A family member unfortunately died (no crime involved) in her home sometime this week. We are trying to determine approximately when it happened. She had a Samsung S10e that I have access to, and I am trying to get as much information as I can. By looking at call logs, browser history and search history I have gotten a little closer, but I had hoped to find something similar to the event log in windows, and see when the phone was last in use in any way as well as when it ran out of battery etc.
I have tried adb logcat commands, but they only show entries for the latest startup. The phone is not rooted.
A few questions:
* Are there any logs/activity info I might be able to access without root (I do have access to her google account and the phone itself (lock screen was not enabled)).
* Can I root the phone without destroying the information I am trying to find? If so, any tips on which guide to follow?
* Is there a better forum to ask this question?
Any help is greatly appreciated.
ziphnor said:
A family member unfortunately died (no crime involved) in her home sometime this week. We are trying to determine approximately when it happened. (...)
Click to expand...
Click to collapse
Sympathy.
I don't understand the purpose of bailing on a doctor to determine the time of death.
There are more logs after entering recovery mode, but each new boot of the phone overwrites another entry in the sequence of several logs.
ze7zez said:
Sympathy.
I don't understand the purpose of bailing on a doctor to determine the time of death.
There are more logs after entering recovery mode, but each new boot of the phone overwrites another entry in the sequence of several logs.
Click to expand...
Click to collapse
I don't know what you mean about "bailing on a doctor"? I am in Denmark (so free doctors), and the body has been taken to a morgue, but since there is no evidence of a crime I don't expect that much effort being taking in determining the exact time of death, and I suspect that I can get closer with logs from the phone.
As to the logs, the phone has been restarted once (because it had run out of battery and shut down (and even knowing when that happened would be useful)).
Can you share any resources on accessing logs in recovery mode? (it sounds like I better get it right the first time to avoid redundant reboots).
Related
I am one of the many who have been experiencing the random reboots. I have seen talk about it, but have not seen anyone really looking into why this is happening. Some people claim it happens only when docked, or when SD card is in etc. Yet others post that they still get the reboots without doing those things either.
I have been monitoring my reboot problem very closely. I have yet to determine the cause other than it only happens when the device is put into sleep mode manually or automatically, and I am looking for some help from some of the DEV's around here.
When our TF's do this reboot, it is a system crash. When this happens, a ROMDUMP file is placed on the internal "sd card".
These can be viewed with a simple txt editor, like windows notepad. I myself can not read the code and understand what info it is revealing to me. According to an Asus tech on the phone this file can tell you what went wrong and made the device reboot. However the buggers won't tell you crap over the phone and want me to send the device in with the ROMDUMP files.
When I try and read the files, I do see one thing in common, in 99% of them, right near the end of the file, or the very last line before the crash, this line is present,
Kernel panic - not syncing: Fatal exception in interrupt
<2>[ 162.985309] CPU1: stopping
If our reboot issue is kernal based, which would indicate it's a firmware issue;
I was thinking one of the talented DEV's around here could fix us up.
Hell maybe even just a reflash of the current firmware would fix the issue.
Anyway, if a DEV around here want to or willing to look into this, I have some ROM dumpfiles they can look at, just send me a PM.
For reference,
I have a B60K modle
Stock 3.1
GPS 1.3.1
Wifi 5.1.42
BluT 6.17
Kernal 2.6.36.3-00001-gf377a2b [email protected] #1
Build HMJ37.US_epad-8.4.4.5.2-20110603
Thanks.
I don't have any more dumps recently, deleted them so I can't pull up and see what mine said to give you, but wanted to just say I was having these multiple times a day every day and it started once I bought an AData 16GB SDCard for the dock. Then I ended up removing that card and bought a MicroSD 16GB card instead and it has quit doing the random reboots, so definitely seemed to be something with my SDCard in the dock.
Post your whole log here (as .txt or .zip) and I will look at it.
I've had these once or twice but have always deleted the file.
The Kernel Panic is the kernel's way of telling you that something unrecoverable has happened and the integrity of the whole OS is in question. Think of a kernel panic like a BSOD on Windows.
I've never seen that specific one before, but a quick Google search indicates it may be a problem with I/O operations - like bad RAM or a bad SD card.
sassafras
Thanks for the response. I have included 4 RAMDUMP files. I find these 4 special because they all happened in quick succession. Four separate reboots all within 8 mins of each other without any interaction of the device myself. I never touched the device, I just sat there and staring at the device rebooting 4 times in 8 mins. On the final reboot the device never came back on. AT this point I picked up the device and had to hold the power button down for over 10 seconds for the device to come back on to an Asus splash screen. This was mins after I did a fresh factory reset via the OS options internally then a hard reset using the hardware buttons.
...It's a bug alright...
It doesn't seem to be caused by the same problem though, just that the watchdog program invokes a kernel panic and reboots. Weird. I'll backtrace it later and see what's up.
sassafras
went a whole day without a reboot. I did have an odd lock up/freeze at the lock screen where i couldnt unlock the device or get it to rotate the screen. It was locked up tight. Held hte power button down for 20 secs before it shut down. Rebooted, no new RAMdump created. No issues since.
sassafras_, Did you have any luck reading those ramdumps?
I did - sort of.
They're all related to the watchdog program assuming it's soft locked up. Which it may very well have been, but since you weren't using the device at the time, it's hard to know for sure.
The function's that were called immediately prior to the fault were different, which to me indicates that it's just buggy software. Honestly, without doing a backtrace I wouldn't know, but I can't without a system.map from around the time of the lockup. I'm going to assume it's just buggy code from 3.1 and wait and see if the 3.2 release lowers the rate of these. If not, then maybe I'll do some more digging.
sassafras
sassafras_ said:
I did - sort of.
They're all related to the watchdog program assuming it's soft locked up. Which it may very well have been, but since you weren't using the device at the time, it's hard to know for sure.
The function's that were called immediately prior to the fault were different, which to me indicates that it's just buggy software. Honestly, without doing a backtrace I wouldn't know, but I can't without a system.map from around the time of the lockup. I'm going to assume it's just buggy code from 3.1 and wait and see if the 3.2 release lowers the rate of these. If not, then maybe I'll do some more digging.
sassafras
Click to expand...
Click to collapse
Is there any progress on this issue? I bougth a brand new tf and during day random reboots maybe 50 times. And that romdumps are appeared on my internal storage. I dont have external sd by the way. Im stuck.
Hi.
Im having a same problem with my Transformer. Its a week old B60 and its reboots probably 50 times a day and give me log files.
Also im using Honeycomb 3.2
I really want to find out what is going on
i guess its a hardware issue or something.
i'm going to give back my TF today and take back a new one.
if i get same errors, i'll let you know.
I posted a workaround that helps immensely for rooted tablets somewhere around here. I can't find it tonight, but it's in one of the other 'random reboot' threads.
sassafras
sassafras_ -
Did you ever find anything with this issue? I am on my second TF and it is exhibiting the same random reboot while sleeping issue as the first. I know you have a post on another thread indicating how to tell the kernel to ignore "oops" conditions - have you received any feedback on how that is working? I assume this requires root access, I haven't yet rooted my device.
I have collected a few ramdump log files, but as of now only one out of 6 shows a kernel panic. I am new to Android, and I am trying to make sense of the dump logs. It appears that these dumps are maintained in a ring buffer, so the last entries are usually somewhere in the middle, is that correct? All of them also have some garbage at the end, but I assume that is just another effect of the ring buffer strategy.
Like I said, I am new to Android, but I am a long time embedded and real-time programmer, and pretty handy in Linux. It seems to me that the log files aren't providing enough information, but I'm not sure how to debug kernel/system crashes in Android. If anyone could point me in the right direction of where I should look next to get more information on these crashes, perhaps we could get to the bottom of this problem.
From what I can tell via the logs, when the TF is sleeping, it wakes up from time to time for various reasons, then suspends when it is done. It looks like it is during this wake/suspend cycle that something occasionally goes wrong and causes the tablet to reboot.
I am hoping that this is a software/firmware issue (or a hardware issue that can be worked-around with software), because I really like the TF platform and this issue makes keeping apps like IM or email running while it the device sleeps kinda iffy.
Any help from the awesome experts here at XDA would be greatly appreciated, and I look forward to learning more of the gory details and inner workings of Android.
I have had the same issues. Configuring the kernel to ignore oops only helped a bit. The tf would still freeze in standby eventually (once a day or so). My supplier (i.e. not Asus) replaced it and my new tf (a SBK v2 one, unfortunately) has not rebooted once in 2+ weeks. So my guess is that it was a hardware issue (memory, something not coming out of backup mode properly, ...?). Not sure if one could work-around it in software.
Now, this was probably not very helpful but I thought I'd share my experience here. And possibly my tf suffered from an entirely different defect, although the symptoms were the same (ramdump logs from random reboots in standby, independent from wifi on/off, sync on/off, and lots of other settings I tried).
flipflipflip -
Thanks for your reply! I was hoping that it wasn't a hardware issue, and since I got two in a row with the identical problem I was thinking that maybe a software fix could get around it. After reading about your experience, I went ahead and returned it and ordered another one from a different source. Hopefully the third time's a charm!
I'm keeping my fingers crossed that this one is not an SBK v2, but I'll be happy just to have one without sleep-apnea!
This did give me a chance to load up ADB and poke around a bit under the hood of the last one, so if nothing else it is a learning experience. Hopefully I will have something to contribute to the community once I get my hands on a working device.
I know it's been a while (had a big work-related headache), but just wanted to post and let people know that I finally received a TF101 (B50!!) that seems to be working just fine - so I guess it was just a combination of bad luck and a hardware issue after all.
The only issue I have now is that sometimes when it is sleeping, it loses its internet connection (it still seems to be connected to the AP) - but I think I can work around that.
Cheers!
I am glad to see there are at least four other folks about sufficiently embarassed to lead with their apology. Enough pleasantries:
I am capable enough to root my device but am careful enough apparently to avoid triggering inadvertent boot sequences, to wit: I have certainly dropped my Verizon-flavored S in bootloader a few times and with patience I was able to return to a normal boot sequence with no harm/no foul.
Today I forced my imac to serve up its wireless connection to my device via bluetooth (because I accept the fact I need Verizon's signal strength but I refuse to relinquish even one more dollar to them than I absolutely must so I loaded down with Google voice, etc. and EVEN THOUGH I OWN THE PHONE of course I cannot go prepaid and have a 4G connecetion),... I know, stream-of-consciousness is annoying but I am only trying to create a little background).
SO, my otherwise find rooted S, soon after but NOT immediately following my ham-handed creation of the imac connection share via bluetooth it went into the following boot sequence:
1.BOOTLOADER
2. bootloader "ends" and it begins to "charge" based on iconography
3. user grows impatient and, since it always worked before, tries to manually force a normal boot
4. Google icon appears, Stylized X icon appears, home screen appears for an instant and then the display immediately reverts to the X
5. Repeat 4 ad infinitum.
I recognize the fact that I really am not qualified to be a part of this discussion, but, I am self-taught and making sincere effort and my experience is that pros recognize that and will offer a quick work of advice.
My thanks to anybody that took the time to read this post, good evening from Georgia.
1. It's certainly not dumb to ask a question
2. Could you give some more info on you device, like which rom you're running and with which kernel? And maybe what recovery you've got installed?
Me Gusta!
Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
zeph7r said:
Hi friends,
Today I did a most unwise thing: I left my smartphone in a repair shop without wiping all my personal data off of it. Now I'm afraid I may have fallen victim of stolen personal data.
I know this was plain dumb. I now ask myself what sort of trace that may have left behind. Log files? Perhaps Android somehow has recorded all access there has been to my files? I'm guessing the phone was connected by USB to a PC. Even if there is no such thing - or in the event that the phone was subjected to the creation of a some sort image file containing all its contents - maybe I can even rely upon some forensic tools in order to find out what interaction there has been with my phone during the hours I left it at the shop?
Phone: Vodafone Smart Prime 6 (VF-895N).
Android 5.0.2 Lollipop
Many thanks for any tries on alleviating my pain.
Click to expand...
Click to collapse
Well, you can try reading some logs with CatLog app. There isn't much else to know except don't forget to wipe /data!
I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
--
squidstings said:
I have unknown activity on my phone.
Along with numerous "unknown" outgoing calls with no number shown on my device (and 2 other M9 phones on the same plan) or any number registering on my carrier's system (when I called R, they said their system did show connected calls lasting various amounts of time, the could not determine what number the calls were going to), there's also a call in the log going to "(unknown)" "***,144***"
Anybody have any clue what's going on? R gave the bs answer that all 3 of us were calling our VM, even while we were sleeping. However, the times we did check our VM, the number did register on the phones and with the carrier's system.
Thanks!
Click to expand...
Click to collapse
Interesting issue. I am not sure about the rooting. You are probably going to need to ask experts around here. Hopefully, they can help you with that. As for security, you could try checking if you have any suspicious apps running in the background or installed (You might be using same GPS or another app for example). It could be that one of the malicious apps had access to your calls which lead to them outputting calls to somewhere. You could try disconnecting your internet for a day and see if the calls persist (That is probably not an option for you, but it is an idea). Additionally, you could try a factory reset on one of the phones and see if the problem is still there.
squidstings said:
Im adding a question. My M9 was unlocked without my knowledge. I'm guessing that ***,144*** might be the secret unlock code. IS there a way I can determine if it's been rooted as well?
Click to expand...
Click to collapse
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
What to do? As Ross says disconnecting is probably not practicable. If you have malicious activity they probably are using data as well as calls. So I would install a firewall to block most apps and log attempted connections (normally have to pay for this) then check IP addresses tell see if they are legit. However this may not show anything as data may go via root. So setting up a proxy to route traffic to your PC and use a sniffing program to see traffic or at least I P addresses.
You can download root checking apps from play store. Also check your security settings any app with admin rights? Also use a good antivirus you might get lucky, but even if negative you may still be infected.
Only way to really clean your system is to reinstall your OS, though a factory reset will fix often. But first you need to know how you were all compromised and fix that else it will just return, I would think it's most likely your local work network, (but could be your provider R or even something else you connect to in sore way eg Bluetooth, or an app you all have (you can boot into safe mode to disable 3rd party apps, but with HTC system apps possibly containing apps that use the Baidu apk etc that still has a possible backdoor unpatched (as far as I know) safe mode will not help white those!)
You might have to look into freezing/uninstalling all HTC installed apps.
IronRoo said:
just saw this,
https://www.xda-developers.com/htc-says-the-ads-in-its-keyboard-are-a-mistake-fix-icoming/
which reminded me of your issue, though I don't suppose it's linked, but it does make you wonder WTF HTC are up to!
Anyhow with your issue I wasn't going to answer as I don't know the answer but my thoughts may help in some small way. I don't thank the 144 is a phone developers code to "root" or turn of security in some way as that would not show on your provides call logs as they stay internal to the phone (mostly). Also I don't think it's adware callng a premium number as your phone company says it does not register properly, so nobody will be paid.
That only leaves a more malicious form of hacking, I would say. So maybe that code does enable your data to be sent but untrckable over a network. That suggests to me it's possibly your actual network (who are R? What country, is it?) or maybe even your government if you are an activist or something? Though more likely is a criminal or business competitor, assuming the other people affected are business colleagues. So could be your boss trying to snoop on you all, if not HTC or the Chinese Communist Party aparatus!
You might have to look into freezing/uninstalling all HTC installed apps.
Click to expand...
Click to collapse
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
so here's the kicker. I'm literally nobody! On disability, no exciting employment history and those In my family who have, aren't in contact, nor do I have contact info. And it was my wife and daughter who had the other phones, but mine was central i think. daughters phone was locked. So nothing so exciting. Which is why I even bothered asking lol
squidstings said:
Thank you!
Rogers, Canada. But I've switched carriers within the last few days.
I've actually done the FR 5 times now. Disabeling the pre-installed "Gmail" (I think it's more Google thn HTC related seems to have stopped the calls. I've disabled as much as I could.
Click to expand...
Click to collapse
Ah! Rogers Canada should be a well controlled and trustworthy provider, so probably not them, though a rogue employee or having their network compromised can't be ruled out.
Also if official Gmail app it should be safe though it does have some quite intrusive permissions like full network access, view confidential info etc, but all are legit if you want the full functionality of Gmail. But it shouldn't have access to place phone calls, so should not be able to create the behaviour you describe.
That leaves a rouge app, but you would all need to have it I suppose, HTC app (or system behavior) or local hack ie via your router or via your PC. A good anti virus should find rogue app on phone and similarly on PC. HTC system apps hard to spot without doing the firewall etc etc. So I would also be double checking your local router for firmware update and resetting it with a new strong password, to prevent possible return, so to any Bluetooth devices.
Hope it doesn't return! All the best
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
squidstings said:
been a while but, just how does one get a "," in the phone keyboard? long press * for P, but no ",".
Now that time has passed and more people might be awake and less likely to make excuses, I'm wondering if this issue can be solved, or at lest thought about intelligently. Maybe someone who knows how it CAN happen, instead of trying to find ways I'm mistaken. this was on THREE SEPARATE PHONES in 2 separate cities.
Click to expand...
Click to collapse
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Applied Protocol said:
Check with a root app to see if your device is rooted
check permissions also you can take back permissions with a app on fdroid
unknown app check with virus total or
IF someone has root on your phone they can do what they want and when they want
a app that has call access they can transfer information over a phone connection which can be anything
The troubling thing here is that your phone was unlocked w/o you which implies root access
IF you bought your phone new you might not be anybody but to be put in perspective amazon lets you steal $500 if you use another id and they say it is not you so you do not lose out
but if it is used this can be from the previous user.
The best thing to do if it does not stop is to upgrade the software on the phone if you have already done that then use a Root firewall or change to a rom here on xda (you can all change making the transition easier).
Click to expand...
Click to collapse
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
It didn't show root. 2 of 3 m9s were mysteriously unlocked. the 3rd did prompt for a code, but did also show those "unknown #" calls. However, I'm still stuck on the code. I can't even enter a ",". Didn't check the other units for it, but it's still the only unanswered issue that could explain the unlock (aside from your suggestion). No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
It's dead now anyways. Battery won't charge unless powered off and went from 24+hours regular standby to about 3 hours with extreme powersave on, overnight and doesn't extend with usb power. usb data comm isn't even recognized. All 3 have failed actually (different ways) so I'm going back to my m7 which still works great. Except, it says s-on but works with different carriers and I can't even enter the code I paid for (no prompt. is there another way?)
So, here's the tinfoil hat part. Although I'm nobody, This all started around the time of the '16 election. when I was arguing with a youtube account named (not looking to attract attention so no name, but you know it) for the person who came 2nd.
Thank you for your help. It's a shame it's pooched before solving the issue. But hopefully, the code will be solved.
But any help entering my sim unlock code a different way would be appreciated. But if other carrier sims work, should root be doable while showing s-on?
Thanks a TON!!
squidstings said:
Thank you for taking the issue seriously and not trying to force kool aid down my throat (if carrier was "trust"worthy, THEY would have solved it).
No one's even heard of it, but programmers are known for adding backdoors. If anyone's got a new, s-on unit and feels like trying it, that's about the only way to get an answer.
Click to expand...
Click to collapse
It would seem in your case that it is a setting change that was made and not comparable to other phones. Probably what we are talking about is a connection to a command server. S-on is a protection so that one cannot change the state of certain partitions namely the recovery boot and system however their are ways to get around this. You would need to get a root app to do that.
As a general rule you need to prove something is going on and funny numbers are a indication but nobody in the security community would touch it because it is very open. What you need to do however is
Get a copy of the calls use pcap and
check your firmware with the standard HTC firmware
this will show you what the phone call is doing and will help the android community overall (improved security)
Also programmers do not try to add backdoors they try to have a good product it is the hacking/security teams of _________ that do that. This being a programmer myself.
Over the past few days, I've noticed my phone rebooting on it's own. Now, that doesn't mean it hasn't been rebooting without me noticing. Like every other user on the planet, I'd normally use the uptime from the Status screen to see how long the phone has been up. Unfortunately, it states the phone has been up for hours, or days even, when it clearly just rebooted. The only reference to the actual reboot time is when the storage initializes; the storage folder timestamp is updated.
Some users have posted (here and elsewhere) that they are seeing similar issues with rebooting, but they are only being provided workarounds (uninstall apps, remove covers, factory reset, etc.). As a developer, I'd like to start seeing some posts that explain what's going on first. Then, maybe, we can provide some understanding before providing solutions.
To that end, does anyone have any information on the right tools to use to troubleshoot Android devices (Logging, monitoring, etc.)?
Thanks, in advance.
Cheers