Bootloader and may security patch - Xiaomi Mi A1 Guides, News, & Discussion

I unluckly discovered that with the may security update, both unlocking and locking the bootloader will result in a complete wipe of all user data.
Is this intended? Will this be the standard for all the next updates? It's really a shame that unlocking ther bootloader is now a relatively pricey and hard thing to do.
Or did I just do something wrong? Lost data... twice in a day
What about GCam and root if the bootloader can't be altered without clearing all user data? Does this mean I'll have to dump my data every time I update my system (and so root again)?
Hope someone knows better than me :crying:

_MrAlpha_ said:
I unluckly discovered that with the may security update, both unlocking and locking the bootloader will result in a complete wipe of all user data.
Is this intended? Will this be the standard for all the next updates? It's really a shame that unlocking ther bootloader is now a relatively pricey and hard thing to do.
Or did I just do something wrong? Lost data... twice in a day
What about GCam and root if the bootloader can't be altered without clearing all user data? Does this mean I'll have to dump my data every time I update my system (and so root again)?
Hope someone knows better than me :crying:
Click to expand...
Click to collapse
Yes, from now it's "normal"
On all devices you lose all data for locking/unlocking BL, our Mi A1 was lucky.

Its upgrading security
Wiping FRP was a piece of cake

Related

Re-unlock

I got a unlocked and rooted Nexus S. If for sercurity reasons i'll do a re-lock. Suppose i get my phone lost or stolen, the thief/person wont be able to flash any rom on that, since its locked. But if him do a re-unlock, i would get my data erased? Including my google account and security apps like Lookout, Prey, etc?
Thank you!
cpaixao said:
I got a unlocked and rooted Nexus S. If for sercurity reasons i'll do a re-lock. Suppose i get my phone lost or stolen, the thief/person wont be able to flash any rom on that, since its locked. But if him do a re-unlock, i would get my data erased? Including my google account and security apps like Lookout, Prey, etc?
Thank you!
Click to expand...
Click to collapse
Yes - unlocking again will wipe again.
krohnjw said:
Yes - unlocking again will wipe again.
Click to expand...
Click to collapse
Wow... so we have no advantage on re-locking bootloader, isnt is? When it is locked, people will be able to flash over it but i think if someone have know-how to flash, probally they should know how to unlock too! And unlock seems easier than flash! Agree?
if you want to keep your data safer, re-locking bootloader will be better.
if you did not, someone can get your phone and refresh a rom, will get anything in your sd-card.

Help please, trying to recover deleted photos from Mate 9 (MHA-AL00)

I accidentally deleted 200 photos from my Mate 9, as I know, to recover these photos, I need to "root" my Mate 9 (B213) first, and before that, I need to get an unlock code from Huawei.
I'v already got the unlock code.
The unlock procedure prompts that all data will be deleted with a factory reset. I am not sure if this step will permanently erase all data on the storage.
Anyone has similar experience?
Thanks a lot!
I would expect the unlock to permanently erase all data, yes (or rather, it will permanently wipe the key used for file-based encryption, which amounts to the same thing). If it doesn't, it's a major security flaw.

Theft protection

Does android/S7 have anything equivalent to apples find my phone which effectively turns it into a brick when stolen? If so, how?
In the Google app settings there is a phone finding service you can activate, and some CSCs have "Find my mobile" which allows you to remote wipe / brick etc
but does this stop the device from being wiped if stolen and activating like apples activation lock does?
lofty5 said:
but does this stop the device from being wiped if stolen and activating like apples activation lock does?
Click to expand...
Click to collapse
Yes, provided you keep the bootloader locked.
EDIT: Technical term is FRP(Factory reset protection), and it's tied to the Google account used to set up the device
This is what i was thinking, that the boot loader has to be locked in order to do this. would keeping the phone rooted be an option or make it insecure?
Could i do this on a region that isn't my csc without bricking the phone? I'm pretty sure that as long as the source files are stock samsung any region should work. Can download mode be protected?
I'm currently backing up my device after which i am enabling all the security options and am going to try to hack into the phone to see if its worth doing or not. If it can be broken easily id rather keep it unprotected for convenience, but if i can protect the phone I'd rather do this as i lost my phone a couple of years ago and there was no protection on it at all nor on the sd card, which sucked.
bump
Root almost always requires a modified boot image which will immediately be blocked by a relocked bootloader. So root and FRP cannot coexist as they counteract each other. FRP itself is not CSC locked, only the remote control features. There are ways around it but they are mostly only present in older firmware, which is blocked by bootloader downgrade fuses. So yeah, pretty unbreakable if the device remains full Knox stock.
Hint: anything confidential should never be stored on the external card, or should be encrypted if it is (eg. Turn on encryption in titanium backup). Internal memory is always encrypted on stock firmware.
Edit: Download would work as usual. So basically what would happen is if a malicious firmware was flashed the bootloader will block it at boot and trip the Knox fuse, essentially burning all data on the device. If the crooks are smart they can still make use of the device, but most aren't so you should be safe
I'm using Cerberus, it can disable the shutdown/reboot menu on the lockscreen.
CurtisMJ said:
Root almost always requires a modified boot image which will immediately be blocked by a relocked bootloader. So root and FRP cannot coexist as they counteract each other. FRP itself is not CSC locked, only the remote control features. There are ways around it but they are mostly only present in older firmware, which is blocked by bootloader downgrade fuses. So yeah, pretty unbreakable if the device remains full Knox stock.
Hint: anything confidential should never be stored on the external card, or should be encrypted if it is (eg. Turn on encryption in titanium backup). Internal memory is always encrypted on stock firmware.
Edit: Download would work as usual. So basically what would happen is if a malicious firmware was flashed the bootloader will block it at boot and trip the Knox fuse, essentially burning all data on the device. If the crooks are smart they can still make use of the device, but most aren't so you should be safe
Click to expand...
Click to collapse
I had it rooted last night with magisk and boot loader locked, however it did refuse to boot due to modification and frp locked after a factory reset, but worked fine prior to this.
is it not worth doing if not fully knox stock?
I only really use root these days for titanium backup and perhaps ad blocking.
How difficult is it for a hacker to get back into the phone, I mean iPhones are practically impossible to get back into if on the latest firmware.
Blacky25 said:
I'm using Cerberus, it can disable the shutdown/reboot menu on the lockscreen.
Click to expand...
Click to collapse
is your boot loader locked and rooted?
lofty5 said:
is your boot loader locked and rooted?
Click to expand...
Click to collapse
Yes it is, I know it is also possible to delete everything but when I really loose my phone I will hope that people without the knowledge find my phone.
lofty5 said:
I had it rooted last night with magisk and boot loader locked, however it did refuse to boot due to modification and frp locked after a factory reset, but worked fine prior to this.
is it not worth doing if not fully knox stock?
I only really use root these days for titanium backup and perhaps ad blocking.
How difficult is it for a hacker to get back into the phone, I mean iPhones are practically impossible to get back into if on the latest firmware.
Click to expand...
Click to collapse
About as difficult as an iPhone to crack provided it's on latest firmware with a locked bootloader, even preventing reuse. FRP remains fully operational irregardless of Knox warranty status. It's possible to keep encryption while rooting (though this depends on strictly "close to stock" firmware, specifically by using a stock kernel binary. Ramdisk mods like Magisk or SuperSU are fine) to retain the data protection so thieves wont be able to deduce anything about you, but as long as the bootloader is unlocked a thief could always just wipe and reuse the device.
CurtisMJ said:
About as difficult as an iPhone to crack provided it's on latest firmware with a locked bootloader, even preventing reuse. FRP remains fully operational irregardless of Knox warranty status. It's possible to keep encryption while rooting (though this depends on strictly "close to stock" firmware, specifically by using a stock kernel binary. Ramdisk mods like Magisk or SuperSU are fine) to retain the data protection so thieves wont be able to deduce anything about you, but as long as the bootloader is unlocked a thief could always just wipe and reuse the device.
Click to expand...
Click to collapse
I am now back to full stock with no root. It’s not the same now as when i first started rooting back on the arc s, back then you could literally do nothing without it, things so basic such as a firewall. I only at this minute have one issue.
How in god’s name do you do a full backup of apps WITH data. I have helium but it refuses to backup most of them, it’s not a big deal now as i have re-setup the programs it wasn't compatible with. However, it would be handy to know for future reference, is there anything that can do a full backup with app data that doesn’t require root? If not, never mind I guess.
lofty5 said:
How in god’s name do you do a full backup of apps WITH data. I have helium but it refuses to backup most of them, it’s not a big deal now as i have re-setup the programs it wasn't compatible with. However, it would be handy to know for future reference, is there anything that can do a full backup with app data that doesn’t require root? If not, never mind I guess.
Click to expand...
Click to collapse
Not quite sure as I've always been rooted. Kies or Google Cloud Sync might be sufficient?
CurtisMJ said:
Not quite sure as I've always been rooted. Kies or Google Cloud Sync might be sufficient?
Click to expand...
Click to collapse
is the latest s7 fw protected against this attack?
https://forum.xda-developers.com/sa...galaxy-on5-metropcs-sm-g550t1-t3439557/page13
and root junkies hack?
lofty5 said:
is the latest s7 fw protected against this attack?
https://forum.xda-developers.com/sa...galaxy-on5-metropcs-sm-g550t1-t3439557/page13
and root junkies hack?
Click to expand...
Click to collapse
Only one way to find out An easy way to test would be to see if the phone responds to the USB command to dial the number, so no need to reset to check.

Is it possible to lock and unlock bootloader without erasing data once your rooted

I just unlocked the bootloader to install twrp and maybe magisk i wanted to also try the Android P dev preview. but i know having a unlocked bootloader is a security risk also your get that warnign message at boot which makes booting up longer,is there a way to lock and unlock without losing data if im root.
Unlocking and locking wipes all data by design.
Telperion said:
Unlocking and locking wipes all data by design.
Click to expand...
Click to collapse
Is there a way to make the device secure with it having a unlocked bootloader?
With an unlocked bootloader, anyone can install a factory image, which wipes all your locks and your google account (and, therefore, defeats FRP), which is what makes it insecure. The only way to avoid that is to have a locked bootloader (and USB debugging off). (And I've seen reports here that unlocking the bootloader, installing TWRP and Magisk, then locking the bootloader, results in a hard brick (meaning buying another phone, because Google won't replace it)
Run with the unlocked booloader, don't ever leave the phone off your person and have "insurance" that replaces stolen (and possibly lost) phones.

How to go about fixing a hacked phone?

I'm curious as to the method of fixing my phones as I feel/ know they have been hacked from person(s) I considered friends. They never had access to said phones other then a Hotspot on my Galaxy Note 20 5g with no physical access to my Galaxy Note 10. My Google accounts are 2-step verified protected. I haven't noticed any unrecognized logins to any of my accounts. I don't know much about coding or I wouldn't be asking thus question. How do I go about finding the software and removing it? Is there a website or person who can offer such services ? How can I resolve this issue , please let me know.
Thank you,
........
...???
Kyleson253 said:
..
Click to expand...
Click to collapse
Simply factory resetting the device, preferably by using the factory reset and wipe cache option in stock recovery mode and then reflashing your stock firmware would be the easiest way to solve whatever they may have tampered with.
alt google account could also be helpful. Factory resetting can remove any extra malware they might of installed, but it also removes any pictures or personal files you own. But I gotta admit if your friend could hack into a google account ( and ESPECIALLY a GOOGLE account) they deserve some credit. Could you tell me what they did?
If with "hacked" is meant phone's Android system got tampered then take note that phone only can get hacked if both its bootloader got unlocked and its Android's SELinux / DM-Verity protection got disabled and the "hacker" has superuser rights.
So I guess your phone didn't get "hacked", but only 3rd-party apps got installed - what easily can get removed: To achieve this performing a factory reset isn't necessary.
jwoegerbauer said:
If with "hacked" is meant phone's Android system got tampered then take note that phone only can get hacked if both its bootloader got unlocked and its Android's SELinux / DM-Verity protection got disabled and the "hacker" has superuser rights.
So I guess your phone didn't get "hacked", but only 3rd-party apps got installed - what easily can get removed: To achieve this performing a factory reset isn't necessary.
Click to expand...
Click to collapse
Not entirely true, but, yes, in general, this is true. There are exploits that do not require an unlocked bootloader to embed code in the system partition. Many devices can be rooted without unlocking bootloader and DM-verity disabled, also, you'd be surprised what can be done even when SELinux is set to enforcing.
It really comes down to exactly which specific device is being modified.
Droidriven said:
Not entirely true, but, yes, in general, this is true. There are exploits that do not require an unlocked bootloader to embed code in the system partition. Many devices can be rooted without unlocking bootloader and DM-verity disabled, also, you'd be surprised what can be done even when SELinux is set to enforcing.
It really comes down to exactly which specific device is being modified.
Click to expand...
Click to collapse
This guy/friend is actually talented as **** tbh

Categories

Resources