Related
Recently my BFF thinks that her boyfriend is starting to lose feeling for her and start finding other girls. She wants to break up but her boyfriend won't let her go unless she provides evidence that he is losing feeling/cheating on her. She asked me to help but I'm at a loss except for one idea.
It was recently reported in the newspapers that you could bypass all security by freezing an android phone for an hour, then quickly removing the battery and putting it back on and turning it on while it was still below -10 degrees celcius. Is this really possible?
Secondly, his phone is a Galaxy Mini with whatever is the newest firmware (I'm a galaxy Mini II user so I'm not too sure), stock kernel, stock ROM, non-rooted but bootloader i think by default it's unlocked in SG. (mine came unlocked). It's been in use for quite some time only.
If the freezing is not possible, could we do it by any other method? note: before i can get pass the damn password i can't turn adb, unknown sources or debugging on.
Yeah that's all. Also, we can't wipe the /data since that's what we're gunning for. The method must be accomplish-able within 2 hours.
I might sound like I'm asking for a lot and might be unreasonable but please help.
Thanks in advance.
P.S. Please don't talk about the "just break up" or "politely ask him". If that had worked I wouldn't be asking here. He refuses to break up and he refuses to give his phone to me, even to "play". so called ethical hacking through the human link doesn't work anymore. We plan to take his phone for a while, bypass the pattern lock, then sieve through information.
blazerphoenix said:
Recently my BFF thinks that her boyfriend is starting to lose feeling for her and start finding other girls. She wants to break up but her boyfriend won't let her go unless she provides evidence that he is losing feeling/cheating on her. She asked me to help but I'm at a loss except for one idea.
It was recently reported in the newspapers that you could bypass all security by freezing an android phone for an hour, then quickly removing the battery and putting it back on and turning it on while it was still below -10 degrees celcius. Is this really possible?
Secondly, his phone is a Galaxy Mini with whatever is the newest firmware (I'm a galaxy Mini II user so I'm not too sure), stock kernel, stock ROM, non-rooted but bootloader i think by default it's unlocked in SG. (mine came unlocked). It's been in use for quite some time only.
If the freezing is not possible, could we do it by any other method? note: before i can get pass the damn password i can't turn adb, unknown sources or debugging on.
Yeah that's all. Also, we can't wipe the /data since that's what we're gunning for. The method must be accomplish-able within 2 hours.
I might sound like I'm asking for a lot and might be unreasonable but please help.
Thanks in advance.
P.S. Please don't talk about the "just break up" or "politely ask him". If that had worked I wouldn't be asking here. He refuses to break up and he refuses to give his phone to me, even to "play". so called ethical hacking through the human link doesn't work anymore. We plan to take his phone for a while, bypass the pattern lock, then sieve through information.
Click to expand...
Click to collapse
ADB isn't on, well i think somehow exploit might work. Search around XDA there are some tutorials here.
F4uzan said:
ADB isn't on, well i think somehow exploit might work. Search around XDA there are some tutorials here.
Click to expand...
Click to collapse
Erm sorry i'm not sure what do you mean by exploits. I'm sorry I'm kinda new to all these stuff.
How do u know that the phone is not "Debugging On"
Most android users are turning on that feature.
Well if the Debugging is ON ... I got the way to unlock the pattern within 1 minute.
Fastest way to bypass: Wipe data. If you can't, there are only harder ways.
Factory reset
You can always do a factory reset to remove the lock but it will wipe /data. You can still do that tho. It's explained here : http://www.hard-reset.com/samsung-gt-s5570-galaxy-mini-hard-reset.html . Also the fastboot mode works with adb swell as download mode.
Generalil said:
You can always do a factory reset to remove the lock but it will wipe /data. You can still do that tho. It's explained here : http://www.hard-reset.com/samsung-gt-s5570-galaxy-mini-hard-reset.html . Also the fastboot mode works with adb swell as download mode.
Click to expand...
Click to collapse
Mini doesn't have fastboot. It only have Recovery, and Download Mode (don't tell me about normal boot).
My mistake ;P A habit from LG-GT540
ಠ_ಠ
Hi, (spent some time searching for answers; if this is covered elsewhere I missed it, sorry)
So, I'm a bit late to the party but I went and found a site still offering Nexus 6 "Factory new" XT1103 unit still in stock after so long, and bought myself one.
(1) I love it, and totally understand why so many people love it
(2) I'm a little concerned in that the bootloader seems to ALREADY be *unlocked*. I certainly didn't do it. Did Google ship these out with the bootloader pre-unlocked? (I tried to google this and found nothing; it strikes me as unlikely). And when booting into the fastboot mode, I don't see any entry saying "secure boot", which bothers me a bit since my Nexus 4 has this (is this deprecated and I missed the news?).
So, I assume that I can just download factory images off Google and flash them myself in order to be sure about my firmware (a little quicker since the bootloader is already unlocked, yeah?). But how do I verify that the bootloader *itself* isn't compromised in any way such that there's no issue with persistent malware, say?
(why yes, people HAVE said that I'm pretty paranoid, why do you ask? Have you been following me around?)
If you download the full firmware image and run the flash-all.bat command, it will overwrite the bootloader and erase everything on the phone. So even if the bootloader were somehow compromised (I really doubt it) this will take care of the problem.
Thanks, I'll do that. On the Google Nexus download page I see both "factory" and "OTA" images - I presume I should use the "factory" image?
I'm really spooked as to WHY the bootloader is unlocked, though, since I certainly did not do it and the box was shrinkwrapped. Does anybody know if anyone else has ever received a Nexus 6 "pre-unlocked"?
New and refurbished units from Motorola did not come shrink-wrapped. In order to open the box you needed to cut the label at the dotted line on the back of the box. Yours could not have been new nor a factory refurb, not just because the box wouldn't have been shrink-wrapped, but also because a refurbished unit would have had the motherboard refurbished so the bootloader status code would be set to 1 (Locked). A previously unlocked bootloader that has been locked would have a status code of 2, with unlocked having a status code of 3.
Strephon Alkhalikoi said:
New and refurbished units from Motorola did not come shrink-wrapped. In order to open the box you needed to cut the label at the dotted line on the back of the box. Yours could not have been new nor a factory refurb, not just because the box wouldn't have been shrink-wrapped, but also because a refurbished unit would have had the motherboard refurbished so the bootloader status code would be set to 1 (Locked). A previously unlocked bootloader that has been locked would have a status code of 2, with unlocked having a status code of 3.
Click to expand...
Click to collapse
...
ok the first time I ever looked, my status code was 3.
I definitely was not the guy who unlocked it.
argggggghhhhhhhhhhh
ok, so would flashing with the full factory image (per the first reply above) be sufficient for me to not have to worry about persistent malware lurking in e.g. a compromised bootloader? I'm not in a position to get a different unit and I'm just really bummed out about this now (especially since I've already logged in with my google account on the phone).
How could I check/verify (some kind of hash) after a full flash that everything is "as it should be"?
weilt said:
...
ok the first time I ever looked, my status code was 3.
I definitely was not the guy who unlocked it.
argggggghhhhhhhhhhh
ok, so would flashing with the full factory image (per the first reply above) be sufficient for me to not have to worry about persistent malware lurking in e.g. a compromised bootloader? I'm not in a position to get a different unit and I'm just really bummed out about this now (especially since I've already logged in with my google account on the phone).
How could I check/verify (some kind of hash) after a full flash that everything is "as it should be"?
Click to expand...
Click to collapse
Simply flash one of the factory images from Google's pages and all your concerns will be eliminated. But, you're being needlessly paranoid regarding the bootloader. All the bootloader does is transfer control from the low level firmware of the device to the Android kernel. Once it does that it sits quietly until the next time you boot. It has no contact with the outside world that I'm aware of so any malware in the bootloader would be useless.
got it, thanks so much for the help!
(I don't know enough about the android bootchain so was envisioning there'd be e.g. enough space allocated for the bootloader such that it would be possible to put in some sort of persistent malware that could be injected into subsequent boots; if it's just a tiny thing (especially if it gets overwritten anyhow when there's a full flash!) then alrighty I'm already safe since I already nuked the firmware twice
Hello, I have a Note 8 that I have previously rooted a few months ago, then came back to stock OS. I have been wanting to install a custom rom now, but the OEM unlock switch is not in settings despite waiting a week. I rebooted into download mode, and there it shows OEM lock: off, along with RMM: Normal. I attempted to install TWRP to it, but it gets blocked with "Custom binary blocked due to remaining installment payment". I've also noticed that there is a entry in about phone > status that shows "Installment payments: Outstanding". Does that mean I have to pay off my phone fully, or pay the current balance on the carrier account? Does CRHA have the same issue? Or is there a workaround that I don't know off?
Edusa said:
Hello, I have a Note 8 that I have previously rooted a few months ago, then came back to stock OS. I have been wanting to install a custom rom now, but the OEM unlock switch is not in settings despite waiting a week. I rebooted into download mode, and there it shows OEM lock: off, along with RMM: Normal. I attempted to install TWRP to it, but it gets blocked with "Custom binary blocked due to remaining installment payment". I've also noticed that there is a entry in about phone > status that shows "Installment payments: Outstanding". Does that mean I have to pay off my phone fully, or pay the current balance on the carrier account? Does CRHA have the same issue? Or is there a workaround that I don't know off?
Click to expand...
Click to collapse
Not familiar with this message, but just based on the wording alone it sounds like your carrier blocked it until it's paid off. Maybe part of an update somewhere along the way? I would probably phone them for more info and then go from there.
sefrcoko said:
Sounds like your carrier blocked it until it's paid off. Maybe part of an update somewhere along the way? Suggest phoning them for more info.
Click to expand...
Click to collapse
It was only happening in the recent updates when the installment payment showed up in settings, but I doubt the customer service will even know what a bootloader is. Otherwise I would have to wait 2 more years to be able to unlock it, and by then I'll probably have a Note 11 or whatever is out by then. Did the CRHA firmware have that feature?
Edusa said:
It was only happening in the recent updates when the installment payment showed up in settings, but I doubt the customer service will even know what a bootloader is. Otherwise I would have to wait 2 more years to be able to unlock it, and by then I'll probably have a Note 11 or whatever is out by then. Did the CRHA firmware have that feature?
Click to expand...
Click to collapse
Hmm I googled the error message and found a bunch of sites and posts describing the issue. Seems like it's actually another message related to RMM state, which would also explain why you don't see the OEM unlock toggle at the moment. I never had this particular message before, but if I did my next step would likely be trying a factory reset and reflashing latest original stock firmware for the device and seeing if OEM toggle appears in 7 days (or using the date-change trick to speed it up, if that still works). Maybe someone else has other suggestions too.
sefrcoko said:
Hmm I googled the error message and found a bunch of sites and posts describing the issue. Seems like it's actually another message related to RMM state, which would also explain why you don't see the OEM unlock toggle at the moment. I never had this particular message before, but if I did my next step would likely be trying a factory reset and reflashing latest original stock firmware for the device and seeing if OEM toggle appears in 7 days (or using the date-change trick to speed it up, if that still works). Maybe someone else has other suggestions too.
Click to expand...
Click to collapse
I'll try it during the weekend then. Odd that it happens even with a unlocked CSC (BTU)
Same problem
Bought my phone off of Swappa, which they claimed was good.
To date - I have installed 2 different factory firmwares to no avail. Have the same message and same status. Get stuck on Factory Binary screen trying to run combination ROM.
Bought this phone specifically to root and use on AT&T. Glad I paid little more than 1/2 of new...and tried calling Samsung support but they are of no help!
Definitely looking forward to any suggestions on what to do, to help determine what the problem is.
Thanks in advance, as well.
---------- Post added at 09:39 PM ---------- Previous post was at 09:35 PM ----------
sefrcoko said:
Hmm I googled the error message and found a bunch of sites and posts describing the issue. Seems like it's actually another message related to RMM state, which would also explain why you don't see the OEM unlock toggle at the moment. I never had this particular message before, but if I did my next step would likely be trying a factory reset and reflashing latest original stock firmware for the device and seeing if OEM toggle appears in 7 days (or using the date-change trick to speed it up, if that still works). Maybe someone else has other suggestions too.
Click to expand...
Click to collapse
The RMM state is listed as off, not prenormal, which is what I am guessing you are referring to.
Flashing latest firmware takes this to V4 bootloader which may/may not be something OP is interested in.
Might be a bit of a bump
On the Android Pie betas for the Note8, the OEM unlock button shows, and it toggles as expected, and the installment balance entry also does not show anymore in settings. However, it still won't let me flash TWRP or any binary, showing the exact same message as above. Has a fix been found for this issue, or am I stuck unrooted? Could the S10 have the same issue?
Has anybody seen this? My phone has never been rooted, had it since new. I double checked with root check and knox check from the play store to confirm. Samsung Pass gives the error shown in the attached photo. Samsung Pay works perfectly. This started somewhere around Thursday evening 1/31 and Friday morning 2/1. I went to log in to an app and Pass told me that it required an update before it could work. I went to the galaxy app store and found there were no updates, so I went to the samsung pass app directly and got this.
Official rom?
Completely official, no modifications whatsoever.
Any app installed that can confuse it? Then I would try wiping cache partition followed by trying if it works in safe mode followed by uninstalling updates for it, which will reset it losing all your pass data.
phil.culler said:
Has anybody seen this? My phone has never been rooted, had it since new. I double checked with root check and knox check from the play store to confirm. Samsung Pass gives the error shown in the attached photo. Samsung Pay works perfectly. This started somewhere around Thursday evening 1/31 and Friday morning 2/1. I went to log in to an app and Pass told me that it required an update before it could work. I went to the galaxy app store and found there were no updates, so I went to the samsung pass app directly and got this.
Click to expand...
Click to collapse
Where did you purchase your phone from ? Playstore apps tell me knox is not tripped but i am rooted!
Turn off the device. While device is off, Press the Power button, Volume Down, and Home buttons and hold until you see a Warning screen, press Volume Up (continue). At the top left of the screen you'll see "Knox Warranty Void: X (0x000X)" where X is the number of times Knox has been tripped
N1NJATH3ORY said:
Where did you purchase your phone from ? Playstore apps tell me knox is not tripped but i am rooted!
Turn off the device. While device is off, Press the Power button, Volume Down, and Home buttons and hold until you see a Warning screen, press Volume Up (continue). At the top left of the screen you'll see "Knox Warranty Void: X (0x000X)" where X is the number of times Knox has been tripped
Click to expand...
Click to collapse
I purchased it brand new from tmobile and broke the seal myself. Knox has never been tripped. Status screen shows WARRANTY VOID:0X0.
If knox tripped, samsung pay won't work anyway so maybe software problem. Try reset like @raul6 said, if still not working try hard reset maybe
Are you running thenfirmware the device cane with or have you flashed that TMB U1 firmware that is available on this forum and from some of the firmware image sites? The TMB U1 is not an actual official firmware and is a combination firmware, which breaks updates and gives similar error messages even though the device isn't rooted.
Any solution for this? My wife's phone will not open Samsung pass or Samsung health. Both say phone is rooted. Knox is 0x0 and software is official. She wouldn't know where to start to root her phone.
Samsung Pay works fine.
Bo21 said:
Any solution for this? My wife's phone will not open Samsung pass or Samsung health. Both say phone is rooted. Knox is 0x0 and software is official. She wouldn't know where to start to root her phone.
Samsung Pay works fine.
Click to expand...
Click to collapse
Call Samsung? ?
Not yet. Either calling Samsung or going to take it to a Best Buy for the Samsung support there. Just seeing if this was solved before I lose a few hours of time.
Did a factory reset and all seems to be fine.
Glad some others are having this concern. I've contacted Samsung twice about this via chat and have been told to send it in for repairs with a 2 week turn around (not gonna happen ) and more recently that I should take it to a service center 20 miles away and they have the tools to fix this. When I asked if this is a known issue, they immediately denied it but assured me the service center would have the tools to fix the problem they deny having.
phil.culler said:
Glad some others are having this concern. I've contacted Samsung twice about this via chat and have been told to send it in for repairs with a 2 week turn around (not gonna happen ) and more recently that I should take it to a service center 20 miles away and they have the tools to fix this. When I asked if this is a known issue, they immediately denied it but assured me the service center would have the tools to fix the problem they deny having.
Click to expand...
Click to collapse
Considering that the fault appears to be a software issue, I suspect the service centre is just going to wipe, flash the latest OS version and hand it to you back, so yeah, they should have the tools. Also it doesn't sound like they denied the existence of the issue you're having, just that it's not a "known issue".
...
hello same pb here, i re up the topic
https://photos.app.goo.gl/Zk28rduw4VQ1Y5VA7
received reconditionned phone S9
knox is ok, but samsung pass / security folder / health, don't work
any idea ?!?
did they "modify" the knox ?!?
Bo21 said:
Did a factory reset and all seems to be fine.
Click to expand...
Click to collapse
Yotitchy said:
hello same pb here, i re up the topic
https://photos.app.goo.gl/Zk28rduw4VQ1Y5VA7
received reconditionned phone S9
knox is ok, but samsung pass / security folder / health, don't work
any idea ?!?
did they "modify" the knox ?!?
Click to expand...
Click to collapse
factory reset the phone. its a software issue.
done 2 times then a third time while reading this topic ;_;
is it possible now to put back a knox to 0 after root ?!?
Yotitchy said:
done 2 times then a third time while reading this topic ;_;
is it possible now to put back a knox to 0 after root ?!?
Click to expand...
Click to collapse
no, Knox cannot be reverted back to 0. you have to live with that.
Munawar Mehmood said:
no, Knox cannot be reverted back to 0. you have to live with that.
Click to expand...
Click to collapse
read previous post... my knox IS 0 but samsung pass says phone is root
One of the biggest banes of having root/magisk is unlocking the bootloader. The warning screen that does indeed slow down booting, also advertises itself to thieves as "You can wipe me clean and use me". Obviously, removing that splash screen won't fix that aforementioned scenario, but it would, (if it can be completely skipped.. The power button won't skip it anymore), speed up booting, and at least not advertise to the world my phone is all for taking.
One thing I'm really hoping for, if the bootloader warning can't be skipped or removed, is at least having the ability to modify (or disable) the hardware buttons being able to enter bootloader, recovery, powering down, or emergency mode. That doesn't seem to be entirely possible, SO , is there a way to fake it while the phone is still on? In example, a "fake" power off icon (while on lockscreen) that will mute all sounds, vibrations, and the screen from ever coming on. Or, being able to fake power off from the powerkey, a few seconds before actual power off. If the power key\ can truly be remapped or disabled (and be made to fake recovery, emergency mode, or fastboot and thus deter the thief, assuming such will be necessary if the power key is interceptable anyway.)
Xposed seems to have the power (but I don't know for sure) to do this, as with magisk, or some kind of kernel.. There would be a bounty if any of this is any possible (Of least $100-300..) It would be worth it for me not to lose my phone to horrible situations; (San Diego.. 20 lost phones from pick pocketing at a party.. The theft was most likely to extract parts from the "inunlockable" phones.
Additional: One would argue just to remove the SIM.. But in theory, couldn't I glue/solder a 2nd sim in the second ("hidden") slot? I have a t-mobile oneplus whose sim tray is only one sim; hardly anyone would think about a second sim being embedded in the phone, especially when they see the sim tray, which would enable me to track my phone continously. Especially before the phone is most likely disassembled, (PreReqs: Remove data icons, airplane mode or data enabling from my quick icons)
Also interested in a fix for this
I don't think there will be a fix for this. It's been the same for a while now on Android.
Not going to happen. It's been this way for 3 years or so. Plus who cares? How often do you reboot your phone for it even matter? I reboot my phone once or twice a week but even if you do it once a day, does it bother you that much that 6 or seconds on the warning matters?
Yep, has been that way for a while... Just cover it with a business card when booting ??
I would like to get rid of this annoying screen as well.
I have never had a phone stolen, lost or broken.
I live in Germany!
Cerberus allows you to do a fake reboot / shutdown. It's a security app that allows you to locate your phone and do all kinds of stuff with it remotely. You can set it so that at the lock screen, if the power button is pressed and they choose to reboot or shut down it will lock the phone and keep the screen off to trick whoever has your phone into thinking it's off and can't be located. You can also install it as a system app (and disguise it), so if your phone gets wiped it will survive and you can still locate it. On my phone it just shows up as a generic looking system app called "system framework" you can also hide it from your app drawer and make it so that the only way to open it is to dial a secret code into your phone dialer and hit call. There already has been an Xposed module that does this too. I used it like 4 or 5 years ago but can't for the life of me remember the name and have no clue if it's still around
Edit: oh yeah, it's called APM+ (advanced power menu)
Is available on edxposed but isn't on magisk manager. It hasn't been updated since 2015. Give it a try, maybe it will still work, who knows
Eric214 said:
Not going to happen. It's been this way for 3 years or so. Plus who cares? How often do you reboot your phone for it even matter? I reboot my phone once or twice a week but even if you do it once a day, does it bother you that much that 6 or seconds on the warning matters?
Click to expand...
Click to collapse
If you have an unlocked bootloader, flashing magisk modules or playing with xposed modules and plenty of configurations that require a reboot, it's kinda important to not have 6-10 seconds gobbled by a totally unneccessary warning. Plus, the warning pretty much alerts even the most dumb thieves that the phone is 100% USEABLE once physically in their hands.
jld2k6 said:
Cerberus allows you to do a fake reboot / shutdown. It's a security app that allows you to locate your phone and do all kinds of stuff with it remotely. You can set it so that at the lock screen, if the power button is pressed and they choose to reboot or shut down it will lock the phone and keep the screen off to trick whoever has your phone into thinking it's off and can't be located. You can also install it as a system app (and disguise it), so if your phone gets wiped it will survive and you can still locate it. On my phone it just shows up as a generic looking system app called "system framework" you can also hide it from your app drawer and make it so that the only way to open it is to dial a secret code into your phone dialer and hit call. There already has been an Xposed module that does this too. I used it like 4 or 5 years ago but can't for the life of me remember the name and have no clue if it's still around
Edit: oh yeah, it's called APM+ (advanced power menu)
Is available on edxposed but isn't on magisk manager. It hasn't been updated since 2015. Give it a try, maybe it will still work, who knows
Click to expand...
Click to collapse
I'll see how cerebrus works out, never heard of it. As for APM+, yeah it's pretty much dead, but was worth a try..
THREAD CLOSED!
Please advise the moderators' team to re-open the thread if a dedicated developer in regard to this bounty is found and is willing to state in this thread that he/she is aware and agrees with it. The developer must herself/himself post the donation account. However, we preserve the right to re-open pending on the donee's history on XDA.