I'm curious as to the method of fixing my phones as I feel/ know they have been hacked from person(s) I considered friends. They never had access to said phones other then a Hotspot on my Galaxy Note 20 5g with no physical access to my Galaxy Note 10. My Google accounts are 2-step verified protected. I haven't noticed any unrecognized logins to any of my accounts. I don't know much about coding or I wouldn't be asking thus question. How do I go about finding the software and removing it? Is there a website or person who can offer such services ? How can I resolve this issue , please let me know.
Thank you,
........
...???
Kyleson253 said:
..
Click to expand...
Click to collapse
Simply factory resetting the device, preferably by using the factory reset and wipe cache option in stock recovery mode and then reflashing your stock firmware would be the easiest way to solve whatever they may have tampered with.
alt google account could also be helpful. Factory resetting can remove any extra malware they might of installed, but it also removes any pictures or personal files you own. But I gotta admit if your friend could hack into a google account ( and ESPECIALLY a GOOGLE account) they deserve some credit. Could you tell me what they did?
If with "hacked" is meant phone's Android system got tampered then take note that phone only can get hacked if both its bootloader got unlocked and its Android's SELinux / DM-Verity protection got disabled and the "hacker" has superuser rights.
So I guess your phone didn't get "hacked", but only 3rd-party apps got installed - what easily can get removed: To achieve this performing a factory reset isn't necessary.
jwoegerbauer said:
If with "hacked" is meant phone's Android system got tampered then take note that phone only can get hacked if both its bootloader got unlocked and its Android's SELinux / DM-Verity protection got disabled and the "hacker" has superuser rights.
So I guess your phone didn't get "hacked", but only 3rd-party apps got installed - what easily can get removed: To achieve this performing a factory reset isn't necessary.
Click to expand...
Click to collapse
Not entirely true, but, yes, in general, this is true. There are exploits that do not require an unlocked bootloader to embed code in the system partition. Many devices can be rooted without unlocking bootloader and DM-verity disabled, also, you'd be surprised what can be done even when SELinux is set to enforcing.
It really comes down to exactly which specific device is being modified.
Droidriven said:
Not entirely true, but, yes, in general, this is true. There are exploits that do not require an unlocked bootloader to embed code in the system partition. Many devices can be rooted without unlocking bootloader and DM-verity disabled, also, you'd be surprised what can be done even when SELinux is set to enforcing.
It really comes down to exactly which specific device is being modified.
Click to expand...
Click to collapse
This guy/friend is actually talented as **** tbh
Related
Does android/S7 have anything equivalent to apples find my phone which effectively turns it into a brick when stolen? If so, how?
In the Google app settings there is a phone finding service you can activate, and some CSCs have "Find my mobile" which allows you to remote wipe / brick etc
but does this stop the device from being wiped if stolen and activating like apples activation lock does?
lofty5 said:
but does this stop the device from being wiped if stolen and activating like apples activation lock does?
Click to expand...
Click to collapse
Yes, provided you keep the bootloader locked.
EDIT: Technical term is FRP(Factory reset protection), and it's tied to the Google account used to set up the device
This is what i was thinking, that the boot loader has to be locked in order to do this. would keeping the phone rooted be an option or make it insecure?
Could i do this on a region that isn't my csc without bricking the phone? I'm pretty sure that as long as the source files are stock samsung any region should work. Can download mode be protected?
I'm currently backing up my device after which i am enabling all the security options and am going to try to hack into the phone to see if its worth doing or not. If it can be broken easily id rather keep it unprotected for convenience, but if i can protect the phone I'd rather do this as i lost my phone a couple of years ago and there was no protection on it at all nor on the sd card, which sucked.
bump
Root almost always requires a modified boot image which will immediately be blocked by a relocked bootloader. So root and FRP cannot coexist as they counteract each other. FRP itself is not CSC locked, only the remote control features. There are ways around it but they are mostly only present in older firmware, which is blocked by bootloader downgrade fuses. So yeah, pretty unbreakable if the device remains full Knox stock.
Hint: anything confidential should never be stored on the external card, or should be encrypted if it is (eg. Turn on encryption in titanium backup). Internal memory is always encrypted on stock firmware.
Edit: Download would work as usual. So basically what would happen is if a malicious firmware was flashed the bootloader will block it at boot and trip the Knox fuse, essentially burning all data on the device. If the crooks are smart they can still make use of the device, but most aren't so you should be safe
I'm using Cerberus, it can disable the shutdown/reboot menu on the lockscreen.
CurtisMJ said:
Root almost always requires a modified boot image which will immediately be blocked by a relocked bootloader. So root and FRP cannot coexist as they counteract each other. FRP itself is not CSC locked, only the remote control features. There are ways around it but they are mostly only present in older firmware, which is blocked by bootloader downgrade fuses. So yeah, pretty unbreakable if the device remains full Knox stock.
Hint: anything confidential should never be stored on the external card, or should be encrypted if it is (eg. Turn on encryption in titanium backup). Internal memory is always encrypted on stock firmware.
Edit: Download would work as usual. So basically what would happen is if a malicious firmware was flashed the bootloader will block it at boot and trip the Knox fuse, essentially burning all data on the device. If the crooks are smart they can still make use of the device, but most aren't so you should be safe
Click to expand...
Click to collapse
I had it rooted last night with magisk and boot loader locked, however it did refuse to boot due to modification and frp locked after a factory reset, but worked fine prior to this.
is it not worth doing if not fully knox stock?
I only really use root these days for titanium backup and perhaps ad blocking.
How difficult is it for a hacker to get back into the phone, I mean iPhones are practically impossible to get back into if on the latest firmware.
Blacky25 said:
I'm using Cerberus, it can disable the shutdown/reboot menu on the lockscreen.
Click to expand...
Click to collapse
is your boot loader locked and rooted?
lofty5 said:
is your boot loader locked and rooted?
Click to expand...
Click to collapse
Yes it is, I know it is also possible to delete everything but when I really loose my phone I will hope that people without the knowledge find my phone.
lofty5 said:
I had it rooted last night with magisk and boot loader locked, however it did refuse to boot due to modification and frp locked after a factory reset, but worked fine prior to this.
is it not worth doing if not fully knox stock?
I only really use root these days for titanium backup and perhaps ad blocking.
How difficult is it for a hacker to get back into the phone, I mean iPhones are practically impossible to get back into if on the latest firmware.
Click to expand...
Click to collapse
About as difficult as an iPhone to crack provided it's on latest firmware with a locked bootloader, even preventing reuse. FRP remains fully operational irregardless of Knox warranty status. It's possible to keep encryption while rooting (though this depends on strictly "close to stock" firmware, specifically by using a stock kernel binary. Ramdisk mods like Magisk or SuperSU are fine) to retain the data protection so thieves wont be able to deduce anything about you, but as long as the bootloader is unlocked a thief could always just wipe and reuse the device.
CurtisMJ said:
About as difficult as an iPhone to crack provided it's on latest firmware with a locked bootloader, even preventing reuse. FRP remains fully operational irregardless of Knox warranty status. It's possible to keep encryption while rooting (though this depends on strictly "close to stock" firmware, specifically by using a stock kernel binary. Ramdisk mods like Magisk or SuperSU are fine) to retain the data protection so thieves wont be able to deduce anything about you, but as long as the bootloader is unlocked a thief could always just wipe and reuse the device.
Click to expand...
Click to collapse
I am now back to full stock with no root. It’s not the same now as when i first started rooting back on the arc s, back then you could literally do nothing without it, things so basic such as a firewall. I only at this minute have one issue.
How in god’s name do you do a full backup of apps WITH data. I have helium but it refuses to backup most of them, it’s not a big deal now as i have re-setup the programs it wasn't compatible with. However, it would be handy to know for future reference, is there anything that can do a full backup with app data that doesn’t require root? If not, never mind I guess.
lofty5 said:
How in god’s name do you do a full backup of apps WITH data. I have helium but it refuses to backup most of them, it’s not a big deal now as i have re-setup the programs it wasn't compatible with. However, it would be handy to know for future reference, is there anything that can do a full backup with app data that doesn’t require root? If not, never mind I guess.
Click to expand...
Click to collapse
Not quite sure as I've always been rooted. Kies or Google Cloud Sync might be sufficient?
CurtisMJ said:
Not quite sure as I've always been rooted. Kies or Google Cloud Sync might be sufficient?
Click to expand...
Click to collapse
is the latest s7 fw protected against this attack?
https://forum.xda-developers.com/sa...galaxy-on5-metropcs-sm-g550t1-t3439557/page13
and root junkies hack?
lofty5 said:
is the latest s7 fw protected against this attack?
https://forum.xda-developers.com/sa...galaxy-on5-metropcs-sm-g550t1-t3439557/page13
and root junkies hack?
Click to expand...
Click to collapse
Only one way to find out An easy way to test would be to see if the phone responds to the USB command to dial the number, so no need to reset to check.
So, I have a Moto G9 Power, and I unlocked the bootloader to fool around with root access. Then I realised, that root access wasn't all that powerful as it was on older Android versions.
You simply do not have access to the root partition on Android 10, it is mounted read-only, and it ignores all commands to remount it as read-write.
Also, the location of the Boot animation zip of this phone is wierd, it is in /product/media, not /system/media, which effectively renders all Boot animation Magisk modules or apps useless.
Plus, the battery drain once unlocked and rooted was so much more than when on stock. And other stupid idiosyncrasies made being root not all that powerful.
So I decided to un-root and relock the bootloader.
The thing is, when it was stock, in fastboot mode, it showed
Code:
oem_locked
Now after relocking it by
Code:
fastboot oem lock
it shows
Code:
flashing_locked
I'm pretty sure the difference between the two is enough for the service center to deny my warranty (which I voided by unlocking it in the first place, I know, I know. But reverting back to stock should make the service guys not notice) if something happened to the phone.
Is there any way I can get the original message back? Am I permanently screwed? Please respond, anyone.
mistersmee said:
So, I have a Moto G9 Power, and I unlocked the bootloader to fool around with root access. Then I realised, that root access wasn't all that powerful as it was on older Android versions.
You simply do not have access to the root partition on Android 10, it is mounted read-only, and it ignores all commands to remount it as read-write.
Also, the location of the Boot animation zip of this phone is wierd, it is in /product/media, not /system/media, which effectively renders all Boot animation Magisk modules or apps useless.
Plus, the battery drain once unlocked and rooted was so much more than when on stock. And other stupid idiosyncrasies made being root not all that powerful.
So I decided to un-root and relock the bootloader.
The thing is, when it was stock, in fastboot mode, it showed
Code:
oem_locked
Now after relocking it by
Code:
fastboot oem lock
it shows
Code:
flashing_locked
I'm pretty sure the difference between the two is enough for the service center to deny my warranty (which I voided by unlocking it in the first place, I know, I know. But reverting back to stock should make the service guys not notice) if something happened to the phone.
Is there any way I can get the original message back? Am I permanently screwed? Please respond, anyone.
Click to expand...
Click to collapse
As far as I know anything with custom unlocks voids warranties the thing is that message likely changes to keep people from changing it back, I'm not sure what type of checks they do or how much your providers know about the device you have but considering they don't care as long as its relocked when you turn it in you may be alright. Its not like it couldn't be unlocked by them for various other reasons like flashing stock fw if it need to be fixed in that form unless they have someway of restoring that message themselves someone on our end would have to replicate it and that would take some dedicated development to do so.
Mr.Conkel said:
As far as I know anything with custom unlocks voids warranties the thing is that message likely changes to keep people from changing it back, I'm not sure what type of checks they do or how much your providers know about the device you have but considering they don't care as long as its relocked when you turn it in you may be alright. Its not like it couldn't be unlocked by them for various other reasons like flashing stock fw if it need to be fixed in that form unless they have someway of restoring that message themselves someone on our end would have to replicate it and that would take some dedicated development to do so.
Click to expand...
Click to collapse
Oh. Ok, cool. Cheers, mate, thanks!
mistersmee said:
Oh. Ok, cool. Cheers, mate, thanks!
Click to expand...
Click to collapse
I mean Motorola G Power devices are fairly popular here, wait around and keep an eye on your devices thread considering it can be unlocked with enough time you should be given a custom rom like LOS or Crdroid. The G7 power has tons of custom access as well as other G series device from Motorola so it is very likely to get something, which would very likely enable the custom access your looking for with modifications as it will be built normally.
Cheers!
Many Android devices set a "tampered" flag - which is responsible for voiding warranty of the devices - within the bootloader what can get queried by service centers.
jwoegerbauer said:
Many Android devices set a "tampered" flag - which is responsible for voiding warranty of the devices - within the bootloader what can get queried by service centers.
Click to expand...
Click to collapse
That makes sense, hence why the message changed. Is there a way to remove that tampered flag? I know that older Samsung devices had a flash counter, which could be reset back to zero. Maybe something similar?
Mr.Conkel said:
I mean Motorola G Power devices are fairly popular here, wait around and keep an eye on your devices thread considering it can be unlocked with enough time you should be given a custom rom like LOS or Crdroid. The G7 power has tons of custom access as well as other G series device from Motorola so it is very likely to get something, which would very likely enable the custom access your looking for with modifications as it will be built normally.
Cheers!
Click to expand...
Click to collapse
Will do.
mistersmee said:
That makes sense, hence why the message changed. Is there a way to remove that tampered flag? I know that older Samsung devices had a flash counter, which could be reset back to zero. Maybe something similar?
Click to expand...
Click to collapse
IDK.
jwoegerbauer said:
IDK.
Click to expand...
Click to collapse
Ok, cool. I'll search around.
mistersmee said:
That makes sense, hence why the message changed. Is there a way to remove that tampered flag? I know that older Samsung devices had a flash counter, which could be reset back to zero. Maybe something similar?
Click to expand...
Click to collapse
No nothing like that for Moto devices.
Generally, Motorola doesn't enforce the voided warranty issue.
If the device has a factory flaw and still would be under warranty, they will cover it.
At least this is based on posts on the forum.
sd_shadow said:
No nothing like that for Moto devices.
Generally, Motorola doesn't enforce the voided warranty issue.
If the device has a factory flaw and still would be under warranty, they will cover it.
At least this is based on posts on the forum.
Click to expand...
Click to collapse
Oh. Ok, that's a relief.
[Apologies for being a noob, I tried my best to do the homework]
I want to buy a used Pixel 2 (or Pixel 3). There is some general advice on the internet reminding to check:
(i) for physical damage
(ii) if ESN / IMEI has been blacklisted
(iii) if the device is compatible with a carrier (communication standard, uses SIM and not e-SIM, not carrier locked)
(iv) and warning that the device can break or become blacklisted after the purchase.
All of the above is associated with a risk, which is limited to the amount of money paid.
But my primary concern is the risk from using the second-hand device where privacy is critical (email, online banking, 2FA through SMS). How do I make sure the previous owner hasn't planted a backdoor? If I trust Google, what are the reasonable steps to ensure that the device hasn't been tampered with by someone else? In particular:
(1) How do I check on Pixel 2 that the firmware, bootloader, OS are the original ones?
(2) If the device had been bootloader unlocked and/or rooted, is it possible to restore the original images, re-lock the bootloader to be confident that no one (but Google) will spy on me?
(3) Is there anything I am missing?
(4) Which of these are probably different on Pixel 3 and should be asked on Pixel 3 forum?
I barely understand the difference between the bootlocker and the recovery, and I would appreciate clear answers very much.
Related:
- A related thread mentions telling apart Verizon and unlocked versions of Pixel 2:
Buying Pixel 2 on Craigslist any tips to avoid issues?
Hi, I would like to buy a used Pixel 2 off Craigslist and since I am not familiar with the Pixel 2 I hope you can help me make sure I don't get scammed. I know I need to check that the IMEI is not blacklisted (can run it through the swappa IMEI...
forum.xda-developers.com
- A similar question was asked about Galaxy Note 9. One senior member says "Hell, back in the day we could reset knox counters ... even checking knox isn't a full proof method". Another says "So rest assured if your Warranty Bit is not 0x1 a Custom Binary has never been flashed". I am confused, as there is no concensus.
Bought used. Security concerns?
I had been looking for a new phone for awhile. Settled on a Note 9 because I wanted to try using the S Pen for work and dislike the Note 10 design. However, they are still sold at full price where I live, so I bought one secondhand. Everything...
forum.xda-developers.com
- Here someone says "Really easy to relock" about OnePlus 5. I wonder if the same is true for Pixels 2/3?
Risk of used phone with unlocked bootloader?
Hey guys this is probably a lame question... does any risk come with buying a phone with an unlocked boot loader? I bought an OnePlus 5 from ebay used in great shape. The seller advised the the phone was rooted with Android 10. When i start the...
forum.xda-developers.com
Reboot the phone, and see if the yellow exclamation mark comes up saying the bootloader was modified.
If you don't see that, it means the Pixel 2 bootloader was never unlocked and a custom ROM was never flashed to the device.
Since all Pixel 2 phones would be out of warranty now, the only way to ensure security is to flash a trusty ROM yourself.
kodina said:
Since all Pixel 2 phones would be out of warranty now, the only way to ensure security is to flash a trusty ROM yourself.
Click to expand...
Click to collapse
Thanks for you response, but I am not sure I understand the last bit. Do you mean I would have to flash a trusty ROM myself because there are no certified service centres that would accept the phone, as the warranty has expired? Or do you mean that there are no automatic updates or supported ROMs because of the end of life or something?
up!
wiltingenthusiasm said:
Thanks for you response, but I am not sure I understand the last bit. Do you mean I would have to flash a trusty ROM myself because there are no certified service centres that would accept the phone, as the warranty has expired? Or do you mean that there are no automatic updates or supported ROMs because of the end of life or something?
Click to expand...
Click to collapse
No, I mean even if the bootloader is locked, even if the original owner never flashed a custom ROM, the device (in theory) could still have had been rooted in the past, unknown apps installed, root removed and you would never know. Hoewever, this is all in theory, but it is possible, and only applies if you are paranoid about security.
Otherwise, reboot the phone, no bootlaoder warning = 99% safe to use.
kodina said:
No, I mean even if the bootloader is locked, even if the original owner never flashed a custom ROM, the device (in theory) could still have had been rooted in the past, unknown apps installed, root removed and you would never know. Hoewever, this is all in theory, but it is possible, and only applies if you are paranoid about security.
Otherwise, reboot the phone, no bootlaoder warning = 99% safe to use.
Click to expand...
Click to collapse
Oh, I see. And a factory reset would not help either, because it does not recover the OS from a reserve copy whose integrity can be ensured, but simply deletes all user data and extra apps, while keeping the rest, which could have been compromised via root access. Therefore, there is no guarantee that the factory reset via bootloader really gets the device to the "factory state". Is that correct?
[Many thanks for your explanation.]
wiltingenthusiasm said:
Oh, I see. And a factory reset would not help either, because it does not recover the OS from a reserve copy whose integrity can be ensured, but simply deletes all user data and extra apps, while keeping the rest, which could have been compromised via root access. Therefore, there is no guarantee that the factory reset via bootloader really gets the device to the "factory state". Is that correct?
[Many thanks for your explanation.]
Click to expand...
Click to collapse
In theory, because I have not ready any news, articles, guides or forum threads where people are claiming they have done it.
So, the only option to ensure things are 1% safer, is to unlock the bootloader and flash a custom ROM yourself, trusting that the ROM dev didn't put anything weird in it. Though, as far as I checked, none of the OFFICIAL ROMs for Pixel 2 have a history of putting in something bad.
So, if you want 100% stability, use the default google ROM after a factory reset, but if you want """more""" security, unlock the bootloader and flash the ROM yourself.
I see that I can add user-settable root of trust to the bootloader so I can set custom secure boot keys like PCs at https://source.android.com/docs/security/features/verifiedboot/device-state , so I think I can use a user modified init_boot image (including the magisk patched one) by signing it with my own keypair.
Also, I know that some manufacturers require 7 days for new devices to be unlocked (like Xiaomi) or do not allow user unlock at all. However, authorized repairers can flash signed factory system images without unlocking it. I guess it is implemented by internal (read-only) root of trust. But can I do this with user-settable root of trust part so I can become authorized repairer to my own device?
P.S. I am using a bootloader-unlocked Pixel 4 XL as my major phone now. I have bought a Pixel 7 Pro but not yet switched to it. I am looking for a method to take both security and scalability into account.
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
s3axel said:
Good and interesting question, sadly I don't have a definitive answer to it - but a few thoughts:
As to your own keypair: I would think that the bootloader checks for integrity and you would need to patch bootloader as well to accept a user-key - not sure if this is feasible.....
AFAIK for Xiaomi devices the authorized repairers use EDL mode with a separate authentification - EDL-mode is (IMO) a separate very low-level boot mode.... I don't think this is related to the "normal" boot mechanism and its keys.....
Is there any specific reason you are aiming for a re-locked bootloader ? The only aspect I could think about is some specific apps that can detect an unlocked bootloader and refuse to function.... from a pure security standpoint I don't see a benefit from re-locking a modified device, at least until you really (!) know all modifications that have been done in low-level detail.....
Click to expand...
Click to collapse
The reason why I am aiming for a re-locked bootloader is that everyone can flash a modified image at bootloader. An evil maid or cop may be able to flash a trojan boot image when I am not with my phone.
Hi, I was wondering if anyone rooted with the most current firmware (November) for the SM-A326U could upload a system dump for me? Not odin firmware, just a system dump minus userdata. If you can help let me know. Or if you are on previous build that might help too. I am going to build a new boot image that allows OEM unlocking if at all possible. Thanks!
Sands207 said:
Hi, I was wondering if anyone rooted with the most current firmware (November) for the SM-A326U could upload a system dump for me? Not odin firmware, just a system dump minus userdata. If you can help let me know. Or if you are on previous build that might help too. I am going to build a new boot image that allows OEM unlocking if at all possible. Thanks!
Click to expand...
Click to collapse
Altering the boot image will not change whether OEM Unlocking is allowed, and is pointless as Android Verified Boot (as well as Samsung Vaultkeeper) will prevent flashing and loading of altered images.
The visibility of the OEM Unlocking toggle is controlled by the system property ro.oem_unlock_supported while the ability to toggle it is controlled by sys.oem_unlock_allowed. The former is set at firmware build time, while the latter is generally set by checking a cloud side whitelist.
In other words...While someone with root could potentially dump their system image, and you could edit these properties, you still wouldn't be able to flash the system image to your device, as you'd need Samsung's private cryptographic key to sign the firmware package.
I guess my question would be then, how are other people oem unlocking other samsung phones that are in the same situation without Samsungs verification?
V0latyle said:
Altering the boot image will not change whether OEM Unlocking is allowed, and is pointless as Android Verified Boot (as well as Samsung Vaultkeeper) will prevent flashing and loading of altered images.
The visibility of the OEM Unlocking toggle is controlled by the system property ro.oem_unlock_supported while the ability to toggle it is controlled by sys.oem_unlock_allowed. The former is set at firmware build time, while the latter is generally set by checking a cloud side whitelist.
In other words...While someone with root could potentially dump their system image, and you could edit these properties, you still wouldn't be able to flash the system image to your device, as you'd need Samsung's private cryptographic key to sign the firmware package.
Click to expand...
Click to collapse
Luckily for me I found a way to both bypass and disable knox and the need for the key...
Sands207 said:
I guess my question would be then, how are other people oem unlocking other samsung phones that are in the same situation without Samsungs verification?
Click to expand...
Click to collapse
Probably has something to do with the leaked code from Samsung, which to my understanding included some of the keys they used to sign updates and application packages. Since we have to stay in the "white" here on XDA, we can't allow any sharing of copyrighted intellectual property, even if it's already in the public domain...basically, our web hosts are pretty nervous about losing advertiser funding because of legal controversy.
Sands207 said:
Luckily for me I found a way to both bypass and disable knox and the need for the key...
Click to expand...
Click to collapse
Care to share? Knox =/= bootloader unlock so if you were able to enable OEM unlocking and unlock the bootloader, it's kinda moot...Knox on the other hand would trip if custom images were flashed, unless you found a way to sign the binaries using an aforementioned leaked key.
I was able to disable knox and FRP using a fairly common toolbox and gain surprisingly temporary root access today that ends when I reboot using a method that is still fairly early in development but does work. I will have time tomorrow to take a closer look