Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
From me the problem is to protect MY data if I loss the phone...
If my phone is password protected (and bootloader locked), a person that found the device can't use it directly.
It can unlock the bootloader (more or less easily) but the phone data is removed by the unlock process.
My data is sure!
But if the bootloader is unlocked the person that has found my phone can acess to the custom recovery (or load a custom recovery if I'm on stock recovery) then force a wipe of the device.
Due to that, all my security (fingerprint and lock code) was erased and the user can access to my phone and also to all the data stored in /sdcard.
My data isn't sure!
It exists any mode to use a custom ROM but maintaining my data sure?
(I'm not confidence with the Google remote device access)
Thanks in advance!
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
I'll be honest and I mean no offense but your data is worthless. If someone steals your device the first things done are Sim removed and devices reset or powered off. Data thieves don't get the data from stolen devices. They get it from the places we give it freely. Like shopping stores and on line accounts.
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
bartito said:
Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
...........................................
Click to expand...
Click to collapse
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Click to expand...
Click to collapse
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
Black listing the imei doesn't work everywhere. Plus while banned on xda so I can't say how. But the imei is not that hard to change.
bartito said:
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
Click to expand...
Click to collapse
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
sikander3786 said:
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Click to expand...
Click to collapse
bartito said:
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
Click to expand...
Click to collapse
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
sikander3786 said:
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
Click to expand...
Click to collapse
I think in the end I will stay as I am: bootloader unlocked and TWRP instead of the original recovery.
After all... I've never lost a phone...
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
I haven't checked, but I believe it should.
nxss4 said:
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
Click to expand...
Click to collapse
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
Click to expand...
Click to collapse
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
sikander3786 said:
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Click to expand...
Click to collapse
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Hello,
Thanks for your anwer. I appreciate the time that have you spend on my question
I need to go to the FDE thread to learn a bit more about the process and results.
Now, I have 2 more questions...
1) If the phone is encrypted with FBE a user can remove user passwords using "adb shell rm /data/system/*.key
&& adb reboot" commands, like @sikander3786 has explained but, due to the device is encripted, it can't access to my data
and the device will require for the decrypt password when booting in normal mode or recovery. I'm correct?
2) If the device is encrypted with FBE a user can access to /sdcard even without the decrypt password in recovery (TWRP) mode but not if encrypted with FDE?
Thanks again!
Fif_ said:
I haven't checked, but I believe it should.
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Click to expand...
Click to collapse
nxss4 said:
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
Click to expand...
Click to collapse
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
anuragm13 said:
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
Click to expand...
Click to collapse
You can't, but your data isn't accessible without the password
bartito said:
You can't, but your data isn't accessible without the password
Click to expand...
Click to collapse
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
anuragm13 said:
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
Click to expand...
Click to collapse
Yes, you can flash any recovery and any rom, but phone data can't be accessible if you don't have the password.
To use the device you need to know the password or do a data format
Isn't your phone technically always safe as long as you keep it encrypt it?
Only thing a thief could do would be a reset in both cases, isn't it?
Related
Hi,
Running an unlocked bootloader is quite risky assuming someone has physical access to your phone.
It's extremely easy simply to put it into fastboot mode, flash a recovery (cwm/twrp) and then adb will provide root access to all data.
This is mitigated by encrypting the device, however, I haven't been successful in doing this (http://forum.xda-developers.com/showthread.php?p=48848592) on this particular phone although it works without any issues on nexus phones.
For the people with unlocked bootloaders, do you simply don't care about someone getting physical access or is there anything that can be done?
Also, did someone manage to successfully encrypt the phone (using the standard settings -> security -> encrypt phone) or is everyone running unencrypted?
Having a remote wipe capability is next to useless assuming the thief will power off the phone immediately (before you have a chance to issue the remote wipe).
An unlocked bootloader is mandatory for running Cyanogenmod so that's that.
Thank you.
A thief (if he had the knowledge or the inclination), could steal a locked bootloader phone (without encryption) and simply flash an ftf and untick "wipe data". He would then have full access to the data on the phone by rooting and flashing a recovery for LB. So locked bootloader is cold comfort really
Sent from my C6603 using xda app-developers app
i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible
You're right, a locked bootloader is indeed a false security.
At the end, encryption is needed but on this phone, it doesn't seem to work and no one tried using it apart from me...
I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.
(At least this is what I tell myself to sleep better at night lol)
SmallsXD said:
I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.
(At least this is what I tell myself to sleep better at night lol)
Click to expand...
Click to collapse
Getting all your data is as trivial as flashing a custom recovery for locked bootloaders which will provide direct root access.
It probably takes less than a few minutes.
Like they say, there's nothing more dangerous than the sense of false security.
Its not just having a Locked bootloader but also having USB Debugging off, 3rd Party App installs off as that alone would dramatically reduce the number of compatible tools to achieve root access to your device. As far as I know you have to be rooted in most cases to install custom recoveries or at least that is what most instructions say. Remember security is hardly ever a complete solution, its about making it not worth the effort.
For the average person/criminal it is not worth their time to access my data as it is actually worthless to them, As I said the SD card is already taken as soon.
My antitheft software will be lingering with a Data Wipe command, I would have changed the account information stored, I never stored Billing information. So my risk level is very low and not worth any more effort on my end.
As stated, Im speaking from a personal perspective and not a "best practice" one.
The real problem is we like to unlock everything and tick every security risk option and then complain when things get patched that make our device more secure, like all the root exploits.
BL unlocked - Any compilable kernel can now run
USB Debugging - Access from PC's to send commands to your device
Installs from unknown sources - Allows installations of root apps and other apps
All things we need set to do some great things with our devices but how many of us actually look back at these setting once we enable them. It is the equivalent to taking off a door to get the fancy new furniture inside but never putting it back on when we are done.
elias234 said:
i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible
Click to expand...
Click to collapse
Suppose i have encrypted my device, i.e., it asks for password before booting up...
Q1 So, is it still possible to access the fastboot or recovery mode? Will entering the recovery or fastboot mode would require the password?
Q2 If no, how can i prevent access to fastboot and recovery mode with an unlocked bootloader?
This guide is for the safe procedure for re-locking your bootloader with the new security features of Android 5.1 on the Nexus 6
The purpose of re-locking your bootloader should solely be used for RMA or resale of your device. Also if you have flashed a factory image and want the added security of a locked bootloader. Or possibly it is required by your employer. If you're required by your employer, then I suggest you reconsider unlocking in the first place. If you're returning to stock, to simply fix problems on your device, then I also strongly suggest leaving the bootloader unlocked. To put it in simple terms, if you want to keep a custom recovery and ROM, mod, root, etc, then leave your bootloader unlocked. Re-locking the bootloader on the Nexus 6 will cause your device to be wiped.
Please read this post by @efrant for more clarification:
http://forum.xda-developers.com/showthread.php?p=60128929
Thanks @efrant @cam30era @rootSU @clairez for collaboration and advice.
This is based on a 100% stock, encrypted, un-modded Nexus 6
Due to significant security changes in Android 5.1, there are some specific steps that must be taken in order to safely re-lock your bootloader during and after installing a factory image.
WARNING! These steps are confirmed working but there is still risk involved. If you do not ABSOLUTELY need to re-lock then I strongly suggest leaving the bootloader unlocked.
FOLLOWING THESE STEPS WILL WIPE YOUR DEVICE SO BACKUP YOUR DATA!
This is based on you (the user) having already read and followed instructions on downloading the factory image and having it ready to install.
STEP 1
Disable all security locks on your phone.
On your phone, go into your settings, click Security. In Screen security, click on Screen lock, enter your passcode/pin/pattern then select none.
You will get a prompt that Device protection features will no longer work. Click OK.
STEP 2
**OPTIONAL**
Thanks @gee2012
This step is optional because successful installation of the factory image will remove this info anyway.
Remove your Google account.
In settings, click Accounts, click Google then click on your account name. (your gmail address)
Click the 3 dot menu button in top right of screen and select Remove account. You will get a prompt That this will delete all messages, contacts and other data from your phone. Click REMOVE ACCOUNT.
STEP 3
This step is optional and may or may not be needed but I recommend doing this.
Preform a factory reset from your phone settings.
Open settings and click on Backup & reset. Click Factory data reset.
You will receive a prompt stating that this will erase all data from your phone's internal storage, click RESET PHONE.
The reset takes quite a while to complete, approximately 10 to 15 or more minutes for a 32gb model and 20 minutes or more for a 64gb model, so BE PATIENT!
Your phone will reboot when completed.
STEP 4
IMPORTANT!!
When your phone reboots, you will have to skip all account set up and ABSOLUTELY do not set any security features up. Skip EVERYTHING!
Go to settings and enable Developer options. (About phone>tap build number 7 times)
Once you have developer options enabled, enable USB Debugging and tick the box to allow OEM unlock.
I suggest preforming a reboot here to verify that OEM unlock sticks. After the reboot enter developer options to verify OEM unlock is still ticked.
If it is, we will proceed. If not, ensure you have followed the previous steps correctly. If you have and for some reason the setting won't stick, DO NOT PROCEED OR YOU MAY END UP STUCK IN A BOOT LOOP WITH NO CURRENT WAY TO FIX!
STEP 5
If setting has stuck, you are ready to unlock your bootloader and install the factory image using one of the ways outlined elsewhere in this forum.
After installation is complete, reboot to recovery and again preform a factory reset. Reboot to Android.
STEP 6
IMPORTANT!
Upon completion of factory reset from recovery and reboot to Android, it is important to follow this procedure so you may now safely lock your bootloader.
SKIP ALL ACCOUNT AND SECURITY SET UP AGAIN! Go to settings and enable developer options again. Enable USB debugging and tick allow OEM unlock.
Again, I recommend a reboot at this point to verify the settings stick.
Use the button combo or ADB to reboot to bootloader.
Use the command fastboot oem lock
Your device will wipe again and reboot.
CONGRATULATIONS! You now have a locked bootloader and you may proceed to restore your phone.
See here for info from Google about the new security features:
https://support.google.com/nexus/answer/6172890?hl=en
Thanks @efrant for finding this link.
Thanks also to all of those who helped to confirm this process works consistently.
Thanks to @clairez for this thread: http://forum.xda-developers.com/nexus-6/help/update-to-5-1-lock-bootloader-t3058480
*Disclamer*
I am not responsible if your device bricks, loops or causes mass world hysteria.
*How to prepare your Nexus 6 for resale*
Since the onset of Android 5.1, there are some specific steps needed to ensure you can sell your device and not have the seller need your Google password when they receive your device. Please read this guide provided by @PatimusXPrime
http://forum.xda-developers.com/showpost.php?p=60455167&postcount=43
TWRP RECOVERY INSTALLED ONLY
The following info is for users who have TWRP installed and are stuck in bootloop (soft brick) after wiping OS with a locked bootloader.
Credit to this thread:
Thanks @ixa20
http://forum.xda-developers.com/showthread.php?t=3053783
STEP 1
Boot into bootloader.
STEP 2
Use fastboot and issue the commands:
fastboot format userdata
fastboot format cache
This should allow you to boot back into TWRP.
Flash a ROM and get up and running.
Unlock your bootloader and leave it that way.
Thanks also to @rootSU for posting this solution many, MANY times.
I hear a lot about locking the boot loader, but what exactly am I missing out on in terms of security with an unlocked boot loader, and rooted
productofusa said:
I hear a lot about locking the boot loader, but what exactly am I missing out on in terms of security with an unlocked boot loader, and rooted
Click to expand...
Click to collapse
I think, primarily, if you are unencrypted you run the risk of your data being compromised if your phone is lost or stolen. Plus, the new security features are not proven to work 100% when bootloader is unlocked. Simply by rooting, you've opened your device to be more vulnerable to malicious attacks. I'm sure you already know that.
Evolution_Freak said:
I think, primarily, if you are unencrypted you run the risk of your data being compromised if your phone is lost or stolen. Plus, the new security features are not proven to work 100% when bootloader is unlocked. Simply by rooting, you've opened your device to be more vulnerable to malicious attacks. I'm sure you already know that.
Click to expand...
Click to collapse
I see, nothing I wasn't already aware of! It seems that a significant amount of people that are used to an unlocked rooted handset are quick to jump on the relock the bootloader omg security bandwagon regardless of the consequences. Having said that thanks to folks such as yourself most of the kinks seem to be worked out at this point.
Thanks
Okay, so I'm new to the whole unlocking/flashing thing.... I bought a nexus 6 from Verizon which obviously came with 5.1 out of the box. I was using stock with my google account attached and a pin lock. I successfully unlocked by bootloader and rooted with twrp and the nexus toolkit. I have also since flashed chroma. Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Cannibal Oxen said:
Okay, so I'm new to the whole unlocking/flashing thing.... I bought a nexus 6 from Verizon which obviously came with 5.1 out of the box. I was using stock with my google account attached and a pin lock. I successfully unlocked by bootloader and rooted with twrp and the nexus toolkit. I have also since flashed chroma. Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Click to expand...
Click to collapse
The first post explains how to lock the bootloader safely. If you're going g back to stock, simply follow the steps
Cannibal Oxen said:
Okay, so I'm new to the whole unlocking/flashing thing.... I bought a nexus 6 from Verizon which obviously came with 5.1 out of the box. I was using stock with my google account attached and a pin lock. I successfully unlocked by bootloader and rooted with twrp and the nexus toolkit. I have also since flashed chroma. Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Click to expand...
Click to collapse
No, not at all. You can flash a factory image and return to stock at anytime. However, if you plan on flashing ROMs again, there's no need to relock the bootloader. For instance, if you wanted to return to stock to say, get an OTA, the bootloader being unlocked wouldn't affect that negatively.
If you did desire to relock, following this guide, as far as disabling the security and Google account, you should be able to relock. The important thing is making sure that pesky "allow OEM unlock" option remains checked after a reboot.
Cannibal Oxen said:
Am I to understand that I can not ever go back to unrooted stock and locked booloader, now?
I'm really sorry for what is probably a stupid noob question, but I'm really paranoid now. TIA!!
Click to expand...
Click to collapse
You can go back to stock. And then, subsequently relock the bootloader.
And the question is not "stupid". Noob questions are encouraged here. That's how you learn.
rootSU said:
The first post explains how to lock the bootloader safely. If you're going g back to stock, simply follow the steps
Click to expand...
Click to collapse
Fair enough. The part that confused me was the first five steps appear to address steps required to unlock the bootloader. I was afraid since I already unlocked mine without first disabling security and removing my account that it would somehow preclude me from ever being able to relock the bootloader should that need ever arise in the future.
I really appreciate the help!
Yeah, I learned my lesson, DON'T PLAY WITH LOCKED BOOTLOADERS ON THIS DEVICE, EVER!
I had a locked bootloader, and no System (I had wiped it accidentally).
Luckily though I had the sense to keep TWRP installed, but I couldn't boot to it, it was just bootlooping to the TWRP splash screen.
I thought I had just lost a $650 investment, but here's what I did:
Boot to bootloader, then
Code:
fastboot erase cache
fastboot erase userdata
Then I could boot to TWRP! So I
Code:
adb push (ChromaOS zip here) /sdcard/
But when I tried to flash the Data and Cache partitions kept giving me errors, I couldn't flash anything!
I went to sleep (or tried to sleep, but couldn't) I was panicking!
When I woke up I tried one more thing:
From bootloader I did
Code:
fastboot format cache
fastboot format userdata
(Notice FORMAT instead of erase!)
I booted into TWRP and was able to flash ChromaOS, I was able to enable OEM Unlock, and flashed the full Factory Image, completely back to stock.
I booted once with unlocked bootloader to verify it was working, then locked it.
If I had the stock recovery, I would've had a $650 paperweight.
DO NOT MESS AROUND WITH LOCKED BOOTLOADERS! DON'T RISK IT!
gorei23 said:
Yeah, I learned my lesson, DON'T PLAY WITH LOCKED BOOTLOADERS ON THIS DEVICE, EVER!
I had a locked bootloader, and no System (I had wiped it accidentally).
Luckily though I had the sense to keep TWRP installed, but I couldn't boot to it, it was just bootlooping to the TWRP splash screen.
I thought I had just lost a $650 investment, but here's what I did:
Boot to bootloader, then
Code:
fastboot erase cache
fastboot erase userdata
Then I could boot to TWRP! So I
Code:
adb push (ChromaOS zip here) /sdcard/
But when I tried to flash the Data and Cache partitions kept giving me errors, I couldn't flash anything!
I went to sleep (or tried to sleep, but couldn't) I was panicking!
When I woke up I tried one more thing:
From bootloader I did
Code:
fastboot format cache
fastboot format userdata
(Notice FORMAT instead of erase!)
I booted into TWRP and was able to flash ChromaOS, I was able to enable OEM Unlock, and flashed the full Factory Image, completely back to stock.
I booted once with unlocked bootloader to verify it was working, then locked it.
If I had the stock recovery, I would've had a $650 paperweight.
DO NOT MESS AROUND WITH LOCKED BOOTLOADERS! DON'T RISK IT!
Click to expand...
Click to collapse
With the method I've outlined and personally tried, it can be safely done. The security settings are the issue and a safe way around that has been found.
Evolution_Freak said:
With the method I've outlined and personally tried, it can be safely done. The security settings are the issue and a safe way around that has been found.
Click to expand...
Click to collapse
I know, I'm just saying don't play around with it, if you're going to relock make sure that you KNOW it will work.
Can confirm that the outlined info here works flawlessly
I used this process to re-lock my phone after unlocking in the fastboot-enabled upgrade from OTA 5.1 "D" to stock 5.1 "E" an hour ago.
The easy part was unlocking/locking/rebooting in the correct order - the harrowing part was when my fastboot update of the radio failed, after which I figured out it was a transient USB issue with my system, so rebooted Windows and then everything went reasonably close to plan.
So, now I'm on "E" and with a locked bootloader (i.e., stock for Verizon). I'll be experimenting with custom ROMs after settling in with this for a bit, but wanted to test out VoLTE and other things before going the custom route.
Thanks again for this guide.
- ooofest
ooofest said:
I used this process to re-lock my phone after unlocking in the fastboot-enabled upgrade from OTA 5.1 "D" to stock 5.1 "E" an hour ago.
The easy part was unlocking/locking/rebooting in the correct order - the harrowing part was when my fastboot update of the radio failed, after which I figured out it was a transient USB issue with my system, so rebooted Windows and then everything went reasonably close to plan.
So, now I'm on "E" and with a locked bootloader (i.e., stock for Verizon). I'll be experimenting with custom ROMs after settling in with this for a bit, but wanted to test out VoLTE and other things before going the custom route.
Thanks again for this guide.
- ooofest
Click to expand...
Click to collapse
Word of caution, don't flash stuff with a locked bootloader. If you get a bad flash and you can't boot, you'll be screwed.
Doesn't the setting in developer optionsto allow OEM unlock of the bootloader reset every boot on the new firmware? I know mine does on meanpop and chroma both 5.1 roms
Sent from my Nexus 6 using Xparent Skyblue Tapatalk 2
pwned3 said:
Doesn't the setting in developer optionsto allow OEM unlock of the bootloader reset every boot on the new firmware? I know mine does on meanpop and chroma both 5.1 roms
Sent from my Nexus 6 using Xparent Skyblue Tapatalk 2
Click to expand...
Click to collapse
Yes
pwned3 said:
Doesn't the setting in developer optionsto allow OEM unlock of the bootloader reset every boot on the new firmware? I know mine does on meanpop and chroma both 5.1 roms
Sent from my Nexus 6 using Xparent Skyblue Tapatalk 2
Click to expand...
Click to collapse
It does if you have "Device protection" enabled. If you do a factory reset and, while you are running through the set up wizard, do not enable "Device protection", then the " Allow OEM unlock" setting should stick.
Sent from my Nexus 6 using Tapatalk
rootSU said:
Word of caution, don't flash stuff with a locked bootloader. If you get a bad flash and you can't boot, you'll be screwed.
Click to expand...
Click to collapse
Before attempting to upgrade the stock level or going custom, I was planning to run through at least steps 1-4 again to enable me to safely unlock.
Or, do I only need to tick OEM Unlock, adb into stock recovery and then fastboot oem unlock without going through the suggested factory data reset step?
- ooofest
I need to recover data from a samsung galaxy s7 edge, but I don't know the code for unlocking the screen. There's a way to bypass this?
1. How could You forget a 4 digit pin code? Seriously.
2. Is it rooted? Any custom rom on it? Encryption?
ProtoDeVNan0 said:
1. How could You forget a 4 digit pin code? Seriously.
2. Is it rooted? Any custom rom on it? Encryption?
Click to expand...
Click to collapse
It isn't mine, it was of a dead person and the family asks me to recover data but they don't know the pin.
It's fully original.
Then I'm not sure if it's possible.
If it didn't have encryption enabled (it's enabled by default by samsung) then You could flash TWRP and then flash a zip file which removes certain files in Data partition and well, unlocks the device (I've done it before when I broke my lock screen buttons). But with Encryption being enabled TWRP won't be able to read Data partition and yeah. I'm not sure if You can even access internal storage through TWRP.
Maybe try all possible combinations? Or the most popular ones.
Try this:
Flash TWRP(a detailed instruction is on XDA)
Tap on advanced and then file manager.
You should be able to see internal storage if it's not encrypted, and then just copy all files that You want to sd card or just mount usb storage.
But if the encryption covers Data and internal storage then I don't think You can do anything.
Like I said, in the worst case try using most popular code combinations and maybe one will work. But try that before flashing TWRP, cause TWRP might soft brick the device.
No. Who knows what you're really after? I'm totally against questions like these and would urge people not to answer. If it's really your own device, you have to deal with the consequences of forgetting a 4 digit number.
Not possible with encryption, only way is brute forcing it and it might auto wipe after 15 attempts
Really??? Xda is the first place someone with this situation would ask for help? First post? I'm calling BS.
If - hah - you are legit, the "dead" person's phone is still under warranty, therefore the "family" can take the phone to the dealer/network provider and get help there.
sounds very suspicious
Hi I would like to unlock the bootloader and root once the new update rolls out but have quite a few private apps with preferences set. If I had TWRP I would just backup the data partition but I cannot do that.
I wanted to ask what you feel the most effective way to backup my apps and app data on a non-rooted virgin Shield? Does Google allow app data syncing on Android TV platform?
Thanks.
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Bump
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Bump
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Anyone???
Please use the QUOTE feature when replying to me to get my attention. Thanks!
E--Man said:
Anyone???
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Click to expand...
Click to collapse
Is it a 16GB og Pro version?
If it's a 16GB, there isn't really anything that just works, unfortunately.
If it's a Pro version, then you can pull the HDD and alter a partition to make it unlocked, then flash TWRP, backup and update (in theory).
E--Man said:
Anyone???
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Click to expand...
Click to collapse
Umm you can't... That's kind of One, of the many other possible reasons why you root to begin with. e.g. being able to access restricted /data, and /system Partitions, for instance. As it is I would guess the only way you could possibly get at them would be though ADB. But, lol you have to also have root for that.*
NOTE: This is where those Rooted Recovery Images from nVIDIA come from. They are only rooted for ADB, and not for SuperSU. Or so I understand it.
So again I fairly sure your just going to have to bite it this time. Also (from someone with some experience in the matter), you may want to remove your SSHD, and make a few backups of it (See the SSHD to SSD Migration To), in case thing ever go ugh wrong. If your hell bent on rooting.
hallydamaster said:
Is it a 16GB og Pro version?
If it's a 16GB, there isn't really anything that just works, unfortunately.
If it's a Pro version, then you can pull the HDD and alter a partition to make it unlocked, then flash TWRP, backup and update (in theory).
Click to expand...
Click to collapse
Ichijoe said:
Umm you can't... That's kind of One, of the many other possible reasons why you root to begin with. e.g. being able to access restricted /data, and /system Partitions, for instance. As it is I would guess the only way you could possibly get at them would be though ADB. But, lol you have to also have root for that.*
NOTE: This is where those Rooted Recovery Images from nVIDIA come from. They are only rooted for ADB, and not for SuperSU. Or so I understand it.
So again I fairly sure your just going to have to bite it this time. Also (from someone with some experience in the matter), you may want to remove your SSHD, and make a few backups of it (See the SSHD to SSD Migration To), in case thing ever go ugh wrong. If your hell bent on rooting.
Click to expand...
Click to collapse
Taking the above into consideration, I am actually registered in the nVidia Developer Program and have access to the Developer images. Having said that, if I flash the Developer image, then I not just use the rooted ADB to make a backup of all the app data and then unlock boot loader and restore it?
Well irregardless of your having a Pro (Or, not)... You're still not going to get very far with what you are hoping to do. As you would have had, to have unlocked the Bootloader first. Before you could flash anything at all.
Unlocking the Bootloader will of course totally erase ALL OF YOUR PERSONAL DATA! And, that seems to be the catch-22 here, as you presumably do not want this. Of course OtOH if you ~are~ already unlocked then it shouldn't be a problem, then again booting TWRP from Fastboot, and eventually rooting shouldn't be a problem either.
But, since your Device has NOT yet been Bootloader unlocked, you CAN NOT actually do any of this yet.
I don't know what exactly it is you want to "backup", but you could use something like ES File Explorer to backup your Installed Apps, and your 'hidden' /system Apps (e.g. iPlayer), if thats your thing.
If you wanted to backup your Kodi stuff then ESFE could do that as well (But, you would have to enable Hidden Files to do this). Considering the recent loss of TVAddons. This in-and-of-itself, may well be good advice going forward for a while yet.
Ichijoe said:
Well irregardless of your having a Pro (Or, not)... You're still not going to get very far with what you are hoping to do. As you would have had, to have unlocked the Bootloader first. Before you could flash anything at all.
Unlocking the Bootloader will of course totally erase ALL OF YOUR PERSONAL DATA! And, that seems to be the catch-22 here, as you presumably do not want this. Of course OtOH if you ~are~ already unlocked then it shouldn't be a problem, then again booting TWRP from Fastboot, and eventually rooting shouldn't be a problem either.
But, since your Device has NOT yet been Bootloader unlocked, you CAN NOT actually do any of this yet.
I don't know what exactly it is you want to "backup", but you could use something like ES File Explorer to backup your Installed Apps, and your 'hidden' /system Apps (e.g. iPlayer), if thats your thing.
If you wanted to backup your Kodi stuff then ESFE could do that as well (But, you would have to enable Hidden Files to do this). Considering the recent loss of TVAddons. This in-and-of-itself, may well be good advice going forward for a while yet.
Click to expand...
Click to collapse
Thanks for the reply. There is only one discrepancy/question I have with your post - I was under the impression that I can flash the nVidia signed Developer ROM image *without* unlocking the bootloader, is that correct? If not, then I see your point and there is no way to access the app data files in the "data" partition. However, if I do not need to unlock the bootloader to flash the nVidia signed Developer image, and the nVidia signed Developer image is ADB rooted then I should be able to access the "data" partition.
Unless of course the flashing the nVidia signed Developer image will also wipe the "data" partition in the process
E--Man said:
Thanks for the reply. There is only one discrepancy/question I have with your post - I was under the impression that I can flash the nVidia signed Developer ROM image *without* unlocking the bootloader, is that correct? If not, then I see your point and there is no way to access the app data files in the "data" partition. However, if I do not need to unlock the bootloader to flash the nVidia signed Developer image, and the nVidia signed Developer image is ADB rooted then I should be able to access the "data" partition.
Unless of course the flashing the nVidia signed Developer image will also wipe the "data" partition in the process
Click to expand...
Click to collapse
This is taken from the Nvidia developer page:
NOTE: On the SHIELD Android TV Pro 500GB edition, some steps of the flash process may take a
Click to expand...
Click to collapse
hallydamaster said:
This is taken from the Nvidia developer page:
NOTE: On the SHIELD Android TV Pro 500GB edition, some steps of the flash process may take a
Click to expand...
Click to collapse
Darn, you are correct - it is required to unlock the bootloader to flash the nVidia Developer image. Too bad. Wish there was a way to extract app data! Some apps on mobile Devices use the Google Sync for app data, but I am not sure if this is employable on Android TV.
Click to expand...
Click to collapse
E--Man said:
Thanks for the reply. There is only one discrepancy/question I have with your post - I was under the impression that I can flash the nVidia signed Developer ROM image *without* unlocking the bootloader, is that correct? If not, then I see your point and there is no way to access the app data files in the "data" partition. However, if I do not need to unlock the bootloader to flash the nVidia signed Developer image, and the nVidia signed Developer image is ADB rooted then I should be able to access the "data" partition.
Unless of course the flashing the nVidia signed Developer image will also wipe the "data" partition in the process
Click to expand...
Click to collapse
To be fair, you would have to read the enclosed README File with the Dev ROM in question. I Have yet had no much reason to use it. So to be quite honest here I wouldn't know. OtOH though you do have to bootloader unlock the Device first of you wanted to flash a stock recovery Image. So everything that I think I know comes from that.
But, please extrapolate this idea of App Data further. I mean are we speaking about Apps, of pure Data (Al-la Kodi Data)?
'Cause these things can be backed up to degrees. If it's something well deeper than this. Well your just outta luck I'm afraid.
Ichijoe said:
To be fair, you would have to read the enclosed README File with the Dev ROM in question. I Have yet had no much reason to use it. So to be quite honest here I wouldn't know. OtOH though you do have to bootloader unlock the Device first of you wanted to flash a stock recovery Image. So everything that I think I know comes from that.
But, please extrapolate this idea of App Data further. I mean are we speaking about Apps, of pure Data (Al-la Kodi Data)?
'Cause these things can be backed up to degrees. If it's something well deeper than this. Well your just outta luck I'm afraid.
Click to expand...
Click to collapse
Hi lchijoe, I am just referring to the app preferences and their personal data that usually exists inside the "/data/data" folder. Some manufacturers allow exporting of this data even on non-rooted devices. For example, Huawei has a backup app which exports apps along with their personal data such that if you restore them it is as if you didn't even uninstall them to begin with. If I basically want to have everything restored as if I didn't do a factory reset.
.
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Just bumping this in case anyone has any other input
Got a question that I am not sure has a proper answer (and yes I know this is a sus question to begin with).
I have an old s7 and I forgot the pattern to unlock it. Developer mode is enabled but since I can't get through the lock screen I can't whitelist my PC on the phone when I connect it. I need to access my google authenticator app because I want to export it to my new phone (use to have it on my new phone but for other reasons it got wiped). I've tried using the samsung service mode code to put it into service mode from the emergency call dialer but that doesn't work. Is there anything else I might be able to try?
use droidkit or drfone screen unlock? I think dr.fone has a free trial, maybe you can screen unlock with it. Or just look for any other 3rd party free screen unlocker. They usually don't need root, nor adb.
Ive tried both but both don't support the s7. At this point I would pay for one of these apps to get into this damned thing.
Is it's bootloader unlocked?
Yes you may try with - UFED4PC_7.49.0.2.tar
This is supported to remove or read screenshot without lock data For Android & specially working on many SAMSUNG devices
AzimBahar said:
Yes you may try with - UFED4PC_7.49.0.2.tar
This is supported to remove or read screenshot without lock data For Android & specially working on many SAMSUNG devices
Click to expand...
Click to collapse
Is that something you can flash via odin or?
Did some research, looks like a full mobile forensic device suite. I don't have 2000 dollars to drop on trying to open a phone.
NO.
This is a tool which can read your phone lock
I wonder if there is a way to use Odin to flash TWRP for a single boot. It might be enough to push the ADB keyfile to the directory or to delete the sqlite keys for the pattern.
AzimBahar said:
NO.
This is a tool which can cellebrite your phone lock
Click to expand...
Click to collapse
That doesn't mean anything Cellebrite is the name of the company that produces UFED.
metalblaster said:
I wonder if there is a way to use Odin to flash TWRP for a single boot. It might be enough to push the ADB keyfile to the directory or to delete the sqlite keys for the pattern.
Click to expand...
Click to collapse
you use fastboot to boot a twrp image on a device, without actually flashing it, but im not entirely sure if you can do it with a locked bootloader. Google it i guess?
PhotonIce said:
you use fastboot to boot a twrp image on a device, without actually flashing it, but im not entirely sure if you can do it with a locked bootloader. Google it i guess?
Click to expand...
Click to collapse
I wonder if I could mount the system partition that way or not bootloader aside. Unlocking the bootloader would kill all the data too which is a no-no.
It does seem possible to flash TWRP on some devices without unlocking the bootloader. How would I go about booting from it with fastboot without flashing it if I tried it? edit: nevermind I know how to do it.
I assume I would have to use the herolte img to try to get it to work since there isn't one specifically for the sprint variant.
Well I tried but I can't seem to read the phone with fastboot. I tried Odin and it predictably threw out the flash because it wasn't properly authenticated either.
Did you install the correct drivers? You need the samsung usb drivers for odin, and some adb and fastboot drivers for adb.
PhotonIce said:
Did you install the correct drivers? You need the samsung usb drivers for odin, and some adb and fastboot drivers for adb.
Click to expand...
Click to collapse
Yeah, of course. I have the Samsung drivers and I tried working with linux and had the same issue. Feels like my only recourse at this point is to setup a kali nethunter.
You also need to manually install adb and fastboot drivers for your device, which for me is pain, but maybe it'll be easy for you.
PhotonIce said:
You also need to manually install adb and fastboot drivers for your device, which for me is pain, but maybe it'll be easy for you.
Click to expand...
Click to collapse
Yeah I have them both. For some reason though Fastboot just doesn't see the device. I tried pinging it with the linux version and its vendor id but it didn't do any good. Kind of a real pain this is becoming. I may just convert my old nexus 11 into a kali nethunter and try to brute force it.
Still haven't found a solution and now I am feeling the consequences. My Nintendo 2FA is on this damned phone. Going to try to call support and get it removed tomorrow but its a real big pain.
Metablaster,
Is there an update to this?
My wife's S8 is pattern locked, she didn't set up a Samsung account prior, and the Google Find my Phone web tool PIN option has been changed/ deleted. Maybe there's an older html version of this somewhere?
ADB keeps coming back that the device access is "unauthorized" even after reboot, so although I thought I enabled USB Debugging before giving her the phone (it used to be mine), she may have restored to factory without enabling it again.
Kali will delete all of the data like a factory reset so that defeats the purpose except to just get use of the phone at all again.
Is there anyone on here that knows of a professional grade service that can do this?
So frustrating...! Why , upon proof of ownership, can't something be done?
Please pm me, I'd want to try the MD-Next option first.
If I run the risk of losing her data than anything more intrusive probably isn't worth it.
mat68046 said:
Please pm me, I'd want to try the MD-Next option first.
If I run the risk of losing her data than anything more intrusive probably isn't worth it.
Click to expand...
Click to collapse
MetalBlaster,
I did manage to get the S8 to boot into Recovery Mode, please PM me about trying the MD-Next step via USB bridge.
mat68046 said:
MetalBlaster,
I did manage to get the S8 to boot into Recovery Mode, please PM me about trying the MD-Next step via USB bridge.
Click to expand...
Click to collapse
Have you already tried to unlock the device with a locked SIM?