the risks of running an unlocked bootloader - Xperia Z General

Hi,
Running an unlocked bootloader is quite risky assuming someone has physical access to your phone.
It's extremely easy simply to put it into fastboot mode, flash a recovery (cwm/twrp) and then adb will provide root access to all data.
This is mitigated by encrypting the device, however, I haven't been successful in doing this (http://forum.xda-developers.com/showthread.php?p=48848592) on this particular phone although it works without any issues on nexus phones.
For the people with unlocked bootloaders, do you simply don't care about someone getting physical access or is there anything that can be done?
Also, did someone manage to successfully encrypt the phone (using the standard settings -> security -> encrypt phone) or is everyone running unencrypted?
Having a remote wipe capability is next to useless assuming the thief will power off the phone immediately (before you have a chance to issue the remote wipe).
An unlocked bootloader is mandatory for running Cyanogenmod so that's that.
Thank you.

A thief (if he had the knowledge or the inclination), could steal a locked bootloader phone (without encryption) and simply flash an ftf and untick "wipe data". He would then have full access to the data on the phone by rooting and flashing a recovery for LB. So locked bootloader is cold comfort really
Sent from my C6603 using xda app-developers app

i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible

You're right, a locked bootloader is indeed a false security.
At the end, encryption is needed but on this phone, it doesn't seem to work and no one tried using it apart from me...

I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.
(At least this is what I tell myself to sleep better at night lol)

SmallsXD said:
I have my BL locked and I ensure that USB debugging is off, seeing as most rooting solutions required USB debugging I should be good for the average criminal. So the only way to have access to my data...(obviously SD card is immediately compromised with physical access) would be to guess my unlock code. Otherwise, a full wipe of the phone would be required for it to be usable but that should delete all my accounts off the device.
(At least this is what I tell myself to sleep better at night lol)
Click to expand...
Click to collapse
Getting all your data is as trivial as flashing a custom recovery for locked bootloaders which will provide direct root access.
It probably takes less than a few minutes.
Like they say, there's nothing more dangerous than the sense of false security.

Its not just having a Locked bootloader but also having USB Debugging off, 3rd Party App installs off as that alone would dramatically reduce the number of compatible tools to achieve root access to your device. As far as I know you have to be rooted in most cases to install custom recoveries or at least that is what most instructions say. Remember security is hardly ever a complete solution, its about making it not worth the effort.
For the average person/criminal it is not worth their time to access my data as it is actually worthless to them, As I said the SD card is already taken as soon.
My antitheft software will be lingering with a Data Wipe command, I would have changed the account information stored, I never stored Billing information. So my risk level is very low and not worth any more effort on my end.
As stated, Im speaking from a personal perspective and not a "best practice" one.
The real problem is we like to unlock everything and tick every security risk option and then complain when things get patched that make our device more secure, like all the root exploits.
BL unlocked - Any compilable kernel can now run
USB Debugging - Access from PC's to send commands to your device
Installs from unknown sources - Allows installations of root apps and other apps
All things we need set to do some great things with our devices but how many of us actually look back at these setting once we enable them. It is the equivalent to taking off a door to get the fancy new furniture inside but never putting it back on when we are done.

elias234 said:
i think the best to happen is to have passwords , when entering fastboot or flashtool , a password should pop up to access the fastboot or flash tool connection , and when entering recovery , a password should also pop up , it is so much secure to get these , but i think it is so hard to make it work or even impossible
Click to expand...
Click to collapse
Suppose i have encrypted my device, i.e., it asks for password before booting up...
Q1 So, is it still possible to access the fastboot or recovery mode? Will entering the recovery or fastboot mode would require the password?
Q2 If no, how can i prevent access to fastboot and recovery mode with an unlocked bootloader?

Related

[Q] Unlock without wipe?

Has anyone figured out a way to unlock this device without having it do a factory reset?
What's the reason for the wipe anyways? I don't understand why this has to happen.
I guess it's impossible, but you can try Carbon Backup to backup your apps+data, it works without root
Sent from my Nexus 7 running Android 4.2.2
I actually have root and titanium backup but it's a pain to backup and restore. Would be nice if the device simply didn't rest itself when unlocked.
Maybe one day the app "Boot Unlocker for Nexus Devices" will support the Nexus 7
Sent from my SK17i running Android 4.1.2
Yeah, something like that is what I'm looking for.
I wonder what method the app uses to unlock other devices.
xxbeanxx said:
I actually have root and titanium backup but it's a pain to backup and restore. Would be nice if the device simply didn't rest itself when unlocked.
Click to expand...
Click to collapse
Weird question how did you root without unlocking bootloader? and why do you need to unlock the bootloader, if you're already rooted?
clockcycle said:
Weird question how did you root without unlocking bootloader? and why do you need to unlock the bootloader, if you're already rooted?
Click to expand...
Click to collapse
I relocked after flashing su (for security reasons). I don't have a need to unlock again right now but wanted to know if it was possible just in case I wanted to flash a zip in the future.
xxbeanxx said:
I relocked after flashing su (for security reasons). I don't have a need to unlock again right now but wanted to know if it was possible just in case I wanted to flash a zip in the future.
Click to expand...
Click to collapse
Ok, makes sense. I did the same thing and couldn't find a way either, and just went at it the same way as initially, wiping.
I've heard that the rationale for forcing a memory wipe when unlocking the bootloader was to protect your data in case your device fell into the wrong hands. If someone steals it and can't get past your lockscreen, they won't be able to get to your device's memory via usb. They can try unlocking the bootloader, but that will wipe the device's memory clean. The thief will be able to use your device but the data is safe. If the bootloader is unlocked, the thief can plug in the phone or tablet, go mucking around in your files, and steal your identity as well as your device.
This is why using a device with an unlocked bootloader is not as safe as using one that is locked. It is also why a new security feature was added to 4.2.2 and adb, although I haven't plugged in my Nexus 7 to find out how it works.
getoffmylawn said:
I've heard that the rationale for forcing a memory wipe when unlocking the bootloader was to protect your data in case your device fell into the wrong hands. If someone steals it and can't get past your lockscreen, they won't be able to get to your device's memory via usb. They can try unlocking the bootloader, but that will wipe the device's memory clean. The thief will be able to use your device but the data is safe. If the bootloader is unlocked, the thief can plug in the phone or tablet, go mucking around in your files, and steal your identity as well as your device.
This is why using a device with an unlocked bootloader is not as safe as using one that is locked. It is also why a new security feature was added to 4.2.2 and adb, although I haven't plugged in my Nexus 7 to find out how it works.
Click to expand...
Click to collapse
Thats a good reason.
4.2.2 on my nexus 4, when I plugged it into the pc, a box poped up on the n4 asking perrmission showing the pc's key..
FWIW, I found this.. http://forum.xda-developers.com/showthread.php?t=2068207

How can I unbrick nexus 6p if I didn't unlock bootloader or OEM?

I'm new to Android. Recently I got a new nexus 6p. I was so confused that whether I have to unlock bootloader or not. Currently I just want to experience the pure Android simply without rooting or changing anything. But I heard a lot about bricked nexus 6 that the device would not be manually fixed if it was not bootloader unlocked before. As I am in China where I have no warranty for my nexus 6p, I have to keep my device safe as possible as I can.
So my question is under the circumstance that I haven't unlocked bootloader or OEM:
How much probability could it be I do nothing but unexpectedly brick the device?
If it is bricked, is it possible to recover it?
Do common nexus 6p users have to unlock bootloader?
Another important thing should be mentioned. Generally I can't access to any service by google in China, so I utilize a proxy tool to get over the great firewall to use google. Is there any experience about the situation like me? I also heard a saying that upgrading nexus 6 firmware by OTA through a proxy tool in China may brick the device, because google can not save the upgrading information of the device for the reason that the proxy IP is not static, then google will push update again, and once you click it, brick.
Puzzled enough...Thanks in advance.
I am not 100% certain what you are asking... If you do not unlock the bootloader, you should not be able to brick your device. The only reason to unlock it is to flash a custom ROM (not official from Google) or to flash Google factory images, which it sounds like might be necessary for you being that you are in China and may not receive OTAs properly. This is a process of downloading a file from Google and flashing to your device after unlocking the bootloader.
Your post was not exactly clear partially, but is your phone already bricked and you are trying to recover, or simply asking for your own reference?
fury683 said:
I am not 100% certain what you are asking... If you do not unlock the bootloader, you should not be able to brick your device. The only reason to unlock it is to flash a custom ROM (not official from Google) or to flash Google factory images, which it sounds like might be necessary for you being that you are in China and may not receive OTAs properly. This is a process of downloading a file from Google and flashing to your device after unlocking the bootloader.
Your post was not exactly clear partially, but is your phone already bricked and you are trying to recover, or simply asking for your own reference?
Click to expand...
Click to collapse
Thanks for replying. Could you please point out the unclear expressions? And I could edit them.
I have only unlocked nexus 6p bootloader, and the device is running well. I do not understand exactly why I have to do this, I just do it in case the situation described by other nexus 6 users happen to my nexus 6p. So I want to figure out the logic.
If you have no reason to unlock it, then you can relock it. Unlocking will always cause a full wipe (factory reset) of the device. Some users have stated that relocking the bootloader will also induce a wipe. If you want to leave it unlocked, this will allow you to flash factory images (such as updates from Google) as often as you'd like. It is possible to flash a factory image without losing any data by modifying the batch file used to flash the firmware.
Simply having the bootloader unlocked should not pose any threat to your device. You have to try very intentionally to flash firmware and risk bricking the device, it's not really something you can do by accident. The one thing I will mention is that with the bootloader unlocked, someone with the correct knowledge could flash a new image on your phone without needing your password or other security information. They would only need to power off the device, enter bootloader mode and plug into a PC to begin flashing. This would remove every trace of you and your data from the device and make it like it was brand new from the factory.
By keeping the bootloader locked and the "Allow OEM unlocking" option turned OFF, a person would need to have your password (or fingerprint) to gain access to this option in the settings, thus not allowing them to flash over the device as it is today.
Hope this helps.
fury683 said:
If you have no reason to unlock it, then you can relock it. Unlocking will always cause a full wipe (factory reset) of the device. Some users have stated that relocking the bootloader will also induce a wipe. If you want to leave it unlocked, this will allow you to flash factory images (such as updates from Google) as often as you'd like. It is possible to flash a factory image without losing any data by modifying the batch file used to flash the firmware.
Simply having the bootloader unlocked should not pose any threat to your device. You have to try very intentionally to flash firmware and risk bricking the device, it's not really something you can do by accident. The one thing I will mention is that with the bootloader unlocked, someone with the correct knowledge could flash a new image on your phone without needing your password or other security information. They would only need to power off the device, enter bootloader mode and plug into a PC to begin flashing. This would remove every trace of you and your data from the device and make it like it was brand new from the factory.
By keeping the bootloader locked and the "Allow OEM unlocking" option turned OFF, a person would need to have your password (or fingerprint) to gain access to this option in the settings, thus not allowing them to flash over the device as it is today.
Hope this helps.
Click to expand...
Click to collapse
According to you, I should not be able to brick my device if I did not unlock the device. I can understand this. But the problem is I am in China...By using proxy, I could receive OTAs correctly. But some nexus 6 users in China still encountered with device bricked after upgrading firmware by OTAs even they didn't unlock bootloader. One possible reason is like what I mentioned in last paragraph #1.
I don't like the prompt each time when I reboot the device after unlocking bootloader. Let's make the problem simpler. Can I unbrick the device if it is bricked and bootloader locked?
I can't really speak to your concern regarding bricking from OTA. This should nearly never happen, but I would suspect that the proxy is the issue. If you are concerned about that particular instance being an issue, I would simply not accept the OTA and don't install it. The file will download to your device and you will see a notification very similar to this: http://images.tapatalk-cdn.com/15/08/12/1c244e92c6a0cd69ca6e1a3037a05d62.jpg If you do not click Install, it will not install itself. You can click Later but usually cannot dismiss the notification. I have had the update pending on my Nexus 7 tablet that I don't often for months, but simply have not upgraded because I don't use it often enough to justify it.
If you want to be on the latest firmware for security reasons (Android 6/M will have monthly security patch releases from Google), you can download the factory images and flash yourself. However, if you believe there may be an issue because of the proxy you are using, the factory image could face the same issue as the OTA as you described. As I said, because I am not in China and do not use a proxy as you do, I cannot comment on how or why other users may have faced a hard brick scenario.
Ultimately, having the bootloader unlocked will allow you to flash the factory image over a bricked firmware caused by a corrupt (or otherwise unusable) OTA. If the phone can enter bootloader mode, you can flash the firmware and restore it to like new state. The warning message you see when booting is not able to be disabled without locking the bootloader again, but it only appears for a few moments. It was previously hidden on the Nexus 6 (not the 6p) so it might be possible in the future, but that is just a guess.
fury683 said:
I can't really speak to your concern regarding bricking from OTA. This should nearly never happen, but I would suspect that the proxy is the issue. If you are concerned about that particular instance being an issue, I would simply not accept the OTA and don't install it. The file will download to your device and you will see a notification very similar to this: If you do not click Install, it will not install itself. You can click Later but usually cannot dismiss the notification. I have had the update pending on my Nexus 7 tablet that I don't often for months, but simply have not upgraded because I don't use it often enough to justify it.
If you want to be on the latest firmware for security reasons (Android 6/M will have monthly security patch releases from Google), you can download the factory images and flash yourself. However, if you believe there may be an issue because of the proxy you are using, the factory image could face the same issue as the OTA as you described. As I said, because I am not in China and do not use a proxy as you do, I cannot comment on how or why other users may have faced a hard brick scenario.
Ultimately, having the bootloader unlocked will allow you to flash the factory image over a bricked firmware caused by a corrupt (or otherwise unusable) OTA. If the phone can enter bootloader mode, you can flash the firmware and restore it to like new state. The warning message you see when booting is not able to be disabled without locking the bootloader again, but it only appears for a few moments. It was previously hidden on the Nexus 6 (not the 6p) so it might be possible in the future, but that is just a guess.
Click to expand...
Click to collapse
OK I choose to give in...leave it unlocked there.
Thank you very much!
gnange said:
OK I choose to give in...leave it unlocked there.
Thank you very much!
Click to expand...
Click to collapse
The decision to leave it unlocked is the right decision. The other person replying in this thread is completely wrong when he says you can't brick a phone if you don't unlock it, that's completely and utterly incorrect. Sometimes things happen, unforeseen spontaneous problems happen all the time with smartphones. If this happens to you and your bootloader is locked there's absolutely nothing you can do to fix it. So yes, leave your bootloader unlocked as an insurance policy against the unforeseen.
@fury683, I'd think twice before telling someone that nothing bad can happen to their phone as long as it's locked, this is false information, and could potentially lead to someone being unable to repair a soft-bricked device due to following your advice.
Heisenberg said:
The decision to leave it unlocked is the right decision. The other person replying in this thread is completely wrong when he says you can't brick a phone if you don't unlock it, that's completely and utterly incorrect. Sometimes things happen, unforeseen spontaneous problems happen all the time with smartphones. If this happens to you and your bootloader is locked there's absolutely nothing you can do to fix it. So yes, leave your bootloader unlocked as an insurance policy against the unforeseen.
@fury683, I'd think twice before telling someone that nothing bad can happen to their phone as long as it's locked, this is false information, and could potentially lead to someone being unable to repair a soft-bricked device due to following your advice.
Click to expand...
Click to collapse
To be fair, I said should not. I've never bricked a device from normal use.
I offered my opinion, and the reasons why. I've been burned by comments and advice from people plenty of times and try my best to help out where I can. I don't think my post was misleading, and I appreciate your comments on the matter as well.
Heisenberg said:
The decision to leave it unlocked is the right decision. The other person replying in this thread is completely wrong when he says you can't brick a phone if you don't unlock it, that's completely and utterly incorrect. Sometimes things happen, unforeseen spontaneous problems happen all the time with smartphones. If this happens to you and your bootloader is locked there's absolutely nothing you can do to fix it. So yes, leave your bootloader unlocked as an insurance policy against the unforeseen.
@fury683, I'd think twice before telling someone that nothing bad can happen to their phone as long as it's locked, this is false information, and could potentially lead to someone being unable to repair a soft-bricked device due to following your advice.
Click to expand...
Click to collapse
Thanks for your advice. So, I can make the conclusion that we should unlock nexus bootloader no matter where we are, when it is and whether we will root or not, right ?
gnange said:
Thanks for your advice. So, I can make the conclusion that we should unlock nexus bootloader no matter where we are, when it is and whether we will root or not, right ?
Click to expand...
Click to collapse
The choice is ultimately yours, but my advice is always to have it unlocked, that way you're able to access and use fastboot in the event that something goes wrong.
fury683 said:
To be fair, I said should not. I've never bricked a device from normal use.
I offered my opinion, and the reasons why. I've been burned by comments and advice from people plenty of times and try my best to help out where I can. I don't think my post was misleading, and I appreciate your comments on the matter as well.
Click to expand...
Click to collapse
As I am new to android, your reply benefits me a lot. I notice you replied me before dawn while it was afternoon in China, thanks for your kindness but you should pay more attention to getting enough sleep, don't burn yourself out. : )
Heisenberg said:
The choice is ultimately yours, but my advice is always to have it unlocked, that way you're able to access and use fastboot in the event that something goes wrong.
Click to expand...
Click to collapse
Actually I used to suppose one has to unlock bootloader only if in China. Now I get it. Thank you !
Heisenberg said:
The choice is ultimately yours, but my advice is always to have it unlocked, that way you're able to access and use fastboot in the event that something goes wrong.
Click to expand...
Click to collapse
Yep what Heisenberg said is 100% true. My phone got bricked after the OTA update resulted in an error. I hadn't enabled the OEM Unlock setting, so couldn't unlock the phone. Have to wait for a replacement now

Relocking bootloader without bricking

Hey all.
So I've installed LineageOS just fine - the unlocking guides around here are mostly clear enough. Certainly not as easy as I've been used to for Nexus and OnePlus devices though! I've been using the 'official' TWRP 3.0.4.1 and not any of the other (now often links removed) unofficial versions.
I've also got my hands dirty with EDL mode and have totally reflashed a couple of times while playing around.
So on to my question. Basically I have an email client for work (Good for Enterprise) that detects unlocked bootloaders as 'root' (even though I'm not rooted), so I would like to relock my bootloader.
However, as soon as I use 'fastboot oem lock' it instantly bricks my phone. It goes straight into EDL mode, from which it cannot return. No bootloader, no recovery mode, no booting of system. Completely dead. All button combos attempted etc.. The only way back that I've found is to flash a whole new system image in EDL, and start over.
So, have I missed something (a signed recovery?) that makes this happen? Are there some verifications that the bootloader does while locked that fails because there's a custom system and recovery in place?
Is there anything I can do about this? Am I doomed to use stock for as long as I need to use this darned app?
Thanks very much!
Yes you need to be completely stock to lock BL.
Also if you want to stay unlocked, you can use MAGISK to hide root for your mailing app.
Thanks for the replies. I actually don't have, and never have had, root. So the only thing it can possibly be detecting is either the custom ROM itself (or rather, not a factory one from some list they maintain) or the unlocked bootloader. So I doubt MAGISK will work, because there's no root there to hide in the first place
(In case it wasn't obvious, we're talking about Good for Enterprise here).
The blackberry mobile device management system (earlier called GFE) doesnt care if bootloader is unlocked, it just checks whether you have a custom recovery (twrp) and that is enough to flag your system as rooted.

How protect phone data when bootloader unlocked?

Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
From me the problem is to protect MY data if I loss the phone...
If my phone is password protected (and bootloader locked), a person that found the device can't use it directly.
It can unlock the bootloader (more or less easily) but the phone data is removed by the unlock process.
My data is sure!
But if the bootloader is unlocked the person that has found my phone can acess to the custom recovery (or load a custom recovery if I'm on stock recovery) then force a wipe of the device.
Due to that, all my security (fingerprint and lock code) was erased and the user can access to my phone and also to all the data stored in /sdcard.
My data isn't sure!
It exists any mode to use a custom ROM but maintaining my data sure?
(I'm not confidence with the Google remote device access)
Thanks in advance!
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
I'll be honest and I mean no offense but your data is worthless. If someone steals your device the first things done are Sim removed and devices reset or powered off. Data thieves don't get the data from stolen devices. They get it from the places we give it freely. Like shopping stores and on line accounts.
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
bartito said:
Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
...........................................
Click to expand...
Click to collapse
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Click to expand...
Click to collapse
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
Black listing the imei doesn't work everywhere. Plus while banned on xda so I can't say how. But the imei is not that hard to change.
bartito said:
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
Click to expand...
Click to collapse
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
sikander3786 said:
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Click to expand...
Click to collapse
bartito said:
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
Click to expand...
Click to collapse
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
sikander3786 said:
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
Click to expand...
Click to collapse
I think in the end I will stay as I am: bootloader unlocked and TWRP instead of the original recovery.
After all... I've never lost a phone...
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
I haven't checked, but I believe it should.
nxss4 said:
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
Click to expand...
Click to collapse
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
Click to expand...
Click to collapse
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
sikander3786 said:
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Click to expand...
Click to collapse
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Hello,
Thanks for your anwer. I appreciate the time that have you spend on my question
I need to go to the FDE thread to learn a bit more about the process and results.
Now, I have 2 more questions...
1) If the phone is encrypted with FBE a user can remove user passwords using "adb shell rm /data/system/*.key
&& adb reboot" commands, like @sikander3786 has explained but, due to the device is encripted, it can't access to my data
and the device will require for the decrypt password when booting in normal mode or recovery. I'm correct?
2) If the device is encrypted with FBE a user can access to /sdcard even without the decrypt password in recovery (TWRP) mode but not if encrypted with FDE?
Thanks again!
Fif_ said:
I haven't checked, but I believe it should.
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Click to expand...
Click to collapse
nxss4 said:
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
Click to expand...
Click to collapse
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
anuragm13 said:
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
Click to expand...
Click to collapse
You can't, but your data isn't accessible without the password
bartito said:
You can't, but your data isn't accessible without the password
Click to expand...
Click to collapse
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
anuragm13 said:
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
Click to expand...
Click to collapse
Yes, you can flash any recovery and any rom, but phone data can't be accessible if you don't have the password.
To use the device you need to know the password or do a data format
Isn't your phone technically always safe as long as you keep it encrypt it?
Only thing a thief could do would be a reset in both cases, isn't it?

Bypass lock screen without root or ADB

Got a question that I am not sure has a proper answer (and yes I know this is a sus question to begin with).
I have an old s7 and I forgot the pattern to unlock it. Developer mode is enabled but since I can't get through the lock screen I can't whitelist my PC on the phone when I connect it. I need to access my google authenticator app because I want to export it to my new phone (use to have it on my new phone but for other reasons it got wiped). I've tried using the samsung service mode code to put it into service mode from the emergency call dialer but that doesn't work. Is there anything else I might be able to try?
use droidkit or drfone screen unlock? I think dr.fone has a free trial, maybe you can screen unlock with it. Or just look for any other 3rd party free screen unlocker. They usually don't need root, nor adb.
Ive tried both but both don't support the s7. At this point I would pay for one of these apps to get into this damned thing.
Is it's bootloader unlocked?
Yes you may try with - UFED4PC_7.49.0.2.tar
This is supported to remove or read screenshot without lock data For Android & specially working on many SAMSUNG devices
AzimBahar said:
Yes you may try with - UFED4PC_7.49.0.2.tar
This is supported to remove or read screenshot without lock data For Android & specially working on many SAMSUNG devices
Click to expand...
Click to collapse
Is that something you can flash via odin or?
Did some research, looks like a full mobile forensic device suite. I don't have 2000 dollars to drop on trying to open a phone.
NO.
This is a tool which can read your phone lock
I wonder if there is a way to use Odin to flash TWRP for a single boot. It might be enough to push the ADB keyfile to the directory or to delete the sqlite keys for the pattern.
AzimBahar said:
NO.
This is a tool which can cellebrite your phone lock
Click to expand...
Click to collapse
That doesn't mean anything Cellebrite is the name of the company that produces UFED.
metalblaster said:
I wonder if there is a way to use Odin to flash TWRP for a single boot. It might be enough to push the ADB keyfile to the directory or to delete the sqlite keys for the pattern.
Click to expand...
Click to collapse
you use fastboot to boot a twrp image on a device, without actually flashing it, but im not entirely sure if you can do it with a locked bootloader. Google it i guess?
PhotonIce said:
you use fastboot to boot a twrp image on a device, without actually flashing it, but im not entirely sure if you can do it with a locked bootloader. Google it i guess?
Click to expand...
Click to collapse
I wonder if I could mount the system partition that way or not bootloader aside. Unlocking the bootloader would kill all the data too which is a no-no.
It does seem possible to flash TWRP on some devices without unlocking the bootloader. How would I go about booting from it with fastboot without flashing it if I tried it? edit: nevermind I know how to do it.
I assume I would have to use the herolte img to try to get it to work since there isn't one specifically for the sprint variant.
Well I tried but I can't seem to read the phone with fastboot. I tried Odin and it predictably threw out the flash because it wasn't properly authenticated either.
Did you install the correct drivers? You need the samsung usb drivers for odin, and some adb and fastboot drivers for adb.
PhotonIce said:
Did you install the correct drivers? You need the samsung usb drivers for odin, and some adb and fastboot drivers for adb.
Click to expand...
Click to collapse
Yeah, of course. I have the Samsung drivers and I tried working with linux and had the same issue. Feels like my only recourse at this point is to setup a kali nethunter.
You also need to manually install adb and fastboot drivers for your device, which for me is pain, but maybe it'll be easy for you.
PhotonIce said:
You also need to manually install adb and fastboot drivers for your device, which for me is pain, but maybe it'll be easy for you.
Click to expand...
Click to collapse
Yeah I have them both. For some reason though Fastboot just doesn't see the device. I tried pinging it with the linux version and its vendor id but it didn't do any good. Kind of a real pain this is becoming. I may just convert my old nexus 11 into a kali nethunter and try to brute force it.
Still haven't found a solution and now I am feeling the consequences. My Nintendo 2FA is on this damned phone. Going to try to call support and get it removed tomorrow but its a real big pain.
Metablaster,
Is there an update to this?
My wife's S8 is pattern locked, she didn't set up a Samsung account prior, and the Google Find my Phone web tool PIN option has been changed/ deleted. Maybe there's an older html version of this somewhere?
ADB keeps coming back that the device access is "unauthorized" even after reboot, so although I thought I enabled USB Debugging before giving her the phone (it used to be mine), she may have restored to factory without enabling it again.
Kali will delete all of the data like a factory reset so that defeats the purpose except to just get use of the phone at all again.
Is there anyone on here that knows of a professional grade service that can do this?
So frustrating...! Why , upon proof of ownership, can't something be done?
Please pm me, I'd want to try the MD-Next option first.
If I run the risk of losing her data than anything more intrusive probably isn't worth it.
mat68046 said:
Please pm me, I'd want to try the MD-Next option first.
If I run the risk of losing her data than anything more intrusive probably isn't worth it.
Click to expand...
Click to collapse
MetalBlaster,
I did manage to get the S8 to boot into Recovery Mode, please PM me about trying the MD-Next step via USB bridge.
mat68046 said:
MetalBlaster,
I did manage to get the S8 to boot into Recovery Mode, please PM me about trying the MD-Next step via USB bridge.
Click to expand...
Click to collapse
Have you already tried to unlock the device with a locked SIM?

Categories

Resources