Related
As the title says.. is it within the scope of any dev to have some kind of lock or password protection on accessing recovery? This would obviously have to be optional.
Wavesecure is kinda rendered useless if someone could easily flash another rom on the phone before the user can get to wiping all data.
I'm not so concerned about getting a phone back after it's stolen... but i'm much more worried about the information i may have stored on it.
Is this even possible?
Thanks in advance
Alex
a) If you flash another ROM to remove wavesecure, you would have to wipe first and therefore your personal data would be gone anyway.
b) You can install a recovery via adb as far as I know so if the user knew enough to boot into recovery mode, they could flash another recovery and circumvent the password anyway
Hmm, you'd need to password protect fastboot too wouldnt ya?
+1
I was gonna post this. I mean if phone was stolen, and wavesecure did prevent them using it, a wipe will remove it.
Well, ask ninpo maybe over at villainrom site.
Dunno if he would do it, but he modified recovery for villainrom 12 so it could wipe dalvik2cache properly iirc
I would also like it. And flashing over adb is for a newcomer harder then pressing the home button at booting
Seelbreaker said:
I would also like it. And flashing over adb is for a newcomer harder then pressing the home button at booting
Click to expand...
Click to collapse
True.
You could always install the 007 spl if you were that bothered. But I don't recommend that.
I will look into wave secure, as I have a few ideas about things to do.
But remember most thieves would not manage to flash a rom, but a wipe using power + call (I think) is easy.
Also remember that wave secure is a great program, and it has improved loads since I first contacted them to show a way to add your own un approved sim to the allowed list. But I can still bypass it in about 30 seconds, just like any other security measure your phone may use (eg pattern lock or third party app locker).
So whilst a thief in theory could do this, it's unlikely in my opinion. They would need a fair bit of android knowledge, and anyone who knows the inner workings can get rid of any user security measure in seconds.
And btw, when in say I can bypass ws in 30 secs, that don't involve removing the app. I mean bypass that lock screen completely with the app installed
just curious: this possibility doesn't involve activated USB debugging in the device? So you do some trick during boot... or something else I just can't think of?
xdafalter said:
just curious: this possibility doesn't involve activated USB debugging in the device? So you do some trick during boot... or something else I just can't think of?
Click to expand...
Click to collapse
I have more than one method. But I used methods that are unlikely to be found. One certainly can't be fixed, as it is inherently a flaw on linux, though by design. For this reason I won't be disclosing it, and I'm sure people understand.
But yes, usb debugging is useful for bypassing it, though I can still get round it even if you have disabled it
anon2122 said:
But yes, usb debugging is useful for bypassing it, though I can still get round it even if you have disabled it
Click to expand...
Click to collapse
Interesting... I will give it some thought as I like to know stuff
Knowledge brings fear (from Futurama) but don't be evil (Google)
thanks for the replies.
In the end any security can be broken and circumvented.. i just like the idea of layering as much as possible... again i don't expect to be able to get my phone back or stop someone from selling it (given how common imei spoofing seems to be)..
i just want to have time to run a remote wipe from another location.
I do turn off usb debugging whenever i'm not likely to be at a PC.
I know i'm being paranoid... but with good reason
Bantu85 said:
thanks for the replies.
In the end any security can be broken and circumvented.. i just like the idea of layering as much as possible... again i don't expect to be able to get my phone back or stop someone from selling it (given how common imei spoofing seems to be)..
i just want to have time to run a remote wipe from another location.
I do turn off usb debugging whenever i'm not likely to be at a PC.
I know i'm being paranoid... but with good reason
Click to expand...
Click to collapse
Wanna try something? Turn off USB debugging, then try and connect via adb.
Try "adb shell" and see what happens.
I'm not sure what you are up to, but it cannot connect (no device connected or similar output)... and this is the expected result.
Did you want to prove something else?
Yeh adb shell with usb-debugging off just gives "error no device found".
xdafalter said:
I'm not sure what you are up to, but it cannot connect (no device connected or similar output)... and this is the expected result.
Did you want to prove something else?
Click to expand...
Click to collapse
Nah, just wondered. Some phones used to have persisting ADB, which meant that you could get a connection even when that was disabled IIRC.
But remember that you can get adb on boot regardless of setting AFAIK, as well as in recovery
so, if we would have a pw protected recovery/spl and use a kernel with no adb compiled in, where would then be your basis to break in?
xdafalter said:
so, if we would have a pw protected recovery/spl and use a kernel with no adb compiled in, where would then be your basis to break in?
Click to expand...
Click to collapse
Or perhaps limit the use of ADB so that it can only be used while booted into the recovery and after the pw-protection of it has been passed.
I don't know if anyone is going to believe this. I decided to test Android Device Manager's lock feature. Worked fine on my tablet. Did not work right on my phone. Now I am locked out of my phone. It would not accept the PIN I selected. I tried sending different PINs and it won't accept any of them! When I change the "message," it does change but the PIN doesn't work.
1) Is there any way to fix this???
2) If not, ugh, if I send an ERASE command, will I be able to get back into the phone?
Help!!
Thanks!
Paul
(I don't know how to prove this isn't a stolen phone - I have full access to it via Device Manager in my google account)
Talked to AT&T. I was screwed. FYI for anyone else... The Android Device Manager Lock may not work right on the AT&T Galaxy S4.
The entire point of locking a phone through ADM is to render it useless for anyone that has stolen it or "found and tried to use it" if it was lost. It's not intended as a tool to be used day to day or for any other reason than loss or theft. As such, I don't see why there would be a need to re-activate the phone after locking it through ADM.
However, if it simply won't let you unlock the lock screen, why not use ODIN to re-flash the firmware and start fresh with an unlocked lock screen?
scott14719 said:
The entire point of locking a phone through ADM is to render it useless for anyone that has stolen it or "found and tried to use it" if it was lost.
Click to expand...
Click to collapse
I should have posted more details. Actually, you can factory reset the phone and it comes out of it fine, albeit factory reset. It doesn't make the phone useless. It just protects the data on your phone with the standard PIN lock screen. It's certainly no kill switch.
To add more info to this - it literally changes the lock screen setting to PIN lock. So, for example, on my tablet, I had a pattern lock. Even after I unlocked it with the ADM PIN I sent, the next time it locked, it was the same PIN lock. I had to go back and change it to the pattern lock.
This is unlike the 3rd party solutions I have used in the past (e.g. Lookout, AVG) which overlay their own lock onto the phone one time only. Once you unlock through their PIN system, the device reverts to whatever locking method you had been using (or none).
This is just what I learned from the experience. Maybe people knew this but it was interesting to me.
PaulQ602 said:
I should have posted more details. Actually, you can factory reset the phone and it comes out of it fine, albeit factory reset. It doesn't make the phone useless. It just protects the data on your phone with the standard PIN lock screen. It's certainly no kill switch.
To add more info to this - it literally changes the lock screen setting to PIN lock. So, for example, on my tablet, I had a pattern lock. Even after I unlocked it with the ADM PIN I sent, the next time it locked, it was the same PIN lock. I had to go back and change it to the pattern lock.
This is unlike the 3rd party solutions I have used in the past (e.g. Lookout, AVG) which overlay their own lock onto the phone one time only. Once you unlock through their PIN system, the device reverts to whatever locking method you had been using (or none).
This is just what I learned from the experience. Maybe people knew this but it was interesting to me.
Click to expand...
Click to collapse
Thanks for the additional info. It's nice to know how it works or is supposed to work. Starting mid-2014, all cell phones sold in the US will be required to have a "kill switch" available. I wonder if it will operate in the same way. I guess time will tell. Again, thanks for the info.
I do wish people who don't read a persons message properly and are not informed on the subject wouldn't waste every ones time posting their drivel aye Scott!
You like so many others state the obvious, I did like your post Paul and thank you for taking the time to post
I have had issues with ADM and have found the application about as useful as Scott's drivel
Hello all,
This is a strange request but desperate times call for desperate measures. My father recently got himself a new Samsung Galaxy S5 here in Australia, unfortunately a tragic motorcycle accident on the 1st of this month led to my father no longer being with us. This was heartbreaking for my family and I, I now have in my possession his phone, It is still operational from what I can gather, it still rings, still vibrates when hooking up to my laptop and it detects it. The screen is completely smashed and doesn't work and the phone is locked. I want to be able to access the phone to recover any photos etc he has on the phone itself, I am unaware of what type of screenlock is on it.
So far I tried Samsung Kies but due to the phone being locked I can't use that,. Nothing shows up on the phone in windows explorer. I've downloaded [email protected] and android studio and have tried to get that to show up so I can see whats on the screen and attempt to use android control to unlock the phone but so far I've had no such luck. I need usb debugging enabled but I'm going to have to assume its disabled and thus proving my attempts so far to be fruitless.
If anyone can give me any ideas or things to try I'm all ears, I'm ok with computers so should be able to figure out most things but this is my first exposure to these types of applications.
Kind regards,
Eric.
trekster83 said:
Hello all,
This is a strange request but desperate times call for desperate measures. My father recently got himself a new Samsung Galaxy S5 here in Australia, unfortunately a tragic motorcycle accident on the 1st of this month led to my father no longer being with us. This was heartbreaking for my family and I, I now have in my possession his phone, It is still operational from what I can gather, it still rings, still vibrates when hooking up to my laptop and it detects it. The screen is completely smashed and doesn't work and the phone is locked. I want to be able to access the phone to recover any photos etc he has on the phone itself, I am unaware of what type of screenlock is on it.
So far I tried Samsung Kies but due to the phone being locked I can't use that,. Nothing shows up on the phone in windows explorer. I've downloaded [email protected] and android studio and have tried to get that to show up so I can see whats on the screen and attempt to use android control to unlock the phone but so far I've had no such luck. I need usb debugging enabled but I'm going to have to assume its disabled and thus proving my attempts so far to be fruitless.
If anyone can give me any ideas or things to try I'm all ears, I'm ok with computers so should be able to figure out most things but this is my first exposure to these types of applications.
Kind regards,
Eric.
Click to expand...
Click to collapse
First of all, I'm really sorry for your loss..
If he had a microSD card in his phone, it's likely that his pictures (and other documents) are on the card.
If that's the case, unless he encrypted the content, you should be able to just remove the microSD card and read it on your computer with a card reader.
Eric, do you have a MHL adaptor & HDMI tv?
You can view the screen on this via tv.
If I understand well he is able to see the screen but cannot pass the security lock. If that's the case try to connect the phone to your PC and copy all the internal SD card, I think you will be able to access the content. Also not sure if a factory reset will deactivate the screen lock but you can try it in an ultimate attempt.
Sent from my SM-G900F using XDA Free mobile app
mikka06 said:
If I understand well he is able to see the screen but cannot pass the security lock. If that's the case try to connect the phone to your PC and copy all the internal SD card, I think you will be able to access the content. Also not sure if a factory reset will deactivate the screen lock but you can try it in an ultimate attempt.
Sent from my SM-G900F using XDA Free mobile app
Click to expand...
Click to collapse
It depends on the type of security lock.
If it's swipe, then he can see the content by connecting the phone to the PC, but not if it's a password, fingerprint, pin, ...
He would have to unlock the screen before the files are available.
Sorry to hear of your loss, especially at this time of year.
The idea of copying the SD card is the first step. If I read you're message right you can't see the screen at all?? I would take the device to a repair shop and get the screen replaced - tell them very clearly NOT to wipe / reset the device. Then you should be able to see the screen and might be able to figure out the screen lock. If the fingerprint reader was used there will always be an alternative password, you might be able to reset this to the gmail account used on the phone (assuming you have access to this?).
Hope you get it sorted.
Mithrandir007 said:
First of all, I'm really sorry for your loss..
If he had a microSD card in his phone, it's likely that his pictures (and other documents) are on the card.
If that's the case, unless he encrypted the content, you should be able to just remove the microSD card and read it on your computer with a card reader.
Click to expand...
Click to collapse
I copied all of the sd card and as it was copying it died, so I have most of the data off that.
DeanonZL said:
Eric, do you have a MHL adaptor & HDMI tv?
You can view the screen on this via tv.
Click to expand...
Click to collapse
No I don't have the adaptor but I do have a HDMI tv, so I will investigate this, thank you.
mikka06 said:
If I understand well he is able to see the screen but cannot pass the security lock. If that's the case try to connect the phone to your PC and copy all the internal SD card, I think you will be able to access the content. Also not sure if a factory reset will deactivate the screen lock but you can try it in an ultimate attempt.
Sent from my SM-G900F using XDA Free mobile app
Click to expand...
Click to collapse
Cannot see the screen, and when I connect it to pc to check if there is anything on the phone itself, It won't let me as the phone is keypad/swipe/fingerprint locked.
Mithrandir007 said:
It depends on the type of security lock.
If it's swipe, then he can see the content by connecting the phone to the PC, but not if it's a password, fingerprint, pin, ...
He would have to unlock the screen before the files are available.
Click to expand...
Click to collapse
This is what I am trying to find out what lock is on the phone.
MadMic said:
Sorry to hear of your loss, especially at this time of year.
The idea of copying the SD card is the first step. If I read you're message right you can't see the screen at all?? I would take the device to a repair shop and get the screen replaced - tell them very clearly NOT to wipe / reset the device. Then you should be able to see the screen and might be able to figure out the screen lock. If the fingerprint reader was used there will always be an alternative password, you might be able to reset this to the gmail account used on the phone (assuming you have access to this?).
Hope you get it sorted.
Click to expand...
Click to collapse
I took it to a repair shop, its a catch 22 situation, They want $150 to pull the data off the phone, and if there is no data of use then thats a waste of money, They wants $240 to replace the screen, the phone has a very slight bend in it so if I replace the screen the phone still may not be able to be used properly so again would be a waste of money.
This is the main reason why I am trying to at least view the screen to ascertain what lock is used, I do have his gmail credentials so I can reset from there, from what I understand resetting the phone also loses any data (messages, pictures, etc) that is on the actual phone.
Last but not least thank you to everyone so far for your replies, I really appreciate you all taking the time to reply and try to help!
Regards,
Eric.
trekster83 said:
I copied all of the sd card and as it was copying it died, so I have most of the data off that.
No I don't have the adaptor but I do have a HDMI tv, so I will investigate this, thank you.
Cannot see the screen, and when I connect it to pc to check if there is anything on the phone itself, It won't let me as the phone is keypad/swipe/fingerprint locked.
This is what I am trying to find out what lock is on the phone.
I took it to a repair shop, its a catch 22 situation, They want $150 to pull the data off the phone, and if there is no data of use then thats a waste of money, They wants $240 to replace the screen, the phone has a very slight bend in it so if I replace the screen the phone still may not be able to be used properly so again would be a waste of money.
This is the main reason why I am trying to at least view the screen to ascertain what lock is used, I do have his gmail credentials so I can reset from there, from what I understand resetting the phone also loses any data (messages, pictures, etc) that is on the actual phone.
Last but not least thank you to everyone so far for your replies, I really appreciate you all taking the time to reply and try to help!
Regards,
Eric.
Click to expand...
Click to collapse
No worries.
Do you know if he was using Cerberus or Theftspy or another anti theft tool?
If he did and you can find out his credentials, you should also be able to unlock the phone with a command (at least Cerberus does that) or even transfer all the data to a cloud (dropbox, google drive,...).
Could he not physically open the phone and get to the actual sd card that the phone comes with that the OS and all that is on? Or is that locked down?
Sent from my SM-G900A using Tapatalk
I had a idea for the lock screen but it will not help with seeing which you would have to deal with first. Any chance he left Gmail loged on any computer you have access to. You could try installing a app to bypass the lock screen.
I have never tried this one it was just the first I found that fit my theory of a workaround, although you could look around for a free one that may be better then you wouldn't have to worry about passwords to do the purchase.
https://play.google.com/store/apps/details?id=net.thomascannon.screenlockbypass.pro
shadowofdarkness said:
I had a idea for the lock screen but it will not help with seeing which you would have to deal with first. Any chance he left Gmail loged on any computer you have access to. You could try installing a app to bypass the lock screen.
I have never tried this one it was just the first I found that fit my theory of a workaround, although you could look around for a free one that may be better then you wouldn't have to worry about passwords to do the purchase.
https://play.google.com/store/apps/details?id=net.thomascannon.screenlockbypass.pro
Click to expand...
Click to collapse
If you know his samsung account information, you can login to their web service and remove the lockscreen passcode. From there, you should be able to USB the files off of it.
Hi guys.
I have really weird situation. So when I was setting up my Galaxy Note 4 I chose Fingerprint Scan to be my main authentication method. It prompted me to chose backup password in case Fingerprint scan cannot be read. Unfortunately I did NOT write down somewhere my backup password because I thought that the only case that will ever require me to use it would be losing my thumb finger. Since I was not planning to lose my thumb finger anytime soon I did not think about making sure to write down the backup password I chose....
Now where my problem comes. I have not used this phone for like 2-3 weeks because I use different phone as my primary one. Well guess what happened? After I booted my phone today it does NOT show the usual "Scan your Fingerprint" Screen and instead going directly to "Enter your backup password"
What could have happened?? Did the phone somehow think that somebody scanned wrong finger too many times and now the only way to unlock it is to enter the password? I guess it would be easy to just wipe the phone and start over but there are many pictures that I took on phone's internal memory and did not have a chance to transfer over to my computer... Anyone could PLEASE chime in and tell me how can I make it ask for Fingerprint instead of password?? I would really appreciate to hear what you guys think
Short version:
1. Had Fingerprint as main authentication method
2. Did not write down backup password anywhere
3. After not using the phone for couple weeks now its skipping Fingerprint screen and directly goes to asking for password
4. Any ideas?
I like the device encryption (I know many don't but like the idea it's not accessible when lost). On my 3T I would set a pin and it would ask me if the PIN shuld be required to boot up. For some reason that's not working on my 5. When I set a PIN that's pretty much it. No question if I want to protect my boot process. Can anyone confirm?
I think I found out myself... It looks like the old boot screen is gone, but when opening TWRP, it does ask for the PIN.. So I guess it's working...
Mines the same - no choice to enter PIN on startup or am I missing something (as usual)?
I'm having the same thing, strange!
/sub