THIS IS BASED ON SUSPICION. TOO MANY COINCIDENES FOR IT TO BE LUCKY GUESS. I HAVEN'T READ OR HEARD OF A PROGRAM LIKE THIS. COULD THIS BE POLICE INVOLVEMENT?IF ANYONE HAS ANY IDEA EVEN A GUESS PLZ COMMENT. TIA SORRY FOR SPELLING
Recently I found that someone close to me had been using a purchased spy prog. Thanks to Google alerting me that unauthorized login and sync occurred.
I quickly recognized the phone found the program and cancelled their membership since I originally made the account/email address for them and they told me what password to use. But somehow that phone has continued to sync from their phone.
To this point I've been being safe; I've been messaging or texting lies along w/ truth. Yet somehow all that information makes it back by a simple slip up of words by the other person in house. They accidentally repeat in general something I mentioned in text/fb message/phone call/information/etc.
I've literally deleted everything I could find that was left after factory reset. (EVERY FILE!!) I had root and end up with a virus I couldn't remove & didn't want to factory reset. The virus took over screen and no matter what, I couldnt get it off. In the end, only way phone company could get it off was gain access with use of a computer & prog to factory reset. While talking, it updated from 6.0 to 7.0. So I'm going to have reroot.
QUESTION FINALLY: How can I remove or atleast find the hack or exploit ( or whatever it is) that is reporting or cloneing everything word & information? Yes, I've tried every possible virus/spy pro/spyware/malware/hack/exploit detector remover I read about. PLEASE advise.
The person( I suspect) is currently charged with domestic violence w/ prejudice, I cannot drop the charges they won't allow me. Due to it being domestic violence against someone disabled.
The person is beyond clueless about technology but their brother worked for govt many yrs ago installing, none other than CAMERAS. He now prides himself as being a computer expert & dev.(he's not bad at it). He knows LINUX exceptionally well. Also I found an old outdated voice recorder. I took it to a shop then to some who is genius with things he agreed. Both said it went with a small old spy camera. I have it still it. Since I am a "rentor/tenant" (correct if wrong) using audio with recording is illegal. Also video recording if used for a malicious or personal gain/pleasure without letting the person know is illegal. I'm a man so man things would have been recorded.
Quick Question...should I go ahead with rooting or wait?
PLEASE HELP AND IF POSSIBLE FIND THE FOOTPRINT HE MIGHT HAVE LEFT BEHIND. PRIVATE MESSAGE ME IF NEED MORE DETAILS ON PHONE INFORMATION
* * *
***
Related
Thank you in advance. First of all I am still a beginner in knowledge here. My Alcatel fierce 4 TCL 5056N seems to have been hacked and is now being remotely accessed and controlled by an unauthorized 3rd party. I may be way off base but I think my phone may have been exposed to a R.A.T.. Temporarily rooted long enough for someone to modify the kernel and other system coding, which I cannot access myself with an unrooted phone, installing some sort of sub-OS with limited user setting options and a completely different named storage platform,( I.e. emulated, bdef55, self), and not even factory resetting my device helps because it reboots into the sub-OS they installed. They are screen overlaying buttons, and toggles are being reversed in real time before my eyes, settings and options are disappearing from one minute to the next and I've somehow found myself poking around in some windows software on a PC that is used to develop Android software, maybe sdk, not sure but was Linux coding and looked like it was meant for me. I was on the other end of this hack for a few minutes tho but my lack of knowledge made this useless to me. I have downloaded many an app trying to combat this issue but to no avail. Although unsuccessful I have seen a few thing I don't understand but could possibly be helpful for you to identify exactly what my issue is. One thing is an app I downloaded said that a trust cert has enabled a malicious trust agent and my system is being remotely accessed by a third party. The rest is beyond my understanding but I'm going to list a few tidbits you may recognize. LIB, Kinguser, kingroot, persist, unremovable/???/xxx, code Aurora, bootstrap something, libnfc, system/framework/Apache/xml, bin, user value=0 or 1/2, managed provisioning, also a .base ext. on a bunch of sytem apps below the same app without and a few of others. I don't know if that's helpful but it's all I can remember. Symptoms are apps closing on their own, microphone and camera being remotely enabled, unable to update Google play services or store and being forced to use an obviously older and modified version with possible replica apps with restrictions, unexpected reboots, in settings/apps/permissions apps like gallery, when you click battery and then the little i button for info, it says it's a system app and all of the sudden the disable and force close buttons become un-highlighted and unusable and so on and so forth. Lastly, my home wifi is infected I think as well because my roommate is having the same issues. I've tried(unsuccessfully) to root my phone so I could manually remove some of these apps and extra coding and such but it seems impossible because of a locked bootloader. Tried about 10 different ways without success so I've just about given up and smashed the damn thing but then you geniuses popped into my head so I beg of you, please help me or if nothing else, tell me to proceed with the smashing...lol! Thank you very much for your time. P. s. I'm new to XDA dev website so maybe drop me a line at [email protected] with directions back to this thread. Had a bit if trouble navigating here. Thanks again and have a great day! -Spencer
Hello,
I have a lg ls775 and under the user security certificates there is one called sprfw01. I have no idea why or what its for. Im on the sprint network. Is there a way i can inspect the cert or atleast figure out whats using it? Any info is greatly appreciated. Thnx guys!
Could this be from pairing my phone with some device ie. Smart watch or another phone?
Its actually under User credentials. Hope that can jog anyones memory as to what this may be.
I'm currently using the same phone as you and on the same carrier, and just noticed this user credential the other day as well. I didnt recognize it so I deleted it. I'm afraid I cant tell you if it really affected my device as it was already giving me some issues before I deleted the credential. At the time, and again today, I looked for the same answer as you and haven't found any additional information on it, so I can't be much help with exactly why it's there or what put it there.
However, I may be able to help put your mind at ease since I did happen to do a factory reset today and even though I deleted it before, it was back afterward. So my guess is that its not dangerous. (again, thats my opinion, hopefully someone can confirm if I am correct)
Some details to that lead me to think it's safe:
My LG G6 isn't rooted, and was not before the redo. (so technically nothing should have been able to reinstall it that was nefarious)
I didn't install any potentially shady apps when I did the factory reset ( at time of writing this, just a few big name apps from the play store, no random restored apks or anything like that).
I pulled my SD card out before the wipe and haven't put one back in yet, so that rules out something left over on there working itself back in somehow.
I allowed google to "restore" my most recent backup it made, but the most recent backup was AFTER I removed the credential so it shouldn't have been on there (google backups seems to restore very little anyway, and requests all backed up app downloads from the Play store) .
I have connected it to my home secured wifi.
No bluetooth connections yet.
No sharing to any devices or NFC usage, etc.
So from all of that, I believe it is either a Sprint thing, an LG UI thing, or something specific to the LG g6 model, and built into the factory settings. That's just my thoughts, but I thought maybe my experience might make you feel a little more at ease. Hopefully someone can reply with what the heck it actually is though, because little things like not being able to figure out the source of this drive me crazy even after all of that.
Just an update, I was looking through my LG V30+ and found the same credentials stored on this device too. No additional details on it's purpose were really gained from it though. Picture attached.
"User Credential" "sprfw01" also on LG ls 775
I saw the same thing and I searched "sprfw01" . I was wondering what it was. I also have this "User Credential" on an LG ls 775 on Sprint.
Passwords Saved Credential
I did some research into this and what I see is it's a credential from when you saved your passwords for an example unlock screen & any passwords like I have to specific websites.
Jusy my thoughts...
*Any good unlock or root for the ls993?
Hey there, got a few questions that I'm hoping someone knowledgeable could answer for me. If this should be posted elsewhere let me know, any advice would be great! DM replies are welcome.
I'll be vague but recently I've begun to notice inconsistencies on my phone that I share with someone very close to me. They are more technologically capable than I am and have so far protested their innocence. so I'd really like to know what's happening if at all possible, may be nothing but I don't have the experience to know either way.
1. Found a series of txt logs that I didn't seem to be able to open, they appeared - after my phone powered off - in my documents folder with time stamps that appear to be shortly before the phone was turned on again (images included below). What are they? I have never noticed these before.
https://ibb.co/DV512T4
2. Whether coincidentally or not I also noticed 2 entries in my notifications for "download.bin" and "unknown" each from before the power off however when searching my download manager, found nothing, what could this be? Come to think of it I have noticed very similar occurrences in the past however didn't think of it as odd until recently.
3. My notification history has reset about 4 or so times in the past few months, to my understanding this should only be possible when disabling and reenabling the setting - I am referring to the 24 hour breakdown. I cannot find any mentions of this and with other things I've noticed recently (permissions manager being accessed multiple times during the play time of one particular game interspersed with the use of chrome observed through app manager, empty notification categories etc). Phone has been out of my possession each time. Am I correct in saying that this is evidence of the data being manually cleared/affected, can I even find evidence as to whether or not that's happened? I have not found any information on the 24 hour breakdown disappearing other than "turn it off and on again to wipe" - If so, is there a way of accessing or restoring old logs so I can check the days where the history went?
I had a talk with the person about things like hidden apps, operating system changes and a load of other stuff that went over my head so I really don't know what to expect but I've since changed my passcode and restricted their access until I have a better view of how my phone's been used.
Final question, I've noticed a large number of screenshots and camera photos being taken according to my device care setting and history, problem is when I go to access my gallery, recycle bin etc - They aren't there. I haven't yet tried recovery methods as I am unsure about my options but advice on that one would be good.
Thanks for your time and any help offered in advance!
I remember a similar post not too long ago, that was almost exactly the same. Now it seems the same post, but posted as a first post of a new member. I find this dubious...
My advise: do not share your phone with anyone, especially when in doubt what they do with your phone.
If you are suspicious of what they may have done/installed on you phone, do a factory reset and continue with a clean phone. Before factory reset, back up only files/data that you trust.
Finaly, this post seems to have no relation with the S21 Ultra, so you're in the wrong forum.
Baguete2963 said:
I'll be vague but recently I've begun to notice inconsistencies on my phone that I share with someone very close to me. They are more technologically capable than I am and have so far protested their innocence. so I'd really like to know what's happening if at all possible, may be nothing but I don't have the experience to know either way.
Click to expand...
Click to collapse
This reminded me about my ex wife who always protested her innocence.
Do a factory reset (hard reset) and NEVER EVER give your phone to anyone!
mobnoob said:
This reminded me about my ex wife who always protested her innocence.
Do a factory reset (hard reset) and NEVER EVER give your phone to anyone!
Click to expand...
Click to collapse
Problem here is that I can ask her about things like this and get an "oh I don't know" etc etc. When you lack the technical knowledge to know for sure it's a real downer because frankly I could be staring evidence dead in the face and be unable to see it. Looking at these logs, what would you say is going on here? I need someone that actually understands this stuff to put my mind at ease, or alternatively tell me exactly what's gone on.
I've asked about the facebook downgrade attempt and simply got asked "Why would I do that, there's no benefit to it. Wouldn't even know how". I am not having a fun time right now lol.
Thanks a lot for your reply
OnnoJ said:
I remember a similar post not too long ago, that was almost exactly the same. Now it seems the same post, but posted as a first post of a new member. I find this dubious...
My advise: do not share your phone with anyone, especially when in doubt what they do with your phone.
If you are suspicious of what they may have done/installed on you phone, do a factory reset and continue with a clean phone. Before factory reset, back up only files/data that you trust.
Finaly, this post seems to have no relation with the S21 Ultra, so you're in the wrong forum.
Click to expand...
Click to collapse
You seem to have missed the point, the idea is to try and gain understanding on the log and to determine what process would have caused it to generate and contain the data it does over 3 months after purchasing the phone. I don't know if I explained that well enough so if so my apologies.
I don't know how to answer that myself so I used a public forum to try gain the answer, I don't feel like that's wrong?
Also this is a log from an S21 Ultra 5g so it made sense to post it there
Baguete2963 said:
Also this is a log from an S21 Ultra 5g so it made sense to post it there
Click to expand...
Click to collapse
Please check your PM inbox. Thank you.
-Regards: Badger50 FSM
Hi, I am not new to computers phones and development but it's been years and a lot has changed. I went to school for software design and I learned on Visual Studio 6.0. So for anyone in there 30's and older you all remember how 6.0 was. Well alot has changed since 6.0 but regardless I know when someone has been messing with my phone a s or computer. I am going to try and post all of my syslog that I have saved and any new that I see. Also ibam going to try and post what open source software that I notice my phone now has licenses for. I am on a Samsung Note 10 plus 5G. And I am almost positive that my girl is responsible for the modifications done to my phone but she screams that she only knows how to play games call and text. I need someone to review my information and any information that anyone needs and tell me if my phone has been modified and if everything could have been done remotely. My ultimate question is could this all have been done remotely or would any of it and I mean even the smallest thing have to be done locally on the phone. If every single modification could all have been done remotely then maybe she's telling the truth but if just one thing had to of been done locally then she's responsible somehow. And then I need to know how to fix all of this and set up secure to prevent it from happening again.
you claim you're developer but provide logs as screenshots... seriously, if you can't trust your girlfriend what you need help is a couble care course or psychotherapist.
I doubt your Samsung Galaxy Note10+ bootloader locked device secured by Knox is tampered in any kind at all
What i'm seeing here is you using your phone with samsung packages working. It's mostly sounds running, you unlocking the device, setting an alarm ect.
Bare in mind google and apps use location alot so the location is i would say the norm. The more apps the more times location is called.
if you are concerned get dmr checker and check security levels, has the device been rooted and displays the true code? Really worried check all your apps then disable location or use odin to fully wipe the device but from what i can tell this is possibly paranoia
Whether your girlfriend can be trusted or not is not the problem. Maybe she is really hacking your phone or maybe you are just paranoid, I can't tell. Either way you two should break up before you break each other.
.. or just a week digital detox
Hi folks,
a family friend inherited an A22 from a deceased friend, but she did not have the password for it.
As I had never heard of FRP before, I advised her to reset the phone, which is how the FRP took effect. I now feel guilty for giving obviously wrong advice and would like to fix it.
I guess there is no proof of purchase for the phone anymore and all the passwords from the documents didn't work. A Vodafone employee advised me to scrap the phone, but I don't think so.
I found the software "**** your FRP" here in the forum and tried it, but the A22 is not on the list of Knox-compatible devices. Therefore, the code #*0#* does not work either and I can't get any further.
I got a little further with the talkback function. I was able to open the Google Assistant and navigate to Chrome or the settings. Unfortunately, I could not activate the developer options, couldn't navigate to the app settings or allow the installation of apps from unknown sources.
After about 8 hours and several attempts, I am at my wit's end. I have the deceased's email address and name. Unfortunately, this was not enough to reset the password. If I am informed correctly, his number has also been deactivated, so I can no longer receive SMS. I don't have the SIM card either, but I might be able to get it.
I hope you guys can help me.
Best regards,
Felix
Contact Samsung service / a phone service.
You could so it yourself, but the time needed will be too much
As I said, the people at Vodafone said you can only scrap it. I had read that you can get the device unlocked with the help of the proof of purchase, but no one knows exactly where the receipt could be.
dotuletz said:
You could so it yourself, but the time needed will be too much
Click to expand...
Click to collapse
I'm not in a hurry, I'm just looking for a tool to do this with, or instructions on how to bypass the FRP.
I can forget Google, as 99% of the results are scam and the remaining 1% did not work.
Ive heard that YouTube has just the right type of guide for almost exactly those probs, and by all accounts very very simple to follow, as I did recently on my sister's device she left at home, no longer wanted, ditched for an apple contraption. I will add, no one with nefarious reasons, stolen devices should use the helpful tools there. Getting a job and buying a device the bloody deviants should....damn the swines.
ianreesdavies said:
Ive heard that YouTube has just the right type of guide for almost exactly those probs, and by all accounts very very simple to follow, as I did recently on my sister's device she left at home, no longer wanted, ditched for an apple contraption. I will add, no one with nefarious reasons, stolen devices should use the helpful tools there. Getting a job and buying a device the bloody deviants should....damn the swines.
Click to expand...
Click to collapse
The problem with YouTube videos is that Samsung (and pretty much every other major manufacturer) has teams of employees whose sole job is to look through the internet for how-to videos and posts, make a note of how the trick/bypass works, and submit it to the software development team to be fixed in the very next update. That's why the how-to videos are full of comments saying "this didn't work for me" or "I don't have that option on my device".
There's a professional 3rd party business that I've used for things like this before. Discussion of paid services isn't allowed in the forums, but anyone who wants a recommendation can DM me
I completely agree mate, it's hit and miss, there are plenty of other sources out there. Just coincidentally, I found myself reading a comment that was the exact situation I was in yesterday. Obviously, not wanting the member to be struggling I gently nudged him towards a simple and 100% idiot's guide that will put him right. Admittedly a large majority of these things are countered/blocked or absolute bollox as I have encountered many times lmfao
BooWseR said:
Hi folks,
a family friend inherited an A22 from a deceased friend, but she did not have the password for it.
As I had never heard of FRP before, I advised her to reset the phone, which is how the FRP took effect. I now feel guilty for giving obviously wrong advice and would like to fix it.
I guess there is no proof of purchase for the phone anymore and all the passwords from the documents didn't work. A Vodafone employee advised me to scrap the phone, but I don't think so.
I found the software "**** your FRP" here in the forum and tried it, but the A22 is not on the list of Knox-compatible devices. Therefore, the code #*0#* does not work either and I can't get any further.
I got a little further with the talkback function. I was able to open the Google Assistant and navigate to Chrome or the settings. Unfortunately, I could not activate the developer options, couldn't navigate to the app settings or allow the installation of apps from unknown sources.
After about 8 hours and several attempts, I am at my wit's end. I have the deceased's email address and name. Unfortunately, this was not enough to reset the password. If I am informed correctly, his number has also been deactivated, so I can no longer receive SMS. I don't have the SIM card either, but I might be able to get it.
I hope you guys can help me.
Best regards,
Felix
Click to expand...
Click to collapse
Also mate, getting to chrome is most of it done. 4 files to download, 2 through the galaxy store which allows them to install, then through those, sorry, plus ios14 launcher allows you to activate unknown sources etc..it's not difficult. Worked like a charm. Just find the Samsung a22 5g frp unlock, activate unknown sources how to.