Related
Hi All,
there's a way to protect cwm by a pass?
LOL no
No. Its called recovery for a reason
Sent from my M886
salas2324 said:
No. Its called recovery for a reason
Sent from my M886
Click to expand...
Click to collapse
What mean? if i wont to protect with password where the strange?
AleDB said:
What mean? if i wont to protect with password where the strange?
Click to expand...
Click to collapse
recovery shouldn't have a password or else you can't recovery your device if you forget password
Sent from my M886
Actually a recovery password would be great. We were discussing this over in the Anti-theft thread. If we had something like this similar to a BIOS password it would prevent anyone from wiping your device if it's stolen. Not sure why people are acting like the OP is an idiot for asking.
If there were a password for CWM you could still get into stock recovery and do a Factory Reset if you needed to, but it would be impossible for someone to wipe your system and remove more advanced anti-theft apps.
its called recovery for a reason, c'mon hahah
I had exactly the same thought yesterday .
+1 for that idea...........what if, i compile a new recovery, i would do this for security:
1.Create an online compiler that asks for the user to enter his/her phone's imei + a unique code & password and compile a unique recovery for his/her phone.
2.After compiling, i'm would give a flashable custom signed update.zip which will be used only when resetting the password.
3.If someone who stole the phone flashed a new recovery, imei & unique code would fail and cannot use any other recovery other than the one flashed already !!
balamu96m said:
+1 for that idea...........what if, i compile a new recovery, i would do this for security:
1.Create an online compiler that asks for the user to enter his/her phone's imei + a unique code & password and compile a unique recovery for his/her phone.
2.After compiling, i'm would give a flashable custom signed update.zip which will be used only when resetting the password.
3.If someone who stole the phone flashed a new recovery, imei & unique code would fail and cannot use any other recovery other than the one flashed already !!
Click to expand...
Click to collapse
If someone flash any other recovery, there is no way to protect the device - he can do everything. Anyway, it's a good idea. But instead of password I'd suggest a buttons combination. It's just less work (no need to create "recovery keyboard").
Indeed. I didn't think about that fact. Even on my phone only certain keyboard presses are recognized within recovery. Regardless, some way to protect the phone beyond what is available would be great.
cwm could integrate a keyboard password like google did with the encryption password. you do the phone presses to access, it begins to take you into recovery, then you are prompted to type in a password. same as if you were trying to access with odin.. seems like it would take a little extra effort but damn, accidents happen.
I have read a few people saying that most some phone thieves don't know what they are doing but hey, Google query: hack android phone.
There's nothing wrong with wanting to add even more security to our phones, call us paranoid.
Love the idea.. maybe with some kind of authenticator, like wow..?
Sent from my HTC Desire using xda app-developers app
W8 for other ideas
Sent from my GT-I9100 using xda app-developers app
maybe one of the developer can implement this idea in aroma installer.
Sent from my GT-I8150 using xda app-developers app
If you require password, and don't permit adb until successfully unlocked, you're starting to get secure.
You'd also need to remove root from regular boot, or prevent adb root access, and secure the system with a lock screen.
If the device has odin or similar, don't waste your time, as anyone determined will overwrite your recovery with an adb enabled one...
AleDB said:
Hi All,
there's a way to protect cwm by a pass?
Click to expand...
Click to collapse
+1 from me
pulser_g2 said:
If you require password, and don't permit adb until successfully unlocked, you're starting to get secure.
You'd also need to remove root from regular boot, or prevent adb root access, and secure the system with a lock screen.
If the device has odin or similar, don't waste your time, as anyone determined will overwrite your recovery with an adb enabled one...
Click to expand...
Click to collapse
i went on the google group android security and some one replied with a possible solution:
Code:
You'll have to implement this in the bootloader, which in most cases is
closed source, so roughly you'll have to:
- find the binary blob of the bootloader, probably in a factory image or
dump it from the device
- find the base address of the bootloader blob and disassemble it
properly (use IDA pro)
- find a place -big enough- where you can inject your own code for the
password prompt
- find a place in the early stages of device boot where you can place a
jump instruction and branch to your code, this should be right after the
bootloader code detects if the fastboot or odin button combinations are
pressed.
I'll suggest to write your code in C unless you are an arm assembly
guru, and try to make it the smallest possible... if the password is
correct, then it should jump back to the place right after where the
execution was interrupted with your initial jump and continue with the
normal bootloader process.
Also, I wouldn't do the tests by flashing your patched bootloader
directly into the phone (replacing the phone's stock bootloader), as a
small mistake in your patches can totally brick the device. To properly
test your patches, you'll need to find a way to place the bootloader in
RAM (from Android) and jump into it, and to do this you'll need to
disable interrupts, invalidate CPU caches, reset MMU, and continue
execution from physical address space where you've copied the bootloader
in RAM, this will simulate a reboot from bootloader but using your
patched one in RAM instead of the stock one in NAND, not an easy task I
guess... but if you have some progress, let us know :D
Cheers,
like with the encryption some script is ran that requires the password to be put in. since the code is already available could there be a way to just use that script and have detect if booting into recovery or odin?
password would be welcome in case my device were stolen, so anyone could make a fresh install independent of the ke or faceunlock, trackers, and everything i have
+1 for the idea... reason:
I know someone who's phone was factory reset by the police... yes, I live in Australia and what was done was illegal and he is taking legal action but once it's done, that's it, you lost everything on the device.
Password protecting recovery is a way to prevent those with enough know how to trigger a reset when you have no legal recourse not to hand over your belongings to another party on the street.
I know this is an edge case but one that has a precedent.
Since Android is not an iPhone and it's less protected I suggest to make a password access to fastboot mode. Cause when you a robbed your phone can be easily wiped and reused. To prevent it, I ask devs to make kinda of protection for our phones(to make my idea possible). For example if you forgot your password you could write your name to unlock it. Just a crazy idea. I had 2 phones stolen and I don't want to have my nexus to be stolen too. Thanks for attention
EminSG said:
Since Android is not an iPhone and it's less protected I suggest to make a password access to fastboot mode. Cause when you a robbed your phone can be easily wiped and reused. To prevent it, I ask devs to make kinda of protection for our phones(to make my idea possible). For example if you forgot your password you could write your name to unlock it. Just a crazy idea. I had 2 phones stolen and I don't want to have my nexus to be stolen too. Thanks for attention
Click to expand...
Click to collapse
custom recoveries do have a password protection option, fastboot will never have it. but android isnt less secure than the iphone, youve been reading pro apple information. android is actually safer.
simms22 said:
custom recoveries do have a password protection option, fastboot will never have it. but android isnt less secure than the iphone, youve been reading pro apple information. android is actually safer.
Click to expand...
Click to collapse
I know about recoveries, yes they have. But it's possible to wipe data even without using recovery or am I missing something? Wipe data means losing your phone. iPhones cannot be activated without an account. You need only a password on a lockscreen and thats it. Without knowing password or account it's impossible to make it working.
Backup is data loss protection. Password is data theft protection.
Someone who knows what they're doing can get data off an iPhone, don't worry about that
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
EminSG said:
I know about recoveries, yes they have. But it's possible to wipe data even without using recovery or am I missing something? Wipe data means losing your phone. iPhones cannot be activated without an account. You need only a password on a lockscreen and thats it. Without knowing password or account it's impossible to make it working.
Click to expand...
Click to collapse
theres a factory reset option in the main phone settings, backup and reset. theres also a backup option there that will restore everything(data and apps) when you do factory reset. if you password protect your phone, its secure as well.
rootSU said:
Backup is data loss protection. Password is data theft protection.
Someone who knows what they're doing can get data off an iPhone, don't worry about that
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
Click to expand...
Click to collapse
I don't worry about my data, I always have a backup on my cloud or computer. We have a soft from google called "Android device manager". I think it's useful but it won't work after a data wipe. All I want to have is to block wipe data option from anywhere. So chances to find my phone will increase
simms22 said:
theres a factory reset option in the main phone settings, backup and reset. theres also a backup option there that will restore everything(data and apps) when you do factory reset. if you password protect your phone, its secure as well.
Click to expand...
Click to collapse
I got it .I have lockscreen password and for example I have a recovery protection. Isn't it possible to flash phone and use it as it was out of box?
Wont be possible as fastboot can never be locked.
Best bet would be to get an app like pray that can be modified to read and save data in /system as that has more chance of being overlooked.
-----------------------
Sent via tapatalk.
I do NOT reply to support queries over PM. Please keep support queries to the Q&A section, so that others may benefit
EminSG said:
I got it .I have lockscreen password and for example I have a recovery protection. Isn't it possible to flash phone and use it as it was out of box?
Click to expand...
Click to collapse
if its password protected, not through recovery then. but its possible via fastboot. but even if your phone gets the factory image flashed onto it, the moment you log back into your phone, your apps will reinstall, and if you enabled the data backup, most your data will get restored as well.
simms22 said:
if its password protected, not through recovery then. but its possible via fastboot. but even if your phone gets the factory image flashed onto it, the moment you log back into your phone, your apps will reinstall, and if you enabled the data backup, most your data will get restored as well.
Click to expand...
Click to collapse
Thanks for your help. As I understood it's impossible to make phone safer. It's possible to find how to make it clear..
EminSG said:
Thanks for your help. As I understood it's impossible to make phone safer. It's possible to find how to make it clear..
Click to expand...
Click to collapse
if someone really wants to access your phone, whether its an android or an iphone, they can do it. but to the everyday normal person, its very hard.
I was literally flashing something ten minutes before and then I tried going back to recovery and there were no directory so I then rebooted it says I need a password... But I never one made a password, I didn't even know there was passwords for recovery
Sent from my Nexus 5 using xda app-developers app
Never mind... Just kept rebooting then eventually the problem was gone... How can I set a password for bootloader and recovery... Just wondering if it's even possible
Sent from my Nexus 5 using xda app-developers app
You can't set a password for either (well, not to my knowledge!)
Even with a password we can fastboot flash new images.
Team Win explains this on their website.
Primokorn said:
Even with a password we can fastboot flash new images.
Team Win explains this on their website.
Click to expand...
Click to collapse
Yes and no.. Actually we can lock the bootloader so fastboot flash wont work.... All we need is for the recovery password to block the following to secure your data (on the nexus 5):
Mount of external (OTG) media
adb access
file manager capabilities
This would mean you can still boot into recovery and flash / backup (although not to removable media) until you went into a security menu to "unlock recovery". This would even mean that your automated jobs can still occur without having to face a "boot password". The password could be stored on /sdcard in clear test and there could be an option to delete the password incase you forgot it in this same recovery menu, which also wipes the device.
recovery is the only weak point of my device.
Sure, Samsung's Odin will get round this password on their devices as the BL is not locked but any device with a locked bootloader (locakbale bootloader) will benefit.
Another caveat is that this is not to prevent the device being wiped.... unlocking the bootloader will wipe the device, and this is what I want. I don't care about getting the phone back as much as I would care about securing my data. Its all backed up. Nothing is lost. I just might not want someone else getting access to it.
Although this is beyond the extent of my knowledge to achieve, I don't think it would be hard for anyone who knows what they're doing with code.
rootSU said:
Yes and no.. Actually we can lock the bootloader so fastboot flash wont work.... All we need is for the recovery password to block the following to secure your data (on the nexus 5):
Mount of external (OTG) media
adb access
file manager capabilities
This would mean you can still boot into recovery and flash / backup (although not to removable media) until you went into a security menu to "unlock recovery". This would even mean that your automated jobs can still occur without having to face a "boot password". The password could be stored on /sdcard in clear test and there could be an option to delete the password incase you forgot it in this same recovery menu, which also wipes the device.
recovery is the only weak point of my device.
Sure, Samsung's Odin will get round this password on their devices as the BL is not locked but any device with a locked bootloader (locakbale bootloader) will benefit.
Another caveat is that this is not to prevent the device being wiped.... unlocking the bootloader will wipe the device, and this is what I want. I don't care about getting the phone back as much as I would care about securing my data. Its all backed up. Nothing is lost. I just might not want someone else getting access to it.
Although this is beyond the extent of my knowledge to achieve, I don't think it would be hard for anyone who knows what they're doing with code.
Click to expand...
Click to collapse
Do u mean that you always have a locked BL?
Thanks for your feedback but one thing remains the same IMHO. Of course we can lock the BL but a thief can unlock it then flash factory images. No more custom recovery, passwords...
I'm not talking about the user data but to be able for a thieft to use a device even with locked stuff.
Primokorn said:
Do u mean that you always have a locked BL?
Thanks for your feedback but one thing remains the same IMHO. Of course we can lock the BL but a thief can unlock it then flash factory images. No more custom recovery, passwords...
I'm not talking about the user data but to be able for a thieft to use a device even with locked stuff.
Click to expand...
Click to collapse
I'm just talking about data security. That is my only concern. Devices are replaceable. Unlock bootloader, data wiped. fine!
Oh thanks everyone, I just wouldn't want a theif to use a phone they don't deserve, pretty much the only security on my phone to not go to bootloader is for no power menu on my lockscreen but you could probably use adb to get through
Sent from my Nexus 5 using xda app-developers app
That's what imei blocking is for
Sent from my Nexus 5 using Tapatalk
So guys I just had my Nexus 5 stolen at the gym a couple of days ago, I'm very furious about it... I'm unable to track the device with Android Device Manager because the device was dead at the time it had been stolen and probably hasn't been turned on since.
As I imagine the thief will probably fastboot the phone and erase everything, before ever turning it on, or selling it.
My question is, is there not a way to put a startup password on the phone to prevent bootloader/download mode/adb/fastboot access to the phone?
I am also very upset because I called into Google, and there is absolutely no way to have the phones Serial/IMEI "flagged" or "blocked" with Google. Which would be technically such a simple system to implement.
This means that all those people who have had their Nexus 5's stolen, the device can just be re-registered with another Google account at a later date and nobody will blink an eye.
Views? Suggestions?
Thanks
Wow that sucks you can encrypt your phone that requires a password to startup you may have to have a password to enter fastboot if you encrypt it not sure never done it
Sent from my Nexus 5 using Tapatalk
Call your carrier to have the IMEI blacklisted. Google can not do this. It's your carrier's job to blacklist.
black listing the IMEI won't prevent somebody from re-registering that device with another Google account though. As it seem Google doesn't track or flag stolen Serial/IMEI.
BUMP to confirm Does encrypting the phone ask for a password at startup?
THE_KINGDOM said:
blacDoes encrypting the phone ask for a password at startup?
Click to expand...
Click to collapse
Yes.
THE_KINGDOM said:
black listing the IMEI won't prevent somebody from re-registering that device with another Google account though. As it seem Google doesn't track or flag stolen Serial/IMEI.
BUMP to confirm Does encrypting the phone ask for a password at startup?
Click to expand...
Click to collapse
no, but it will prevent the thief from using it on any US or Canadian carrier.
---------- Post added at 12:56 PM ---------- Previous post was at 12:52 PM ----------
THE_KINGDOM said:
black listing the IMEI won't prevent somebody from re-registering that device with another Google account though. As it seem Google doesn't track or flag stolen Serial/IMEI.
BUMP to confirm Does encrypting the phone ask for a password at startup?
Click to expand...
Click to collapse
Sandman-007 said:
Yes.
Click to expand...
Click to collapse
can still flash the factory img in the bootloader and not worry about the encryption. also, every single person ive known that has encrypted, eventually(weeks/months) got locked out of their own phones eventually because it wouldnt except a password, and had to flash the factory img.
simms22 said:
no, but it will prevent the thief from using it on any US or Canadian carrier.
---------- Post added at 12:56 PM ---------- Previous post was at 12:52 PM ----------
can still flash the factory img in the bootloader and not worry about the encryption. also, every single person ive known that has encrypted, eventually(weeks/months) got locked out of their own phones eventually because it wouldnt except a password, and had to flash the factory img.
Click to expand...
Click to collapse
Right but the whole point of encrypting is to protect the data not the device. So if a thief has to wipe the device to get rid of the encryption then he won't be able to access the data. It's gone.
Sandman-007 said:
Right but the whole point of encrypting is to protect the data not the device. So if a thief has to wipe the device to get rid of the encryption then he won't be able to access the data. It's gone.
Click to expand...
Click to collapse
no, its not gone. its relatively easy to recover the data, even after a factory reset, if the thief wanted to. unless the data is written over.
There is an app here on XDA as well as the play store called "bootunlocker" that allows you to lock and unlock your bootloader. Newer versions of Trickster MOD also do this. This way, if someone finds your phone and fastboot OEM unlocks it, it will wipe everything. The only thing we need to do at this point is secure the recovery. As no one seems to think a password protected recovery is necessary as no one has made one, you would have to flash the stock recovery.
If you need to make a nandroid then you would need to unlock and flash custom. This is the only way I can think of to fully ensure data gets wiped in the event someone really knows what they're doing. I might go this route, at least for a little bit to try it out
rockingondrums said:
There is an app here on XDA as well as the play store called "bootunlocker" that allows you to lock and unlock your bootloader. Newer versions of Trickster MOD also do this. This way, if someone finds your phone and fastboot OEM unlocks it, it will wipe everything. The only thing we need to do at this point is secure the recovery. As no one seems to think a password protected recovery is necessary as no one has made one, you would have to flash the stock recovery.
If you need to make a nandroid then you would need to unlock and flash custom. This is the only way I can think of to fully ensure data gets wiped in the event someone really knows what they're doing. I might go this route, at least for a little bit to try it out
Click to expand...
Click to collapse
wiping isnt a solution, as the wiped data is easily recoverable. and password protection for a recovery exists as well, twrp has it. and it also wont help as all you would have to do is flash another recovery via fastboot.
btw, heres a recent article about recovering data from a wiped phone http://www.theverge.com/2014/7/8/5881573/test-shows-data-can-be-recovered-from-wiped-android-phones
simms22 said:
no, its not gone. its relatively easy to recover the data, even after a factory reset, if the thief wanted to. unless the data is written over.
Click to expand...
Click to collapse
Fairly easy as in yes, I could do it. Fairly easy as in a random thief on the street, probably too much trouble and effort.
simms22 said:
wiping isnt a solution, as the wiped data is easily recoverable. and password protection for a recovery exists as well, twrp has it. and it also wont help as all you would have to do is flash another recovery via fastboot.
Click to expand...
Click to collapse
That's why the boatloader is locked. Yep, TWRP implemented Philz recovery lock.
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
rootSU said:
That's why the boatloader is locked. Yep, TWRP implemented Philz recovery lock.
Click to expand...
Click to collapse
Haven't tried it, but what happens if you just flash another recovery?
Lethargy said:
Haven't tried it, but what happens if you just flash another recovery?
Click to expand...
Click to collapse
How could you flash another recovery?
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
rootSU said:
How could you flash another recovery?
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
Click to expand...
Click to collapse
If your bootloader wasn't locked lol
Lethargy said:
If your bootloader wasn't locked lol
Click to expand...
Click to collapse
Obviously recovery lock is pointless if either android or bootloader is unlocked.
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
I say keep trying to locate the device with the Android Device Manager. The thief might not have charged it yet, or even won't at all. Might not be charged until someone buys it. Keep trying, and good luck.
rootSU said:
Fairly easy as in yes, I could do it. Fairly easy as in a random thief on the street, probably too much trouble and effort.
That's why the boatloader is locked. Yep, TWRP implemented Philz recovery lock.
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
Click to expand...
Click to collapse
the average theif, i absolutely agree. they want to steal the device and collect money for it. but if someone is specifically looking for your data, now that doesnt sound like the average thief, thats who i would want to keep away.
bootloader locked, then unlocked, back to that data being recoverable, not by your average thief.
simms22 said:
the average theif, i absolutely agree. they want to steal the device and collect money for it. but if someone is specifically looking for your data, now that doesnt sound like the average thief, thats who i would want to keep away.
bootloader locked, then unlocked, back to that data being recoverable, not by your average thief.
Click to expand...
Click to collapse
As I've said to you in another thread, there's no protection against that and that's the same with any file system.
Working on national security issues? Don't save data on your phone.
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
rootSU said:
As I've said to you in another thread, there's no protection against that and that's the same with any file system.
Working on national security issues? Don't save data on your phone.
Sent from my Nexus 5 using Tapatalk < Yes, I want you to know that I'm using a mobile client
Click to expand...
Click to collapse
lmao!
whats funny is that either we misunderstood each other, or a penguin was just spotted in the sahara desert(lol), because what you said is what i keep trying to say, theres no real protection. the best protection is that tbe average person doesnt have enough knowledge, patience, time to go after your data on a serious level. but those that are specifically targeting you for your data, those are who you should fear, as the data can be gotten to, if they really want to get it.
simms22 said:
if they really want to get it
Click to expand...
Click to collapse
It's all in the "if"
In my opinion the only worth protecting against would be the sneaky little brother or sister.
I want to clarify, i already saw many threads mentioning how you can protect your data with an unlocked bootloader, so no need to go deep into that.
But it also seems to me, many people just avoid the other issues, like an attacker being able to sideload malware in your device.
How to mitigate those other risks?
cablop said:
I want to clarify, i already saw many threads mentioning how you can protect your data with an unlocked bootloader, so no need to go deep into that.
But it also seems to me, many people just avoid the other issues, like an attacker being able to sideload malware in your device.
How to mitigate those other risks?
Click to expand...
Click to collapse
Sideloading malware requires physically access to your device. You have to reboot into bootloader mode and flashing e.g. a patched system.img and then reboot into system again. To avoid this: Never leave your device unattended.
WoKoschekk said:
Sideloading malware requires physically access to your device. You have to reboot into bootloader mode and flashing e.g. a patched system.img and then reboot into system again. To avoid this: Never leave your device unattended.
Click to expand...
Click to collapse
I am fully aware of that. But there are time you leave it unattended, you can't carry a bag with all your belongings with you to every place you must be in, e.g., bathroom, beach, gym, etc.
So, if you leave it unattended and then you come back and you think it was compromised, what can you do, apart from a full reset? Can't you have a tool that tells you if something changed, somebody took it, it rebooted, etc.?
cablop said:
I am fully aware of that. But there are time you leave it unattended, you can't carry a bag with all your belongings with you to every place you must be in, e.g., bathroom, beach, gym, etc.
Click to expand...
Click to collapse
It seems a bit paranoid... When I'm not at home my phone is in my pocket or locked up (e.g. gym). That's it.
cablop said:
So, if you leave it unattended and then you come back and you think it was compromised, what can you do, apart from a full reset? Can't you have a tool that tells you if something changed, somebody took it, it rebooted, etc.?
Click to expand...
Click to collapse
A full reset would do nothing for you. In bootloader menu you have no access to /data. Even if fully booted up nobody can access /data due to my display pattern. So, a full wipe wouldn't help you since it only wipes /data.
As I already said you could only patch the system.img/vendor.img with malware. But if Android verified boot is enabled, it's impossible to change something on these partitions.
WoKoschekk said:
It seems a bit paranoid... When I'm not at home my phone is in my pocket or locked up (e.g. gym). That's it.
Click to expand...
Click to collapse
Not really paranoid. You only need to see the ads offering ways to people to know what their partners do, don't they? Keyloggers predate Android phones, so how can i think they are not a real risk?
WoKoschekk said:
A full reset would do nothing for you. In bootloader menu you have no access to /data. Even if fully booted up nobody can access /data due to my display pattern. So, a full wipe wouldn't help you since it only wipes /data.
As I already said you could only patch the system.img/vendor.img with malware. But if Android verified boot is enabled, it's impossible to change something on these partitions.
Click to expand...
Click to collapse
BTW. If it was impossible to write on those partitions, then it would be impossible to change the firmware of the phone, but we do when we unlock the bootloader, and then we patch stuff, like a new recovery partition and even root the phone. So it is not something the Android verified boot can do.
It seems to me that while Google and the vendors think it is important to keep the bootloader locked for security reasons, the community keeps looking in other direction to say it is not, and there's no risk, but there is.
cablop said:
BTW. If it was impossible to write on those partitions, then it would be impossible to change the firmware of the phone
Click to expand...
Click to collapse
You mixed up things. A new firmware is not the same as patching /system on a stock ROM. Even a custom recovery requires a patched vbmeta.img in most cases.
Malware is an executable file that can only be stored on a file system. You can't store it on a boot.img or recovery.img since they are only binaries. No, you need e.g. /system or /vendor. Only there you could store a malicious file like a patched APK that gets executed by system during the next boot sequence.
WoKoschekk said:
You mixed up things. A new firmware is not the same as patching /system on a stock ROM. Even a custom recovery requires a patched vbmeta.img in most cases.
Malware is an executable file that can only be stored on a file system. You can't store it on a boot.img or recovery.img since they are only binaries. No, you need e.g. /system or /vendor. Only there you could store a malicious file like a patched APK that gets executed by system during the next boot sequence.
Click to expand...
Click to collapse
ok, that is interesting, but comes with a doubt... then, how does Magisk work? afaik it is a patch outside the firmware or system or data... Can't we install a malware to the phone in a similar way Magisk gets installed?
cablop said:
ok, that is interesting, but comes with a doubt... then, how does Magisk work? afaik it is a patch outside the firmware or system or data... Can't we install a malware to the phone in a similar way Magisk gets installed?
Click to expand...
Click to collapse
Even Magisk needs an installation for the Manager APK when a patched boot.img gets booted. The APK isn't part of the patch and the installation must be granted by the user.
WoKoschekk said:
Even Magisk needs an installation for the Manager APK when a patched boot.img gets booted. The APK isn't part of the patch and the installation must be granted by the user.
Click to expand...
Click to collapse
Hmmm.
Ok, maybe i am confused by thinking the bootloader of Android can work in a similar fashion as the boot of Linux or even Windows.
So, just to be sure, what you are telling me is that there's no way to install with an unlocked bootloader a malware in the system, either as new software or replacing an existing one, but that the risk is they can read my data, something that i can solve with a proper device or userspace encryption, right?
Can't we flash some things from the TWRP or alike like the GMS directly into the system?