Hi Guys,
my MOthers new Xiaomi MI A1 was stolen this week.
1. Now my Question, is it possible for the Thief to get on her Data?
Theroretically not, because the phone was on last official android update 7.1.1 (nov sec patch)
Phone was saved with a Fingerprint and PIN and ohone was encrypted.
2. Is it possible for the Thief to hard reset the phone via adb or fastboot to got a use for the phone (resell etc)
Thanks
Even if he would format it, the phone will ask to log into Google account of the user that was logged in before formatting. I doubt the thief is smart enough to bypass it.
1. did you enable "require pin/password for phone startup"? If yes, there is probably no way to decrypt the data without the PIN. If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP.
2. factory reset will trigger FRP, but it's probably quite easy to bypass it with a bit of patience.
_mysiak_ said:
1. did you enable "require pin/password for phone startup"? If yes, there is probably no way to decrypt the data without the PIN. If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP.
2. factory reset will trigger FRP, but it's probably quite easy to bypass it with a bit of patience.
Click to expand...
Click to collapse
Yes PIN was set on startup.
" If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP. "
How can he unlock the bootloader? I think he need DEV options and OEM unlock enabled, right?
Consider: There is no MIUI on the phone, its a Android One Phone.
ГАСООП said:
Even if he would format it, the phone will ask to log into Google account of the user that was logged in before formatting. I doubt the thief is smart enough to bypass it.
Click to expand...
Click to collapse
Is it possible to bypass this google account verification?
Flash-User said:
Yes PIN was set on startup.
" If no, thief could unlock the bootloader (Xiaomi is the only phone I know which doesn't perform factory reset for this action) and use the default encryption password to mount the data partition in TWRP. "
How can he unlock the bootloader? I think he need DEV options and OEM unlock enabled, right?
Consider: There is no MIUI on the phone, its a Android One Phone.
Click to expand...
Click to collapse
You are right, I forgot about OEM unlock option (I enable it by default for all my devices). In this case, data should be safe.
My phone is unlocked but OEM Unlock was disabled in Developer Options... So I think is not a problem having that option disabled.
Flash-User said:
Hi Guys,
my MOthers new Xiaomi MI A1 was stolen this week.
1. Now my Question, is it possible for the Thief to get on her Data?
Theroretically not, because the phone was on last official android update 7.1.1 (nov sec patch)
Phone was saved with a Fingerprint and PIN and ohone was encrypted.
2. Is it possible for the Thief to hard reset the phone via adb or fastboot to got a use for the phone (resell etc)
Thanks
Click to expand...
Click to collapse
Try to erase using 'Google Find My Device' i think you can erase the phone using that, also you can know locations where the Device right now.
Just try, Good Luck :good:
Hit 'Thanks' if helped. ASAP
I am fairly certain there would be ways to circumvent the google account verification using fastboot commands and MiFlash. It takes some work and patience, but it should work.
However, as far as I know there are ways to get the IMEIs of the device blocked by carriers when reporting the device stolen. Not entirley sure what needs to be done to do this, but this would render the device useless for the thief.
Localhorst86 said:
I am fairly certain there would be ways to circumvent the google account verification using fastboot commands and MiFlash. It takes some work and patience, but it should work.
However, as far as I know there are ways to get the IMEIs of the device blocked by carriers when reporting the device stolen. Not entirley sure what needs to be done to do this, but this would render the device useless for the thief.
Click to expand...
Click to collapse
Imei blocking is not really gonna help. It's too easy to change.
Yes there are ways around everything in this thread and tuts to do it are only a search away. Heck we host most of the tutorials right here.
Related
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
saudiqbal said:
Is there any way to secure android like ios7. In case if i loose my phone then no one can use it. Is it true a hard reset will remove my pattern or password? My phone is non rooted. Can someone install custom recovery too?
Click to expand...
Click to collapse
There is not fool poof way to prevent this. Even on IOS7 the security can be gotten around. Best advice is to make sure you are backing up your files.
Google does have a remote wipe option built into the Android OS. That is your best bet.
There is no full proof way to make render unusable, but you can call up your carrier and ask them to blacklist the IMEI so they can't use sim cards with it anymore.
You could however, protect your data. Do this by: encrypt your device, stock recovery, disable USB debugging, lock the bootloader. At least with this, if the device is stolen, if they don't know how to flash factory image, they'll need to enter the encrypted password to boot into the phone and can't copy over your datas.
You should also look up the app Cerberus, which with root can survive through factory reset (as long as they don't overwrite or format the "system" partition).
Hi,
I was changing pattern. Somehow I applied wrong pattern and then locked phone.
Now I can't unlock with fingerprint. There aren't any connect Google Account button even I am connected to internet mobile + wifi.
I didn't install TWRP and my phone is not rooted. Are there any way to unlock without losing any data? I can do anything possible (like root or install twrp) if I wont lose data.
wont a hard reset work
Without TWRP you can't do much...
chester2011 said:
wont a hard reset work
Click to expand...
Click to collapse
That will delete data.
Unfortunately, hard reset is the only way out of this. Since the data on the phone is encrypted, you require the pattern to decrypt the data in order to access it. This also includes access to the hash that is generated by your fingerprints which is why you need to enter your PIN or pattern on startup before you can unlock with your fingerprint.
Bottom line, never ever forget your backup authentication method!
Edit: I can't guarantee this will work, but it's worth a try:
Visit https://www.google.com/android/find (Find My Device)
Log in with your Google account
Click "Lock" and enter a new password.
Try that new password on your phone.
Sent from my ONEPLUS A5000 using Tapatalk
I want to know that if my Mi A1 is unrooted with no recovery installed, bootloader unlocked and start up pin applied What are the chances that someone(thief) can reinstall rom on it and use it again. I am curious as to whether Android can be as theft proof as apple.?
Extract user data - no, reflash rom and start using the phone - yes (FRP bypass or EDL flash).
_mysiak_ said:
Extract user data - no, reflash rom and start using the phone - yes (FRP bypass or EDL flash).
Click to expand...
Click to collapse
Regarding EDL Flash I read this recent article (https://www.xda-developers.com/xiaomi-anti-rollback-protection-brick-phone/) and it mentions that only authorized service centres has EDL access. Read and share your opinion.
I think FRP bypass may be difficult if the security patch level is latest .
A query although I had reset my A1 several times by going in settings but didn't received the FRP message on Restart. Is it normal
pkrajpur said:
Regarding EDL Flash I read this recent article (https://www.xda-developers.com/xiaomi-anti-rollback-protection-brick-phone/) and it mentions that only authorized service centres has EDL access. Read and share your opinion.
I think FRP bypass may be difficult if the security patch level is latest .
A query although I had reset my A1 several times by going in settings but didn't received the FRP message on Restart. Is it normal
Click to expand...
Click to collapse
EDL mode has been locked for MIUI devices, but Android One can be flashed at home without major issues.
FRP protection is triggered when you perform factory reset from recovery. If you do it from settings, it is assumed that you are the owner of the device. With the existing implementation of FRP, I would not rely on its safety.
It seems that you are not worried about your data safety, so wondering why does it bother you if a thief can use the phone or not..? You have to buy a new one anyway..
_mysiak_ said:
EDL mode has been locked for MIUI devices, but Android One can be flashed at home without major issues.
FRP protection is triggered when you perform factory reset from recovery. If you do it from settings, it is assumed that you are the owner of the device. With the existing implementation of FRP, I would not rely on its safety.
It seems that you are not worried about your data safety, so wondering why does it bother you if a thief can use the phone or not..? You have to buy a new one anyway..
Click to expand...
Click to collapse
Just Curious. Thanks BTW :good:
My grandma gave me her old tablet to fix that had a bad charging port. A year later turns out it was a bad cable, tablets fine. She doesn't remember the password to her tablet, I literally have the owner my gmas permission to do anything necessary to get into the files for her ebooks pics etc.
The problem is, I can't connect to WiFi and guess the password wrong, to ask Google account to reset password, and I really don't wanna get aircrack-ng and start sniffing and make a fake AP just to legally and regularly query Google for a Google account tablet password reset. I've reset passwords on my devices on MY account before, but I've had access to SIM or WiFi, now I don't. I also had access to the account, not having to walk someone else though it for their security. I'm sure it's still on her account, not sure how it's gonna help if I can't get it online.
Can I unlock bootloader without ADB debugging enabled? Will unlocking bootloader wipe her pics and ebooks? Can I bypass the pattern lock somehow even temporarily for file manager access?
Please help, thanks.
Can I unlock bootloader without ADB debugging enabled? Will unlocking bootloader wipe her pics and ebooks? Can I bypass the pattern lock somehow even temporarily for file manager access?
Click to expand...
Click to collapse
Did you activate developer option?
If not! > about phone > tap "build number" 7 times
Can I unlock bootloader without ADB debugging enabled?
Click to expand...
Click to collapse
Not sure on that, but it would solve my problem too?
Will unlocking bootloader wipe her pics and ebooks?
Click to expand...
Click to collapse
Yes it would!
Can I bypass the pattern lock somehow even temporarily for file manager access?
Click to expand...
Click to collapse
I think you could backup data to PC with ADB!
Hello there, I'm using OnePlus 6t on OOS 10, somehow my kid changed the lockscreen pin and now forgot.
I've read multiple threads and asked a lot of people, but there seems no method to bypass the lockscreen pin.
I'd some important files which I couldn't backup/ not until my last backup.
Is there any way possible to recover my files after a hard reset as that's the only alternate i can think of without bypassing lockscreen without root.
FYI: Bootloader locked, currently locked, haven't hard reset yet, usb debugging off.
Nope, if you hard reset you lose everything. User storage is encrypted with a per-session key that is wiped when a reset occurs meaning everything on the phone becomes useless garbage the moment that key is lost. If you have adb enabled and have authorized your computer once before you might be able to pull files off using that but otherwise you might be screwed
The lock screen is designed to keep people out, wouldn't be much use if it let people exfiltrate data whenever they wanted
Don't even think you'll be able to get the pin off the phone. When you reset Google asks for the old pin used in the device.
If USB debugging is off, I don't even think you can flash stock firmware onto the device either.
You're pretty much screwed.
The best way to do is MSM tool. If you don't know the password your can't even get in to recovery mode( required password). By doing that all data will be gone.