Best way to save app data before unlocking bootloader - Shield Android TV Q&A, Help & Troubleshooting

Hi I would like to unlock the bootloader and root once the new update rolls out but have quite a few private apps with preferences set. If I had TWRP I would just backup the data partition but I cannot do that.
I wanted to ask what you feel the most effective way to backup my apps and app data on a non-rooted virgin Shield? Does Google allow app data syncing on Android TV platform?
Thanks.
Please use the QUOTE feature when replying to me to get my attention. Thanks!

Bump
Please use the QUOTE feature when replying to me to get my attention. Thanks!

Bump
Please use the QUOTE feature when replying to me to get my attention. Thanks!

Anyone???
Please use the QUOTE feature when replying to me to get my attention. Thanks!

E--Man said:
Anyone???
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Click to expand...
Click to collapse
Is it a 16GB og Pro version?
If it's a 16GB, there isn't really anything that just works, unfortunately.
If it's a Pro version, then you can pull the HDD and alter a partition to make it unlocked, then flash TWRP, backup and update (in theory).

E--Man said:
Anyone???
Please use the QUOTE feature when replying to me to get my attention. Thanks!
Click to expand...
Click to collapse
Umm you can't... That's kind of One, of the many other possible reasons why you root to begin with. e.g. being able to access restricted /data, and /system Partitions, for instance. As it is I would guess the only way you could possibly get at them would be though ADB. But, lol you have to also have root for that.*
NOTE: This is where those Rooted Recovery Images from nVIDIA come from. They are only rooted for ADB, and not for SuperSU. Or so I understand it.
So again I fairly sure your just going to have to bite it this time. Also (from someone with some experience in the matter), you may want to remove your SSHD, and make a few backups of it (See the SSHD to SSD Migration To), in case thing ever go ugh wrong. If your hell bent on rooting.

hallydamaster said:
Is it a 16GB og Pro version?
If it's a 16GB, there isn't really anything that just works, unfortunately.
If it's a Pro version, then you can pull the HDD and alter a partition to make it unlocked, then flash TWRP, backup and update (in theory).
Click to expand...
Click to collapse
Ichijoe said:
Umm you can't... That's kind of One, of the many other possible reasons why you root to begin with. e.g. being able to access restricted /data, and /system Partitions, for instance. As it is I would guess the only way you could possibly get at them would be though ADB. But, lol you have to also have root for that.*
NOTE: This is where those Rooted Recovery Images from nVIDIA come from. They are only rooted for ADB, and not for SuperSU. Or so I understand it.
So again I fairly sure your just going to have to bite it this time. Also (from someone with some experience in the matter), you may want to remove your SSHD, and make a few backups of it (See the SSHD to SSD Migration To), in case thing ever go ugh wrong. If your hell bent on rooting.
Click to expand...
Click to collapse
Taking the above into consideration, I am actually registered in the nVidia Developer Program and have access to the Developer images. Having said that, if I flash the Developer image, then I not just use the rooted ADB to make a backup of all the app data and then unlock boot loader and restore it?

Well irregardless of your having a Pro (Or, not)... You're still not going to get very far with what you are hoping to do. As you would have had, to have unlocked the Bootloader first. Before you could flash anything at all.
Unlocking the Bootloader will of course totally erase ALL OF YOUR PERSONAL DATA! And, that seems to be the catch-22 here, as you presumably do not want this. Of course OtOH if you ~are~ already unlocked then it shouldn't be a problem, then again booting TWRP from Fastboot, and eventually rooting shouldn't be a problem either.
But, since your Device has NOT yet been Bootloader unlocked, you CAN NOT actually do any of this yet.
I don't know what exactly it is you want to "backup", but you could use something like ES File Explorer to backup your Installed Apps, and your 'hidden' /system Apps (e.g. iPlayer), if thats your thing.
If you wanted to backup your Kodi stuff then ESFE could do that as well (But, you would have to enable Hidden Files to do this). Considering the recent loss of TVAddons. This in-and-of-itself, may well be good advice going forward for a while yet.

Ichijoe said:
Well irregardless of your having a Pro (Or, not)... You're still not going to get very far with what you are hoping to do. As you would have had, to have unlocked the Bootloader first. Before you could flash anything at all.
Unlocking the Bootloader will of course totally erase ALL OF YOUR PERSONAL DATA! And, that seems to be the catch-22 here, as you presumably do not want this. Of course OtOH if you ~are~ already unlocked then it shouldn't be a problem, then again booting TWRP from Fastboot, and eventually rooting shouldn't be a problem either.
But, since your Device has NOT yet been Bootloader unlocked, you CAN NOT actually do any of this yet.
I don't know what exactly it is you want to "backup", but you could use something like ES File Explorer to backup your Installed Apps, and your 'hidden' /system Apps (e.g. iPlayer), if thats your thing.
If you wanted to backup your Kodi stuff then ESFE could do that as well (But, you would have to enable Hidden Files to do this). Considering the recent loss of TVAddons. This in-and-of-itself, may well be good advice going forward for a while yet.
Click to expand...
Click to collapse
Thanks for the reply. There is only one discrepancy/question I have with your post - I was under the impression that I can flash the nVidia signed Developer ROM image *without* unlocking the bootloader, is that correct? If not, then I see your point and there is no way to access the app data files in the "data" partition. However, if I do not need to unlock the bootloader to flash the nVidia signed Developer image, and the nVidia signed Developer image is ADB rooted then I should be able to access the "data" partition.
Unless of course the flashing the nVidia signed Developer image will also wipe the "data" partition in the process

E--Man said:
Thanks for the reply. There is only one discrepancy/question I have with your post - I was under the impression that I can flash the nVidia signed Developer ROM image *without* unlocking the bootloader, is that correct? If not, then I see your point and there is no way to access the app data files in the "data" partition. However, if I do not need to unlock the bootloader to flash the nVidia signed Developer image, and the nVidia signed Developer image is ADB rooted then I should be able to access the "data" partition.
Unless of course the flashing the nVidia signed Developer image will also wipe the "data" partition in the process
Click to expand...
Click to collapse
This is taken from the Nvidia developer page:
NOTE: On the SHIELD Android TV Pro 500GB edition, some steps of the flash process may take a
Click to expand...
Click to collapse

hallydamaster said:
This is taken from the Nvidia developer page:
NOTE: On the SHIELD Android TV Pro 500GB edition, some steps of the flash process may take a
Click to expand...
Click to collapse
Darn, you are correct - it is required to unlock the bootloader to flash the nVidia Developer image. Too bad. Wish there was a way to extract app data! Some apps on mobile Devices use the Google Sync for app data, but I am not sure if this is employable on Android TV.
Click to expand...
Click to collapse

E--Man said:
Thanks for the reply. There is only one discrepancy/question I have with your post - I was under the impression that I can flash the nVidia signed Developer ROM image *without* unlocking the bootloader, is that correct? If not, then I see your point and there is no way to access the app data files in the "data" partition. However, if I do not need to unlock the bootloader to flash the nVidia signed Developer image, and the nVidia signed Developer image is ADB rooted then I should be able to access the "data" partition.
Unless of course the flashing the nVidia signed Developer image will also wipe the "data" partition in the process
Click to expand...
Click to collapse
To be fair, you would have to read the enclosed README File with the Dev ROM in question. I Have yet had no much reason to use it. So to be quite honest here I wouldn't know. OtOH though you do have to bootloader unlock the Device first of you wanted to flash a stock recovery Image. So everything that I think I know comes from that.
But, please extrapolate this idea of App Data further. I mean are we speaking about Apps, of pure Data (Al-la Kodi Data)?
'Cause these things can be backed up to degrees. If it's something well deeper than this. Well your just outta luck I'm afraid.

Ichijoe said:
To be fair, you would have to read the enclosed README File with the Dev ROM in question. I Have yet had no much reason to use it. So to be quite honest here I wouldn't know. OtOH though you do have to bootloader unlock the Device first of you wanted to flash a stock recovery Image. So everything that I think I know comes from that.
But, please extrapolate this idea of App Data further. I mean are we speaking about Apps, of pure Data (Al-la Kodi Data)?
'Cause these things can be backed up to degrees. If it's something well deeper than this. Well your just outta luck I'm afraid.
Click to expand...
Click to collapse
Hi lchijoe, I am just referring to the app preferences and their personal data that usually exists inside the "/data/data" folder. Some manufacturers allow exporting of this data even on non-rooted devices. For example, Huawei has a backup app which exports apps along with their personal data such that if you restore them it is as if you didn't even uninstall them to begin with. If I basically want to have everything restored as if I didn't do a factory reset.

.
Please use the QUOTE feature when replying to me to get my attention. Thanks!

Just bumping this in case anyone has any other input

Related

[Q] Backing up phone BEFORE rooting?

I'm about to take my baby steps and root my Nexus 4 for the first time. I've read the sticky's and have a good idea of what I'd be doing, but I don't see much in the way of backing things up before root and as I understand, rooting wipes your data. Can anyone help me on this or at least better understand what I should do?
I'm also having difficulty understanding the whole bootloader and custom recovery too but not too much trouble. I'd just like to know how to install a custom recovery and how much risk I'm at of messing up my bootloader.
PGvossman said:
I'm about to take my baby steps and root my Nexus 4 for the first time. I've read the sticky's and have a good idea of what I'd be doing, but I don't see much in the way of backing things up before root and as I understand, rooting wipes your data. Can anyone help me on this or at least better understand what I should do?
I'm also having difficulty understanding the whole bootloader and custom recovery too but not too much trouble. I'd just like to know how to install a custom recovery and how much risk I'm at of messing up my bootloader.
Click to expand...
Click to collapse
Rooting does not wipe data, the unlocking process does. There is no really good way to backup everything prior to unlokcing, you could use My Backup but you should really use the Pro version which is $4.99 (Many people swear by it for unrooted phones, I have no real experience with it). Wugfresh's toolkit has a backup and restore when doing unlock, but honestly, it messed up my phone and I had to factory default anyways.
As long as you are syncing stuff to Google (contacts, pictures, videos, etc), have Android Backup& Restore enabled (handles apps and common system settings), SMS Backup & Restore (text and pix messages), and you pull of the other files you want, there is no real need to backup at all. I swap ROMs all the time, and this is all I do to go from one ROM to another.
As far as the actual rooting process, ie. flashing SuperSU, there is no need to backup prior to that... all that is going to do is add a few files in some system directories and that's it.
The greatest thing about a Nexus device is it's ability to be modified... and within normal means it is virtually unbrickable, so give it a shot, and if you screw it up ask for help, thousands of people here have done it and can help, and if you still can't figure out a problem just restore the Google system images and whoalla... your phone is back to out of box condition.
You are able to root and unlock without wiping any data. Just check out my guide (the link is in the stickies, too)
mihahn said:
You are able to root and unlock without wiping any data. Just check out my guide (the link is in the stickies, too)
Click to expand...
Click to collapse
I opened your links but they all seem to be about Xperia devices.
I don't quite understand. Isn't the unlocking process needed to root the phone, thereby loosing all the data?
easy
before rooting, you hav to unlock bootloader and it wipes your all pics videos etc so better backup in your pc and thn try root. foloow guide ,its easy, or search on youtube for videos...
parveen75 said:
before rooting, you hav to unlock bootloader and it wipes your all pics videos etc so better backup in your pc and thn try root. foloow guide ,its easy, or search on youtube for videos...
Click to expand...
Click to collapse
OK I guess that makes sense. Does that include phone contacts, SMS and passwords?
And I suppose my final question is the danger of the bootloader. Is it possible for a newbie like myself to ruin something accidentally?
PGvossman said:
I opened your links but they all seem to be about Xperia devices.
I don't quite understand. Isn't the unlocking process needed to root the phone, thereby loosing all the data?
Click to expand...
Click to collapse
Yeah I meant the one in the stickies here, I'll add the guide to my signature later
But I meant this guide. It'll root before unlocking the bootloader and you are able to unlock without wiping then. Check it out
PGvossman said:
OK I guess that makes sense. Does that include phone contacts, SMS and passwords?
And I suppose my final question is the danger of the bootloader. Is it possible for a newbie like myself to ruin something accidentally?
Click to expand...
Click to collapse
I m also a newbie earlier . lol.. Only follow guide corectly for rooting.. U wl b good to go
Sent from my Nexus 4 using XDA Premium 4 mobile app
mihahn said:
Yeah I meant the one in the stickies here, I'll add the guide to my signature later
But I meant this guide. It'll root before unlocking the bootloader and you are able to unlock without wiping then. Check it out
Click to expand...
Click to collapse
Thanks. Where does the whole custom recovery and such come into play on this though?
PGvossman said:
Thanks. Where does the whole custom recovery and such come into play on this though?
Click to expand...
Click to collapse
It's not necessary to flash the recovery, but you may flash it if you want to and if you need it
Couple ways to do a backup without root.
Use adb,
eg. adb backup -all -apk -nosystem
Then pull files you want to backup
eg. adb pull /sdcard/
Or use helium app available from play store which is basically a gui for the adb backup command.
Thanks. I notice the -nosystem command, does that mean it won't back up system details?
I suppose my final question is Windows 8 support. I saw a thread a while back when you have to do something extra for the drivers and I can't seem to see it in the sticky threads.

Urgent help needed. Locked out of phone.

I was poking security options within my phone, and I accidentally locked it with a pattern that I cannot recall.
I tried looking for troubleshooting guides, but unfortunately Marshmallow no longer has a "forgot code?" option. Also, I tried Android Device Manager, but it tells me since my phone already has a lockscreen, I no longer need to add a password (which I intended to do, in order to know said password)
I would greatly appreciate any help, since I really don't want to factory reset, since I got lots of pics I don't want to lose.
xdmatt said:
I was poking security options within my phone, and I accidentally locked it with a pattern that I cannot recall.
I would greatly appreciate any help, since I really don't want to factory reset, since I got lots of pics I don't want to lose.
Click to expand...
Click to collapse
google is your friend http://www.addictivetips.com/android/how-to-bypass-disable-pattern-unlock-on-android-via-adb-commands/
edit: this does not work on marshmallow[tested]
i think this will help you http://forum.xda-developers.com/note-4/orig-development/bypass-lock-screen-pattern-password-pin-t2948336
bablu048 said:
google is your friend http://www.addictivetips.com/android/how-to-bypass-disable-pattern-unlock-on-android-via-adb-commands/
Click to expand...
Click to collapse
hopefully he enabled the usb debugging option
pijes said:
hopefully he enabled the usb debugging option
Click to expand...
Click to collapse
nope, this does not help. Just now i tried this on my device..if the device is locked adb doesn't recognize the device. this method does not work on marshmallow.
i don't know about lollipop. maybe it works.
pijes said:
hopefully he enabled the usb debugging option
Click to expand...
Click to collapse
bablu048 said:
nope, this does not help. Just now i tried this on my device..if the device is locked adb doesn't recognize the device. this method does not work on marshmallow.
i don't know about lollipop. maybe it works.
Click to expand...
Click to collapse
Unfortunately, my phone is stock and non rooted, but luckily I could guess the pattern.
I still would like to know for future reference, since Android Device Manager did a great job at getting my phone's location and making it ring... just not unlocking it!!
xdmatt said:
Unfortunately, my phone is stock and non rooted, but luckily I could guess the pattern.
I still would like to know for future reference, since Android Device Manager did a great job at getting my phone's location and making it ring... just not unlocking it!!
Click to expand...
Click to collapse
you don't need to be rooted to access recovery and install files.
for future reference see the 2nd link i posted. I haven't tried that yet, i'l report when i try.
bablu048 said:
you don't need to be rooted to access recovery and install files.
for future reference see the 2nd link i posted. I haven't tried that yet, i'l report when i try.
Click to expand...
Click to collapse
He wouldn't have been able to use it because you need a custom recovery to flash that file.
Well... I guess you know the system works? Probably not great for there to be an easy or sure-fire way to unlock a phone if you don't know the security details.
If it's just data you need, recovery mode should allow you to copy it off the device via USB (if you didnt encrypt the device). Getting into a phone you really locked yourself out of is probably not possible.
AtomicStryker said:
If it's just data you need, recovery mode should allow you to copy it off the device via USB (if you didnt encrypt the device). Getting into a phone you really locked yourself out of is probably not possible.
Click to expand...
Click to collapse
i want to know how to copy data from the device through recovery. do you know the process or where to find a guide?
edit: thanks for the idea. i hadn't thought that way.
xdmatt said:
Unfortunately, my phone is stock and non rooted, but luckily I could guess the pattern.
I still would like to know for future reference, since Android Device Manager did a great job at getting my phone's location and making it ring... just not unlocking it!!
Click to expand...
Click to collapse
For preventative measures, Tasker is your friend. Have a "Plan B" microSD with a special .txt file on it, and have Tasker detect SD inserted and scan that file. If the file matches, then Tasker should wipe /data/system/gesture.key and password.key, and sqlite3 into settings.db and "update system set value=0 where name='lock_pattern_autolock' " to unlock your device.
In the case of an aftermath, it is now (as of today) possible to recover files/photos from the lockscreen without root, ADB, or custom recovery. Just an internet connection, linked Google account, and access to the notification drawer. I just published my first app, Locked-out Phone Backup, that is similar to the old Screen Lock Bypass Pro for Gingerbread, but instead recovers files instead of disabling the screen lock, so no root is required!
Hope this answers your question!
Well, try some password remover.

FULL Nougat on 2017 and 3 questions on apps which don't work

I installed Full nougat and it went pretty seamlessly. Great directions at videomap.it. Anyway, two apps I use (and pay for access to both) don't allow me to stream video one is beinsportsconnect.tv. When I try to access video content a box pops up and say "Your device is rooted so you are unable to access video"
Now, my questions are:
Is there an easy way to get around this on Nougat? I mean, I thought ALL apps were supposed to work with the full android ROM for Shield.
If I had a 2015 model would I run into this issue at all? Reason I ask is that on the 2017 model, you are required to use SuperSU to root in order to boot the Full Android Nougat operating system. I noticed on the 2015 model you do not need to Root. So, if I had the 2015 model would my apps likely pass the "root check" as SuperSU is not required?
One last question, is the 2017 pro model the same as the 2015? meaning I would not be required to ROOT with SuperSU to install full android os?
Thank you.
Why are you asking these questions here? Why aren't you asking on videomap like you should be?
techjunky90 said:
Why are you asking these questions here? Why aren't you asking on videomap like you should be?
Click to expand...
Click to collapse
I did post over there. I wanted to get a broader sense of feedback from the xda community.
I was not aware that we were unable to post questions into the " Shield Android TV Q&A, Help & Troubleshooting" section. It seemed like a good place to place to ask for Q&A.
Any feedback or experience with this rom would be appreciated.
Thank you all
chinook387 said:
I installed Full nougat and it went pretty seamlessly. Great directions at videomap.it. Anyway, two apps I use (and pay for access to both) don't allow me to stream video one is beinsportsconnect.tv. When I try to access video content a box pops up and say "Your device is rooted so you are unable to access video"
Now, my questions are:
Is there an easy way to get around this on Nougat? I mean, I thought ALL apps were supposed to work with the full android ROM for Shield.
If I had a 2015 model would I run into this issue at all? Reason I ask is that on the 2017 model, you are required to use SuperSU to root in order to boot the Full Android Nougat operating system. I noticed on the 2015 model you do not need to Root. So, if I had the 2015 model would my apps likely pass the "root check" as SuperSU is not required?
One last question, is the 2017 pro model the same as the 2015? meaning I would not be required to ROOT with SuperSU to install full android os?
Thank you.
Click to expand...
Click to collapse
By Full Nougat I take it you mean some kind of custom rom?
It seems to me that you likely overwritten your DRM Partition. In which case, unless you remembered to make a backup (i.e. Cloning the original Drive), beforehand​. Then that's that, a done deal, and anything that would have ever required any high lever DRM (e.g. Amazon, or Netflix), will no longer work. As you no longer possess the needed DRM Keys.
And, before you ask... No once those Keys are gone. They are gone for good. Outside of a Backup. Only nVIDIA could regrant you those Keys. As they are Device specific.
Ichijoe said:
By Full Nougat I take it you mean some kind of custom rom?
It seems to me that you likely overwritten your DRM Partition. In which case, unless you remembered to make a backup (i.e. Cloning the original Drive), beforehand​. Then that's that, a done deal, and anything that would have ever required any high lever DRM (e.g. Amazon, or Netflix), will no longer work. As you no longer possess the needed DRM Keys.
And, before you ask... No once those Keys are gone. They are gone for good. Outside of a Backup. Only nVIDIA could regrant you those Keys. As they are Device specific.
Click to expand...
Click to collapse
You can always re-flash the stock ROM from nvidias website, I tested out the full firmwares in the past but went back to stock easily. Everything works as it should.
usmcnyc said:
You can always re-flash the stock ROM from nvidias website, I tested out the full firmwares in the past but went back to stock easily. Everything works as it should.
Click to expand...
Click to collapse
With a HUGE CAVEAT that your DRM Partition on the SSHD was left intact. When you Install something like a custom rom. You take a risk that it will overwrite something.
Of course you could try to revert back to stock, and pray that it all suddenly works again. But, alas in a worst case scenario if your DRM Keys are gone. Then a month of (flashing Stock on your Shield) Sundays will not be enough for you to recover them.
The only good thing is as long as you grabbed this from a 'trusted' source then it should be possible to recover. If this was more of a hatchet job. Well Probably not.
But, it makes you wonder why we can root the Shield, (@stock), and Amazon, and Netflix don't even bat an eye. As long as Widevine L1 is left intact.
Ichijoe said:
By Full Nougat I take it you mean some kind of custom rom?
It seems to me that you likely overwritten your DRM Partition. In which case, unless you remembered to make a backup (i.e. Cloning the original Drive), beforehand​. Then that's that, a done deal, and anything that would have ever required any high lever DRM (e.g. Amazon, or Netflix), will no longer work. As you no longer possess the needed DRM Keys.
And, before you ask... No once those Keys are gone. They are gone for good. Outside of a Backup. Only nVIDIA could regrant you those Keys. As they are Device specific.
Click to expand...
Click to collapse
you're wrong assuming he corrupted his DRM keys. Again you corrupted yours because you flashed someone else's partition backup. Stop scaring people around.
The OP is simply using services that don't allow rooted devices. That is their restriction policy, nothing we can do about, so it is NOT firmware's fault but a restriction of the app service. Without root those apps should playback content just fine.
the developer of Full Android firmwares @zulu99 only provides system.img and vendor.img, so it is safe to flash and has been proven success by several users now, including myself.
Sent from my Tapatalk Hub
If I helped hit the Thanks button. Follow Me! ~ Buy Me a Coffee ~ Full Android for ShieldTV and Nexus Player

How protect phone data when bootloader unlocked?

Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
From me the problem is to protect MY data if I loss the phone...
If my phone is password protected (and bootloader locked), a person that found the device can't use it directly.
It can unlock the bootloader (more or less easily) but the phone data is removed by the unlock process.
My data is sure!
But if the bootloader is unlocked the person that has found my phone can acess to the custom recovery (or load a custom recovery if I'm on stock recovery) then force a wipe of the device.
Due to that, all my security (fingerprint and lock code) was erased and the user can access to my phone and also to all the data stored in /sdcard.
My data isn't sure!
It exists any mode to use a custom ROM but maintaining my data sure?
(I'm not confidence with the Google remote device access)
Thanks in advance!
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
I'll be honest and I mean no offense but your data is worthless. If someone steals your device the first things done are Sim removed and devices reset or powered off. Data thieves don't get the data from stolen devices. They get it from the places we give it freely. Like shopping stores and on line accounts.
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
bartito said:
Hello,
I doesn't know if this is a real problem in newer Android versions.
I apologize if this problem is already solved; i'm out of Android development since a while...
...........................................
Click to expand...
Click to collapse
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Now, for that matter, having a locked bootloader either doesn't ensure that your data is safe. For example, for HTC phones, you don't even need to unlock the bootloader for flashing a custom recovery or kernel. You can turn the phone to S-Off state using some proprietary tools (without losing data) and then flash custom images over a locked bootloader.
In case of Samsung, only FRP lock prevents you from flashing custom images (that too on newer phones) but in that case also, you can turn FRP off using some paid services and then flash any custom images and run the above mentioned commands.
In case of LG, it is even easier. Professional tools exist for communication over download mode protocol and turning off the screen lock doesn't even require a custom image in LG's case. However, most newer models are not supported by those tools yet.
In case of Apple, professional tools existed that used to read screen lock over a time span of 1-4 hours in an older version of iOS. I've heard that a tool is being made available for the current versions also in the coming weeks.
So, if you are conscious about your data, it is safe as far as the you have the phone in your possession. Once you lose it, you can't be sure about what is happening with it.
But then, as said in above posts, why would the thief want to crack open the data of a common man. If you are not a common man, you should worry. Otherwise I personally really don't care.
Click to expand...
Click to collapse
jhs39 said:
Nobody can access your phone data the way you describe unless you also run your phone decrypted --which is not the default for Android or even for custom ROMs for that matter. When you boot into recovery on a phone that is encrypted TWRP asks for your pin number and without it your data is not accessible. But that doesn't mean a thief couldn't still wipe and use your phone. You need to report it stolen so the IMEI number is blacklisted.
Click to expand...
Click to collapse
Black listing the imei doesn't work everywhere. Plus while banned on xda so I can't say how. But the imei is not that hard to change.
bartito said:
Hello,
Absolutelly appreciate your anwer.
I'm a common man, but I'm a bit worried due to 2 points:
1) I'm using LastPass and I doesn't would to my passwords to fall into someone's hands if I loss the device,
2) I'm using the app from my bank to pay using NFC and I doesn't would that anyone can use it
EDIT: 3) Of course, I'm using my Google account to store my contacts data. It would be a mess if someone erase my contacts
Thanks!
Click to expand...
Click to collapse
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
sikander3786 said:
Maybe some experts can give their opinion on how to protect your data using some third party apps or by using some other options that I am not aware of. But in my opinion, a phone with an unlocked bootloader is always more vulnerable than a phone with locked bootloader.
Click to expand...
Click to collapse
bartito said:
Of course, I agree with your affirmation at 100%
The question is: I can improve security if I keep TWRP as a recovery instead of return to the stock recovery and I lock the bootloader?
Thanks
Click to expand...
Click to collapse
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
sikander3786 said:
I don't think you will be able to boot TWRP after relocking the bootloader. You need to test it yourself. Chances are very few because locked bootloaders prevent from booting un-signed images.
If you do manage to boot TWRP after relocking, make sure your data is encrypted. If it is not, then it doesn't matter if the bootloader is locked or not.
Also, you will need to turn off "oem unlock" option from developer options.
Click to expand...
Click to collapse
I think in the end I will stay as I am: bootloader unlocked and TWRP instead of the original recovery.
After all... I've never lost a phone...
bartito said:
The /sdcard in phones that doesn't have external sdcard, like O+5, are also protected by the encriptation?
Thanks
Click to expand...
Click to collapse
I haven't checked, but I believe it should.
nxss4 said:
Yep, like any other android, the oneplus 5 has full disk encryption enabled by default:
http://www.androidpolice.com/2015/1...ll-disk-encryption-by-default-on-new-devices/
Click to expand...
Click to collapse
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
sikander3786 said:
Well, IMO your concern is right to some extent.
With an unlocked bootloader, if there is some version of TWRP (or any other customer recovery for that matter) that can decrypt your data partition automatically or if you have ever formatted your /data partition from TWRP , or even an insecure kernel (most insecure kernels allow USB debugging without asking for authorization keys), all the thief needs is 2 adb commands and your screen lock will be turned off and all your stuff will be exposed 'as is'.
Click to expand...
Click to collapse
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
sikander3786 said:
For educational purposes, the commands are:
Code:
adb shell rm /data/system/*.key
adb reboot
Click to expand...
Click to collapse
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Hello,
Thanks for your anwer. I appreciate the time that have you spend on my question
I need to go to the FDE thread to learn a bit more about the process and results.
Now, I have 2 more questions...
1) If the phone is encrypted with FBE a user can remove user passwords using "adb shell rm /data/system/*.key
&& adb reboot" commands, like @sikander3786 has explained but, due to the device is encripted, it can't access to my data
and the device will require for the decrypt password when booting in normal mode or recovery. I'm correct?
2) If the device is encrypted with FBE a user can access to /sdcard even without the decrypt password in recovery (TWRP) mode but not if encrypted with FDE?
Thanks again!
Fif_ said:
I haven't checked, but I believe it should.
Uh no, OP5 with OOS 4.5.x Nougat uses File-Based Encryption (FBE), not FDE.
I know because I wrote the utility to get back to FDE, which works if you change the/fstab* file:
https://forum.xda-developers.com/showthread.php?t=3672477
Do you have a source for the first part of that information? The part where if userdata is formatted with TWRP, it is vulnerable?
I don't see how that can happen unless you run decrypted. TWRP is never involved in the encryption process. When you format userdata, it just runs mkfs. Android upon booting sees the forceencrypt flag in the fstab and then promptly encrypt the device with a default passphrase. When you later set up security, the passphrase is changed to whatever you input.
How can TWRP decrypt the files at this point without your passphrase?
Note that if you are running FBE, and run adb shell on a device that's booted into TWRP while waiting for the password, you will be able to see the file structure under /data, but most of its contents will be garbage (=encrypted).
If you're running FDE, and run adb shell on a device that's booted into TWRP, /data will be completely inaccessible.
This will remove the PIN/password phrase to get into Android, but won't give access to any encrypted files.
That may mess your phone royally as well.
Click to expand...
Click to collapse
nxss4 said:
I think you'll be fine, as the data on your internal memory should be encypted, which is enabled by default!
Click to expand...
Click to collapse
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
anuragm13 said:
Suppose i encrypt my device, i.e., it asks for password everytime before booting...
Q1. Will booting into fastboot or recovery require the password?
Q2. If no, how can i prevent access to fastboot and recovery on an unlocked bootloader?
Click to expand...
Click to collapse
You can't, but your data isn't accessible without the password
bartito said:
You can't, but your data isn't accessible without the password
Click to expand...
Click to collapse
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
anuragm13 said:
But one can flash custom recovery from fastboot and subsequently use it to flash custom roms.
Am i right?
Click to expand...
Click to collapse
Yes, you can flash any recovery and any rom, but phone data can't be accessible if you don't have the password.
To use the device you need to know the password or do a data format
Isn't your phone technically always safe as long as you keep it encrypt it?
Only thing a thief could do would be a reset in both cases, isn't it?

Help with recovery

So the new security patch bricked my 8 pro into qualcomm crash dump screen.
I have done no funny business at all, yes my bootloader is unlocked and yes I have root. But it is only for basic things like titanium backup and permission ruler. I have never done anything crazy with my phone, never even flashed a rom, my phone has been rooted for well over a year and I always install all the security patches so this was super random and I'm pissed off.
Anyways I cannot find a video about recovering the phone without erasing everything and I thought this was only necessary when you DON'T have an unlocked bootloader. I thought it was possible to flash oxygen with fastboot and it fixes the problem. But I just dont know exactly how to do this and I didnt want to screw up anything. I'm totally fine with losing root and having the bootloader locked again I just really want to save my data. Any help and I would be grateful, because at this point I'm going to work tommorow without my phone.
one way... MSM tool and ITS deleting all your files
beterman said:
one way... MSM tool and ITS deleting all your files
Click to expand...
Click to collapse
wow man, this literally came from the security patch
If phone is accessible via ADB ( no bootloop ! ) then you can pull the data of interest by means of ADB-commands to a connected computer.
Look inside here:
[TOOL][ADB][WIN]Android Partitions Backupper / Cloner
Hi all, wrote a Windows CMD script that backups / clones partitions of an Android device via ADB because I wasn't content with any 3rd-party APK what claims to do this job. The backups /clones are stored on Windows computer as...
forum.xda-developers.com
Codeman785 said:
So the new security patch bricked my 8 pro into qualcomm crash dump screen.
I have done no funny business at all, yes my bootloader is unlocked and yes I have root. But it is only for basic things like titanium backup and permission ruler. I have never done anything crazy with my phone, never even flashed a rom, my phone has been rooted for well over a year and I always install all the security patches so this was super random and I'm pissed off.
Anyways I cannot find a video about recovering the phone without erasing everything and I thought this was only necessary when you DON'T have an unlocked bootloader. I thought it was possible to flash oxygen with fastboot and it fixes the problem. But I just dont know exactly how to do this and I didnt want to screw up anything. I'm totally fine with losing root and having the bootloader locked again I just really want to save my data. Any help and I would be grateful, because at this point I'm going to work tommorow without my phone.
Click to expand...
Click to collapse
Far as I'm aware the security patch was incremental and not a full update, seeing as you're rooted then I'd advise against installing incremental updates, when you update get the full one and pull the boot image for instances just like this.
Easiest way out of this is MSM although if you can obtain the boot image from 9.9 then you may be able to save it by booting that image / patched image.

Categories

Resources