Major Security Break - Zuk Z1 Q&A, Help & Troubleshooting

There is a bypass that can disable all kind of tracking if someone steals your phone.
It's the quick settings avaliability in lock screen mode, even when you have the any kind of protection turned on(PIN, Fingerprint, etc.). Try it yourself... Imagine yourself as a thief who stole the phone... You know someone can track you so you just like open quick settings and turn off all kind of data or just simply turn on airplane mode... There's not a single chance for the owner to track the device anymore.
It is not just on ZUK Z1, it's the whole Lolipop series.
My question is:
1. Is Marshmallow going to fix this problem?
2. Is there any way of contacting directly the people who work in Cyanogen on this phone, who can make option that can disable status bar pull down while the screen is locked.
(I know there might be some modding options that can do that, but I just got the phone and I'm not yet into rooting it and voiding warranty, and also it shouldn't even matter. You don't have to mod anything in order to get basic security over your phone.
And I also know there are more ways to break into phone, but this one is just too simple & fast)

Enogh panic! Just go to notification drawer settings and find out everything you need.
P.S. Thogh there is still an issue when mobile data can be disabled...

lol...if you phone is stolen two things happen first, sim card is removed and phone is power off...... then any sensible thief will then go in recovery mode and wipe it .....
phone disappears forever....
until there is a way to protect recovery mode via some password ,your phone can always be stolen without a trace...

i think you're in a wrong section mate.

crashsvg said:
lol...if you phone is stolen two things happen first, sim card is removed and phone is power off...... then any sensible thief will then go in recovery mode and wipe it .....
phone disappears forever....
until there is a way to protect recovery mode via some password ,your phone can always be stolen without a trace...
Click to expand...
Click to collapse
You don't say? Not that I explained in the post that there are numerous ways of breaking in besides that. But to stop stupid people from easily stealing phone is neccessary to remove option of simply turning off data, location or any other connection source. Stop being cpt. Obivious and please answer the problem question if possible. Otherwise please don't point me things I already explained in the post. Thank you.
(I don't want to be rude, just to clear the situation, thank you for your understanding)

Is this serious, or a joke? LMAO

Related

Recovery Password Protection?

As the title says.. is it within the scope of any dev to have some kind of lock or password protection on accessing recovery? This would obviously have to be optional.
Wavesecure is kinda rendered useless if someone could easily flash another rom on the phone before the user can get to wiping all data.
I'm not so concerned about getting a phone back after it's stolen... but i'm much more worried about the information i may have stored on it.
Is this even possible?
Thanks in advance
Alex
a) If you flash another ROM to remove wavesecure, you would have to wipe first and therefore your personal data would be gone anyway.
b) You can install a recovery via adb as far as I know so if the user knew enough to boot into recovery mode, they could flash another recovery and circumvent the password anyway
Hmm, you'd need to password protect fastboot too wouldnt ya?
+1
I was gonna post this. I mean if phone was stolen, and wavesecure did prevent them using it, a wipe will remove it.
Well, ask ninpo maybe over at villainrom site.
Dunno if he would do it, but he modified recovery for villainrom 12 so it could wipe dalvik2cache properly iirc
I would also like it. And flashing over adb is for a newcomer harder then pressing the home button at booting
Seelbreaker said:
I would also like it. And flashing over adb is for a newcomer harder then pressing the home button at booting
Click to expand...
Click to collapse
True.
You could always install the 007 spl if you were that bothered. But I don't recommend that.
I will look into wave secure, as I have a few ideas about things to do.
But remember most thieves would not manage to flash a rom, but a wipe using power + call (I think) is easy.
Also remember that wave secure is a great program, and it has improved loads since I first contacted them to show a way to add your own un approved sim to the allowed list. But I can still bypass it in about 30 seconds, just like any other security measure your phone may use (eg pattern lock or third party app locker).
So whilst a thief in theory could do this, it's unlikely in my opinion. They would need a fair bit of android knowledge, and anyone who knows the inner workings can get rid of any user security measure in seconds.
And btw, when in say I can bypass ws in 30 secs, that don't involve removing the app. I mean bypass that lock screen completely with the app installed
just curious: this possibility doesn't involve activated USB debugging in the device? So you do some trick during boot... or something else I just can't think of?
xdafalter said:
just curious: this possibility doesn't involve activated USB debugging in the device? So you do some trick during boot... or something else I just can't think of?
Click to expand...
Click to collapse
I have more than one method. But I used methods that are unlikely to be found. One certainly can't be fixed, as it is inherently a flaw on linux, though by design. For this reason I won't be disclosing it, and I'm sure people understand.
But yes, usb debugging is useful for bypassing it, though I can still get round it even if you have disabled it
anon2122 said:
But yes, usb debugging is useful for bypassing it, though I can still get round it even if you have disabled it
Click to expand...
Click to collapse
Interesting... I will give it some thought as I like to know stuff
Knowledge brings fear (from Futurama) but don't be evil (Google)
thanks for the replies.
In the end any security can be broken and circumvented.. i just like the idea of layering as much as possible... again i don't expect to be able to get my phone back or stop someone from selling it (given how common imei spoofing seems to be)..
i just want to have time to run a remote wipe from another location.
I do turn off usb debugging whenever i'm not likely to be at a PC.
I know i'm being paranoid... but with good reason
Bantu85 said:
thanks for the replies.
In the end any security can be broken and circumvented.. i just like the idea of layering as much as possible... again i don't expect to be able to get my phone back or stop someone from selling it (given how common imei spoofing seems to be)..
i just want to have time to run a remote wipe from another location.
I do turn off usb debugging whenever i'm not likely to be at a PC.
I know i'm being paranoid... but with good reason
Click to expand...
Click to collapse
Wanna try something? Turn off USB debugging, then try and connect via adb.
Try "adb shell" and see what happens.
I'm not sure what you are up to, but it cannot connect (no device connected or similar output)... and this is the expected result.
Did you want to prove something else?
Yeh adb shell with usb-debugging off just gives "error no device found".
xdafalter said:
I'm not sure what you are up to, but it cannot connect (no device connected or similar output)... and this is the expected result.
Did you want to prove something else?
Click to expand...
Click to collapse
Nah, just wondered. Some phones used to have persisting ADB, which meant that you could get a connection even when that was disabled IIRC.
But remember that you can get adb on boot regardless of setting AFAIK, as well as in recovery
so, if we would have a pw protected recovery/spl and use a kernel with no adb compiled in, where would then be your basis to break in?
xdafalter said:
so, if we would have a pw protected recovery/spl and use a kernel with no adb compiled in, where would then be your basis to break in?
Click to expand...
Click to collapse
Or perhaps limit the use of ADB so that it can only be used while booted into the recovery and after the pw-protection of it has been passed.

[Q] Locked Out by Android Device Manager (help!)

I don't know if anyone is going to believe this. I decided to test Android Device Manager's lock feature. Worked fine on my tablet. Did not work right on my phone. Now I am locked out of my phone. It would not accept the PIN I selected. I tried sending different PINs and it won't accept any of them! When I change the "message," it does change but the PIN doesn't work.
1) Is there any way to fix this???
2) If not, ugh, if I send an ERASE command, will I be able to get back into the phone?
Help!!
Thanks!
Paul
(I don't know how to prove this isn't a stolen phone - I have full access to it via Device Manager in my google account)
Talked to AT&T. I was screwed. FYI for anyone else... The Android Device Manager Lock may not work right on the AT&T Galaxy S4.
The entire point of locking a phone through ADM is to render it useless for anyone that has stolen it or "found and tried to use it" if it was lost. It's not intended as a tool to be used day to day or for any other reason than loss or theft. As such, I don't see why there would be a need to re-activate the phone after locking it through ADM.
However, if it simply won't let you unlock the lock screen, why not use ODIN to re-flash the firmware and start fresh with an unlocked lock screen?
scott14719 said:
The entire point of locking a phone through ADM is to render it useless for anyone that has stolen it or "found and tried to use it" if it was lost.
Click to expand...
Click to collapse
I should have posted more details. Actually, you can factory reset the phone and it comes out of it fine, albeit factory reset. It doesn't make the phone useless. It just protects the data on your phone with the standard PIN lock screen. It's certainly no kill switch.
To add more info to this - it literally changes the lock screen setting to PIN lock. So, for example, on my tablet, I had a pattern lock. Even after I unlocked it with the ADM PIN I sent, the next time it locked, it was the same PIN lock. I had to go back and change it to the pattern lock.
This is unlike the 3rd party solutions I have used in the past (e.g. Lookout, AVG) which overlay their own lock onto the phone one time only. Once you unlock through their PIN system, the device reverts to whatever locking method you had been using (or none).
This is just what I learned from the experience. Maybe people knew this but it was interesting to me.
PaulQ602 said:
I should have posted more details. Actually, you can factory reset the phone and it comes out of it fine, albeit factory reset. It doesn't make the phone useless. It just protects the data on your phone with the standard PIN lock screen. It's certainly no kill switch.
To add more info to this - it literally changes the lock screen setting to PIN lock. So, for example, on my tablet, I had a pattern lock. Even after I unlocked it with the ADM PIN I sent, the next time it locked, it was the same PIN lock. I had to go back and change it to the pattern lock.
This is unlike the 3rd party solutions I have used in the past (e.g. Lookout, AVG) which overlay their own lock onto the phone one time only. Once you unlock through their PIN system, the device reverts to whatever locking method you had been using (or none).
This is just what I learned from the experience. Maybe people knew this but it was interesting to me.
Click to expand...
Click to collapse
Thanks for the additional info. It's nice to know how it works or is supposed to work. Starting mid-2014, all cell phones sold in the US will be required to have a "kill switch" available. I wonder if it will operate in the same way. I guess time will tell. Again, thanks for the info.
I do wish people who don't read a persons message properly and are not informed on the subject wouldn't waste every ones time posting their drivel aye Scott!
You like so many others state the obvious, I did like your post Paul and thank you for taking the time to post
I have had issues with ADM and have found the application about as useful as Scott's drivel

[Q] Screen broke, lockscreen prevents data access. Options?

hey there everyone,
I will make this as short as I can so you guys can read it. There is a company that fixes my screen, but they (for some reason!) cant promise my data is safe.
Researched myself, I know some suggestions are technically exploits and silly, but I still would like to ask at least, no matter how unlikely.
So.. lockscreen prevents acess to my photos. I disabled G+, which I regret now. Phone is in plane mode. Touchscreen doesnt response. ADB developer option is not activated.
Can I ..
- use "Find my phone" to deactivate the plane mode (could download an app like airdroid maybe)
- Email Google, send them proof and ask them to remotely unlock my phone? Serial Number, billing details etc.
- Activate bluetooth somehow to connect a bluetooth mouse
- Force my phone to reset its options?
- wipe my phone safely and recover the data over an 3rd party app (recovery tool).. maybe over find my phone?
- Somehow circumvent the lockscreen (yes, silly .. I know)
I know about this
HTML:
http://forum.xda-developers.com/nexus-4/help/nexus-4-to-copy-data-broken-touch-input-t2415195
. If really necessary I will fight myself through it.
Thanks everyone who helps!!
nexkon said:
hey there everyone,
I will make this as short as I can so you guys can read it. There is a company that fixes my screen, but they (for some reason!) cant promise my data is safe.
Researched myself, I know some suggestions are technically exploits and silly, but I still would like to ask at least, no matter how unlikely.
So.. lockscreen prevents acess to my photos. I disabled G+, which I regret now. Phone is in plane mode. Touchscreen doesnt response. ADB developer option is not activated.
Can I ..
- use "Find my phone" to deactivate the plane mode (could download an app like airdroid maybe)
- Email Google, send them proof and ask them to remotely unlock my phone? Serial Number, billing details etc.
- Activate bluetooth somehow to connect a bluetooth mouse
- Force my phone to reset its options?
- wipe my phone safely and recover the data over an 3rd party app (recovery tool).. maybe over find my phone?
- Somehow circumvent the lockscreen (yes, silly .. I know)
I know about this
HTML:
http://forum.xda-developers.com/nexus-4/help/nexus-4-to-copy-data-broken-touch-input-t2415195
. If really necessary I will fight myself through it.
Thanks everyone who helps!!
Click to expand...
Click to collapse
Do you have a custom recovery? ADB should work if you boot in recovery and connect your phone.
abaaaabbbb63 said:
Do you have a custom recovery? ADB should work if you boot in recovery and connect your phone.
Click to expand...
Click to collapse
thanks, everything is stock. usb debugging deactivated. plane mode. lock screen.
I'll give up and just let it repair. if they lose my data.. let's not think that far.
nexkon said:
thanks, everything is stock. usb debugging deactivated. plane mode. lock screen.
I'll give up and just let it repair. if they lose my data.. let's not think that far.
Click to expand...
Click to collapse
Wait wait.
Do you have an unlocked bootloader? If not.. then yeah.. no other way.
Replace the screen yourself. Buy a screen assembly off eBay ($45USD for just the screen/digitizer, $60 for one installed in a new bezel - far easier). It's not that hard to do, honestly. Watch some videos on youtube and study the device tear-down on ifixit.com.

Forgot Pin on Mom's Phone

Hi,
So today I changed the pin for my mom's phone and the completely forgot it.
She has a lot of Photos on the phone that she wants to keep, but she has not turned on the backup to google photos option
Is there a way to unlock the phone or recover the photos ?
I have entered the wrong pin multiple times and I still cant see the forgot password option.
Pls help or else mom will kill me.
I hope there is no solution because it would be big security problem.
Your mother maybe using google photos cloud so dont be worry
This poses a security risk for those who lost their phones, so I hope there's no easy way around it.
RIP OP
I also hope there isn't a remedy. I don't mean to sound negative and not help but look at it from our side.
I once had a phone that needed a pin to unlock after being fully booted. Was able to go into recovery without it though.
But on 6t I think the pin encrypts the partition, so no way of bypassing it.
[irony] Maybe tell some intelligence agency that there is terrorist evidence on the phone, see if they have a "special key". [/irony]
elchmartin said:
I once had a phone that needed a pin to unlock after being fully booted. Was able to go into recovery without it though.
But on 6t I think the pin encrypts the partition, so no way of bypassing it.
[irony] Maybe tell some intelligence agency that there is terrorist evidence on the phone, see if they have a "special key". [/irony]
Click to expand...
Click to collapse
I agree.
Can you not plug in your USB cable and copy the contents off the phone onto your laptop?
KashMiester said:
Can you not plug in your USB cable and copy the contents off the phone onto your laptop?
Click to expand...
Click to collapse
Not without unlocking and enabling USB transfer
Just to be sure, it is the pin for the phone and not the simcard right?
superiscch said:
Just to be sure, it is the pin for the phone and not the simcard right?
Click to expand...
Click to collapse
Good point
Is it not possible to boot to recovery then factory reset it.........
xobtik said:
Hi,
So today I changed the pin for my mom's phone and the completely forgot it.
She has a lot of Photos on the phone that she wants to keep, but she has not turned on the backup to google photos option
Is there a way to unlock the phone or recover the photos ?
I have entered the wrong pin multiple times and I still cant see the forgot password option.
Pls help or else mom will kill me.
Click to expand...
Click to collapse
Get your plot ready then.
You have to format data.
Hopefully you can remember the password or pin.
There is far to many security measures in place
you could by having USB debugging on don't know if it's against rules to tell you or just have them email you don't they still email the password to email reg. on phone
There is simply NO way to access the contents without the encryption key. No app from google that claims it can, not google, not even the NSA or anyone but the key holder can. Trust me, you messed up and there is no other way but to remember what it was or completedly reset the phone. After you reset you will be asked password for the account that was last used there. not worth even trying mate.
I wouldnt normally try to help in a situation regarding security but check out this link: Bypass lock screen PIN all One Plus Devices! Might help!
Good luck and let us know how it turns out :highfive:
That worked for me! Thanks so much!
Scott said:
I wouldnt normally try to help in a situation regarding security but check out this link: Bypass lock screen PIN all One Plus Devices! Might help!
Good luck and let us know how it turns out :highfive:
Click to expand...
Click to collapse
+1 this worked for me too
elchmartin said:
[irony] Maybe tell some intelligence agency that there is terrorist evidence on the phone, see if they have a "special key". [/irony]
Click to expand...
Click to collapse
Not really for 6T. File Based Encryption that's used by OnePlus doesn't help here either. There may be a way for OnePlus 6 tho since it uses a different key to sign its boot image.
It may be possible to change current password by using Google Find My Device (https://www.google.com/android/find), but i haven't used it for a long time so i'm not sure at this point.

Bypass the lock screen

Hi all - I imagine this has been asked a thousand times before, but I am new here and in need of some real help.
My brother recently passed away, and his phone (Huwei P Smart 2019) mysteriously went into Airplane Mode, and has no sim card. The lock screen is on and none of the 'usual' numbers or patterns he used appear to work. This phone was his lifeline before he died, using it to speak to doctors and care workers - which is why I do not think he set it to airplane mode himself.
Shortly after he died a 'friend' went to his house to 'secure valuable belongings' and he had my blessing to do so. When I managed to get there, and secure those belongings myself, lo and behold the phone was locked.
Apparently, it does this when it powers up after the battery drains. Apparently, (according to the 'friend') on a reboot it shows a lock screen... and somehow goes into airplane mode. All I know is his two other older android phones do not have passcodes and all are open and accessible after a reboot - I've already been able to check these for data easily enough. I cannot even see what version of the OS is installed, but I'd guess it is the default that the phone came with.
I am not an Android user, and am certainly not a 'power' user of any device, so I don't know if what the 'friend' is telling me is total BS or not. What I do know is there is likely to be some essential information stored on that phone, let alone photos and memories that his family would like - I am specifically looking for any details of his medical treatments and messages he might have received just before he died.
I've trawled around countless 'phone repair' booths in countless malls, and everyone tells me the same thing - it can be opened, but you have to wipe the phone. Obviously, I don't think that'll help as a) I don't want to reuse the phone and b) I need the data from it to help with an ongoing case.
So, the question is, can it be done... and if so, how?
Thanks in advance to all who reply.
Not sure if I believe the story.
Probably with testpoint, with unlocktool, with chimera, with EFT dongle.
I've tried some methods the testpoint methods I tried all erase the data.
All other working methods are on youtube search for huawei frp without data loss and similar search strings, and click on Related videos.
Don't connect the Android to Internet to avoid security update.
Try the method with sim card with PIN however that may need a previous version security.
If there is important data wait some time and check youtube again however there are fake videos on there.
If it's too important probably someone can attack it through some method.
However if you have no good reason to attack this device better move on I do not believe the story with deceased relative and whatever is on the device maybe it's water under the bridge move forward. If not then it is a high cost in your time effort money patience better invested elsewhere.
Whatever the case not judging

Categories

Resources