow. you figure any ways out?
---------- Post added at 12:44 AM ---------- Previous post was at 12:44 AM ----------
or did u give up and give it to the person that gave it to me? lol
droseofc said:
ironically I received a J3 j320r that is google lock out. Basically i fix or clean/upgrade pcs/cells just by word of mouth and today got the j3. definitley can not use that root junky method, the realterm shows error on each command send. it does have a sd card slot though, but need to access dialer somehow. you figure any ways out?
---------- Post added at 12:44 AM ---------- Previous post was at 12:44 AM ----------
or did u give up and give it to the person that gave it to me? lol
Click to expand...
Click to collapse
I have had my J3 almost two weeks I'm almost sure it has the latest security patch and I can not get a keyboard to pop up I even went as far as Copying Pasting almost a full account info registration but was short one # to complete it it has One # A 8..well Ive exhaustied most steps I'm hoping today I can finally use MY less then two week old FRP locked J320W8 LOL..any help would be great but yes I get stuck without keyboard
Sent from my SM-G900W8 using XDA-Developers mobile app
At this same time i had a zte warp 7 that was similar in setup but didnt have samsung nemore to test but should still work. Alls you may need to do is another reset because the keyboard should pull up.
The farthest i got into the phone itself is by resetting it through recovery, and when the phone first turns on it asks you if you want to enable accessibility. This is the only time it will ask so if you miss it u have to reset again. But click on accessibility and enable talkback and switch access. With switch access it will popup a tutorial u can skip or do. But with switch access on you can swipe down and to the right which will bring up a menu, i went to switch access settings and gesture control and customized the side double tap to recent apps. With the swipe down and to right i believe i clicked talkback settings and through that i was able to get to the phone settings. You have to get to app settings i cant remember exactly how but its only possible with switch access on. Once you do you can swipe down and to right to turn off switch access which will turn itself back on if u turn screen off and back on jst n case u need it to get back as its easier with it off once u get where u need, but can only get there with it on, sometimes depending on wat u click it'll take u back to setup wizard where its locked, turn screen off back on and doubletap or swipe down right to get recent apps or settings again. In the app settings i went through each one and enabled what i thought to help such as internet browser security settings allowing access to each. If you force stop and clear data on the setupwizard (green one I think) it will reenable the swipe down bar up top. I got as far as logging in google account using a chrome browser popup by clicking one of the terms and conditions links. Got notified of log in and everything but still locked out. Wouldnt install apps no matter what i tried.
Cassybalfourjr said:
I have had my J3 almost two weeks I'm almost sure it has the latest security patch and I can not get a keyboard to pop up I even went as far as Copying Pasting almost a full account info registration but was short one # to complete it it has One # A 8..well Ive exhaustied most steps I'm hoping today I can finally use MY less then two week old FRP locked J320W8 LOL..any help would be great but yes I get stuck without keyboard
Sent from my SM-G900W8 using XDA-Developers mobile app
Click to expand...
Click to collapse
---------- Post added at 11:51 AM ---------- Previous post was at 11:35 AM ----------
Ive actually been thinking of writing google about this whole frp thing. I dont see how they see they are empowered to lock devices out completely because of a different account being used to log in. I understand why they think they need to do it. But if the phone wasnt reported lost by the owner it should be considered that the owner is fully aware the phone is being used on a different account. Android is google but the phone purchased by the owner is not. Its up to the owner to decide if the pbones lost or stolen, not google. Sure this may have saved a few stolen phones, but every stolen pjone could be by their owners taking the responsible steps. Itd be like selling a car that is somehow linked to owner (fingerprint, insurance whatever) and dodge or gmc locking the car down because of it. Causes issues for people and not just the stolen ones. Isnt it generally wrong to punish an entire society because of a small group who break the rules? (Obamacare) There is PLENTY of data tracking and options for the owner of the phone to track their phone, lock it, wipe it and report it (also for google to know everything you do, everything) that google should not be able to or need to automatically lock a device because it was logged in with a different account UNLESS the OWNER reports it stolen. After all it is the owners phone. Unless its on contract then once its reported stolen the carrier can do what they need to for recovery. Google should release their grasp on society a little bit, stop default enable tracking our location, our voice searches, our internet searches, our lives unless we turn it on and shouldnt lock out OUR devices unless WE report it stolen. Google has got to be in with the military and i aint tryn to go conspiracy talks here but with everything that they are allowed to control and have, google earth images of things normally that would be thought questionable to see with stamps on the screen stating where the image is from (us navy etc.) I do not think the us military would allow aerial photos to be displayed by a company of their us military bsses unless it was the us military displaying them
droseofc said:
At this same time i had a zte warp 7 that was similar in setup but didnt have samsung nemore to test but should still work. Alls you may need to do is another reset because the keyboard should pull up.
The farthest i got into the phone itself is by resetting it through recovery, and when the phone first turns on it asks you if you want to enable accessibility. This is the only time it will ask so if you miss it u have to reset again. But click on accessibility and enable talkback and switch access. With switch access it will popup a tutorial u can skip or do. But with switch access on you can swipe down and to the right which will bring up a menu, i went to switch access settings and gesture control and customized the side double tap to recent apps. With the swipe down and to right i believe i clicked talkback settings and through that i was able to get to the phone settings. You have to get to app settings i cant remember exactly how but its only possible with switch access on. Once you do you can swipe down and to right to turn off switch access which will turn itself back on if u turn screen off and back on jst n case u need it to get back as its easier with it off once u get where u need, but can only get there with it on, sometimes depending on wat u click it'll take u back to setup wizard where its locked, turn screen off back on and doubletap or swipe down right to get recent apps or settings again. In the app settings i went through each one and enabled what i thought to help such as internet browser security settings allowing access to each. If you force stop and clear data on the setupwizard (green one I think) it will reenable the swipe down bar up top. I got as far as logging in google account using a chrome browser popup by clicking one of the terms and conditions links. Got notified of log in and everything but still locked out. Wouldnt install apps no matter what i tried.
---------- Post added at 11:51 AM ---------- Previous post was at 11:35 AM ----------
Ive actually been thinking of writing google about this whole frp thing. I dont see how they see they are empowered to lock devices out completely because of a different account being used to log in. I understand why they think they need to do it. But if the phone wasnt reported lost by the owner it should be considered that the owner is fully aware the phone is being used on a different account. Android is google but the phone purchased by the owner is not. Its up to the owner to decide if the pbones lost or stolen, not google. Sure this may have saved a few stolen phones, but every stolen pjone could be by their owners taking the responsible steps. Itd be like selling a car that is somehow linked to owner (fingerprint, insurance whatever) and dodge or gmc locking the car down because of it. Causes issues for people and not just the stolen ones. Isnt it generally wrong to punish an entire society because of a small group who break the rules? (Obamacare) There is PLENTY of data tracking and options for the owner of the phone to track their phone, lock it, wipe it and report it (also for google to know everything you do, everything) that google should not be able to or need to automatically lock a device because it was logged in with a different account UNLESS the OWNER reports it stolen. After all it is the owners phone. Unless its on contract then once its reported stolen the carrier can do what they need to for recovery. Google should release their grasp on society a little bit, stop default enable tracking our location, our voice searches, our internet searches, our lives unless we turn it on and shouldnt lock out OUR devices unless WE report it stolen. Google has got to be in with the military and i aint tryn to go conspiracy talks here but with everything that they are allowed to control and have, google earth images of things normally that would be thought questionable to see with stamps on the screen stating where the image is from (us navy etc.) I do not think the us military would allow aerial photos to be displayed by a company of their us military bsses unless it was the us military displaying them
Click to expand...
Click to collapse
Well I went through everything and no switch access at anytime at all..would I have better luck making my friend an "account" before getting to that sign in part I get "no keyboard in"? Or will it just tell me what its been telling me...Your app and functions or whatever have been revoked or not permittee some kinda thing like that.. I m guessing this may the very latest security patch and it shut down accessibility options keyboard options and getting past sign in options I get as far as google terms click on it and one click I have browser but when I try sign in from browser no keyboard and when I copy and paste I get sent back to main FRP screen again without my PIN I've entered being enabled as well
Sent from my SM-G900W8 using XDA-Developers mobile app
Its going to be near impossible to login without a keyboard popup and sorry about the switchback thing, must be a zte setting. Youve reset the phone using recovery? Power off, hold vol up, home and power until it turns on and let go should get u to recovery. Factory reset, delete cache reboot. Should take you to initial setup until you get to google login part where you will need to log in with same account used the first time phone was setup. Is the phone asking for a pin or does it say this phone has been reset in an unusual way or whatever and to log in with owner google account? If its just the pin screen and u havent reset it id maybe hold off as it may be easier to get through that than the google frp lock. If you have a mini usb to usb otg adapter you could plug adapter in phone and use a pc keyboard, or if u have a rooted phone laying around you can use usb keyboard app which when plugged in is the same as a keyboard. Its not going to help with any amount of accounts made if you have no way of typing them in at that log in screen. If you have factory reset and it does get to google login screen asking for first owner login and no keyboard popup there had to be an issue and i would download/redownload stock firmware and flash in odin because if its asking for a login it should definitely have a way fof entering that in. The only time ive had no keyboard popup is when i have set the default input method to something other then samsung keyboard like sixaxis controller which needs switched back to use keyboard
Cassybalfourjr said:
Well I went through everything and no switch access at anytime at all..would I have better luck making my friend an "account" before getting to that sign in part I get "no keyboard in"? Or will it just tell me what its been telling me...Your app and functions or whatever have been revoked or not permittee some kinda thing like that.. I m guessing this may the very latest security patch and it shut down accessibility options keyboard options and getting past sign in options I get as far as google terms click on it and one click I have browser but when I try sign in from browser no keyboard and when I copy and paste I get sent back to main FRP screen again without my PIN I've entered being enabled as well
Sent from my SM-G900W8 using XDA-Developers mobile app
Click to expand...
Click to collapse
---------- Post added at 12:27 PM ---------- Previous post was at 12:24 PM ----------
If u havent reset the phone and it is a pin and if u had enabled usb debugging prior to the phone being locked you may have options. If usb debugging is not enabled or if u did reset it options become slimmer. I have heard that not trying to login on the device for 72 hour will reset the account thing and allow a login. Not sure if it works, never had the patience.
---------- Post added at 12:43 PM ---------- Previous post was at 12:27 PM ----------
I found by trying whatever i could theres some way of getting to the settings itself. Easiest was by getting the google app to pull up and searching settings. I did this by getting to the app settings from talkback options and finding someway of getting to its app settings and then clicking menu and going to all apps. From there you could find keyboard and make sure its allowed access to each option. If google app doesnt list settings as a option you will have to make sure in app settings you enable access to phone/storage and then it should. I clicked basically every option available in every route there was and some was dead end, some would get into areas not available before. If your issue is keyboard id try to get to its settings by trying everyroute u can and enabling access for it and every application you think may be helpful in getting where you need. I found when its locked out nearly every app has no access to any features by default so for instance keyboard may not have access to phone and wont popup when needed. You will need to show system apps once in the app settings by clicking menu up top. You may also want to go to apps that can change system settings and enable ones that appear useable. If u get there u can also force stop setupwizard and clear data which will allow bar up top to be pulled down making getting there a whole lot easier. Dont get hopes up, i did all of this and in the end gave up. Without being able to install apps its kind of hard to bypass. May have been a simple enable of whatever installs apps to allowing access but didnt find. The last thing i did try which may have worked was getting another phone and turn on hotspot and on locked phone connecting to it at wifi screen and as soon as it goes to checking connection screen turning off the hotspot and phone should go to screen asking for first and last name. U could do this with wifi just easier to turn off on hotspot. It may take a few tries and probably will. 9/10 times itll say there was an error and go back to wifi setup. I was able to enter name and setup a lock for the screen. Didnt venture further. Also when i did get to settings and went to backup and reset clicking reset didnt do anything. This is the way to reset without getting frp locked out but the option was disabled.
I bought the phone I didn't set up anything BC I was charging the phone until I would be back later on that night...babysitter as smart as she is signs in with her account BC its a brand new phone that MAKES you sign in to get the most as she put it..SMH..any who she replaced my phone I the box where I left it didnt sign out properly so my SON showed her how a Hard Reset is done!! Yeah you get the picture right ?! So that's my brand new phone with a DAMN FRP lock on it..oh yeah it dont matter if you've got the receipt or not anymore they say..???? Isn't that the whole reason behind a Sales Receipt?? Not gthe whole reason but yeah...long story short I have an Awesomely Rooted KLTE device and I was wondering where I may be able to find this app? And I do really appreciate your time and effort into helping me..when ur so stumped all you come up with is a different spot to get stumped again?
Sent from my SM-G900W8 using XDA-Developers mobile app
Never mind found a way in thanks anyways
Sent from my SM-G900W8 using XDA-Developers mobile app
Cassybalfourjr said:
I have had my J3 almost two weeks I'm almost sure it has the latest security patch and I can not get a keyboard to pop up I even went as far as Copying Pasting almost a full account info registration but was short one # to complete it it has One # A 8..well Ive exhaustied most steps I'm hoping today I can finally use MY less then two week old FRP locked J320W8 LOL..any help would be great but yes I get stuck without keyboard
Sent from my SM-G900W8 using XDA-Developers mobile app
Click to expand...
Click to collapse
frp reset is possible, i used program chimera tool. what i need is a twrp for this model w8, or a root method, or an older firmware. if you can share any of these please do. Thanks
bilalwiggles said:
frp reset is possible, i used program chimera tool. what i need is a twrp for this model w8, or a root method, or an older firmware. if you can share any of these please do. Thanks
Click to expand...
Click to collapse
I've used real term for this one and did an exploit I'm not so sure if they've figured it out yet but Novembers security patch is harder too can't wait to try December's
Sent From An Awesome S5
So nearly reading the complete thread, it didn't help me out.?.
My problem is.
A couple of months my s7 edge panel broke, so today i repaired it and saw that it had a pattern lock. So i forgot completely and i thought something would help me ro bypass it without losing the data but nothing helped.
1. I don't remember the pattern
2. Usb debugging is disabled.
3. Cant install twrp because of frp lock
4. The Google account password is already changed so i can't use ADM.
5. There is no mobile data or wifi enabling.
Now help me out plz.
If anyone can ask for further to research i can tell.
Thanks
My note 5 sm n920c got stolen, it was protected with fingerprint security and back up pin. I changed my google password, unable to locate or wipe it through my google account, it says can't reach the device, and it doesn't show up in samsung account. What really bothering me is gallery(photos and videos)and other docs(unfortunately no back up either). Is there any way thief might get into my stuff??
Kindly share your expert opinion, I'm really worried about it
Thank you
Somewhat good news from this situation is that thefts are usually for the device and not for the data, so your private information might be intact. Unless you had an SD card where all of your photos and data were kept, the chance of that lessens significantly. Another method is to connect your phone via USB. If it connects thief can access your files that way. Sorry to bring bad news, there are ways. Nothing good about getting a phone stolen, obviously, unfortunate that it happened.
Now as for the main course of action for theft, is to take a phone while its active and do a factory reset, so he can have and use the device. Otherwise, take the phone, try unlocking it, if unsuccessful use external access to factory reset the phone and sell it. I am not an expert, but usually, these type of thieves are not the smartest individuals around when it comes to tech. They want money or other personal gains in the usual scenarios.
Lesson: Keep all of your files backed up, tie your phone near you if possible. I am paranoid, I do that Other than that, stay safe, hopefully, other people can provide a more assure insight.
Means there is a chance thief can get in?
DrMarshal said:
Means there is a chance thief can get in?
Click to expand...
Click to collapse
What software & ver is it running? (have you been applying updates)
Have you rooted it or left developer options on ie adb over usb? Is it encrypted?
There is at least one potential exploit ie "knoxout" if running older OS, it seems. Also possible to spoof the finger print to gain access. But very unlikely your average opportunistic thief will bother with these as will require some knowledge, skills & time. At least the Note 5 doesn't have an SD card so you don't have to worry about the easy access to a portable SD.
Re fingerprints
https://www.theverge.com/2016/5/2/11540962/iphone-samsung-fingerprint-duplicate-hack-security
You should send the remote wipe command so that it'll be wiped if it comes back online (assuming it was enabled before) & report it stolen to your provider to get imei blacklisted, (despite limitations of reporting).
IronRoo said:
What software & ver is it running? (have you been applying updates)
Have you rooted it or left developer options on ie adb over usb? Is it encrypted?
There is at least one potential exploit ie "knoxout" if running older OS, it seems. Also possible to spoof the finger print to gain access. But very unlikely your average opportunistic thief will bother with these as will require some knowledge, skills & time. At least the Note 5 doesn't have an SD card so you don't have to worry about the easy access to a portable SD.
Re fingerprints
https://www.theverge.com/2016/5/2/11540962/iphone-samsung-fingerprint-duplicate-hack-security
You should send the remote wipe command so that it'll be wiped if it comes back online (assuming it was enabled before) & report it stolen to your provider to get imei blacklisted, (despite limitations of reporting).
Click to expand...
Click to collapse
Android 7.0 , and yes i updated it eavh time there was an update. And didn't root it, never opened the developer options menu on it.
I sent the remote wipe command multiple times too
DrMarshal said:
Android 7.0 , and yes i updated it eavh time there was an update. And didn't root it, never opened the developer options menu on it.
I sent the remote wipe command multiple times too
Click to expand...
Click to collapse
If they removed the Sim card that won't work. Which makes all remote wipes really kinda useless.
As stated. Most of the time within a few min if it being found/stolen the Sim is removed and the device reset.
Use your Samsung Account to remotely Find, Lock, Back up, Wipe Your Device at https://findmymobile.samsung.com/
The odds are they factory resetted the phone and discarded the Sim card. Report is lost/stolen on your carrier. If it's an unlocked n5 then you're **** out of luck
---------- Post added at 02:07 AM ---------- Previous post was at 01:59 AM ----------
Also I recommend everybody to set password on boot. Even if they try to reset it they will need a password to get into recovery. Tho they can still use a PC to reset the phone, just make it harder for them to factory reset your phone
Won't work if the Sim is removed and the device is reset.
---------- Post added at 10:13 PM ---------- Previous post was at 10:11 PM ----------
supergear said:
Also I recommend everybody to set password on boot. Even if they try to reset it they will need a password to get into recovery. Tho they can still use a PC to reset the phone, just make it harder for them to factory reset your phone
Click to expand...
Click to collapse
And at that point they just sell it at a local shop and the shop flashes it from the bootloader. Or brute forces the password.
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
gesaugen said:
So my GF has doubt that her phone (Samsung A5) has been tapped by her ex BF who knew her phone pass and did take care of all devices they posses
Assuming that is the case, will the factory reset remove tracking software from her phone of will I have to flash her phone with fresh OS to be sure the software has been removed completely
Click to expand...
Click to collapse
If the ex actually did something like that and embedded into the system partition on the device, a factory reset will not remove it.
You would need to flash the device with the firmware to remove it, you may even need to use the "re-partition" option in Odin when you flash the device.
It would also be wise to change the password on her Google account before flashing the device, to be thorough, change the password and maybe even the email/username while you're at it, then go to system settings and remove the account then sign back in with the new email/password, then flash the device, after flashing and booting, sign back in with the new account details.
I would also change passwords and account details for any other apps on the device, such as Facebook, Facebook Messenger, any other email addresses or other email apps and any other types of social media apps or other apps that require an email/username and password. Change any and everything on the device that the ex could have possibly had access to. If she also has other devices or PC's synced with her phone or email, I'd change the details on those other devices/PC's as well. If she has WiFi at home, change its password and maybe even see about changing the IP of her modem/router.
Then, after that, make sure she doesn't click on/open/download anything from anyone that she doesn't know, including multimedia texts/pics, it could be the ex trying to embed something again, opening it will just compromise the device again.
Sent from my LGL84VL using Tapatalk
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
VidJunky said:
While what Droidriven is saying is correct first things first. Has the phone been unlocked and/or rooted? If the phone is locked (*Not tampered) then all of that is overkill. Here's a simple test that you can do to see how at risk you are. Start the phone in Bootloader mode and see what it says at the top. It will either say Locked, Locked *Tampered, Unlocked or Unlocked *Tampered. Locked is exactly what it sounds like, the phone is factory locked. Unlocked again means exactly what it says, the phone is factory unlocked. The caveat is the Tampered. So you can unlock a phone and lock it back which will result in the tampered tag/statement. In which case anything could have been done or undone once the phone was unlocked even if it says locked. If the phone simply says Locked, there is no need to panic and simply factory resetting the phone will erase anything that the ex may have done or installed. If the tampered tag/statement appears that's when more detailed steps should be taken, as described by Droidriven. It is always advisable to change passwords after a breakup even if you don't suspect foul play as a precaution. If she fears foul play Google offers 2-Step verification, which I highly recommend anyway, which allows the account holder to use an Authentication app that randomly generates codes to access the account and also prevents anyone from accessing the account without the users phone in their direct possession. Google also offers security screening tools that allows users to see where they are signed in, when the last time that sign in point was accessed, and the ability to sign out of sessions that may still be active. Furthermore Google offers notifications that will text or email a user anytime a sign-in occurs allowing the user full disclosure and control over their account. Although not mentioned, Facebook also offers similar tools and notifications should the concern arise. First thing first however, find out how to log into your Bootloader and verify if the device has ever been tampered with and then work from there.
Click to expand...
Click to collapse
As far as I know, Samsung does not have bootloader mode, it uses Download Mode, otherwise known as factory mode or Odin mode. It also does not quite display the information that you described as you described it. Some Samsung devices may or may not display bootloader status as "locked" or "unlocked", I've never seen anything about Samsung devices ever showing anything about *Tampered. I've seen devices show "custom binary" or "official binary" and show system status as "official" or "custom", some show info for secure boot, activation lock, kernel lock or Knox warranty void.
But, none of this necessarily has anything to do with whether something could have been embedded into system. You can push things to system even if the bootloader is locked and without "triggering" anything or being "flagged" by the system.
Plenty of Samsung devices have been rooted without unlocking the bootloader, without tripping Knox or Qfuse and will show binary status as "Custom"(the one thing that does show that the device is rooted/tampered but still doesn't necessarily indicate any malicious code that might have been placed by the ex, just rooting the device and nothing else would give the same result), all locks at default status as "locked"(non-tampered) and system status as "Official".
Given that the ex was the one that took care of and managed all devices that she owned, I would just take the thorough route just to cover the bases just because there are so many points of entry that the ex could have set up among all of the devices/equipment that she has.
Sent from my LGL84VL using Tapatalk
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
VidJunky said:
While I'll give you that there may be differing nomenclature for the things I mentioned, I've never heard of anyway to reach the Root of a device without going through the Bootloader and without leaving some evidence. While I cannot find an actual picture of the bootloader screen, in the link below there's a picture of the recovery menu where you can see the second option on the Samsung A5 Reboot into Bootloader. Ultimately it's up to the OP but becoming tech savvy enough to root a device is not for everyone. If the device shows no signs of being rooted, to learn how to root a device just in case seems less than worthwhile. OP you could also try one of the root detectors on the Play Store.
https://www.teamandroid.com/2017/01/28/enter-recovery-mode-samsung-galaxy-a5-2017/
Click to expand...
Click to collapse
This tells me that you aren't familiar with Samsung devices because plenty of Samsung devices have been rooted without unlocking bootloader, I couldn't even begin to count them all. Unlocking bootloader is really only necessary if flashing a custom recovery or custom ROM. Not all Samsung devices are rooted by flashing a custom recovery to gain root. Most of the Samsung devices sold in the US have locked bootloader that cannot be unlocked by any means whatsoever, yet these devices can be rooted. Obviously, they have been rooted without unlocking the bootloader.
Yes, it may have the "reboot bootloader" option in recovery, if selected, that will boot you into download mode/Odin Mode. Typically, what you are describing with bootloader mode applies to devices that use fastboot, Samsung does not use fastboot, it isn't compatible with fastboot, adb works with Samsung but fastboot does not work with Samsung in any way, shape, form or fashion.
And it is possible to root a Samsung device, then install something in system and then remove root immediately after(which means that root checker will not see anything) and it won't show anything in Odin mode, won't trip Knox or Qfuse and still show Official in Odin mode. If it is rooted, then an app is pushed to system then root is immediately removed and this was all done without rebooting the device in the process, then the bootloader, Knox, Qfuse and all that never even detects that root was ever there because it was removed, which means it never gets loaded at boot for the bootloader and other security coding to see that root was there. Some can be rooted and then flash TWRP using Loki without unlocking the bootloader, which "shouldn't" be possible with a locked bootloader, yet, it is done.
I'm just saying, it isn't always as detectable as you imply.
Sent from my LGL84VL using Tapatalk
Hi!
I'm considering buying Pixel 6a for its worth at around 300USD worth but after using Android for several years, I'm concerned about security after rooting, like after theft etc.
Afaik, if bootloader is unlocked, the thief can just flash a new image and that's it!
It's different with iOS where icloud lock (even after jailbreak) can render the device practically unusable.
Can someone guide if some kind of google lock is a possibility nówadays with Android or newer versions of Android?
Are you looking at this from a data security standpoint? Or from "make sure its worthless to the thief".
Data security I believe is much more important than causing the phone to self destruct if stolen, and from a data security standpoint, you don't need to worry about root, because the data stored in the userdata partition is ENCRYPTED, and this encryption is tied to lockscreen security. In other words, they need to be able to legitimately get past the lockscreen in order to have unencumbered access to your data, regardless of what they change with respect to boot and system partitions.
If on the other hand, you're more worried about rendering the device worthless if stolen (i.e., thief can't actually use it), then you're actually talking about gooble's factory reset protection, which pretty much locks you to factory images, and locked bootloaders, and the "unlock bootloader" switch set to not-unlockable.
Factory reset protection works by forcing you to validate that you are the owner of the gooble account previously registered as owner of the device. It can be trivially bypassed as long as the "allow oem unlocking" flag is set to true, or the device has a 3rd party OS key installed, such as from grapheneos.
Also, having the device REPORTED as stolen if it is, will make it unable to connect to a cellular network, which pretty effectively makes it worthless.
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
tarun0 said:
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
Click to expand...
Click to collapse
It isn't a useful deterrent to theft, because they have to steal it first before they can find out if its been rendered useless or not. Its not like they'll return it if they find out that its useless.
tarun0 said:
Hi!
I'm considering buying Pixel 6a for its worth at around 300USD worth but after using Android for several years, I'm concerned about security after rooting, like after theft etc.
Afaik, if bootloader is unlocked, the thief can just flash a new image and that's it!
It's different with iOS where icloud lock (even after jailbreak) can render the device practically unusable.
Can someone guide if some kind of google lock is a possibility nówadays with Android or newer versions of Android?
Click to expand...
Click to collapse
You should be worried more about having unlocked bootloader as opposed to root.
Root can only be obtained via Magisk, which creates a layer making your System think that Magisk is a part of it. No root could be obtained other than through Magisk manager, and even then, you will get a prompt to allow root to an app or adb. You can provide time limited root or one time only for apps. In other words, root gives the user control. Your OS already has root regardless of Magisk. All Magisk does is give you the power to grant or deny root.
Locked vs unlocked bootloader: this is where you should be concerned. If your bootloader is unlocked, it might be possible to boot or flash a modified recovery or TWRP that will have full write access to your system partitions, which are not encrypted. Android, unlike Linux or Windows never encrypted anything but data partition, and a few years ago, Google dropped even that in favor of file encryption. So, your data partition is no longer encrypted, just the files. So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will have the full access to your data.
With locked bootloader, this is not possible, as all fastboot actions are disabled.
99.9% of custom roms require unlocked bootloader. Those few, which are available on locked bootloader, do not provide root. There are only 1 or 2 developments that can provide optional root + locked bootloader.
optimumpro said:
You should be worried more about having unlocked bootloader as opposed to root.
Root can only be obtained via Magisk, which creates a layer making your System think that Magisk is a part of it. No root could be obtained other than through Magisk manager, and even then, you will get a prompt to allow root to an app or adb. You can provide time limited root or one time only for apps. In other words, root gives the user control. Your OS already has root regardless of Magisk. All Magisk does is give you the power to grant or deny root.
Locked vs unlocked bootloader: this is where you should be concerned. If your bootloader is unlocked, it might be possible to boot or flash a modified recovery or TWRP that will have full write access to your system partitions, which are not encrypted. Android, unlike Linux or Windows never encrypted anything by data partition, and a few years ago, Google dropped even that in favor of file encryption. So, your data partition is no longer encrypted, just the files. So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will full access to your data.
With locked bootloader, this is not possible, as all fastboot actions are disabled.
99.9% of custom roms require unlocked bootloader. Those few, which are available on locked bootloader, do not provide root. There are only 1 or 2 developments that can provide optional root + locked bootloader.
Click to expand...
Click to collapse
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
tarun0 said:
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
Click to expand...
Click to collapse
Just my view: if I were you, I wouldn't buy any Pixels phone that has Titan chip in it. It is just one more reliance on such a 'bastion' of privacy as Google. Note Titan is closed source, and not only it deals with certificates, but it can also modify firmware. Here is Zdnet's description:
"The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material -- along with provenance information -- into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
"Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which -- under the direction of a quorum of Titan identity administrators -- can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates."
So, each machine's individual key is stored with some 'magic' database maintained by Titan Certification Authority. In other words, an entity funded by three-letter agencies now has an additional database holding individual keys for each phone.
optimumpro said:
Just my view: if I were you, I wouldn't buy any Pixels phone that has Titan chip in it. It is just one more reliance on such a 'bastion' of privacy as Google. Note Titan is closed source, and not only it deals with certificates, but it can also modify firmware. Here is Zdnet's description:
"The Titan chip manufacturing process generates unique keying material for each chip, and securely stores this material -- along with provenance information -- into a registry database. The contents of this database are cryptographically protected using keys maintained in an offline quorum-based Titan Certification Authority (CA).
"Individual Titan chips can generate Certificate Signing Requests (CSRs) directed at the Titan CA, which -- under the direction of a quorum of Titan identity administrators -- can verify the authenticity of the CSRs using the information in the registry database before issuing identity certificates."
So, each machine's individual key is stored with some 'magic' database maintained by Titan Certification Authority. In other words, an entity funded by three-letter agencies now has an additional database holding individual keys for each phone.
Click to expand...
Click to collapse
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
tarun0 said:
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
Click to expand...
Click to collapse
Onepluses allow relocking bootloader on custom roms.
tarun0 said:
Thanks for the opinion broski! But what brand are available there?
I don't like Samsung anymore because they destroy screen with update and don't help customers. Rest brand look more on papers but not in real.
Click to expand...
Click to collapse
Don't be intimidated by the technical language - it's not as complicated as it seems. All hardware security modules come with a key that is installed at the factory and signed by the manufacturer. This initial key is only used to establish a basic level of trust, and the HSM will then generate a unique key for encrypting your data and performing attestation. This process is the same no matter what brand of device you use, whether it's an OnePlus, a pixel, or any other brand
Newer pixel models have a feature called ATTEST_KEY that allows each device to have its own unique keys. If one of these HSM keys were to be compromised, it wouldn't affect your security. However, rooting your phone can compromise your security and make verified boot ineffective, even if the bootloader is locked. If you value security, it's important not to root your phone
tarun0 said:
Ahhh... So there are options albeit just 1 or 2 which can root with bootlocker locked!!
I thought it's just impossible to root without unlocking bootloader.
Thanks for the nice explanation
Click to expand...
Click to collapse
This statement is incorrect. The Android user interface was not designed to handle permission prompts for root access. When you root your phone, you increase the potential for UI bugs that were previously not able to cause harm to become attack vectors that can be used to gain full access to your phone. Rooting also weakens the security of your phone by adding new permissive domains and making the *_app SELinux domains more permissive
It is heavily recommended to read this article https://madaidans-insecurities.github.io/android.html
tarun0 said:
Thanks for detailed answer. It answers my question.
While data is first priority, rendering device non-usable is also a deterrent.
Gotta find some ROMs which allow encryption tho. Thanks again
Click to expand...
Click to collapse
For the past five years, it has been required that all Android phones have encryption enabled by default. If you purchase a Pixel phone, it will come with encryption already enabled, but you can further enhance the security of the encryption by installing GrapheneOS as they increase the file name padding length to the maximum supported by the kernel make certain attacks harder.
Block-based encryption is generally considered to be less secure than file-based encryption because it uses a single key to encrypt all data, rather than multiple keys for individual files (which is what FBE does). Android 10 introduced metadata encryption, which encrypts the sector 0 on the data partition, making it inaccessible to attackers even when attempting to access the data through recovery mode. One of the main reasons file-based encryption is preferred over block-based encryption is that it is more difficult to verify the security of block-based encryption, and the algorithms used in block-based verification can be complex and challenging to implement correctly. Additionally, block-based encryption only encrypts data and does not provide any integrity checking, so if the data becomes corrupt, there is no way to detect it and the decryption process will continue. This can result in broken files at best and potentially allow attackers to tamper with or exploit the Linux kernel at worst, as noted by Linux kernel maintainers
optimumpro said:
So, when TWRP has full access to your system, an adversary may succeed in removing your screen lock/password/pattern and force system to boot straight without any lock. Note, the attacker wouldn't have to deal with encryption at all, but rather use natural Android weakness, which is: the first boot after installing a brand new rom is always without password prompt. So, in this case, the attacker will have the full access to your data.
Click to expand...
Click to collapse
This quote is mostly (the bad part) FALSE. The decryption on the files cannot be performed until AFTER the device has been unlocked. If an attacker installs something that skips the lockscreen, the files will NOT be decrypted, since that lockscreen password/pin/pattern/etc. is needed to gain access to the key.
No matter what, whether the device bootloader is unlocked or not, or the device has root access or not... if the device is physically outside of the owner's control, it is necessary to assume that security on it has been compromised and should not be trusted. As the owner, you should assume that it has been backdoored, so wipe it fully and reinstall OS.
there is one exception, though. in AFU state, FBE is already decrypted (same as FDE)
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass
(does not concern powered off devices)
96carboard said:
Are you looking at this from a data security standpoint? Or from "make sure its worthless to the thief".
Data security I believe is much more important than causing the phone to self destruct if stolen, and from a data security standpoint, you don't need to worry about root, because the data stored in the userdata partition is ENCRYPTED, and this encryption is tied to lockscreen security. In other words, they need to be able to legitimately get past the lockscreen in order to have unencumbered access to your data, regardless of what they change with respect to boot and system partitions.
If on the other hand, you're more worried about rendering the device worthless if stolen (i.e., thief can't actually use it), then you're actually talking about gooble's factory reset protection, which pretty much locks you to factory images, and locked bootloaders, and the "unlock bootloader" switch set to not-unlockable.
Factory reset protection works by forcing you to validate that you are the owner of the gooble account previously registered as owner of the device. It can be trivially bypassed as long as the "allow oem unlocking" flag is set to true, or the device has a 3rd party OS key installed, such as from grapheneos.
Also, having the device REPORTED as stolen if it is, will make it unable to connect to a cellular network, which pretty effectively makes it worthless.
Click to expand...
Click to collapse
Not all of this is really right on the head.
tarun0
FRP is VERY easy to bypass. Takes me about 2 minutes on Android 13 Jan 2022 update on 7 Pro, 7, 6a, 6 pro, 6, 5a, 5, 4a 5g and the 4a. The data is wiped though, so it at least can't have data stolen, but the FRP is more like a fence with a gate that you can just reach the other side to unlock with a paper clip lol
As far as getting past lock screen, there's USB plug-in's that if a true back actor wanted to get into the phone, it bypasses usb debugging and can force test thousands of pins and patterns per minute without flagging the maximum attempt trigger. But again, what's the chance of a phone getting stolen by someone with that level of knowledge? 90% of phone thieves take it, run and sell it quick flip.
Also, with a custom Android recovery, adb commands are possible, so if the device is rooted with a custom recovery, there's ways to extract the lock screen file where its stored and use it. I don't think the recoveries based on LineageOS can do this, but TWRP definitely can as I've done it personally. So far there's no twrp for any android 13 device to my knowledge. Even the android 12 variants of twrp are shotty and barely function.
Dirty flashing a rom will also remove any passcode generally on a phone. and make data accessible.
Reporting it stolen only goes so far. You can spoof the IMEI if rooted or straight up change it if you have tools like MiracleBox
Long story short, an unlocked bootloader and a rooted android device make the device very insecure. The only roms out there that let you re-lock the bootloader after flashing the rom are Graphene and CalyxOS. And I really don't recommend calyx. Its a pile of ****. Don't root graphene either, as you'll have to leave the bootloader unlocked
TechX1991 said:
Dirty flashing a rom will also remove any passcode generally on a phone. and make data accessible.
Click to expand...
Click to collapse
we are talking about FBE encryption, not old FDE encryption with default_password. do not claim what you haven't tested yourself. FBE is simply secure in BFU state. also against bruteforce as gatekeeper lives in TEE. after 140 attempts the timeout has increased to 1 day.
kindly read about how FBE works
https://android.stackexchange.com/a/241688