Hey guys, so I have the CEO of my company phone which is a Note 3 on Verizon. I pushed out an ActiveSync Policy yesterday which has the following settings:
* Require Password
* Enable password recovery
* Allow simple password
* Minimum password length: 4
* Time without user input before the password must be re-entered: 2 minutes
He stated that he didn't put a password in... ಠ_ಠ - So I tried put him back to the old policy. I tried the Recovery Password that I found in exchange using: "Get-ActiveSyncDeviceStatistics -Mailbox:"jbrown" -ShowRecoveryPassword:$true" but that password does not work.
Is there any way to reset the passcode without wiping the device?
Also if you have any suggestions on 3rd party apps to not have this happen in the future on other devices, I'd greatly appreciate it.
Thanks,
MC
Related
Cryptfs Password Manager
Android device encryption password manager app. Lets you changes the Android disk encryption password. Essentially the same as
Code:
# vdc cryptfs changepw <newpassword>
but easier to use and slightly more foolproof. Requires root access.
WARNING
If you forget the new password after you change it, you will not be able to boot the device. You will have to perform a factory reset, DELETING all your data. Make sure you take a full backup before using this tool, and REMEMBER THE PASSWORD. You have been warned, use at your own risk!
Why and how to use this
Android 3.0 (Honeycomb) introduced disk encryption and it has been available on all subsequent versions. It encrypts the data partition with a key protected by a user-selected password and requires entering the password in order to boot the device. However, Android uses the device unlock password or PIN as the device encryption password, and doesn't allow you to change them independently. This effectively forces you to use a simple password, since you have to enter it each time you unlock your device, usually dozens of times a day. This tool allows you to change the encryption password to a more secure one, without affecting the screen unlock password/PIN. To change the device encryption password simply:
Enter the current password (initially the same as the unlock password/PIN)
Enter and confirm the new password
Hit 'Change password'
The changes take effect immediately, but you will only be required to enter the new password the next time you boot your device. Make sure you choose a good password, not based on a dictionary word, since automated tools can brute force a simple password in minutes. Above all, make sure you REMEMBER the new password.
If you change the device unlock password/PIN, the encryption password will be automatically changed as well. You need to use this tool again to change it back, if required.
Once Android adds an official way (system UI) to change the passwords independently, this tool will no longer be needed. Star this issue if you want this to happen:
code.google.com/p/android/issues/detail?id=29468
How to get it
The app is also available in the Google Play Store:
play.google.com/store/apps/details?id=org.nick.cryptfs.passwdmanager
And source is on Github, Apache 2.0 licensed:
github.com/nelenkov/cryptfs-password-manager
Acknowledgments
Borrows some code from github.com/project-voodoo/ota-rootkeeper-app, under the WTFPL license
Hello,
I remember when i set up A1 in firstboot, it asked if i want to be prompted with a password before booting android, to which i said no.
So this in effect, must have encrypted with the default password on first boot. This lets the system boot, and core services started, if the device gets rebooted
without my knowledge(so that i recieve calls and sms) VS, if it asks password before booting(uses my pin as password instead of default password), the core services arent available untill i put my pin in.
This issue was supposed to get solved through Nougat's FBE.
So my question is that, does Mi A1 uses FBE, so that even if i had opted for my pin as password before booting, i would not be blocked of using core services like phone and sms, with OS waiting at pin prompt?
Thanks.
as i have researched more, A1 does not support FBE.
read this excellent writup
In the above article, it shows how to convert to file based encryption. This option in the developer settings is missing from A1.
this is the first major disappointment with A1. Was shocked on system setup to see this. Didn't expect this from a phone expected to receive updates upto P.
ashjas said:
as i have researched more, A1 does not support FBE.
read this excellent writup
In the above article, it shows how to convert to file based encryption. This option in the developer settings is missing from A1.
Click to expand...
Click to collapse
Why do you think ? What encryption does it use ?
It uses FDE. This can be seen when you reboot the device - the black background and basic keyboard. This is FDE.
FBE would boot the device in an intermediary state with wallpaper, full keyboard.
Now if you ask me FDE seems a bit more secure - you can be sure that everything on the device's data partition is encrypted and the only available function is emergency call.
FBE encrypts certain folders but more code is running at startup so you can in theory receive notifications and stuff for certain apps. I certainly don't need stuff running before i authenticate.
gradinaruvasile said:
It uses FDE. This can be seen when you reboot the device - the black background and basic keyboard. This is FDE.
FBE would boot the device in an intermediary state with wallpaper, full keyboard.
Now if you ask me FDE seems a bit more secure - you can be sure that everything on the device's data partition is encrypted and the only available function is emergency call.
FBE encrypts certain folders but more code is running at startup so you can in theory receive notifications and stuff for certain apps. I certainly don't need stuff running before i authenticate.
Click to expand...
Click to collapse
So when the phone was set up in a way, where there was no password asked during (in the middle of) the boot process, how easy would it be for thiefes to access data stored on a A1 ? And how much would it help them if bootlocker was unlocked ?
When you reboot the phone, and you do not have a FDE password set up, the phone still asks for a PIN aftrer booting, with the text "Unlock for all features and data". This sounds like FBE to me.
- PIN is probably from the SIM card. My A1 never asked anything until i set up a password. But mine came with Android 7.1.1 so it is a possibility that some to come with later versions (that have FBE?)?
- FDE is usually enabled anyway on Android 7.1+ but it has a default password set ("default_password" AFAIR). So if you run TWRP for example, even without installing it,it will acces your data because it knows this default password. If you specify a custom password the disk will not be unlocked without it.
- A locked bootloader brings additional security. The idea behind it is to have a verified boot chain - if someone gets hold of your phone to not be able to flash custom system apps on it.
The partitions are checksummed and verified via dm-verity. So at boot time any unauthorized alterations (done, say, with booted TWRP, installed Magist and root then re-locked bootloader afterwards) will trigger a "System Destroyed" message.
The above will be all disabled if you unlock the bootloader and install TWRP. As for now TWRP (or any other loader) cannot ensure system consistency. It is possible to flash stuff on your device by restarting it and launching TWRP. If you have a strong encryption password set up your data partition will still be inaccesible to them but if you get your phone back and start it up the malware will start and do nasty stuff like siphoning all your data, passwords etc (because you can flash system apps that can see everything on the device).
After restart, it asked me for a PIN and then for SIM PIN, (even when draw pattern was my configured way for unlock). It never again asked me for PIN, only right after reboot. Why else would I be asked for a PIN only after reboot, if not because of FBE?
Main problem:
Error apperaing : 10008 : fid???
Using Global Stable
---
From the start
* Applied for unlocking in October.
* Received SMS in half an hour
* Waited for 14 days
* Couldnt get `Add Account & Device` to work. Same error
* Used PlexVPN from China-Shanghai/Beijing but same error
* Tried more than 10+ times
* (ノ °益°)ノ 彡 ┻━┻
Gave up unlocking
January
Tried unlocking without this `Add Account & Device` but got stuck at 99%
"Current account is not bound to ..."
Logged out of Mi Account and then logged in. Same
Find my device is on, GPS is On, Device is showing on i.mi.com
Downloaded Global Beta.
Updated phone.
Same problems.
Tried changing VPN Server many times but same problem.
Please help :'(
Please help
Enable OEM unlocking in developer settings and bind account.
It is enabled
babaarpit said:
Main problem:
Error apperaing : 10008 : fid???
Using Global Stable
---
From the start
* Applied for unlocking in October.
* Received SMS in half an hour
* Waited for 14 days
* Couldnt get `Add Account & Device` to work. Same error
* Used PlexVPN from China-Shanghai/Beijing but same error
* Tried more than 10+ times
* (ノ °益°)ノ 彡 ┻━┻
Gave up unlocking
January
Tried unlocking without this `Add Account & Device` but got stuck at 99%
"Current account is not bound to ..."
Logged out of Mi Account and then logged in. Same
Find my device is on, GPS is On, Device is showing on i.mi.com
Downloaded Global Beta.
Updated phone.
Same problems.
Tried changing VPN Server many times but same problem.
Please help :'(
Click to expand...
Click to collapse
Use latest version of mi unlock tool
hackermssharma said:
Use latest version of mi unlock tool
Click to expand...
Click to collapse
Using latest
babaarpit said:
Using latest
Click to expand...
Click to collapse
Then just make an another mi account and again request approval to unlock then login that new account in your device and try to unlock via this new account?
Tried, not working
Hello XDA-Community,
I've got a Yoga Tab 3 Pro YT3-X90L from a customer.
He was telling me, that he wanted to unlock his device with the pattern, mismatched for several times and now its locked and requires the owners google account. Or something like that. He never had the owners google account. He told me that his seller has activated his device for him. And he has no clue who it was.
Now here is my part.
I've researched and obviously it's a FRP. The owners google account information are stored in the FRP-Partition. And this partition won't get deleted with a simple factory resett.
What i've tried so far:
1.) https://www.youtube.com/watch?v=nCzrnnh2K1w I was able to follow this tutorial to minute 9:08. But the option "Email and password" is not there anymore. I guess they patched it with 6.0.1.
2.) I tried to flash a stock rom or twrp with LenovoDownloader(QcomDLoader). The stock rom file is: Lenovo_Yoga_Tablet_3_YT3-X90L_ENG_S200028_1609230146. even its a german device this file was the only one i could find. But the LenovoDownloader won't recognize my device. The windows stays white, no entries. I guess i installed the correct driver for this device and Windows recognizes them as removable device if i plug it in via usb.
3.) I've tried to use adb and fastboot boot oem unlock. But this commands aren't working in locked state.
4.) With a trick i could open the Settings and was full of hope to active the developer options to set usb debbuging to active. But this developer options aren't available either with this "user".
5.) There is an apk for showing the "Email and password" interface. I could install it, but it force closes right after starting it.
6.) I've tried several tools to bypass this FRP: WinDroid Toolkit, D-G Unlocker, Realterm, but NOTHING.
What could i do further? I'm out of ideas right now.
I've read about a factory_update.img but i cant find anything, except the stock rom file, for this device.
Or downgrading the device, so i could use the "Email and password" but. But i can't even flash the stock rom.
Specs for the device:
Lenovo Yoga Tab 3 Pro YT3-X90L
Lenovo/YT3_l0_row_lte
6.0.1/MMB29M/LenovoYT3-X90L_S200307_170614
i appreciate any help i can get
greets
redplate
I've wrote it down. Hope this helps.
Situation:
"Confirm account: The device has been reset. To continue, sign in with a Google Account that was previously synced on this device. "
Explanation:
The device has been blocked by repeated input of the wrong password, pattern, etc. and can only be unlocked with the Google account of the owner.
A factory reset or hard reset does not help here, as the account information is saved in its own FRP partition and will not be deleted when the factory state is restored.
Solution:
1. Connect device to a Wi-Fi and Internet access.
2. Before confirming "Next", select another hotspot here
3. Go to "Advanced Settings" and change the proxy settings of any hotspot to Manual.
4. In the text input field of the proxy settings you enter now any word: e.g. Test
5. Now mark this word and select "Assist" in the context menu.
6. Selecting this "Assist" option opens the Google search application.
7. You can now not only browse the Internet through this search, but also search for and open installed programs.
8. We are looking for Chrome, open the internet browser, go to www.google.com and search for DPC test.
Link: https://www.apkmirror.com/apk/sampl...-release/test-dpc-4-0-6-android-apk-download/
9. After downloading this application, go back to the Google search application.
10. Here we enter "Download" to search for the download application.
11. In Downloads we can now find and install the downloaded app.
12. To allow the installation of this .apk, you must allow the installation of "unknown sources" in the settings.
13. Either you go here on the installation itself on "Settings", or you search for "Settings" on the Google search app.
14. After completing the installation of the DPC-Test program, start it with "Open".
15. The app itself is will register as a device owner and now allows us to set up a new Google Account as owner.
16. If this is set up, it will also be included in the FRP partition.
17. In the event of a new factory reset, the device is reset, the DPC-Test program is removed and the device can be freshly set up in the factory settings.
after the takeover of the owner, the reason for blocking the device was not present anymore and the old owner was overwritten. This will be overwritten in the FRP partition aswell with the new account and the old one no longer queried.
You, mister, are my savior! Thank you very much.
Solve works for Lenovo Yoga 3 tablet
Just a big giant thank you! My dad passed away leaving me a Lenovo Yoga 3 tablet, unable to gain access due to information stored in the FRP partition. :highfive:
Hi
I followed your instructions for first 5 points
redplate said:
1. Connect device to a Wi-Fi and Internet access.
2. Before confirming "Next", select another hotspot here
3. Go to "Advanced Settings" and change the proxy settings of any hotspot to Manual.
4. In the text input field of the proxy settings you enter now any word: e.g. Test
5. Now mark this word and select "Assist" in the context menu.
6. Selecting this "Assist" option opens the Google search application.
Click to expand...
Click to collapse
I marked the word and only that is offered on the top right side is : SELLECT ALL - CUT - COPY.
There is no ASSIST option . I don't know, maybe this tablet on my desk has a newer android version with that option removed...
Is there any other solution? Probably will be helpfull for me as well for someone who will have tjis problem in the future
Thx in advance
marOOn1971 said:
Hi
I followed your instructions for first 5 points
I marked the word and only that is offered on the top right side is : SELLECT ALL - CUT - COPY.
There is no ASSIST option . I don't know, maybe this tablet on my desk has a newer android version with that option removed...
Is there any other solution? Probably will be helpfull for me as well for someone who will have tjis problem in the future
Thx in advance
Click to expand...
Click to collapse
Hi. Actually I'm not into this anymore. Could be possible they removed it since it might was reported.
If I have any idea I'll let you know it
A friend of mine has a RED Hydrogen One and has been experiencing weird behavior. Below are the steps:
1. Enter phone password
2. Press/tap enter to Unlock
3. Phone thinks, goes back to prompting for password
4. Enter an incorrect password
5. Press/tap enter
6. Get "Incorrect password" message is returned
In other words, the phone knows the password is correct, but when you tap to unlock it thinks for a moment and then goes back to the text box.
It does know, whoever, when you enter an incorrect password, so the password validation works.
She has a lot of sensitive documents stored in the physical phone storage (I know, I told her she should have never done that) so we are trying to avoid resetting if it is possible. Is there a place I can send the phone and have the data extracted? I tried connecting it to my laptop, but without USB for File Transfer enabled, it never sees the files from the phone.
Thanks in advance,
Danny