Is there a file on the NST that stores the email and password for the B&N account?
If there is, is it encrypted? And how could I get it?
Torimu.Joji said:
Is there a file on the NST that stores the email and password for the B&N account?
If there is, is it encrypted? And how could I get it?
Click to expand...
Click to collapse
I believe that the email is stored in accounts.db (can't tell you the exact location) not sure if the password is there too.
GabrialDestruir said:
I believe that the email is stored in accounts.db (can't tell you the exact location) not sure if the password is there too.
Click to expand...
Click to collapse
I'd be surprised if the password is actually stored
Most likely they do a one time log-in and create a hash/token for later logins.
ros87 said:
I'd be surprised if the password is actually stored
Most likely they do a one time log-in and create a hash/token for later logins.
Click to expand...
Click to collapse
I know a hash/token is created when you validate different cards, but I do know at least on the Nook Color they stored the email. I'll check soon if I can find the database again.
In /data/system/accounts.db you can find the First Name, Last Name, Email and other interesting stuff about the owner of the device. Looking here though it does seem to be mostly Google's information populating this db where as bn has a couple entries about device and user and a couple tokens and that's it.
Related
I went to sleep last night awaiting my first day at sixth form. My G1 was going to be there for internet browsing whilst looking for information (school intranet is very unreliable) but I woke up with a slightly different issue. An ! mark. Turns out somebody had hacked my google account overnight and changed my password. i can now no longer access any google features, including any synced things on the phone, all because of some pesky hacker (of course not aimed at the wonderful 'hackers' on here such as drizzy, twisted, cyanogen, jac etc).
However, I only have one email address so I did not provide an alternate, and to reset my password requires me to know the date i started using my account, which I haven't got a clue. Does anybody know what I can do in this position? Thanks a lot
Tucka
tucka20 said:
I went to sleep last night awaiting my first day at sixth form. My G1 was going to be there for internet browsing whilst looking for information (school intranet is very unreliable) but I woke up with a slightly different issue. An ! mark. Turns out somebody had hacked my google account overnight and changed my password. i can now no longer access any google features, including any synced things on the phone, all because of some pesky hacker (of course not aimed at the wonderful 'hackers' on here such as drizzy, twisted, cyanogen, jac etc).
However, I only have one email address so I did not provide an alternate, and to reset my password requires me to know the date i started using my account, which I haven't got a clue. Does anybody know what I can do in this position? Thanks a lot
Tucka
Click to expand...
Click to collapse
You can wipe your phone and create a new account. Then in the mean time just email google and see what they can do for you.
yep, thats an option. however I have purchased numerous apps (copilot being the most expensive) that are linked to the account and that I will lose.
Also, I emailed them and they said I didn't provide enough information on my account to get it back. How the hell am I supposed to know the dates I started using 1. the account 2. youtube 3. Google calendar?
Why not just provide me with a security question?
tucka20 said:
Why not just provide me with a security question?
Click to expand...
Click to collapse
I'm wondering if you are interacting with a real Google password recovery page. From my account page the only password recovery options are:
- Secondary email (optional)
- SMS (optional)
- Security question
At no point does it ever indicate it would recover my password using something as arcane as the date I first started using Google services. By the way, I highly recommend the "Write my own question" option for the security question. Choose a question that describes a very particular characteristic of one of your heirloom or keepsake possessions.
https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
Besides a secondary email account (which i don't have) it is not possible for me to do this! I am really pi*sed off with google at the minute, and am considering selling the G1 because of this. I am an ebay seller with items currently on and use my gmail address with confidence for that account, and unfortunately I can now no longer send/ receive emails to customers. THANKS A LOT GOOGLE
tucka20 said:
https://www.google.com/support/accounts/bin/request.py?ara=1&hl=en&contact_type=ara&ctx=ara
Besides a secondary email account (which i don't have) it is not possible for me to do this! I am really pi*sed off with google at the minute, and am considering selling the G1 because of this. I am an ebay seller with items currently on and use my gmail address with confidence for that account, and unfortunately I can now no longer send/ receive emails to customers. THANKS A LOT GOOGLE
Click to expand...
Click to collapse
Any reason why you couldn't recover using the regular account recovery screen? It should use your security question.
I'm not sure why you're angry at Google, when your own computing practices are what probably caused your account to be exploited (probably weak password or trojan installed a keylogger)? Regardless, Google is just practicing normal due diligence for account recovery. Account recovery has to use information that only you know (and which you possibly might not even know yourself).
If you're concerned about your eBay sales, go into your eBay preferences and change your registered email.
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
The only other time i use my gmail account is on my g1.
The reason I am angry is because this is the only company I have ever seen with security measures this tight! Even when a friend lost his paypal password it was a simple DOB/ security question thing.
I go to recover password, and it asks for my email address. I then type it, and it tells me I don't have a secondary address to receive my security question and to fill in the form posted above. That is all I get, no security question!
tucka20 said:
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
The only other time i use my gmail account is on my g1.
The reason I am angry is because this is the only company I have ever seen with security measures this tight! Even when a friend lost his paypal password it was a simple DOB/ security question thing.
I go to recover password, and it asks for my email address. I then type it, and it tells me I don't have a secondary address to receive my security question and to fill in the form posted above. That is all I get, no security question!
Click to expand...
Click to collapse
Looks like your stuck getting another email address and trying to work up the Cust. Serv. chain at google...
tucka20 said:
I dont have another email address, and have no intention of creating a new one! My password is a mixture of numbers and letters (UPPER and lower case) and I have a separate laptop that handles ebay sales so the only thing that the laptop accesses is ebay website/paypal/gmail and its running linux.
Click to expand...
Click to collapse
That does sound like a pretty secure setup.
Well I guess the best you can do is just try filling out that password recovery form. It doesn't appear that dates for the times you first started using specific Google services is necessary. Worst case scenario you could just guess. Since you already don't have any access now, I reckon you have nothing to lose. Good luck!
I would like an app that retrieve all of my accounts' email addresses and passwords I am signed on to.
I forgot my email's password but I am signed on, on the app "Hotmail" . Now I know how to change it but what if I dont know some of the questions' answers or my backup email is not listed.
give me options, preferably that work on Nexus 7. Thanks.
If you are not rooted - thrpen I can't help you
Otherwise you could've used Titanium Backup - it can store/recover any app and settings including passwords so you wouldn't have to enter them sgain
Thanks, I'll try that after I'll root my Nexus 7
photogkaram said:
Thanks, I'll try that after I'll root my Nexus 7
Click to expand...
Click to collapse
You're welcome.
Titanium Backup also allows you to backup any system data, so if you want - you can restore things like Google, Email (and etc.) accounts and even your homescreen layout so that you wouldn't have to manually add all the icons and widgets again. Pretty useful piece of software
Recover/force Hotmail Password
photogkaram said:
I would like an app that retrieve all of my accounts' email addresses and passwords I am signed on to.
I forgot my email's password but I am signed on, on the app "Hotmail" . Now I know how to change it but what if I dont know some of the questions' answers or my backup email is not listed.
give me options, preferably that work on Nexus 7. Thanks.
Click to expand...
Click to collapse
Hi,
I have the same problem. My Hotmail password was modified (someone hacked it) but I still can access from my Android phone (Samsung S3). Do you know if there is any way to recovery my current password or force a new one from the application?
Hello!
Is it possible to remove the Google account after rooting? I'm giving the reader as a gift so I'd like to use my account to set up and provide them with it to log into afterwards.
Failing this (I may just be able to use their account if I really have to) - Is it possible to have *no* account associated with the NST? Or, at the very least, remove automatic sync/notifications - The owner most certainly will not want/need to be alerted to their emails on the reader!
Thank you!
LavaChild0809 said:
Thank you for your reply
Perhaps you might be able to help here, too?
forum.xda-developers.com/showthread.php?p=46539085
Thanks again!
Click to expand...
Click to collapse
Sorry not something I have tried. I thought BnN account email should be same as google account to play nice so I setup everything for my relatives using their account details (I know what they are as I setup both for them anyway).
I do have this link bookmarked in my Nook dir for future investigation which might interest you as similar topics.
Crispy3000 said:
Sorry not something I have tried. I thought BnN account email should be same as google account to play nice so I setup everything for my relatives using their account details (I know what they are as I setup both for them anyway).
I do have this link bookmarked in my Nook dir for future investigation which might interest you as similar topics.
Click to expand...
Click to collapse
Thanks for the reply- Anybody else know if it's possible to remove the Google account association once the device is set up? Thank you.
I looked into the databases for Boxer & Gmail and found that they both are storing passwords in plain text. Boxer I found only stored my exchange password(which is my most important) and Gmail was storing all. I would of been fine with any type of password hashing but having them in plain text is completely unacceptable to me, anyone think the same?
Here are some example queries to show your passwords(must be rooted)
Boxer
Code:
su
/system/xbin/sqlite3 /data/data/com.boxer.email/databases/EmailProvider.db "SELECT password FROM HostAuth WHERE protocol IN ('eas')"
Gmail
Code:
su
/system/xbin/sqlite3 /data/data/com.google.android.gm/databases/EmailProvider.db "SELECT password FROM HostAuth WHERE protocol IN ('gEas')"
Stock Email(Play Store app)
Code:
su
/system/xbin/sqlite3 /data/data/com.google.android.email/databases/EmailProvider.db "SELECT password FROM HostAuth WHERE protocol IN ('gEas')"
This is bad...
terrible this must be fixed, passwords should be encrypted
Doesn't return me any rows when looking up that database by such command. I am currently looking into the database though.
EDIT: Not sure if I am blind or the info isn't displayed when looking inside database with a database browser.
Someguyfromhell said:
Doesn't return me any rows when looking up that database by such command. I am currently looking into the database though.
EDIT: Not sure if I am blind or the info isn't displayed when looking inside database with a database browser.
Click to expand...
Click to collapse
Depends on the browser you using but through terminal you will see it. If you can't see anything with either command, then your emails are not setup as EAS. IMAP or POP may do the same thing, I just don't have any accounts that use it to test it
Calkulin said:
Depends on the browser you using but through terminal you will see it. If you can't see anything with either command, then your emails are not setup as EAS. IMAP or POP may do the same thing, I just don't have any accounts that use it to test it
Click to expand...
Click to collapse
I doubt the browser would make any difference, the database should still include/display same data.
I believe the issue for not seeing any is this EAS, which I am not familiar with.
this should be front page
Is this for any device they are installed on? Not just specific to our OPO?
So if your rooted and someone managed to get access to your phone they could get these passwords easily enough. [emoji53]
gsmyth said:
Is this for any device they are installed on? Not just specific to our OPO?
So if your rooted and someone managed to get access to your phone they could get these passwords easily enough. [emoji53]
Click to expand...
Click to collapse
any phone, same root location, or altered, just a question of knowing where to look
as long as you don't give shady apps root permission, you're fine.
sprremix said:
as long as you don't give shady apps root permission, you're fine.
Click to expand...
Click to collapse
its still verry verry wrong...
plus it doesnt prevent anyone else from getting it from your phoen
Someguyfromhell said:
I doubt the browser would make any difference, the database should still include/display same data.
I believe the issue for not seeing any is this EAS, which I am not familiar with.
Click to expand...
Click to collapse
Do you see anything in the HostAuth table?
bachera said:
this should be front page
Click to expand...
Click to collapse
Definitely should be
gsmyth said:
Is this for any device they are installed on? Not just specific to our OPO?
So if your rooted and someone managed to get access to your phone they could get these passwords easily enough. [emoji53]
Click to expand...
Click to collapse
It's app specific and through recovery it can be had also
bachera said:
its still verry verry wrong...
plus it doesnt prevent anyone else from getting it from your phoen
Click to expand...
Click to collapse
Correct, very very bad
Calkulin said:
Do you see anything in the HostAuth table?
Definitely should be
It's app specific and through recovery it can be had also
Correct, very very bad
Click to expand...
Click to collapse
You should raise with Google and maybe even get rewarded? :fingers-crossed:
http://www.google.co.uk/about/appsecurity/reward-program/
gsmyth said:
You should raise with Google and maybe even get rewarded? :fingers-crossed:
http://www.google.co.uk/about/appsecurity/reward-program/
Click to expand...
Click to collapse
Thanks, I sent a report to see if I get a response
Only my eas password shows up in boxes - the imap and smtp passwords for my gmail accounts in boxer don't show up.
I don't have email sync for the stock gmail app enabled, perhaps that's why there are no rows in the HostAuth table for the gmail db?
I can confirm this worked with Boxer. It showed my exchange passwords but not my IMAP password. This is BAD BAD BAD. Thanks for finding this...how did you stumble upon this anyways?
Submitted a tip on the front page regarding this and also sent boxer an email.
Guys seriously. The only reason you can see your password is because you rooted your device. the /data partition which is where the app databases are stored does not grant read permissions to a non-root user. The fact that you chose to root your device is well within your rights but you have to understand that by doing so you are opening up the door for a virus or rogue app to get access to your previously secure data. I'm happy to help answer any questions you might have but this drum has been beat millions of times so you have not stumbled across something new. All Android apps do this, ALL. That's because on a non-rooted device this data is secure in a sandbox environment.
---------- Post added at 02:02 PM ---------- Previous post was at 01:56 PM ----------
Here's an article from 2010 discussing this http://www.androidcentral.com/android-passwords-rooted-clear-text
shafty023 said:
Guys seriously. The only reason you can see your password is because you rooted your device. the /data partition which is where the app databases are stored does not grant read permissions to a non-root user. The fact that you chose to root your device is well within your rights but you have to understand that by doing so you are opening up the door for a virus or rogue app to get access to your previously secure data. I'm happy to help answer any questions you might have but this drum has been beat millions of times so you have not stumbled across something new. All Android apps do this, ALL. That's because on a non-rooted device this data is secure in a sandbox environment.
---------- Post added at 02:02 PM ---------- Previous post was at 01:56 PM ----------
Here's an article from 2010 discussing this http://www.androidcentral.com/android-passwords-rooted-clear-text
Click to expand...
Click to collapse
yeah well, its to easy to say only rooted users affected, its still a flaw and sloppy security, I believe google should have covered this to at least provide an additional security.
what if due to some flaw other then root it becomes accessible. then its up for grabs. Just a small fix for a potential big hole.
not sure but security companies audit on this stuff
anyway, it makes it very interesting for business users and other shady usecases.
bachera said:
yeah well, its to easy to say only rooted users affected, its still a flaw and sloppy security, I believe google should have covered this to at least provide an additional security.
what if due to some flaw other then root it becomes accessible. then its up for grabs. Just a small fix for a potential big hole.
not sure but security companies audit on this stuff
anyway, it makes it very interesting for business users and other shady usecases.
Click to expand...
Click to collapse
The same concept is used in Chrome for each tab. The same thing is used for Virtual Machines which operate in their own sandboxed environment. The same thing is used in virtual servers that people rent out from Amazon. The whole purpose is if you don't have root then you don't have access to the sandboxed data. If you didn't have root you would have no way of obtaining this information. Google is well aware of how sandboxed environments work and they provide the necessary security to protect against this as long as you don't root your device.
Think about this further, in order to encrypt that password the hash/key would need to be stored somewhere.....get access to that key and once again you have the passwords accessible. The only real solution would be requiring you to enter a pin/password every time the app needed to decrypt the password. Otherwise if you need to enter it every time then you lose the ability to background sync because the password is needed for every connection. This can go round-robin. This is likely why Google did not encrypt the password. To allow for background syncing. If you have a solution to the problem feel free to mention it because obviously Google couldn't think of one. They felt the sandboxed environment was secure enough.
shafty023 said:
Guys seriously. The only reason you can see your password is because you rooted your device. the /data partition which is where the app databases are stored does not grant read permissions to a non-root user. The fact that you chose to root your device is well within your rights but you have to understand that by doing so you are opening up the door for a virus or rogue app to get access to your previously secure data. I'm happy to help answer any questions you might have but this drum has been beat millions of times so you have not stumbled across something new. All Android apps do this, ALL. That's because on a non-rooted device this data is secure in a sandbox environment.
---------- Post added at 02:02 PM ---------- Previous post was at 01:56 PM ----------
Here's an article from 2010 discussing this http://www.androidcentral.com/android-passwords-rooted-clear-text
Click to expand...
Click to collapse
You're missing the point, my issue is that it's being stored in plain text, not about who can access that info
Calkulin said:
You're missing the point, my issue is that it's being stored in plain text, not about who can access that info
Click to expand...
Click to collapse
Did you read my previous message regarding the downside of encrypting that password? How you would no longer have background syncing? Is that a trade off you're willing to accept? It's one thing to complain about something, it's another to actually have a solution.
I have rooted nstg with 1337 rom. For very long time i've been using dropbox & dropsync to sync nstg with my hdd bookshelf. But my old version of dropsync is not working anymore and newer is not compatible with android 2.1.
Is there any other usable aplication to sync dropbox. Or maybe there is better system to sync computer with nook over internet?
Yes, i know this is ancient system and hardware. But apart from this feature it is still usable.
jakubfk said:
I have rooted nstg with 1337 rom. For very long time i've been using dropbox & dropsync to sync nstg with my hdd bookshelf. But my old version of dropsync is not working anymore and newer is not compatible with android 2.1.
Is there any other usable aplication to sync dropbox. Or maybe there is better system to sync computer with nook over internet?
Yes, i know this is ancient system and hardware. But apart from this feature it is still usable.
Click to expand...
Click to collapse
So, I only know about Dropbox. Is that not working for your NSTG any more? Google Books is another option if all the books are EPUBs.
Mmm.....I just fired up Dropbox on my NST and uploaded a file which I can see on my PC.
nmyshkin said:
Mmm.....I just fired up Dropbox on my NST and uploaded a file which I can see on my PC.
Click to expand...
Click to collapse
Can You tell me your exact version of the app? Is it orginal dropbox app or third party like dropsync?
jakubfk said:
Can You tell me your exact version of the app? Is it orginal dropbox app or third party like dropsync?
Click to expand...
Click to collapse
It's an "original" Dropbox app, v 1.2.4. You can download the apk file (and others) by following the link in my signature below.
nmyshkin said:
It's an "original" Dropbox app, v 1.2.4. You can download the apk file (and others) by following the link in my signature below.
Click to expand...
Click to collapse
I checked. You are right. Orginal dropbox 1.2.4 works. But it can only download/upload files. I can't sync local folder and dropbox. I would like to have exact copy because i mostly read offline
Bwt. link to zip i post from signature is blocked by mediafire.
jakubfk said:
I checked. You are right. Orginal dropbox 1.2.4 works. But it can only download/upload files. I can't sync local folder and dropbox. I would like to have exact copy because i mostly read offline
Bwt. link to zip i post from signature is blocked by mediafire.
Click to expand...
Click to collapse
Thanks for the heads-up on the file problem at Mediafire. Hmm...I wonder how to get around that?
There is still Google Books. Once the book is available on your device for off-line reading, you don't need to reconnect and sync unless you want to read it from some other device and pick up where you left off.
Edit: OK, I think I've fixed the zip file download. At least it just worked for me from a newly edited link. Thanks again for the info.
nmyshkin said:
Thanks for the heads-up on the file problem at Mediafire. Hmm...I wonder how to get around that?
There is still Google Books. Once the book is available on your device for off-line reading, you don't need to reconnect and sync unless you want to read it from some other device and pick up where you left off.
Edit: OK, I think I've fixed the zip file download. At least it just worked for me from a newly edited link. Thanks again for the info.
Click to expand...
Click to collapse
I don't see Dropbox in the linked page. Is it still available/working?
aabceh said:
I don't see Dropbox in the linked page. Is it still available/working?
Click to expand...
Click to collapse
You're right, it's gone. I removed it recently since I never used it. Let me see if I can scare up a copy.
Edit: Here you go. Version 2.3.8. I just tried it and was able to log into my account.
nmyshkin said:
You're right, it's gone. I removed it recently since I never used it. Let me see if I can scare up a copy.
Edit: Here you go. Version 2.3.8. I just tried it and was able to log into my account.
Click to expand...
Click to collapse
When I try to log in, I get a message saying the app is out of date and I need to update it. Is there a way to get around that?
Edit: It won't let me log in because of the message, it's not just a superficial issue.
aabceh said:
When I try to log in, I get a message saying the app is out of date and I need to update it. Is there a way to get around that?
Edit: It won't let me log in because of the message, it's not just a superficial issue.
Click to expand...
Click to collapse
That's pretty bizarre. I really did install it last night before posting and was able to sign in without difficulty. I even saw a document I left there some time ago.
I wonder...have you updated your cacerts.bks file? Maybe the security certificate needed to sign in to the Dropbox server has expired in the old cacerts.bks file. That's not so far-fetched as a cause since similar behavior was seen with the Kindle app when that certificate expired.
Omg thank you so much for posting this apk - it worked to get my NST back into Dropbox with the workflow I’m used to. I thought the ability to use a working Dropbox sync was dead long ago
FWIW - I accidentally clicked login without my password filled, it asked for a 2-factor password pin sent to my email. I entered it and my Dropbox password and it’s all good now
mrbryan said:
Omg thank you so much for posting this apk - it worked to get my NST back into Dropbox with the workflow I’m used to. I thought the ability to use a working Dropbox sync was dead long ago
FWIW - I accidentally clicked login without my password filled, it asked for a 2-factor password pin sent to my email. I entered it and my Dropbox password and it’s all good now
Click to expand...
Click to collapse
You're welcome. No one is more surprised than I am since I long ago got the message from Dropbox that the old app would no longer be supported!