Related
I lose phones... habitually. Sometimes they find their way back to me and sometimes they don't, It is unsettling to me that even if I have a security app installed, or a GPS tracker that anyone with the ability to perform a google search can simply factory wipe my phone and make it their own.
So the question: Is it possible to include a password requirement to access the bootloader or recovery? I realize that if you forget your password there would likely be no way to save your phone in the event you need to, but I don't forget my passwords so this does not affect me.
Just wondering if this is even possible or worthwhile. Any input will be appreciated.
I opened a similar thread. It is possible to do however it seems people just don't care about the security risk.
Xda app
Surely this must be a concern to people. It certainly is for me.
+1
Sent from my Nexus S using xda premium
+1
i also wondering about this.
+1
We need it!
-1 this is pointless. someone could just go into download mode or fastboot and reflash the recovery.
What we're looking for is a password protected bootloader which will require password for booting into recovery or using download mode or fastboot.
mightyiam said:
What we're looking for is a password protected bootloader which will require password for booting into recovery or using download mode or fastboot.
Click to expand...
Click to collapse
Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.
No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don't loose your phone.
zelendel said:
Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.
No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don't loose your phone.
Click to expand...
Click to collapse
Perhaps you think I'm talking about an app. No, I'm talking about a modified bootloader.
I read somewhere that samsung galaxy s have that option..
+1
a bootloader with password setting is one of the few things i'm missing.
+1
We either need a password protected bootloader + CWM.
Or fulldisk encryption a la Whispercore.
I absolutely HATE the insecure concept of Android. Android is for kids and nerds. But not for serious people.
+1
if it is not being made, I'll look into it myself
+1
Would be awesome!
/edit: There's also this old thread: http://forum.xda-developers.com/showthread.php?p=6182586
/edit2: And here: http://forum.xda-developers.com/showthread.php?p=19314088
Plus 1 I like 2 see this bootloader password
Sent from my SGH-T839 using XDA App
Yes please
+ 1
I'm glad I'm not the only one wondering about this. I'm sure it would have been done if it was possible by now. Nqmobile + gotta! App is almost good enough for me, but a password protected bootloader would be a sick addition
+I
It is one of the questions bothering me for last few months.
I like all those sec. apps - but Android Lost, Call Back, TouchMyLife nor Avast! Lost will not be able to save me if someone will boot straight into CWM and flash it with whatever just to get rid of the "FindIt" stuff.
cool
i too would like to see a passworded bootloader, or even a passworded version of CWM.
Think about it: how many regular joes on the street know how to flash a phone, or put it into download mode. Im a samsung guy, i know how to put it into download mode. My buddy is an iPhone guy, he wouldnt know the first place to start. An HTC guy might know how to deal with a few HTC devices, but in reality a handfull of people who MIGHT find your phone MIGHT know how to thwart that sort of 'security'.
From a lost phone aspect: Samsung dive is impressive. Found my phone location to within a few houses. with GPS and Wifi off. as long as the phone has battery life and is turned on, i can find it. Unless someone wipes it. which takes my password. Or boots into CWM and wipes it that way.... which currently does not need a password. or uts it into download mode and flashes a new firmware, which knowing my phone is just asking for issues. In reality, i want someone to boot my phone and have to have it on in the state that i lose it and NOT reset it. That yeilds the highest possibility of me finding it again.
So yes, i realize that any security we put on here could be thwarted somehow, but by who? how much time and effort are they going to put into it aside from trying a reset and it fails, trying to reboot into recovery, passworded protected, turn it off and sell it on the street, when the next guy turns it on with their sim card (texts my google account the new number) and now i can get his name and address
what are the chances the guy who finds my phone is going to have a computer handy and know exactly how to flash the phone? Not high.
Definately +1 for passworded protected CWM.
Huge chances. Anytime, everywhere.
You don't need to know anything, apart from taking battery off.
And placing back when you got tools ready. This simply means, lost phone will never again boot into normal android os. Never.
Sent from my HTC Desire using XDA
Ok, before everyone jumps to conclusions on multiple accounts let me get this out there.
1. I am not a noob when it comes to forums and no how to search ie my search results:
http://forum.xda-developers.com/showthread.php?t=989241
http://forum.xda-developers.com/showthread.php?t=1067003
http://forum.xda-developers.com/showthread.php?t=913958
2. I am not a noob when it comes to android devices and would call myself moderately knowledgable in the subject and really cant think of any other ideas also google nor sprint is not helping in the slightest ( and honestly I dont expect them too).
3. The story below is true and i DID NOT STEAL or receive a STOLEN phone, nor am i some jealous boyfirend. I am doing this for a friend, so here it goes.
My coworkers son commited suicide and has asked me to look at his phone to see if i can find away to unlock it so he can either know if anybody knew this was happening or most likely i think for closure of this whole ordeal. When given to me he had already given the phone to many gestures and gives me the google account lockout screen. the father just wants to see the latest messages on the phone as well as anything that might have come up. now this is what i have done so far:
PHONE: EVO 4G
Status: Stock AKA NOT ROOTED
1. I have taken out the SD card to see if i can grab anything off of there but the last time the text messages were backed up were on 7-31-2011, so that really doesn t help me there. I cant think of any other folders to look in in order to find anything else.
2. The phone was never set to USB debugging so there is no chance of rooting the phone (although i am not sure this would even unlock the phone at this point)
3. His father does not know the gmail account and I have only found a few other accounts through facebook and odd random searches that you can scarely do on the internet. After reading some other posts though I am not sure i could do what i was thinking with this because it only updates the computer and not the password on the phone.
4. Tried calling the phone. The phone doesnt even register as if someone is calling. The father said he didnt turn off the phone yet, and it makes since as i am creepily getting text messages as we speak.
So this is where i am at. I cannot think of too much more. Like i said i dont want the phone, it isnt stolen, and i am really just trying to help the guy out. Google told him becaus ethe kid is older then 18 ther eis nothing they can do and if that is there policy then that is BS especially in this situation. and sprint told him they can do a factory reset on the phone. so those are out of the question.
If you're positive that usb debugging is off, then there's not much you can do.
If you can reset the password to his Google account, and the phone has an internet connection, then inputting the new Google information should unlock the phone. I'm not sure if a connection is automatically created during this process. If you'd like, I can test the theory on my own Evo if you can't get any further.
Most people use the same password for everything. If you can find a password for anything, it's likely that's the password for his Google account. Check his computer as well. If he has saved his login information in his web browser, you should be able to pull that information.
Unfortunately you would have many more options if the phone was rooted. You could do a nandroid backup then sift through the data.img. I'm not sure if the stock recovery allows for anything that will help you. When you get into the stock recovery, it looks like you don't have any options. I believe holding both volume buttons simultaneously on the screen with the red triangle/exclamation point will give you a list of options.
If you cannot get into the phone, the SD card is probably going to be your best source of information - though it's unlikely that you'll get much. Browse through all of the directories. He could've switched SMS Backup apps and the information could be stored in a less obvious location. Try /sdcard/data and /sdcard/android/data.
If I can think of anything else I will post it. Both ADB and MyPhoneExplorer (I'm not positive that's the name) would be helpful in this situation, but without usb debugging on I don't think you'll be able to use them. Research further into enabling usb debugging without access to the OS.
I'm sorry for your friend's (and your) loss. I hope that in some way, even if not through the phone, he can find closure.
Sent from my Evo + MIUI using Tapatalk!
Thanks for the response good ideas, and I will try them. Turns out this kid never had a computer and in talking with the friends they only had his other email accounts so I will think of someway to get around that, but anyways thanks again.
Your best bet would be something like the Cellebrite UFED that was getting some attention a few months ago. There are other mobile forensics utilities - I'm not sure if they can be purchased by a single person or if there are guidelines these companies must follow before selling the devices. I'm also sure that they're not cheap, so unless you or your friend are very well off, you probably couldn't buy one yourself anyway.
I took a Computer Forensics course and we spent a week on mobile forensics. This was before Android was popular, and I believe that we used the device on a BlackBerry. The device (I don't remember the name) made an image of the contents which we then looked through using Forensic Toolkit or something similar.
If you know anyone in a computer program, ask if they have access to a similar device. We were allowed to use whatever tools were available during specified times (mainly for lab work, but we could use them for other reasons), so this would be your best bet for getting information off of the phone. Other places, like repair shops (and police departments) may have access to similar technology. If you can find someone empathetic to your situation with access to mobile forensics tools then you may be able to get somewhere.
It's a long shot, but I had the thought & wanted to bump your thread for you in hopes that someone with more knowledge could help you out.
If the device happens to have wifi on & is connected, you can also hack into it over the network. If this is the case and you need more information, shoot me a pm and I'll give you what information I know on ways to do so.
Sent from my Evo + MIUI using Tapatalk!
thanks for sharing.................
Okay, so it's a bit of a long story but there's a woman I work with who had her virtually-new Samsung Galaxy S3 stolen by her recently-split husband last year. We all knew it was him, but we had virtually no evidence, other than it's disappearance. Anyway, so this woman recently was in his now-separated husband's flat & was rooting around. She found a Samsung Galaxy S3, smartly took a picture of the IMEI & left it. She knew it was hers, but wanted to be 100% sure. She went home, checked the box, & of course they did match. The next day, she went back to his house & manipulated the situation so that she could find enough time on her own to go take the phone back without him knowing. So she brings it into work with her the next day. The problem is, the phone now has a password lock on it. She then spent the night trying to guess the password, but to no success.
So, me being the tech guy that I am, she asked me to try to get into it. I said, the easiest way would be for me to wipe it & factory reset it, but that she would lose all of her information. She doesn't want me to do that. She wants to get pictures & stuff of her / their kids off the phone, as well as look into who her ex-husband had been talking to / see who knew about him stealing the phone. So, I said it should be possible. However, I'm not a hugely great phone guy. I'm good with computers, but not so much phones.
So, we spent the day trying various exploits found on Google or YouTube but to no success. There was one method where we had a little success where we turned the phone on > Emergency Call > Emergency Contact > Press Home > Press Power > Unlocked home screen in then meant to appear. It never did. Although we could get it to quickly flash whatever was on the home screen (which was a picture of her / their kids, which she'd set to the phone before it was taken).
So without any of those methods working, I'm tasked with now getting into the phone at home. I have no idea whether USB debugging is enabled, I would assume not. We are unable to reset the password via Google Recovery or anything because we're never offered the option. As I say, she doesn't want me to wipe the phone. But there has to be a way to get into it otherwise, either through brute force, or one of those other password cracking methods possibly?
There was a technique I found on Google at work, something about connecting the phone to your computer via USB then trying to do some stuff from command line or through a Linux distro, which I need to re-find & try.
But alas, does anyone here have any methods or know any ways that I could get around this password lock?
I have to say though, I'm glad it's not that simple (atleast it appears so, anyway) to get around one of these passwords. Makes me feel a little safer for my own Galaxy S3! haha
Hey
You said u tried the Google account method right?
If that's not working try to flash philz recovery and from that you can access the contents of the internal SD card..
U can also TRY to use the custom back up option offered by his recovery and then custom restore the data..
I can't assure you that it will work but you can try it..
Best of Luck
-tchindalia
Sent from my GT-I9300 using xda app-developers app
We did not try a Google account method, I don't think? Think we tried to log in to the ex-husband's Google account on my iPad for some reason (can't remember why now tbh) but we could not guess his password. He's apparently changed it since they split.
Won't flashing the phone wipe everything that's on it?
Hey
Not if your just flashing a recovery..
Just youtube for some videos on this...
I had see one some time back..
Sent from my GT-I9300 using xda app-developers app
Benaholic said:
Okay, so it's a bit of a long story but there's a woman I work with who had her virtually-new Samsung Galaxy S3 stolen by her recently-split husband last year. We all knew it was him, but we had virtually no evidence, other than it's disappearance. Anyway, so this woman recently was in his now-separated husband's flat & was rooting around. She found a Samsung Galaxy S3, smartly took a picture of the IMEI & left it. She knew it was hers, but wanted to be 100% sure. She went home, checked the box, & of course they did match. The next day, she went back to his house & manipulated the situation so that she could find enough time on her own to go take the phone back without him knowing. So she brings it into work with her the next day. The problem is, the phone now has a password lock on it. She then spent the night trying to guess the password, but to no success.
So, me being the tech guy that I am, she asked me to try to get into it. I said, the easiest way would be for me to wipe it & factory reset it, but that she would lose all of her information. She doesn't want me to do that. She wants to get pictures & stuff of her / their kids off the phone, as well as look into who her ex-husband had been talking to / see who knew about him stealing the phone. So, I said it should be possible. However, I'm not a hugely great phone guy. I'm good with computers, but not so much phones.
So, we spent the day trying various exploits found on Google or YouTube but to no success. There was one method where we had a little success where we turned the phone on > Emergency Call > Emergency Contact > Press Home > Press Power > Unlocked home screen in then meant to appear. It never did. Although we could get it to quickly flash whatever was on the home screen (which was a picture of her / their kids, which she'd set to the phone before it was taken).
So without any of those methods working, I'm tasked with now getting into the phone at home. I have no idea whether USB debugging is enabled, I would assume not. We are unable to reset the password via Google Recovery or anything because we're never offered the option. As I say, she doesn't want me to wipe the phone. But there has to be a way to get into it otherwise, either through brute force, or one of those other password cracking methods possibly?
There was a technique I found on Google at work, something about connecting the phone to your computer via USB then trying to do some stuff from command line or through a Linux distro, which I need to re-find & try.
But alas, does anyone here have any methods or know any ways that I could get around this password lock?
I have to say though, I'm glad it's not that simple (atleast it appears so, anyway) to get around one of these passwords. Makes me feel a little safer for my own Galaxy S3! haha
Click to expand...
Click to collapse
If he lets her into the house so easily then:
1- HE didn't steal the phone because he felt no need to hide it
2- The "woman" is invading the guy's privacy and checking personal info without consent
3- Seeing who he talked to is a typical behaviour pattern of someone who is invading someone's privacy for ill intentions
4- the "woman" can always request for the guy to share the kid's photos and other stuff. No need to snoop around
To the OP:
If you do help this person break into the phone and turns out it wasn't hers, then you are aiding in a possibly criminal activity.
If he did steal, then all the best to you. Otherwise; Beware of the LAW.
~ RazorMC
RazorMC said:
If he lets her into the house so easily then:
1- HE didn't steal the phone because he felt no need to hide it
2- The "woman" is invading the guy's privacy and checking personal info without consent
3- Seeing who he talked to is a typical behaviour pattern of someone who is invading someone's privacy for ill intentions
4- the "woman" can always request for the guy to share the kid's photos and other stuff. No need to snoop around
To the OP:
If you do help this person break into the phone and turns out it wasn't hers, then you are aiding in a possibly criminal activity.
If he did steal, then all the best to you. Otherwise; Beware of the LAW.
~ RazorMC
Click to expand...
Click to collapse
OP alr said the imei matched so the phone is the woman's. Unless tat was a lie.
To the OP, have u tried samsung's "find my mobile"?
Sent from my GT-I9300 using xda app-developers app
JellyYogurt said:
OP alr said the imei matched so the phone is the woman's. Unless tat was a lie.
To the OP, have u tried samsung's "find my mobile"?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
Like I said, if it was indeed stolen, then I wish the OP luck.
I'm just curious why the person never approached the police with proof of ownership instead of trying to bypass the security.
Cheers :good:
~ RazorMC
RazorMC said:
Like I said, if it was indeed stolen, then I wish the OP luck.
I'm just curious why the person never approached the police with proof of ownership instead of trying to bypass the security.
Cheers :good:
~ RazorMC
Click to expand...
Click to collapse
I can't remember the reason she believed the phone was stolen, to be honest. The reason she had access to his house, was because they have kids together. She had gone to go drop the kids off, or pick them up. For some bizarre reason, I don't know why, he left her in the house alone after he went to take them to school (telling her to lock the door when she leaves). She took that opportunity to look around the house for the phone, as he'd never previously admitted to taking it but she was sure he did.
She found the phone, took a picture of the IMEI, went home to match to the IMEI on her box & it saw that they were the same. She's shown me the picture as well. confirming that it was indeed her phone, she then went back to her ex's flat the next day (because he was going to come along to their daughter's birthday). Just as they were about to leave, she says she needs the toilet. So, she runs back upstairs & grabs the phone without him knowing.
I think the reason why she never went to the police about it is because he was trying to get citizenship to remain here in the country, & she didn't want something like this to jeopardize whether she's in a relationship with him or not; they do still have kids together. Sending him back to Kenya over a phone wouldn't do anyone any good.
JellyYogurt said:
OP alr said the imei matched so the phone is the woman's. Unless tat was a lie.
To the OP, have u tried samsung's "find my mobile"?
Sent from my GT-I9300 using xda app-developers app
Click to expand...
Click to collapse
Which "Find my mobile" thing are you on about?
---------------------------------------
I appear to have found a way to bypass the lock screen via the ADB, but I think it only works for a lock pattern. Anyone know or have any ideas what to do for a password?
http://forum.xda-developers.com/showthread.php?t=2237382
For hours now I've been trying alsorts of stuff, from doing things via terminal, trying to do things through recovery, & alsorts to no success. However, I did find one solution that worked:
http://forum.gsmhosting.com/vbb/f77...-pin-reset-no-root-no-usb-debug-free-1722271/
Was posted here on XDA Developers as well, but the thread was closed. Many virus programs do immediately notify that the program contains viruses / trojans, but not sure if they're false positives? Anyway, disabled AVG & it worked like a charm! So, if anyone else needs similar help, maybe try this?
Alas, suppose this thread can be closed now.
^^ That malware had stopped working and that is why it was closed on other site as well.
~ RazorMC
Someone I work with his come to me for help because he knows I'm all into android gadgets. I have rooted my last two phones within hours of getting them and have become a flashaholic. Always messing with my devices.
He has a Samsung Captivate that he has "retired" and I'm interested in buying it for a few purposes. Unfortunately, he let his (adult) son play with it and the lock screen pattern is set. He doesn't know the pattern or the google account password associated with the account on the device. (When he upgraded and moved out of the device he had to create a new google account.)
He wants to look into the device one more before he turns it over to me. (I will wipe it and root it for my purposes.) Is there a way to get past the lock screen without the complete reset in recovery?
Sent from my GS4 running GoldenEye 26 while holding a homebrew.
https://www.youtube.com/watch?v=Zs642eujuLA
This might depend on what update it is on, but you can try that.
More generic ideas:
http://forum.xda-developers.com/showthread.php?t=1800799
There are also tools that have the capability to bypass it that some professional shops would have, but probably would be hard pressed to find one of them and between the time and $, probably not worth it.
I have an old AT&T Asus 9020A tablet. I got them new years ago thru my phone plan with AT&T. It wasn’t used much and is like new still.
Anyway, I take care of my mother and she likes games and painting by numbers on her iPad but she broke it and screwed up her charging port. I want to fix this tablet up for her.
I bet it wasn’t used 2 months and was just forgotten….I looked it up and completed a factory reset on it and wiped it clean. So I was trying to set it up and get her to painting again! It’s bout to kill her not having it..lol
I was setting it up and it wants the old email associated that was used to set it up. There is no way to remember that or even get it. I asked my daughter, she don’t remember. Anyway, are there any way I can use (reset) this tablet not knowing the old email that was associated with it? Where I can fix her up for her or am I just wasting my time? Any help would be greatly appreciated. Thanks in advance!
So it is FRP locked?
Arealhooman said:
So it is FRP locked?
Click to expand...
Click to collapse
It’s not locked. It reset ever And started the initial setup as if it was new. It just wants the old gmail for some reason before it will accept the new one. It lets me start in the setting up her account on it but is asking for the old email for verification….. I don’t have it and there is no way to remember it unfortunately. I know they are there to keep folks from stealing them and that’s great. But 10 years later…LOL Is this possible?
what you describe (verify device with google account) is called FRP lock (factory reset protection). this is same on most/all official android devices to render device useless on theft.
however, the unofficial by-pass methods vary for each device model/android version. search on YouTube.