Just a question. I want to disable secure boot/TPM completely on my Surface Pro 128Gb. Can this be done?
When I disable them both in the UEFi-Bios, it seems it is still working.
I have some programmes from which i changed a few dll's, and when secure boot/TPM recognises them at startup, it boots my Surface in UEFI-Bios mode, with no way of getting Windows 8.1 started.
Anyone had any clues as how to overcome this problem?
Do you get any error messages? Do you know that those changes still result in a bootable system to begin with? Have you tried using a debug or testsigning mode in the booatloader? (If Secure Boot is enabled, you won't be able to set those options, so it's a decent test of that anyhow.)
Oh, and disabling the TPM is generally a bad idea. This is especially true if you have BitLocker enabled, since by default BL requires the TPM. You *should* just be getting a "Enter your BitLocker recovery key" prompt in that case, though.
I dont get any error messages, just my Surface reboots in UEFI-boot mode, where i can enable/disable TPM-secure boot. Whatever I do there, whatever I change there, after restarting I get back in the same UEFI-Bios screen. The only way to recover from this is by resetting my Windows system from my reccovery.
I have installed a program called Trados Studio. For this I have created a few DLL's of my own. When I replace the orginal DLL's with the ones created by me, this happens. I guess because my own created DLL's aren't trusted, while the original DLL's were trusted during installation of Trados Studio.
Well, depending on what DLLs those are, the system may check their signatures even with Secure Boot disabled, and refuse to boot because they're modified. Thus the suggestion to use kernel debug, or TestSigning (you might need to test-sign the modified DLLs for the latter option to work).
GoodDayToDie said:
Well, depending on what DLLs those are, the system may check their signatures even with Secure Boot disabled, and refuse to boot because they're modified. Thus the suggestion to use kernel debug, or TestSigning (you might need to test-sign the modified DLLs for the latter option to work).
Click to expand...
Click to collapse
CheopsChefren said:
?
Click to expand...
Click to collapse
Do you need a keyboard connected to get out of the UEFI-Bios screen, after doing a system recovery the reboot has left me at the American Megatrends Bios screen asking if I want to turn off the TPM. Any help would be appreciated.
EDIT: All is now OK after connecting a touch cover, a regular keyboard would not work but the touch cover and the Esc key did the trick
Related
http://forum.xda-developers.com/showthread.php?t=1267729
I used the above thread to disable the Win8 style logon screen, and now it shows no users. There's a fix underneath the thread, but I don't understand how to do it. Can someone explain?
I figured out another way to fix this problem - figured I'd share it in case anyone else had the issue.
When booting, press F8 at the developer screen to enter the equivalent of safe mode options. Navigate until you find the option to "Refresh" windows. This, from what I understand, reinstalls all system files, but leaves non system files intact. It's worth noting that by non system files, I do not mean application data, such as installed programs.
Sent from my SCH-I500 using XDA App
So it hit me the other day when i was copying files onto my phone with qtadb(stuck with mtp in cm9) that even if a pin on password is set on the phone i can copy/erase anything from the phone, worse if its rooted, if its connected to a computer. Doesn't this kind of defeat the purpose of the pin/password?
If it even possible to disable just the data +/- pins if the phone is locked with a pin/password, and re-enable them once its unlocked?
peachpuff said:
So it hit me the other day when i was copying files onto my phone with qtadb(stuck with mtp in cm9) that even if a pin on password is set on the phone i can copy/erase anything from the phone, worse if its rooted, if its connected to a computer. Doesn't this kind of defeat the purpose of the pin/password?
If it even possible to disable just the data +/- pins if the phone is locked with a pin/password, and re-enable them once its unlocked?
Click to expand...
Click to collapse
That's possibly do-able.
If you edited the sources you could probably disable adb on lockscreen... But if you close all the holes, and something goes wrong, you are stuffed
Remember recovery is always the best way "in" to the device It has root access anyway, and it's unprotected.
i am not an expert or anything.. but to my understanding.. if u dont enable usb debugging and u have lock screen.. u CANT directly modify the data in phone without opening the lock screen first.. i just tested it now.. even if i try to go to usb mass storage mode, im required to open the lock screen and press connect mass storage...
unless u go into download mode and adb but that also require usb debugging to be enable
pulser_g2 said:
Remember recovery is always the best way "in" to the device It has root access anyway, and it's unprotected.
Click to expand...
Click to collapse
Ya i guess if someone knowledgeable enough wants to get into your phone they'll just use recovery. Is protecting recovery possible?
warrez said:
i am not an expert or anything.. but to my understanding.. if u dont enable usb debugging and u have lock screen.. u CANT directly modify the data in phone without opening the lock screen first.. i just tested it now.. even if i try to go to usb mass storage mode, im required to open the lock screen and press connect mass storage...
unless u go into download mode and adb but that also require usb debugging to be enable
Click to expand...
Click to collapse
Quite right, disabling usb debugging won't allow you to adb into the phone. Tasker allows you to run commands if the display is off and unlocked, anyone know the command to enable/disable usb debugging?
i dont know about the tasker's command.. but if u have lock screen and disabled usb debugging.. it should be quite safe so its not useless
There is a reason you get this shiney warning dialog when enabling USB-Debugging.
Ever bothered to actually read it?
peachpuff said:
Ya i guess if someone knowledgeable enough wants to get into your phone they'll just use recovery. Is protecting recovery possible?
Click to expand...
Click to collapse
Encrypt the phone?
Think encrypted phone cannot be accessed through recovery
KeePassDroid.....
Best way is to use 3rd party applicayions - KeePassDroid is free and very good, you can set very secure passwords and it has a desktop application too
I use it to store usernames/pwds and by all accounts its pretty secure, it also supports different encryption types on the database
Security
If your phone is stolen better to use some app from market that you can control remotelly and ERASE COMPLETELY the phone...
Meanwhile, encryption could be enough.
And both together maybe is the best.
I noticed flashing roms (checkrom) that i would still have a lock screen but any way i connected the dots it would unlock.
eseregin said:
Encrypt the phone?
Think encrypted phone cannot be accessed through recovery
Click to expand...
Click to collapse
This is correct.
Using encryption with a proper password (not PIN/Pattern) you need to enter the password in recovery as well.
So even with adb root access in recovery, it's impossible to access the data without the password.
Kingybear said:
I noticed flashing roms (checkrom) that i would still have a lock screen but any way i connected the dots it would unlock.
Click to expand...
Click to collapse
That's because the flag in EFS for the pattern lock is still set, but no actual pattern is set in the system's data.
So, imstead of never letting you "in" anymore due to no correct pattern it just always unlocks.
So you probably have the same problem as i had not long ago, you try using a Tool like Android Command, or SGN3ModTool, or kn0x0ut, or Android AIO Flasher or what not, and it just wont work, and you dont have any idea, why. The answer is pretty simple, yet very hidden and not thought about that much, i first figured it out very lately, and it took some time, so if you are one of them having one of the listed problems above, welcome to my help thread
Q: I get "Device Not Found"
A: Install the latest ADB drivers for all Android Phones, found here: http://adbdriver.com/downloads/
Q: Now i installed all drivers for my Device, but it still wont work. Why?
A: Are you pretty sure "USB Debugging" is enabled in the Developer Options? If not, enable it.
Q: I dont find the "Developer Options" on my Device. How do i get them?
A: I assume you got Android 4.2 or higher, since then, you have to press 7 times on the build number. Go to the "Device Info" tab, and scroll down to "Build Number" and press 7 times in a row on that, it will tell you, that the "Developer Options" have been enabled.
Q: Ok so now i did that, but it STILL wont work, WHY!?
A: Well then i guess you came to the points i landed at, where i didnt know the problem, lucky for you, i found the yet simple, but a bit "Im a Noob, idk that" fix. To fix this, first check your "SELinux Status" under "Device Options", if it is on "Permissive" then it should work for you now, and your good to go, if your in the situation of "Enforced", then you came where i was, no way. How to fix it? Easy, either you can try option 1 or 2. Or just ignore the fact its there and try finding out what it is, until you die trying to find it out
1: (This option might NOT work for some! Samsung Devices, i know it says all in the list, but Samsung Deviced without KNOX will work anyway, and some with KNOX even will, if you disabled KNOX with SuperSU or any other ROOT Tool). Install SELinux Mode Changer
App: https://play.google.com/store/apps/details?id=com.mrbimc.selinux&hl=de
After its installed, enter the app and change it to "Permissive". Reboot your Device, and now try again to connect with USB ADB, it will work guaranteed
2: Install a KERNEL that has SELinux status set to "Permissive" incase the first option does NOT work for you. (Samsung Galaxy Note 3 SM-N9005 ONLY!)
KERNEL 1: http://forum.xda-developers.com/showthread.php?t=2540246
KERNEL 2: http://forum.xda-developers.com/showthread.php?t=2471416
To be honest, i prefer the first KERNEL more, more options and also it has no bugs known for now, the second has some bugs, but less features, if you try staying close to STOCK.
That was all from me for now, if you need more info or help, your welcome to ask.
PM: Want to know what SELinux is? Here: http://en.wikipedia.org/wiki/Security-Enhanced_Linux
Short description: SELinux was invented by the NSA and MAC, to provide more security for Android system, to say it short: To simply **** up the life for Developers . "Enforced" means all request are denied instantly, so thats why ADB USB wont work, cause all requests to the Device are blocked. With "Permissive" this though, makes it so all requests are allowed, but logged and being watched, but still can be run, without problems.
While this is a list with common things that you can do to enable ADB it is still a little misleading - there is ABSOLUTELY no requirement that you NEED to be SELinux permissive for standard ADB to work - that is only the case in certain cooked ROMs + certain kernels, but if you are on stock and you have things installed OK on the PC it will work perfectly with SELinux set to enforcing.
The other thing that is missing is the fact that the latest ADB (since 4.2.x I think) is also doing an extra security-check on the phone - so you need a special adb program on the PC (so that the program can correctly answer to the extra check), and then you need to answer YES when the phone asks if you want to allow ADB rights for that ID (which normally the phone will remember and not ask again).
xclub_101 said:
While this is a list with common things that you can do to enable ADB it is still a little misleading - there is ABSOLUTELY no requirement that you NEED to be SELinux permissive for standard ADB to work - that is only the case in certain cooked ROMs + certain kernels, but if you are on stock and you have things installed OK on the PC it will work perfectly with SELinux set to enforcing.
The other thing that is missing is the fact that the latest ADB (since 4.2.x I think) is also doing an extra security-check on the phone - so you need a special adb program on the PC (so that the program can correctly answer to the extra check), and then you need to answer YES when the phone asks if you want to allow ADB rights for that ID (which normally the phone will remember and not ask again).
Click to expand...
Click to collapse
Thats not correct, i run STOCK ROM, i cannot run any ADB tools without having SELinux set to Permissive, i only want to help people who have the same problem, most people arent like you, who know everything in the world, so they need a bit of help, thats all i wanted to help them with.
Hi all,
Has anyone followed Rayman's excellent article the-inner-workings-of-secure-boot-key-and-nvflash and fully recovered a N7 from APX only mode?
I have this situation which I think resulted from the battery dying during the 4.4.2 update - Doh I know, but thought I had enough juice to complete the update.
Rayman says the required files will be made available but I cannot find them anywhere
Since every motherboard has a unique key, there is no generic blob. To be able to recover your N7, you will need a backup of it, but it's impossible to make if your device is dead.
Try to send it to Asus/Google.
Erovia said:
Since every motherboard has a unique key, there is no generic blob. To be able to recover your N7, you will need a backup of it, but it's impossible to make if your device is dead.
Try to send it to Asus/Google.
Click to expand...
Click to collapse
Did you read the article? Sounds like you can use the sbk which is a hash of the cpuid...
Nope, but why don't you ask around in the flatline topic?
Erovia said:
Nope, but why don't you ask around in the flatline topic?
Click to expand...
Click to collapse
too much of a noob to post on the forum, but thanks for the pointer.
FYI Raymans article. It does sound possible to bring it back, but there was no follow up with the required files;
What is Secure Boot Key and how does it work?
I've been getting lots of questions about this, so here is some simple background:
The secure boot key is an AES128 encryption key that can used to encrypt various data on the flash memory. It's a generic nvidia tegra2 thing, that the manufacturer can optionally use to make their device more "secure".
When the SBK is set, it's stored in a one-time-programmable "fuse". This also means that now that the key is out, they can't change it on already released devices, only new devices.
When the tegra2 starts up, the AES key is available to the hardware AES engine only. E.g. not even the bootloader can read it back! However, the bootloader can *use* the key to encrypt whatever data it wants through the hardware AES engine. And here is the explanation why the blob flashing method actually works! The bootloader checks for the blob in the staging partition and encrypts and flashes it as needed.
Once the bootloader is done, it clear the key from the AES engine which makes it impossible to encrypt or decrypt things from within the OS.
So what happens when it boots into APX/Nvflash mode?
The basic APX mode is stored in the BootROM and hence can never be changed. It appears to accept only a very limited range of commands, and each command needs to be encrypted using the SBK to be accepted. If it receives a command that's not properly encrypted, it disconnects the USB and appears to be off. This is the dreaded "0x4" error that people have been getting when attempting to get nvflash working.
It should be noted, that even with the SBK inputted into nvflash, most regular nvflash commands won't be available. I'm still not entirely sure why (and I can't rule out it will change).
What *is* available, is the nvflash --create command. What this command does is repartition and format all partitions, set bct and odmdata and send over all needed partitions to the device (and encrypt them as needed). This means a full recovery is possible, but regular ability to flash e.g. just boot.img or read partitions off of the device is not possible at this point.
So what do we need for nvflash?
In order to get a working (e.g. --create) nvflash, we need a few bits of information as well as some files:
◦Secure Boot Key
◦BCT file (boot device setup, ram configuration and a bit more)
◦ODM data (board-specific bit-field specifying various board settings. *Needs* to be correct
◦flash.cfg (e.g. list of settings and names/identifiers of partitions.
On top of these files, we also need all the partitions, e.g. bootloader.bin, boot.img, recovery.img and system.img. Luckily, these partition files are available in official ASUS updates and can be extracted from the blob file using my blob tools
The first four peices aren't readily available, but through lots of effort and a good deal of luck, we have managed to recreate the needed files. Secure Boot Key has already been released (note that this was by far the hardest!) and the rest will most likely follow over the weekend. Keep in mind that we want to keep this legal, so don't expect us to release any ready-made packs for unbricking! We will however make the recreated files available. Since these are recreated and not actual ASUS files, there should be no problems with them.
I hope this helps give a better understanding of how and what secure boot key is and what it gives us.
Hi everyone,
A friend of mine got a second-hand tablet Samsung 500t from one of her relatives.
She set her password, but she forgot it after a while. She asked me to help her to sort the problem out but I don't know windows RT and I don't know exactly what to do. In addition, we don't have any cd or user's manual. I tried to reset and I launched the procedure which always ended up with this message:
"Insert your windows installation or recovery media to continue".
I don't know what to do now, and, unfortunately, she hasn't got any back up.
Can anyone help me? Thank you.
Is she using a local account or a Microsoft account? If the latter, you can just reset your password the same way you would if you forgot, say, your Hotmail password. Go to https://login.live.com and follow the "forgot password" steps.
If it's a local account, that's more awkward. There are various steps (short of a full wipe) that you can do, but if you don't know the Admin password then most of the non-wipe options require things like Linux liveCD (or live flashdrive) images and forcibly resetting the password.
GoodDayToDie said:
Is she using a local account or a Microsoft account? If the latter, you can just reset your password the same way you would if you forgot, say, your Hotmail password. Go to login.live and follow the "forgot password" steps.
If it's a local account, that's more awkward. There are various steps (short of a full wipe) that you can do, but if you don't know the Admin password then most of the non-wipe options require things like Linux liveCD (or live flashdrive) images and forcibly resetting the password.
Click to expand...
Click to collapse
She is using a local account. We asked her relative, the former owner, about a Microsoft account, but he didn't know and remember anything about that.
Can you explain me more about using a Distro Linux to reset the password on the tablet?
I used a linux live many times, and I can manage it for easy tasks, but I have never used it to reset or to recover a password on a Window OS.
Thank you, Bob.
If you boot a Linux live image - probably off a flashdrive, unless you have a handy USB optical drive - it can mount the internal NTFS file system and find Security Account Manager (SAM). There are tools that will modify a SAM file to overwrite the password for a user. It's also possible for some tools to brute-force the password, though this can take a long time, or to look it up in a "rainbow table" of pre-computed password hashes (won't work for really complex passwords, though). Forcibly resetting the password will cause you to lose any data encrypted with it, which may include things like passwords the OS was storing for you.
Some stuff that can be used to try and recover passwords (or reset them): http://smallvoid.com/article/winnt-password-recovery.html
There's a bunch of others out there too. Here's another link: http://www.mydigitallife.info/reset...trator-or-user-password-with-chntpw-in-linux/
GoodDayToDie said:
If you boot a Linux live image - probably off a flashdrive, unless you have a handy USB optical drive - it can mount the internal NTFS file system and find Security Account Manager (SAM). There are tools that will modify a SAM file to overwrite the password for a user. It's also possible for some tools to brute-force the password, though this can take a long time, or to look it up in a "rainbow table" of pre-computed password hashes (won't work for really complex passwords, though). Forcibly resetting the password will cause you to lose any data encrypted with it, which may include things like passwords the OS was storing for you.
Some stuff that can be used to try and recover passwords (or reset them):smallvoid
There's a bunch of others out there too. Here's another link: mydigitallife.info/reset-and-change-windows-nt2000-administrator-or-user-password-
Click to expand...
Click to collapse
Can I simply delete the SAM file? I don't think she cares to lose any data so much.
Ok. I was wondering how I can run the usb drive on a windows rt tablet. Is there a "boot device option" like on an ordinary pc/notebook?
Thanks again?:
PS: By the way, where can I find an image of Window 8 rt if I want to totally reset the tablet and install a clear OS?
Aw crap, I can't believe this but I forgot you were talking about an RT device. Forget everything I just said; Secure Boot won't allow it to run a Linux image even if you had an ARM-based one.
Deleting the entire SAM will render the device unbootable. It's not just user account logon details stored there; every account (including the various system ones) are there. On the other hand, if you can extract the SAM somehow, another computer will be able to edit it just fine even though it comes from RT; it's a registry hive and is architecture-independent.
Total reset is probably the easiest option, if she doesn't mind the risk of losing data. It requires a device-specific image though; there should be one (recovery partition) on the tablet, but if that was removed you'll need to find one for download or get Samsung to handle it for you. The Surface RT / 2 images are available here on XDA but I don't know about any of the Samsung tablets.
Go look on the support website (or call support) for instructions on performing a factory reset of the tablet under normal circumstances. That will work if the recovery partition wasn't removed.
GoodDayToDie said:
Aw crap, I can't believe this but I forgot you were talking about an RT device. Forget everything I just said; Secure Boot won't allow it to run a Linux image even if you had an ARM-based one.
Deleting the entire SAM will render the device unbootable. It's not just user account logon details stored there; every account (including the various system ones) are there. On the other hand, if you can extract the SAM somehow, another computer will be able to edit it just fine even though it comes from RT; it's a registry hive and is architecture-independent.
Total reset is probably the easiest option, if she doesn't mind the risk of losing data. It requires a device-specific image though; there should be one (recovery partition) on the tablet, but if that was removed you'll need to find one for download or get Samsung to handle it for you. The Surface RT / 2 images are available here on XDA but I don't know about any of the Samsung tablets.
Go look on the support website (or call support) for instructions on performing a factory reset of the tablet under normal circumstances. That will work if the recovery partition wasn't removed.
Click to expand...
Click to collapse
Ok, I understood.
Can I somehow install a Window 8.1 pro x86 on this device? It has got an Intel Atom processor, after all.
I need drivers, though.
Thanks again.
Now you say it's a x86 device while earlier it was ARM (Windows RT). Make up your mind, it can't be both!
Amax said:
Now you say it's a x86 device while earlier it was ARM (Windows RT). Make up your mind, it can't be both!
Click to expand...
Click to collapse
...hmm actually I'm not sure. The tablet is not mine. I thought it had a Windows Rt OS. But since you say that it can't be an x86 device with an RT OS at same time...I need to find out what it really is. Thanks.
OK
I've finally found out what the OS is?
It's window 8 32bit.
The complete name of the tablet is:
samsung ativ smart xe500t1c-a01it
More, I have it at my home now.
Can we continue the topic?
Thanks
Then the methods GoodDayToDie mentioned in post #4 should work
ok
I fixed it by using Lazesoft recovery.
Thanks
Loss Password? All is not loss, even with the fact you can not boot from a USB stick drive with a password reset tool on it. The answer is actually quite simple with local access to the device Windows 8 is installed on. As long as you can get into recovery by using the "hold volume up" and pushing "Power" button method. You then simply picked Advance Recovery Options till you see Command Prompt in the menu and here's the link that'll take you the rest of the way below. What this does is replace Access Tools (for blind, etc) in Login Screen (lower left corner) with a Command Prompt window. Since it's in with the Root C drive, it makes it quite simple to merely change the password right there and be able to use it to log in immediately.
Thought your computer was safe from hackers locally? Think again (can only be run locally though, not remotely), but if you didn't have this option none of the free or pay4 password reset tools would work either. This is what they are actually doing and then they remove the Command Prompt window when done. Just like you will after using this very simple method. Or you need to use Windows Password Key to reset Samsung password.