Root & Security Questions - OnePlus 6 Questions & Answers

Hi there,
I recently lost my phone outside with GPS disabled, only got it back through 110% luck
and this got me thinking about the device security.
For some time now I can call myself a owner of a OnePlus 6 phone,
in the beginning I was really convinced of the brand and phone but over the time some questions accured.
at the moment im running OOS v9.0.3 with
bootloader unlocked,
Magisk v18 and
Bluspark Twrp v9.85v2
passing dm & SafetyNet
(phone is encrypted as by default)
Now here are my questions I couldnt find a clear answer to:
1. Using a flash or the factory unbrick tool, how easy is it for a potential thief to wipe/reset an encrypted device (with locked bootloader) to keep using it/sell it?
2. is it possible and or safe to relock the bootloader with the phone still rooted (Magisk etc)?
2.1 if thats possible, is there a way to unlock the bootloader again (using root) without wiping the phone?
3. has the possibility to "fastboot boot" an image on an encrypted phone with locked bootloader(to access the phone) been fixed?
4. is there a way to disable the lockscreen quick settings in general or certain ones like flight,gps,data and wifi; without removing them from the quick settings?
5. is there a way to dsiable the lockscreen power menu (when holding the button for 3 secs)?
6. is there a way to disable powering off the phone by holding the power key for 10 seconds in general or e.g. when the screen is locked?
7. is there a way to remotely/programmatically enable gps on the device?
8. if I start messing wit the kernel and should f**k up badly, could the factory unbrick tool still fix it?
9. Could one or more of the previous things be achieved by an App(with root access) or by modifying the kernel? I do have quite some programming knowledge, sadly not with phones/android/linux yet - but Im willing to get into it.
Thats it for now, thanks if you have read this far.
Since I dont know that much about this topic in detail I would appreciate any help, information or correction of myself.
Greetings from Germany

Hexxonite said:
Hi there,
I recently lost my phone outside with GPS disabled, only got it back through 101% luck
and this got me thinking about the device security.
For some time now I can call myself a owner of a OnePlus 6 phone,
in the beginning I was really convinced of the brand and phone but over the time some questions accured.
at the moment im running OOS v9.0.3 with
bootloader unlocked,
Magisk v18 and
Bluspark Twrp v9.85v2
passing dm & SafetyNet
(phone is encrypted as by default)
Now here are my questions I couldnt find a clear answer to:
1. Using a flash or the factory unbrick tool, how easy is it for a potential thief to wipe/reset an encrypted device (with locked bootloader) to keep using it/sell it?
2. is it possible and or safe to relock the bootloader with the phone still rooted (Magisk etc)?
2.1 if thats possible, is there a way to unlock the bootloader again (using root) without wiping the phone?
3. has the possibility to "fastboot boot" an image on an encrypted phone with locked bootloader(to access the phone) been fixed?
4. is there a way to disable the lockscreen quick settings in general or certain ones like flight,gps,data and wifi; without removing them from the quick settings?
5. is there a way to dsiable the lockscreen power menu (when holding the button for 3 secs)?
6. is there a way to disable powering off the phone by holding the power key for 10 seconds in general or e.g. when the screen is locked?
9. is there a way to remotely/programmatically enable gps on the device?
10. if I start messing wit the kernel and should f**k up badly, could the factory unbrick tool still fix?
11. Could one or more of the previous things be achieved by an App(with root access) or by modifying the kernel? I do have quite some programming knowledge, sadly not with phones/android/linux yet - but Im willing to get into it.
Thats it for now, thanks if you have read this far.
Since I dont know that much about this topic in detail I would appreciate any help, information or correction of myself.
Greetings from Germany
Click to expand...
Click to collapse
1) Very easy. Only Google's welcome screen would ask to log in with the old account after a clean flash.
2) You can, but you shouldn't. Afaik it will say the device is compromised and display a red warning instead of the yellow one and won't boot.
3) No.
4) Use Cerberus Anti-Theft. That has it and a fake shutdown to make thieves think your device is off. Only a hard reset will make it turn on again but that's how you can track it if stolen.
5) Cerberus Anti-Theft again.
6) That's a hardware safety failure. So none that I know.
7) and 8) got lost lol
9) Cerberus Anti-Theft does that. Otherwise no.
10) Yes, fastboot boot would still work though I guess. At least on the other partition (A or B).
11) I'm not working for them but I recommend Cerberus again

Macusercom said:
1) Very easy. Only Google's welcome screen would ask to log in with the old account after a clean flash.
2) You can, but you shouldn't. Afaik it will say the device is compromised and display a red warning instead of the yellow one and won't boot.
3) No.
4) Use Cerberus Anti-Theft. That has it and a fake shutdown to make thieves think your device is off. Only a hard reset will make it turn on again but that's how you can track it if stolen.
5) Cerberus Anti-Theft again.
6) That's a hardware safety failure. So none that I know.
7) and 8) got lost lol
9) Cerberus Anti-Theft does that. Otherwise no.
10) Yes, fastboot boot would still work though I guess. At least on the other partition (A or B).
11) I'm not working for them but I recommend Cerberus again
Click to expand...
Click to collapse
Seems like counting to 10 is pretty hard lol
I think its pretty sad that relocking the bootloader isnt possible (heard it was on the Nexus4 I believe?) but I guess the "boot"-issue makes that obsolete anyways \:
I just hope that companys will continue to strive for best customizability while improving on security details like these...
so whats left is to have faith in humanity I guess ^^
Anyways, thanks for the quick reply and happy new year I guess
P.S. gonna check out that Cerberus you talked about

Cerberus is one of the best antitheft apps out there.
Had bought it and used it for more than 4-5 years, although never really needed it under emergency.
Sent from my ONEPLUS A6003 using Tapatalk

Related

Noob Unlocks and Subsequently Kills Phone

A day or two ago I unlocked my ChaCha using the HTCDev.com instructions. I then used DooMLoRD_v4_ROOT-zergRush-busybox-su to root it. Everything was going fine until I apparently deleted one too many system apps and now my phone is in extremis.
The problem: As the phone boots up and reaches the HTC logo screen, just when the main interface should appear, an error pops up. It says:
Code:
Sorry!
The process com.htc.bg has stopped unexpectedly. Please try again.
[Force close]
When I close it, the HTC logo appears again as the main GUI is reinitialised, which leads to the same error popping up again, thus entering into an infinite loop.
I can just about manage to connect the phone to my PC as a disk drive, but it's not connected in such a way that RUU or unrooting applications can "find" it from within Windows, so if I'm to fix this it's gotta be from the SD card/Hboot.
Details:
* HTC ChaCha with the latest Android firmware.
* Unlocked and rooted, but remains S-ON (Superuser was installed and worked).
* Used Titanium to delete apps, but made backups and have them on my hard drive for safe keeping but can't access the phone in order to restore them properly.
* I was unable to restore backed-up system apps prior to this critical problem emerging, which I think is because my phone isn't "truly" rooted. I can apparently remove from but not add to the protected areas of the phone.
* I've tried flashing the device with numerous recovery ROMs and they all fail (wrong image, etc.). I'm having an extremely difficult time finding the original ROM anywhere and more importantly finding one which will work without the phone being connected to the PC at any stage of the flashing job.
* Factory resets and recovery boots don't seem to have any effect.
* It's a carrier-locked/branded phone, from Three/Hutchison 3G UK. I'm locked into my contract for another year at least.
* Before I rebooted the phone for the last time [prior to the beginning of the above problem] I noticed that my ringtones and related media were all gone and I was unable to download new ones even using third-party apps; the "unable to download sound" error was constantly popping up and when I received messages or phone calls the phone would vibrate but wouldn't play any tones.
* My brother and I spent the better part of 6 hours scouring the net and trying every combination of steps we could think of to try and resolve this. I wouldn't have posted here if I wasn't at the end of my tether and if I hadn't tried every solution I could find from others on various forums including this one, nor would I be so quick to reveal myself to be a deletion-happy moron to a forum of experts (I saw that anti-noob YouTube clip!).
Is there any hope of fixing this issue given my obvious lack of critical faculties?
Thank you for reading this.
You can always install clockworkmod recovery and from there a custom rom. Check the relevant thread, it is pinned.
OK,
don't panic. I almost thought you'd hard bricked your phone when modifying the NAND. This is a soft brick and ALL soft bricks can be recovered, they just take a bit of pain and suffering. Sometimes more suffering than others, but that's irrelevant.
Question, you say you can't restore system apps? How did you try? If a phone is perm rooted, it's rooted. Obviously a temp root is different to a perm root, but I believe this is a perm root as you can REMOVE apps from the system memory. If a root wasn't perm, every app would be sandboxed so no app, including titaniumbackup would work.
* Unlocked and rooted, but remains S-ON (Superuser was installed and worked).
Click to expand...
Click to collapse
S-ON is part of HTC's snap on BL protection. The fact your phone is S-ON is now not that important, the BL is unlocked, thats what matters.
* Used Titanium to delete apps, but made backups and have them on my hard drive for safe keeping but can't access the phone in order to restore them properly.
Click to expand...
Click to collapse
Ok, important advice here (for future ref), you shouldn't go mad with deleting unless you've tried freezing first. Freezing allows you to recover by simply doing a factory reset. Most bootloaders (including HTC's) allow you to perform an emergency factory reset from there. You might lose all the **** on there, but you will have a working phone. You also need to be careful with TitaniumBackup, I'm sure you didn't remove the obvious important ones, but the fact you lost access to your audio means you removed a sound/media package. Next time, google "HTC chacha, safe to remove" as more people root this phone in the next few weeks, safe to remove lists will appear. For SGS (my phone) there is a whole shared google doc with a list of system apps, and the consequence of removing them.
* I was unable to restore backed-up system apps prior to this critical problem emerging, which I think is because my phone isn't "truly" rooted. I can apparently remove from but not add to the protected areas of the phone.
Click to expand...
Click to collapse
You can't restore a system app if there is a conflict. Try and identify the conflict.
* I've tried flashing the device with numerous recovery ROMs and they all fail (wrong image, etc.). I'm having an extremely difficult time finding the original ROM anywhere and more importantly finding one which will work without the phone being connected to the PC at any stage of the flashing job.
Click to expand...
Click to collapse
By the sounds of it, you are using ROMs designed for CWM. If you are going to do that, flash CWM first. There are shed loads of tutorials. If you want to install the stock rom all over again, just download the stock RUU.
* Factory resets and recovery boots don't seem to have any effect.
Click to expand...
Click to collapse
See above about freezing.
* It's a carrier-locked/branded phone, from Three/Hutchison 3G UK. I'm locked into my contract for another year at least.
Click to expand...
Click to collapse
Doesn't matter, you'll fix it, guarantee it.
* Before I rebooted the phone for the last time [prior to the beginning of the above problem] I noticed that my ringtones and related media were all gone and I was unable to download new ones even using third-party apps; the "unable to download sound" error was constantly popping up and when I received messages or phone calls the phone would vibrate but wouldn't play any tones.
Click to expand...
Click to collapse
See what I said above.
* My brother and I spent the better part of 6 hours scouring the net and trying every combination of steps we could think of to try and resolve this. I wouldn't have posted here if I wasn't at the end of my tether and if I hadn't tried every solution I could find from others on various forums including this one, nor would I be so quick to reveal myself to be a deletion-happy moron to a forum of experts (I saw that anti-noob YouTube clip!).
Click to expand...
Click to collapse
Have you tried every combination of steps? You've clearly not tried CWM. I'm not suggesting that as a silver bullet (personally, I try to avoid CWM if I can) but it's the best way to give you low level access to the NAND so you could easily flash an OTA ROM, modded ROM or even return it to stock dead quick.
For a safe to remove list, check the Themes and Apps section.
skezza said:
OK,
don't panic. I almost thought you'd hard bricked your phone when modifying the NAND. This is a soft brick and ALL soft bricks can be recovered, they just take a bit of pain and suffering. Sometimes more suffering than others, but that's irrelevant.
Click to expand...
Click to collapse
Music to my ears!
skezza said:
Question, you say you can't restore system apps? How did you try? If a phone is perm rooted, it's rooted. Obviously a temp root is different to a perm root, but I believe this is a perm root as you can REMOVE apps from the system memory. If a root wasn't perm, every app would be sandboxed so no app, including titaniumbackup would work.
Click to expand...
Click to collapse
In Titanium Backup I tried restoring the backups I made; the "Recovering Backup" notice would just hang indefinitely until I forced TB to close. This only happened with system apps. The backed up files are still on my PC hard drive from when I copied them from my SD card, but I'm not sure they're of any use at this stage.
skezza said:
S-ON is part of HTC's snap on BL protection. The fact your phone is S-ON is now not that important, the BL is unlocked, thats what matters.
Click to expand...
Click to collapse
Ahhh, this is probably my problem then. I ignored most of the fixes and workarounds listed as [S-OFF] because I didn't think they'd work for my device haha.
skezza said:
Ok, important advice here (for future ref), you shouldn't go mad with deleting unless you've tried freezing first. Freezing allows you to recover by simply doing a factory reset. Most bootloaders (including HTC's) allow you to perform an emergency factory reset from there. You might lose all the **** on there, but you will have a working phone. You also need to be careful with TitaniumBackup, I'm sure you didn't remove the obvious important ones, but the fact you lost access to your audio means you removed a sound/media package. Next time, google "HTC chacha, safe to remove" as more people root this phone in the next few weeks, safe to remove lists will appear. For SGS (my phone) there is a whole shared google doc with a list of system apps, and the consequence of removing them.
Click to expand...
Click to collapse
I'm disappointed in myself for being so haphazard in my deleting, I'm usually not that stupid but I think I was a little overexcited to have finally gotten rid of some of the bloatware that'd irritated me for so long haha. I was like "oh boy, I can save even more battery power and internal space if I just remove a little more!". Lesson learnt
skezza said:
By the sounds of it, you are using ROMs designed for CWM. If you are going to do that, flash CWM first. There are shed loads of tutorials. If you want to install the stock rom all over again, just download the stock RUU.
...
Have you tried every combination of steps? You've clearly not tried CWM. I'm not suggesting that as a silver bullet (personally, I try to avoid CWM if I can) but it's the best way to give you low level access to the NAND so you could easily flash an OTA ROM, modded ROM or even return it to stock dead quick.
Click to expand...
Click to collapse
As I said above I didn't realise I could make use of [S-OFF] materials so I didn't even attempt them for fear of making matters worse. I just now attempted to flash CWM and it hung on "parsing" which is what happened with previous flash attempts. If a flash attempt doesn't hang on "parsing" it parses for a second and then goes back to the main menu, apparently having no effect.
I'd be lying if I said I'm not overwhelmed by all of this; the tutorials I've read seem to assume a fair degree of prior knowledge that I definitely don't have haha. I hope I don't stretch anyone's patience here, but if you could explain it to me like a 6-year-old whose mother drank heavily during pregnancy I think it will help move things along!
Thank you for the thorough reply, much appreciated
Follow this to flash CWM, you need to do it with your computer and using fastboot, this is needed for S-ON phones.
http://forum.xda-developers.com/showthread.php?t=1449681
dapaua said:
Follow this to flash CWM, you need to do it with your computer and using fastboot, this is needed for S-ON phones.
http://forum.xda-developers.com/showthread.php?t=1449681
Click to expand...
Click to collapse
Unfortunately I can't do anything via my computer; my phone isn't "discovered" by the command line, unrooting tools or anything else. It does allow me to access the SD card as a hard drive but that's all it does. Obviously this wasn't the case before my problems started, because I used my PC to root and unlock the phone originally, but now the phone's boot process can't reach a point where it becomes receptive to the PC's commands. I don't know why it lets me access the SD card though.
Is there any way to do this without my PC being involved beyond transferring files to the SD card? If not, am I screwed? haha
Thanks mate!
Can you boot into the bootloader (Whith the phone off, press Volume down + power for five seconds)?
Then boot into it, move up with the volume keys and then choose fastboot.
Then follow the procedures in the link I posted previously http://forum.xda-developers.com/showthread.php?t=1449681 (start from step 3). Fastboot mode should be recognized.
The fastboot binary is here C:\Program Files (x86)\Android\android-sdk\tools , if you installed the android SDK, which I asume you did.
Good luck, I hope this works!
dapaua said:
Can you boot into the bootloader (Whith the phone off, press Volume down + power for five seconds)?
Then boot into it, move up with the volume keys and then choose fastboot.
Then follow the procedures in the link I posted previously http://forum.xda-developers.com/showthread.php?t=1449681 (start from step 3). Fastboot mode should be recognized.
Click to expand...
Click to collapse
Dear CHRIST thank you for that - I didn't know about this feature, and it worked! I was able to connect to my PC and do everything I needed to. I used the command line to flash the CWM, then followed instructions for partitioning the SD card and installing a custom ROM. I feel like a real [email protected] I wonder if Anonymous are looking for any new recruits...
dapaua said:
Good luck, I hope this works!
Click to expand...
Click to collapse
It did - I'm back in business!! Thank you mate, if I could fellate you via WiFi I probably would. You'd have to be wearing some anti-virus trousers though, I'm not a slut.
Cheers!
PaddyM said:
Dear CHRIST thank you for that - I didn't...
Click to expand...
Click to collapse
Great news (I thought you already knew about the recovery menu feature otherwise I'd have mentioned it).
As I said in my reply earlier, every soft brick can be fixed somehow. Some are just harder than others. If I'm honest, it seems like yours was pretty straightforward once you got into the Recovery menu.
By the way, if you decide you want to return to stock, you can do that quite easily. Also, if I was you, do the freezing technique I suggested earlier and use the safe list that's available.
If you keep CWM, do a Nandroid backup. You don't have to keep it on your SD, but they are great for doing a very fast recovery. I can usually restore my phone in about 10 - 15 minutes using Nandroid.
PaddyM said:
Dear CHRIST thank you for that - I didn't know about this feature, and it worked! I was able to connect to my PC and do everything I needed to. I used the command line to flash the CWM, then followed instructions for partitioning the SD card and installing a custom ROM. I feel like a real [email protected] I wonder if Anonymous are looking for any new recruits...
It did - I'm back in business!! Thank you mate, if I could fellate you via WiFi I probably would. You'd have to be wearing some anti-virus trousers though, I'm not a slut.
Cheers!
Click to expand...
Click to collapse
I'm happy it worked. Let's hope WiFi technology improves in the future
skezza said:
Great news (I thought you already knew about the recovery menu feature otherwise I'd have mentioned it).
Click to expand...
Click to collapse
I knew about the recovery menu (the stock one, at least) but I didn't realise I could go into the Fastboot option and for the phone to then be recognisable to the PC, thus making it possible to flash via the command line. If I had known that I probably wouldn't have needed to post this thread at all haha.
skezza said:
As I said in my reply earlier, every soft brick can be fixed somehow. Some are just harder than others. If I'm honest, it seems like yours was pretty straightforward once you got into the Recovery menu.
Click to expand...
Click to collapse
Yeah... I think if it happened to one of you guys you probably would have had it sorted in about 6 minutes. 3 days isn't bad for my first attempt though! hahaha
skezza said:
By the way, if you decide you want to return to stock, you can do that quite easily. Also, if I was you, do the freezing technique I suggested earlier and use the safe list that's available.
If you keep CWM, do a Nandroid backup. You don't have to keep it on your SD, but they are great for doing a very fast recovery. I can usually restore my phone in about 10 - 15 minutes using Nandroid.
Click to expand...
Click to collapse
Thanks for the advice man, I'll definitely be looking into the Nandroid backup option, although I hope I've learnt enough from this experience to have no need for it
Thanks to everyone who posted here, I appreciate the patience and the tolerance of my noobery.
Funnily enough, I tried TitaniumBackup today and the original poster is correct. While you can freeze, remove apps etc, you can't return them. especially system. I've not tried any of the alternative install methods that TB uses, but it's quite interesting.
TB is a bit quirky, I think. The system apps won't restore at all, but sometimes apps that I've downloaded myself will restore and other times they won't (the "Restoring App" notice just hangs there indefinitely). I usually find that forcing TB to close and then trying again does the trick, but I can't figure out why it happens in the first place.
Im wondering if anyone else has worked out a good configuration that will allow it to work every time?

Need help with screen lock or removing data from screen locked i535

I'm sure it's been beaten like a dead horse... Yes I have searched all over XDA and other resources. It seems every time I think I find something... I'm one setting short or one model away from what would work.
Been working on this way too long and now I ask for your help.
I have a client who lost her daughter. (She drown). She has her phone (S3 I535 verizon) but no idea what the lock pin would be and has tried a couple but none work. Unfortunately she's on attempt 8/10 so two more tries and the phone factory resets and all is lost.
She really wants to recover her daughter's pictures and if possible remove the screen lock without losing data (either works for her if it can be done).
I've tried everything I can find.
While she has her gmail and password, when we logged in device manager listed no active devices. (was able to recover some pictures from a backup, but it appears gmail didn't back up more than a couple from a couple years ago.)
Logged into samsung to remote unlock it, but again, no devices on account.
ADB is a no-go because USB debugging is OFF
Tried to put TWRP on it but odin failed
(Found a thread here that seems to be quality but can't load the program in stock recovery and cant get CWM or TWRP on it without debugging.)
Any ideas?
I do not know the android version, but I suspect it is the newest. I used my old S3 to replicate it so I could try these things without damaging her phone and losing the data, and it's running 4.4.2
If you couldn't flash a recovery using Odin then you're probably right about it being on one of the newer versions(your phone), the boot loader got locked up tight and the only recovery we have available is Safestrap. This is a tough one. I'm no expert by far, take what I'm saying with a grain of salt and do your own researching before taking any action after reading this! I see two ways of recovering some or all data if the bootloader is locked(and the device storage isn't encrypted)
1. If you don't have equipment to directly read/write to the internal storage then point her somewhere that specializes in data recovery on smart phones.
2. Factory reset the device, try to recover "deleted" data.
If the bootloader wasn't/isn't locked down then you could probably flash a rom that didn't have the lock screen pin/pattern ect implemented. I don't have the i535 but I know that the prepaid version checks the system partition when flashing via Odin so this probably wouldn't work if it's locked but I can't confirm wether or not this is checked on the i535
Can you enter the stock recovery on the daughters phone just to verify if its updated or not. Should be a string near the top. If it ends with ne1 its on 4.4.2 and I don't recall the one for 4.3. If you're unable to enter the recovery because you have to enter the pin before there's an actual lock screen(with the clock, status bar, wallpaper ect) then it's likely encrypted and there's nothing that you can do about that.
OpenSourcererSweg said:
If you couldn't flash a recovery using Odin then you're probably right about it being on one of the newer versions(your phone), the boot loader got locked up tight and the only recovery we have available is Safestrap. This is a tough one. I'm no expert by far, take what I'm saying with a grain of salt and do your own researching before taking any action after reading this! I see two ways of recovering some or all data if the bootloader is locked(and the device storage isn't encrypted)
1. If you don't have equipment to directly read/write to the internal storage then point her somewhere that specializes in data recovery on smart phones.
2. Factory reset the device, try to recover "deleted" data.
If the bootloader wasn't/isn't locked down then you could probably flash a rom that didn't have the lock screen pin/pattern ect implemented. I don't have the i535 but I know that the prepaid version checks the system partition when flashing via Odin so this probably wouldn't work if it's locked but I can't confirm wether or not this is checked on the i535
Can you enter the stock recovery on the daughters phone just to verify if its updated or not. Should be a string near the top. If it ends with ne1 its on 4.4.2 and I don't recall the one for 4.3. If you're unable to enter the recovery because you have to enter the pin before there's an actual lock screen(with the clock, status bar, wallpaper ect) then it's likely encrypted and there's nothing that you can do about that.
Click to expand...
Click to collapse
I can enter recovery mode and I do believe it is 4.4.2.
because of the delicate nature of her phone (being her passed on daughter's and she used 9 of 10 attempts to guess her pin) I pulled my S3 out of the drawer (coincidentally I stopped using it about 2 weeks after she passed) and everything is identical down to the recovery string at the top. I know it's running the same software and I have all kinds of old pictures and texts on it like she would have and I am logged into gmail on it like she is. I locked the screen on MINE and I know the PIN on MINE. I also saved a backup of my stuff so I'm using my phone as the tester since I was able to put in in the identical situation
I have room to play because of that. Once I have success on mine, I'll try what worked on mine on hers.
So far I've tried...
play.google unlock... While I have now been able to get her device to appear on device manager on google's site, they changed it so that when I remote lock it the screen lock pin does NOT change.
I called Google, Samsung, and VERIZON. None have the ability to change or remove lock screen pin.
I tried ADB, but it doesn't detect any devices when I ADB shell or ADB device.
USB DEBUGGING IS OFF (or we wouldn't be having this convo)
It has stock recovery and not CWM or TWRP (again if I could get one of those on there, we wouldn't be having this convo) (tried ODIN flashing TWRP on, but fails)
---------------------------
Every direction I head I hit a brick wall.
I've never heard of being able to recover data from internal SDcard after reset. Didn't think that was possible.
FYI. recovery mode string is...
ANDROID system recovery <3e>
KOT49H.I535VRUDNE1
Wking46 said:
I can enter recovery mode and I do believe it is 4.4.2.
because of the delicate nature of her phone (being her passed on daughter's and she used 9 of 10 attempts to guess her pin) I pulled my S3 out of the drawer (coincidentally I stopped using it about 2 weeks after she passed) and everything is identical down to the recovery string at the top. I know it's running the same software and I have all kinds of old pictures and texts on it like she would have and I am logged into gmail on it like she is. I locked the screen on MINE and I know the PIN on MINE. I also saved a backup of my stuff so I'm using my phone as the tester since I was able to put in in the identical situation
I have room to play because of that. Once I have success on mine, I'll try what worked on mine on hers.
So far I've tried...
play.google unlock... While I have now been able to get her device to appear on device manager on google's site, they changed it so that when I remote lock it the screen lock pin does NOT change.
I called Google, Samsung, and VERIZON. None have the ability to change or remove lock screen pin.
I tried ADB, but it doesn't detect any devices when I ADB shell or ADB device.
USB DEBUGGING IS OFF (or we wouldn't be having this convo)
It has stock recovery and not CWM or TWRP (again if I could get one of those on there, we wouldn't be having this convo) (tried ODIN flashing TWRP on, but fails)
---------------------------
Every direction I head I hit a brick wall.
I've never heard of being able to recover data from internal SDcard after reset. Didn't think that was possible.
Click to expand...
Click to collapse
With HDDs I know it's possible as I have done it before. The only issue is not overwriting the data when reinstalling a operating system ect. Flash is abit dififfrent but still doesnt overwrite deleted data as soon as its deleted. If you're willing to try it on your gs3 first then go for it. Since the data is very important, I would have her take it to someone who specializes in data recovery instead of trying to wipe it and get the data off it just in case.
Are you able to remotely install applications though the Google Play site or by other means? Might be able to get a shell from one of the ssh server apps if they run the server on startup. If you can get a shell you should be able to work from there.
OpenSourcererSweg said:
With HDDs I know it's possible as I have done it before. The only issue is not overwriting the data when reinstalling a operating system ect. Flash is abit dififfrent but still doesnt overwrite deleted data as soon as its deleted. If you're willing to try it on your gs3 first then go for it. Since the data is very important, I would have her take it to someone who specializes in data recovery instead of trying to wipe it and get the data off it just in case.
Are you able to remotely install applications though the Google Play site or by other means? Might be able to get a shell from one of the ssh server apps if they run the server on startup. If you can get a shell you should be able to work from there.
Click to expand...
Click to collapse
I can remotely install apps via google play site. If I could find a shell that works on startup... please let me know what that does for me?
Wking46 said:
I can remotely install apps via google play site. If I could find a shell that works on startup... please let me know what that does for me?
Click to expand...
Click to collapse
SSH access may let you transfer some files on the device to another machine. (Assuming that it will connect to known wifi networks while locked)
OpenSourcererSweg said:
SSH access may let you transfer some files on the device to another machine. (Assuming that it will connect to known wifi networks while locked)
Click to expand...
Click to collapse
No such luck. Looks like all of them would need me to log in to set them up, which defeats the purpose.
I may have to wait and see if tech changes over time and keep trying until it does.
Wking46 said:
No such luck. Looks like all of them would need me to log in to set them up, which defeats the purpose.
I may have to wait and see if tech changes over time and keep trying until it does.
Click to expand...
Click to collapse
Take a look at this, https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ may be able to remove the pin. Sorry if discussion about this isn't allowed or frowned upon. Seems like a pain and it may not work for the s3
OpenSourcererSweg said:
Take a look at this, https://www.nowsecure.com/blog/2015/06/16/remote-code-execution-as-system-user-on-samsung-phones/ may be able to remove the pin. Sorry if discussion about this isn't allowed or frowned upon. Seems like a pain and it may not work for the s3
Click to expand...
Click to collapse
Doesn't effect S3 vzw. only S4 and up
Wking46 said:
Doesn't effect S3 vzw. only S4 and up
Click to expand...
Click to collapse
Ah I read "swift" as Swype and my Prepaid Verizon GS3 came with Swype preinstalled.
I have an idea, perhaps try the Verizon repair software "repair" the device to back up data while in Odin mode? I don't recall if it will require a password or anything.I don't believe it required USB debugging to be enabled, don't know if it works while in Odin mode. I don't know if the backups are encrypted or not. You can try using sandboxie to see where it keeps the backed up data. I don't know if it will backup data while you're in Odin mode though. Worth trying I suppose. Don't have time try my The self or I would. Sorry for the rushed message, I'll be home in about an hour though.

Help - Forgot Password Oneplus 6

Hi, I just had a really stupid evening where I forgot the password (not pin/pattern) for my screen unlock.
I know this is really stupid of me. I just recklessly update my password for making work profile, and I forget them.
I'm using Oneplus 6, and just now I have utilised "secure device" or lock feature in Android Device Manager. Based on my reading in the internet, I expect Android Device Manager to prompt a temporary password so I can unlock my device immediately, unfortunately that didn't happen and I still asked for the device password.
I really hope I didn't need to factory reset since I have a very important file on my device. Is there any alternative solution to unlock my device?
Thank you in advance for anyone reading this, I really appreciate any suggestion.
I think no, there's no other solution to wipe up everything, but you need to do in fastboot mode because you can't enter recovery without input correct password... Wait for some other to respond, just in case
cielerz said:
Hi, I just had a really stupid evening where I forgot the password (not pin/pattern) for my screen unlock.
I know this is really stupid of me. I just recklessly update my password for making work profile, and I forget them.
I'm using Oneplus 6, and just now I have utilised "secure device" or lock feature in Android Device Manager. Based on my reading in the internet, I expect Android Device Manager to prompt a temporary password so I can unlock my device immediately, unfortunately that didn't happen and I still asked for the device password.
I really hope I didn't need to factory reset since I have a very important file on my device. Is there any alternative solution to unlock my device?
Thank you in advance for anyone reading this, I really appreciate any suggestion.
Click to expand...
Click to collapse
if your phone is unlocked, you could delete the password from twrp or adb
It is really bad to disable the option by the google. Today, even I have forgot my screen pattern and I am stuck here for hours. I tried reaching Google and OnePlus and got to know that I do not have option apart from resetting my device.
if you have twrp recovery here a solution:
https://forum.xda-developers.com/android/software-hacking/remove-lockscreen-recovery-t3530008
Toni Moon said:
if you have twrp recovery here a solution:
https://forum.xda-developers.com/android/software-hacking/remove-lockscreen-recovery-t3530008
Click to expand...
Click to collapse
Hi Toni, Thank you for the prompt response. It is possible only when someone already installed TWRP screen and unlocked the bootloader. However mine is not and If unlock this then my Office apps(not Microsoft) do not work because of device not encrypted. So I do not have an option to insall the TWRP.
Anyway I ended up wiping the device and restoring applications and some of them came from different sources which were not traceable.
Thanks for providing the link.

Proper OS cleanup of new OnePlu7 Pro

Hi Everyone,
Living in Japan, we have no official channel to purchase a OnePlus handset here.
Really wanted to get a OnePlus 7 Pro as I felt it is the best model on the market as of today.
Knowing that, I got mine on Amazon Japan from a HK online shop which had very good reputation.
Now, the problem is these phones always come already opened as they say they need to confirm operation before sending it.
I have been reading news and article about this where we see more third party companies flash their roms with malware/ransomeware already built in...
In these situation, the best way to clean the phone is to do a full re-install of the OS.
I did review a bunch of article on XDA and it seems that now, due to the A/B partition setup, we can't just use official OnePlus image to load from the fastboot easily.
We have to rely on community provided too and stock rom to be able to do so....
When I raised the question to OnePlus and Oneplus forums, they mentioned to me that installed the updated like here (Page: support.oneplus.com/app/answers/detail/a_id/4312/~/oxygen-os-for-oneplus-7-pro)would do the trick using the local update function.
What I was directed to do is use the recovery boot to delete system settings/cache and everything data user and then, run the local update. Doing so, that would do it while not using community tools.
Here are my questions and which I would hope to get your experience:
1 Is the process I did really does use a brand new clean OS and do not rely/integrate part of the OS that came with the handset originally (that was the target).
2 Is there a way for me using OnePlus only provided tools and image to fully delete the phone and install the OS (maybe I am thinking this too much like a PC which I have more experience with...)
3 The OS looks fine and no strange apps shows up at all but how can I be sure nothing dodgy is running? Is there tools I could use to confirm this?
Sorry if I sound paranoid. Ideally, I understand the best thing to do was to buy directly from Oneplus and work a way to have it shipped to Japan but thought it would be interesting for me to learn more about android.
With previous Oneplus, it was easier as they were provided this type of official file for recovery but they stopped...
Thank you again for your time and hopping to learn more about how new android setup works.
Is the bootloader locked? Is Widevine (Netflix HD) certification still there? You can check these things to see if the phone has been tampered with.
brissoukun said:
Hi Everyone,
When I raised the question to OnePlus and Oneplus forums, they mentioned to me that installed the updated like here (Page: support.oneplus.com/app/answers/detail/a_id/4312/~/oxygen-os-for-oneplus-7-pro)would do the trick using the local update function.
What I was directed to do is use the recovery boot to delete system settings/cache and everything data user and then, run the local update. Doing so, that would do it while not using community tools.
Here are my questions and which I would hope to get your experience:
1 Is the process I did really does use a brand new clean OS and do not rely/integrate part of the OS that came with the handset originally (that was the target).
2 Is there a way for me using OnePlus only provided tools and image to fully delete the phone and install the OS (maybe I am thinking this too much like a PC which I have more experience with...)
3 The OS looks fine and no strange apps shows up at all but how can I be sure nothing dodgy is running? Is there tools I could use to confirm this?
Thank you again for your time and hopping to learn more about how new android setup works.
Click to expand...
Click to collapse
Good questions. Before you start, check the model number of your device through Settings > About. I'm assuming it's the international/global/unlocked version (GM1917).
With regard to question 1, a full build downloaded from the link you provided should contain every part of the OS, and flashing it through local update should overwrite anything that was there before. Before flashing, I would perform a full data wipe through recovery like you mentioned.
Q2: There is an MSM tool that will completely flash a system image for the OP7 Pro. I don't think they're generally intended for public use but they always get leaked anyways. They write an image (in the case of OnePlus, a .ops file) to the phone using a PC and USB connection. Here is a link to a thread which contains the MSM tool:
https://forum.xda-developers.com/oneplus-7-pro/how-to/guide-mega-unbrick-guide-hard-bricked-t3934659
Download the tool for the model of your phone (probably the international, firmware GM21AA), and extract its contents into a directory. In order for the tool to work, you need the OnePlus USB drivers installed on your PC. Plug the phone into your PC with it on, and enable USB file transfer. Open File Explorer and you should see a drive labeled "OnePlus drivers" or similar. Open it and run the driver setup executable file. You'll also need ADB to make your phone reboot into a mode that will allow the tool to perform its tasks. Here is a guide to installing ADB:
https://www.xda-developers.com/what-is-adb/
Once you've set that up, make sure the phone is plugged into the PC and the MSM tool is open. Make the phone boot into edl mode by typing
Code:
adb reboot edl
and once it says Connected next to a COM port in the tool, press start. Don't interrupt the process until it completes the download and the status message turns green. The phone should automatically reboot. This method is arguably more risky than using the local upgrade option, so do it at your own risk.
Q3: Make sure that OEM unlocking is turned off in developer settings and that the bootloader is locked (if the bootloader is unlocked, you'll see a yellow warning message after you power on the device from a power off state). Without an unlocked bootloader it would be pretty difficult to make any deep modifications to the device.
Hi @Zocker1304 and @TManchu,
Please let me thank you very much first for your kind and detailed reply, this is really welcome.
@Zocker1304:
I checked using the ADB/Fastboot connection that indeed, the Bootloader is locked so, that looks good.
Also installed (using a separate Google account) DRM Info app to confirm that the Widevine is properly installed and at L1 level which indeed again, looks good.
@TManchu
Thank you again for your very detailed reply! This was exactly what I needed as information.
I did already exactly as mentioned for the #1 so, it looks I should be good now with a proper rom from OnePlus (and did a full wipe in the Recovery boot mode)
For #2, I think I will skip that since as you rightly said, with #1, it should be fine so, prefer to keep with the recommended step.
For #3, we are covering what Zocker1304 mentioned too and I could confirm it.
My only concern about #3 was that you can actually relock the bootloader but (and please correct me If I am wrong), you can only do so if you are using stock OnePlus images (to date...seems like dev teams are working to have this changed? Bootloader locked with custom firmware?) which then means the image is safe.
I suppose the last item was my only open query for your thoughts but so far, the handset looks fine.
Thanks to you and the community, I have learned about the A/B partition scheme, msm tool, Fastboot/Recovery mode and Bootloader and ADB tools.
It is always good to learn more about the tech we use (especially phones, we have so many sensitive information stored into them today).
Not being careful could potentially means quite a lot of troubles down the road with Ransomeware/data leak tools.
Of course again, I could have simply purchased a JP phone from a brick and mortar shop next to my place and be fine with it. :silly:
brissoukun said:
.
For #3, we are covering what Zocker1304 mentioned too and I could confirm it.
My only concern about #3 was that you can actually relock the bootloader but (and please correct me If I am wrong), you can only do so if you are using stock OnePlus images (to date...seems like dev teams are working to have this changed? Bootloader locked with custom firmware?) which then means the image is safe.
I suppose the last item was my only open query for your thoughts but so far, the handset looks fine.
Thanks to you and the community, I have learned about the A/B partition scheme, msm tool, Fastboot/Recovery mode and Bootloader and ADB tools.
It is always good to learn more about the tech we use (especially phones, we have so many sensitive information stored into them today).
Not being careful could potentially means quite a lot of troubles down the road with Ransomeware/data leak tools.
Of course again, I could have simply purchased a JP phone from a brick and mortar shop next to my place and be fine with it. :silly:
Click to expand...
Click to collapse
No problem! I’ve just done some reading and from what I understand, re-locking the bootloader on anything other than a completely stock ROM will result in a bricked phone. I believe this is due to the way Android handles data encryption. If what you’ve heard is true, being able to lock your bootloader on a custom ROM would be great for device security. However, should something go wrong with the ROM having a locked bootloader might make it more difficult to fix.
I know that there are ways to sign system and boot images so that you can lock the bootloader with them installed, but I think that would still show a warning though I'm not sure.
Anyways, if all the build dates and numbers in the system info are correct, the firmware should be stock and as long as the bootloader is locked too, I don't believe you can tamper with that.
Hi Gents,
Thank you very much for the answer to the thread and much appreciated.
Apologies for not getting back to you all earlier as yesterday was family day...haha!
Well, since things looked good on the OS and the build, I went ahead and started to use the phone properly setting up my accounts. It did give me some incentive to get all my sensitive accounts setup with 2FA so that in case I get hacked with my passwords in the future...they would still need the 2fa (using Google Authenticator).
I did check also all system apps/running process and didn't see anything shady.
Just for reference, here were the type of articles I was refering too for the OS being plagued with malware even out of the box:
Page_theverge.com/2019/6/6/18655755/google-android-malware-triada-ota-rom-ads-spam-oem (sorry gents, new account, cannot put links yet)
However here, it seems it is due to lax review from the maker to third party tools which were including malware...
To have the same level on the oneplus I bought from the HK shop, they would have needed access to OnePlus Dev team to inject the malware in official image (knowing anyway I have re-installed a new image from the local update).
Otherwise, I was reading on the web about the fact to relock the bootloader with a custom roam and there seems to have a lot of messages but not concrete steps. It seems it depends a lot on phone model and brand.
When you are checking
Page_gizmochina.com/2019/06/10/relock-bootloader-oneplus-7-pro/
This is where you can read at the end:
"The above method only works if OnePlus 7 Pro is running on stock recovery and stock firmware. The ability to relock devices running custom recovery is expected in the next few weeks. "
That was published last month so, not sure if they got this to work on the OnePlus 7 pro yet.
So that's it, I am now using my new device which looks to work great and hopefully, won't get any bugs down the road.
I appreciate you taking the time to get back to me and will continue to learn about android.:good:

Question BYPASSING DISK ENCRYPTION [SM-A125F]

Hello everyone,
So I've been off the fourms for quite some time, woun't go in detail about that. And as some might know I've broke my LCD touch screen. I got a replacement and replaced it with no isuess, works perfectly.
But...
I forgot the gesutre key I set on this phone because I haven't used it for months, and used my other A217F for the replacement.
I haven't been doing anything related to android so I forgot quite the stuff I use to know. My question is how can I bypass the disk encryption and pull the GESTURE.KEY from USERDATA. It OEM unlocked, rooted via magisk, and runs TWRP custom recovery. This is quite the older version of TWRP. I can flash it to the new one but the SYSTEM root is still under encryption. Idk if maybe I can dissasemble it from the SCATTAR, or pulling it via ADB (wich probably woun't work). I also want to help others who want to achive this so that's also one of the points for this thread. I'll list some of the info of this phone:
SM-A125F
BUF9 firmware SW_REV 1
Patched BOOT and VBMETA images via magisk
Custom recovery (TWRP)
Fixed IMEI and BASEBAND
Thanks,
Krypton
You can't bypass encryption.That's the point of it.To make sure the data is unreadable without the right key.If there was a way to read encrypted data without the key then it would be pointless
jesus201820 said:
You can't bypass encryption.That's the point of it.To make sure the data is unreadable without the right key.If there was a way to read encrypted data without the key then it would be pointless
Click to expand...
Click to collapse
Yea Ik the point is it can still be forceivly disabled via running unsinged firmware. It's OEM unlocked, I should have every ability possible.

Categories

Resources