Unlock Pattern – Beware - Nexus One General

I don’t actually need help with this. Its just a cautionary tale about a bug in the unlock program.
So after reading threads over the years of people who managed to forget their device’s username or password and thinking to myself – how on earth can you be so stupid? Guess what I managed to do. Somehow I managed to set an unlock pattern that I had no idea what it was.
In theory this is fine, as if you enter the wrong pattern 5 times a button appears that allows you to unlock with your Google account. However please note that this DOES NOT WORK at all. I tried every conceivable way of entering my username and password (@googlemail.com @gmail.com username on its own) and nothing worked.
After searching I note that this is a problem with Andorid (it seems to have been noted on a lot of droid forums). I understand that Google are aware of the bug but haven’t yet fixed it.
In the end I managed to hit upon the code (pretty much by random).
Be careful!!
EDIT - Google bug report here http://code.google.com/p/android/issues/detail?id=4784
More info here http://androidforums.com/support-troubleshooting/17319-forgot-unlock-pattern.html

Maybe YOU had this problem, but I forgot the lock pattern I had set and it let me login just fine...took a couple of seconds.

Not sure what the use of capitals was for then…
Ok for clarification – yes *I* along with some others definately have this problem. Clearly it is a problem but I don’t know the pattern of people it affects and doesn’t (UK vs Non-UK? Googlemail.com vs Gmail.com?)
I raise it because it’d be prudent for people to check before they actually need to use it.

Related

How can I lock TASKS and NOTES for safety reasons?

How can I lock TASKS and NOTES for safety reasons? Is there any software ?
nobody can help ?
probably nobody knows what you are actually asking about.
(I dont either)
its not really that hard to figure out what dude is talking about, he just wants a program than can lock his notes and task so nobody else can view them without a password
Lock implies being uneditable.
Encrypt would be what you are talking about.
Wonder which it is, which was my point.
more than likely he probably meant to say encrypt, everyone knows you probably might want to change the info in your notes and task lol
Just put a password on your device that locks it after every, let's say, 10 minutes.
You should do this anyway if there is any sensitive data on the device, even if it's a bit of a hassle to unlock it every time. (I guess that's why you're asking to only lock the notes anyway).
Take it from me: it might be a bit annoying the first 2 days, but you're used to it after that and your data is safe, even if someone hooks up your device with an USB connection.
This is why most corporate exchange servers (like mine) enforce a password policy to mobile devices; The confidential data on the devices is a lot safer, including your precious notes.
Lock it & be safe. Period.
eventually lockdown should be able to do that
(link in my signature)
thank you guys!

ThrottleLock 0.3c security flaw

I loaded ThrottleLock 0.3c onto my Mogul today (since s2U2 is way to buggy right now on it) and I really like the concept and idea.
But I found a flaw in the application, the application name and the developer's name is in the lower left corner of the application when the lock is engaged.
I'm not against giving the developer credit, it is a VERY good app, but this flaw seems to defeat the point of having a challenge lock on your phone.
Since anybody can find/steal my phone, know what application is locking it (since its on the lock app) & who made it, run a Google search, easily end up on this forum or emailing the developer, and pretend to be the legit owner of a phone who simply forgot how his/her lock pattern.
Then all the nice, helpful, and trusting people here would tell them how to reset the pattern using a usb connector and a computer.
Tenchi4U said:
I loaded ThrottleLock 0.3c onto my Mogul today (since s2U2 is way to buggy right now on it) and I really like the concept and idea.
But I found a flaw in the application, the application name and the developer's name is in the lower left corner of the application when the lock is engaged.
I'm not against giving the developer credit, it is a VERY good app, but this flaw seems to defeat the point of having a challenge lock on your phone.
Since anybody can find/steal my phone, know what application is locking it (since its on the lock app) & who made it, run a Google search, easily end up on this forum or emailing the developer, and pretend to be the legit owner of a phone who simply forgot how his/her lock pattern.
Then all the nice, helpful, and trusting people here would tell them how to reset the pattern using a usb connector and a computer.
Click to expand...
Click to collapse
I don't really think the concept is to keep people out of the phone. I think it is to keep the buttons from not getting pressed. I don't think its a smart idea to bank your protection on a series of dots, or "slide to unlock" where there might be a few people in my office baffled, by "slide to unlock" it just does not seem like it will keep people out.
I think the reasoning for branding the software is because there are a lot of bad people out there that are trying to sell our awesome devs software. They need to mark it, we have almost lost many programs because of this data theft.
"security trough obscurity" is a very bad method. Throttle lock should be safe even if you know the program and if not, hiding the program name isn't the right method to get it safer
I'd suggest using some other locking program if your worried about security. Like the default windows pin one. Correct me if i'm wrong but i don't think throttle lock was made to secure the device but more for a new, more interactive/user friendly way to have a keyguard.
dwizzy130
This wasn't worth making a new thread for.
Don't post any further comments in this thread.
Continue here.
double post

[Q] Unknown PIN - recovery of device

Hi all
I'm attempting to fix a Nexus 7 2012 for a family member. I know that they never used a PIN previously and have been told that the PIN lock was activated when browsing the web and pressing the volume up button. Naturally I'm absolutely baffled as to how that set a PIN code but that's apparently what happened. Is there any Android malware that could have been downloaded which could cause this?
Either way, I've used a variety of resources to attempt to recover the device WITHOUT resorting to a factory reset (which I would like to avoid if possible), however I've reached an impasse so decided to ask about my specific case directly. At this stage I'd be happy to just find a way to somehow remotely backup the device so that the appdata etc. could be restored following a factory reset.
Here are the routes I've eliminated so far:
As this is a PIN code the option to login after 5 incorrect attempts is not available (that's for pattern locks only, unfortunately).
The Android Device Manager has not been set up with this device for Remote Wipe & Lock so I cannot change the PIN code remotely in this manner. Nor are there any other installed apps which would be of any similar use according to the list of installed apps on the corresponding Google Account.
Screen Lock Bypass Pro is incompatible with the device according to Google so I can't install that remotely from the Google Play store. Plus I don't know of any way to sideload it given the below two points (even if that were safe to do given that it's "incompatible"). This would have been sufficient to disable the lock screen long enough to back up the device using say Titanium Backup before wiping & restoring.
USB Debugging is not enabled which means I cannot do anything via ADB. Nor am I therefore able to backup by any means I've looked at thus far.
The bootloader is locked. To unlock you need to wipe the device, which as I mentioned above I want to avoid. This means I can't use a custom recovery to turn on USB Debugging and use ADB to load Aroma File Manager in order to delete the password database files.
So, I would like to know a way to do any of the following without a factory reset:
Remotely enable USB Debugging.
Remotely install Screen Lock Bypass Pro.
Backup the device.
Any other method to achieve the backup of the device or a PIN code reset that I'm currently ignorant about.
Please let me know if this is just impossible. I realise that the PIN code is there for a reason however I'm being persistent in case I'm overlooking something simple. Thanks in advance!
NB: Apologies but I can't yet include any URLs. Please let me know if you need any of my sources for the above information and I'll see what I can do.
Apart from sending a password request to your Gmail or linked email, unfortunately I don't think you can do anything without wiping. If it's a 4 digit pin code try guessing the basics. 1234, 0000, 4321,etc.
The Nexus 5 advocate (Team Inferno)
TheLastSidekick said:
Apart from sending a password request to your Gmail or linked email, unfortunately I don't think you can do anything without wiping. If it's a 4 digit pin code try guessing the basics. 1234, 0000, 4321,etc.
The Nexus 5 advocate (Team Inferno)
Click to expand...
Click to collapse
I have the Google Account e-mail and password so that isn't an issue. How would the above help to obtain the PIN code or to change it?
If I'm not correct somewhere at the bottom of the screen after entering it incorrect twice or three times, should display an email reset option. Let me try it and get back to you in just a moment.
Edit : was able to get it working for a friend on Android 2.2 but it is no longer working for me on 4.4.2 sorry.
Double edit : It is the pattern lock you can reset from but there used to be a way to do pin reset. I'll update my post if I find anything else. All the best.
The Nexus 5 advocate (Team Inferno)
TheLastSidekick said:
If I'm not correct somewhere at the bottom of the screen after entering it incorrect twice or three times, should display an email reset option. Let me try it and get back to you in just a moment.
The Nexus 5 advocate (Team Inferno)
Click to expand...
Click to collapse
No, as I said in my OP that's only for pattern locks.
I don't think there is any way to do it without wiping the device. Try safe mode though it may temporarily disable the pin. That would allow you to backup the device
Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Captain Sweatpants said:
I don't think there is any way to do it without wiping the device. Try safe mode though it may temporarily disable the pin. That would allow you to backup the device
Programming is a race between engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Click to expand...
Click to collapse
Just tried Safe Mode but no luck. It really must be the OS that's responsible and not an app.
Thanks anyway!! I'll just have to wipe it.

Clip Tray security concern, anybody else?

Ok after scouring the usual places finally XDA forums had the solution to clear the clip tray's contents which I will provide here for my fellow V20 users. This is the most direct way without something else capturing info while you do it.
1. Shut off phone
2. Restart, login, patiently wait for stabilation
3. Pull up messaging app (built in text)
4. Long press in a text entry field
5. Select Clip Tray
6. Click Garbage Can
7. Either click select all or pick your choices
8. Confirm deletion
Ok great you AND I can now do this. How do you stop the app. Clearly it can be done, but only rooted devices. Why would you want to? No, it's not hardcore paranoia... It's an issue if you use LassPass or other vault and an app prevents overlay. The only way to get a generated password from it to the target app is by pasting it and this Clip Tray retains. This forces cleaning it out each and every password change (in theory) and repeating the above steps.
This um concerns me. Yes I love the ability to recut and repaste like the next human, but password retention isn't one of my common repeat pastes. So the obvious solution is use another app? Right? But you can't kill this without rooting... Um... Nobody else find this a problem or is this just me?!? Sorry if sarcasm is not appreciated. I will edit if offensive, let me know. I have seen other posts on XDA and I guess the negativity rubbed off.
I haven't tested yet with the LGV20, but LastPass cleared it on the LGV10 when I used it... sounds like it might be easier to get LastPass to look into this than LG

Lockscreen issues and Device Manager properties

Two separate topics.
I have the LS777 Boost version running Nougat. I broke the screen and it sat for a couple years before I decided to replace it. Either I forgot the pattern lock or it did because I can't get past it. key points:
USB debugging IS on. It shows up as unauthorized
I can access the recovery screen
NOT rooted (yet, seeing it can be on here prompted me to fix it)
NO custom recovery
No dialer in emergency call mode
When I go from the lockscreen to the camera, take a pic, then hit the pic to preview it, then hit the share button, a bunch of social media icons pop up. If I hit one, it ALMOST goes past the lock screen trying to pull up the app to share.
I have it registered with LG, but I can't find a way to do anything with my device, let alone unlock it, you know like Samsung has.
Account device manager experiment: It had all five of my main accounts on there, but since I regularly change my passwords, I get the Account Action Required notification. If I can get it to authenticate on one of them, then I should be able to go to Where's My Device and set a new lock. I know all of the passwords I have used on my accounts, but I don't know what password I was on when this phone was active. Using my hotspot and changing the name to one of an open wifi I know I conneted that phone to, I am able to get it online (hence the notifications). I took one account and started changing the password on it, waiting 24 hours between each change and waiting a few minutes (until the notification hits my main phone at least) before powering it on. I'm on the third password and no luck.
It's theoretically sound, but I'm wondering if anyone knows for sure whether my device will authenticate the account when I get to the right password.
And yes, I know I can just wipe it. It's an old phone running Nougat that I haven't factory reset. The data on there isn't important, it's just a perfect situation to run some experiments on.
Second thing, because the issue of unlocking LG bootloaders still exists:
I have up Windows Device Manager because I'm working with various phones here. It's on the lock screen (booted normally) and is showing up under Portable Devices. If you co to the Details tab, scroll down to Capabilities, it has a second value: "CM_DEVCAP_SURPRISEREMOVALOK"
Remove a lock? Is this something we can exploit, or is LG pouring salt into the wound caused by them refusing to give us the codes to unlock the bootloaders.
Upon further research, that description in device manager is "surprise removal ok" and had to do with unplugging it.
Still, screw LG for keeping their bootloaders locked even after they decided they were getting out of the cell phone business. Makes the fact they had to shut down their forums even funnier.
On password number 4 of 5. I have a feeling this experiment isn't going to work. I'll report back after the next be password change.
I'm fairly certain I have tried every password from that account by now, and it didn't work.
However there are three other counts on there, stop I'll run the same experiment with them and see what happens.
I mentioned something about sharing pics from the gallery. From the lock screen,
1. Go to the camera icon and pull up camera,
2. Take a pic,
3. The picture will show up in the gallery preview box in the lower right corner. Press (or long-press) it and a pop-out menu will appear just above it.
4. If you pull the menu out, you'll see a bunch of links to various social media sites.
5. Click one of them. I've tried them all, but I usually pick Tumblr because it's the first one.
6. The screen changed to the app's background and it appears to start loading the app and will hang there for about 3 seconds, but then you get sent back to lock screen. It's 3 seconds can be maddening because looks like you're allllllllllmost there and then...no, no you're not.
If anyone knows if there's an exploit there, in all ears. I'm going to restart that password experiment with the second account now.
And I know most "plz help me get past me locked screen" posts are sus and address likely people trying to either scam someone by stealing their info or trying to spy on their significant other. So if anybody has any questions I'll gladly verify that I do own all of the accounts, that they're on this locked device, but due to the time that has passed they don't show up in the device lists in the accounts (not even in the web version of the Play store), and due to password changes wile it was broken, it won't sink now and allow me to reset the lock through "where's my device."

Categories

Resources