Hello everyone, truck driver here and one of the guys that owned the truck before me left behind this SM-T387v tablet that he didn't want. There's only one app on here which is a ELD that we use for our driving time on the road, but the thing is, I can't access anything on the tablet, including turning on the WiFi.
When I boot it up, it says that it's protected by Knox and attempting to get to the settings leads to this popping up "Security policy prevents use of hardware key." If anyone knows how to remove this Knox protection, it would be greatly appreciated.
Thanks!
Related
Google Wallet on the Nexus 5 uses HCE (host card emulation) which puts the secure element "in the cloud" instead of a physical secure element on the phone. The old way with the secure element on the phone works fine without network connectivity because once provisioned it is exactly like an NFC credit card. On the Nexus 5 if your PIN has timed out and you're not connected to the internet then Wallet won't even let you open it, but if you have a long PIN timeout you can still use Wallet without internet connectivity.
Has anyone tried Google Wallet on the Nexus 5 without network connectivity? I'm wondering if this works because there is no secure element in the phone anymore, and it's emulated by software/cloud. I haven't gotten a chance to visit a store with NFC since I got my N5, just wondering if anyone has tried it.
On another note HCE sounds less secure than a secure element. If software is emulating a card, what's to stop a well written piece of malware from abusing it? Especially on a rooted phone or using some exploit for the app to gain root access on its own?
Basically, it sounds like Secure Element was technically a much better solution than HCE. The carriers and OEMs restricted access to it, but so was Google in their setup. It would have been better if they fixed THAT system. If carriers and OEMs can change the security policy to the Secure Element what's to stop them from disabling HCE?
I'd be interested in the answer to this as well. I used the n5 at CVS the other day and it worked perfectly but my signal was good at the time .
Honestly since the gnex days I've been so paranoid about the hardware secure element becoming bricked that I barely used it on the n4 due to constantly flashing new Roms. I don't even know of the n4 suffered from that problem but I always reset the wallet from within the app before reflashing.
Sent from my Nexus 5 using Tapatalk
pedxing said:
I'd be interested in the answer to this as well. I used the n5 at CVS the other day and it worked perfectly but my signal was good at the time .
Honestly since the gnex days I've been so paranoid about the hardware secure element becoming bricked that I barely used it on the n4 due to constantly flashing new Roms. I don't even know of the n4 suffered from that problem but I always reset the wallet from within the app before reflashing.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Those secure elements sure are finicky! I don't understand why the brick. Apparently they brick if they think they are being tampered with, but why not just securely erase themselves instead of bricking? That way they can be re-provisioned instead of ruining a part of a $700 phone like what happened in my Note 2. I wasn't even flashing ROMs when it bricked. I was on a custom ROM and it was working great. I hadn't flashed a ROM in months and then one day I opened wallet and it instantly crashed. Kept crashing on start, so I wiped data and re-loaded it. Google Wallet never activated on that phone ever again. Always failed.
So no SE to brick is a nice thing about HCE, but just making the SE not brick-able would've been better. Requiring network connectivity (if it does) is a big fail. And it definitely does require network connectivity to enter the PIN in if it has timed out. I keep it at 15 minutes because I don't want someone stealing my phone and using it to buy ****.
Just tested it and I can confirm it does in fact work without internet connectivity. I put my PIN in to unlock it and then turned airplane mode on and then NFC back on by itself. Put my phone to the reader and the transaction went through. Then I turned on my internet and it downloaded the details. So if you don't mind the lack of security or if you use a passcode on the whole phone then you can set the timeout for wallet to never and not worry about needing internet when you want to use it to pay.
petard said:
Basically, it sounds like Secure Element was technically a much better solution than HCE. The carriers and OEMs restricted access to it, but so was Google in their setup. It would have been better if they fixed THAT system. If carriers and OEMs can change the security policy to the Secure Element what's to stop them from disabling HCE?
Click to expand...
Click to collapse
Part of the reason is that the Secure Element was such a prissy *****. Flashing a ROM, even a stock ROM, without first uninstalling wallet would immediately "brick" it and render it unusable. It's like your front door key not working if you changed your pants where you put your keys in.
harveydent said:
Part of the reason is that the Secure Element was such a prissy *****. Flashing a ROM, even a stock ROM, without first uninstalling wallet would immediately "brick" it and render it unusable. It's like your front door key not working if you changed your pants where you put your keys in.
Click to expand...
Click to collapse
Right, but they could probably make/configure secure elements to ERASE instead of BRICK when they think they're being tampered with.
Either way, HCE for Wallet works offline. It just now requires you to be online to enter your PIN in. Wish they'd change that.
petard said:
Right, but they could probably make/configure secure elements to ERASE instead of BRICK when they think they're being tampered with.
Either way, HCE for Wallet works offline. It just now requires you to be online to enter your PIN in. Wish they'd change that.
Click to expand...
Click to collapse
They probably assume that legitimate implementations are "correct", and interpret anything unusual as a hacking attempt. If you're trying to exploit the SE but it bricks every time you try something, it will be an expensive endeavor. If it can't be reset, you cannot programmatically fuzz the protocol.
$0.02
So I've got a new Samsung Gear Live from the Play Store. I'm attempting to pair the device to a Nexus 5 running stock 4.4.4.
When I turn on the Gear Live I'm prompted with selecting a language. I choose English US. Then i'm taken to the "Install Android Wear on your phone" Screen
At first this screen would show me the text "Gear Live 4AFV" (or something along those lines). However 9/10 (after rebooting or resetting the watch) it will simply show me "Gear Live" no 4 digit name.
Without the 4 digits showing the phone will not detect the bluetooth device to connect. On the off chance that it does show up and the phone is able to detect the watch, the pairing process can either work, or stall leaving both devices sitting at a "wait a moment while pairing" screen that never ends.
Lastly, if everything works and i'm able to pair the watch and phone. it will randomly disconnect and nothing I do will make it reconnect to one another.
Other things to note. Bluetooth has no issues on my phone with any other device.
I've reset the watch numerous times,
I've uninstalled the Android Wear app as well as any other watchfaces or launchers.
I've factory reset the phone.
Suffice it to say i'm almost certain there is a problem with the watch, the question is has anyone else experience this or anything similar with a Reset hasn't fixed the problem and is there possibly a solution to this problem that isn't a replacement.
Google has offered to replace the watch but I want to ensure I"m not missing something here.
thanks for any assistance in advance.
gear live 5.0 lollipop connection issues
jay slasher said:
So I've got a new Samsung Gear Live from the Play Store. I'm attempting to pair the device to a Nexus 5 running stock 4.4.4.
When I turn on the Gear Live I'm prompted with selecting a language. I choose English US. Then i'm taken to the "Install Android Wear on your phone" Screen
At first this screen would show me the text "Gear Live 4AFV" (or something along those lines). However 9/10 (after rebooting or resetting the watch) it will simply show me "Gear Live" no 4 digit name.
Without the 4 digits showing the phone will not detect the bluetooth device to connect. On the off chance that it does show up and the phone is able to detect the watch, the pairing process can either work, or stall leaving both devices sitting at a "wait a moment while pairing" screen that never ends.
Lastly, if everything works and i'm able to pair the watch and phone. it will randomly disconnect and nothing I do will make it reconnect to one another.
Other things to note. Bluetooth has no issues on my phone with any other device.
I've reset the watch numerous times,
I've uninstalled the Android Wear app as well as any other watchfaces or launchers.
I've factory reset the phone.
Suffice it to say i'm almost certain there is a problem with the watch, the question is has anyone else experience this or anything similar with a Reset hasn't fixed the problem and is there possibly a solution to this problem that isn't a replacement.
Google has offered to replace the watch but I want to ensure I"m not missing something here.
thanks for any assistance in advance.
Click to expand...
Click to collapse
I have the same connection issue but not until I updated it to Android version 5.0 that I started to get connection issues and the gear live was constantly doing a sync loop and it would not stay connected or send SMS messages.
Now, that I'm going to replace my Note with new one, I will need to set it up again, therefore it's good time to change things around from start, knowing much more than at launch. Forced encryption for whole memory bothers me and I'm thinking to get rid off it (What is Knox, secure folder, by file password protected encryption for?). Whole phone encryption sounds more like locking the phone from me, the user, than anything else. So my questions are?
Will this even work on Tmo Note? http://androiding.how/disable-dm-verity-forced-encryption-galaxy-note-7/
Will this trip the Knox?
Whats the side effects? Will Samsung pay still work? Secure folder? etc?
I would test it on my current N7, which goes back anyway, but ATM time is something I don't have much at all. Anybody else tried it?
Well, TWRP is a prerequisite, and that will trip Knox.
Sent from my SM-N930T using Tapatalk
Does the T-Mobile N7 have that level of root? These instructions seem geared to the international version.
Sent from my Note 7
Hello,
is there any way to get the Tablet working ?
It is a demotablet from job and it was used to display one app with demofilms.
The app was locked so no customer could do other things with the tablet.
Only way to exit the app was a passcode. I have the pass and i thougth, i have a working tablet.
But some things, e.g. BT, are not working and a second look reveals some security measures.
The tablet can´t switch off
I can´t delete all and get factory settings
Install from other parties are greyed out
Perhaps someone can help ?
I have it send back to my employer but after a few days it came back in the same state.
It would be great if i can get it to work when the admin at the firm couldn´t (or wouldn´t)
My first thought is to drain the accu so the system is off and then charge it and go into recovery mode...
I was running a U1 XAA build of Android 10 2.0 with the
June 1 Security patch that I'd downloaded and flashed
from Sammobile.
Awhile ago I downloaded and flashed the U1 XAA 2.1 update from the same place and noticed that there
are a number of apps I can no longer deny Wifi Control
access to under the Apps Special access area:
DeviceTest
DeviceKeystring
FACM
Gear VR Service
Voice wake-up
being 5 out of the 12 I cant deny access to.
Also I am no longer able to disable Google Play Services
whereas before in 2.0 I could. I'm not even allowed to forcestop Play Services now! Its not just these two changes, there are other things I used to be able to disable but now can't. And I have *two* 'SmartThings'
apps, one is version 10.0.37.0 and the other is version
1.7.50-21 (the-21 is just how its listed.)
I know this all sounds somewhat tame and trivial but I would like to know if this is all normal and can be confirmed by anyone else.
Anyone
-----------------
**Update**
Okay, just wanted to post some info on some sort of resolution to the above, mostly for those who make honest and earnest pleas for help and ask really pertinent questions but are ignored by the knowledgable (or criminal)
peruser.
In short, I was hacked. It doesn't come as a surprise (has happened *many* times with my N9. It *does* make me wonder about that supposed military-grade Knox security)
How do you know if you're hacked?? I just used the Running Services lister under Development Tools. Look
for services that shouldn't be running as often as they do
(Last hack they had Samsung Push which is for delivering notifications related to Samsung apps?? running something as a Service (not sure what it was but as soon as I stopped it, it popped right back up) or things you never use or have deactivated showing up in the cache (ESPECIALLY Aircommand!! Disable this as a Trusted Agent immediately! And keep an eye on it, and always keep the Air Remote feature OFF).
Also, the Google Play Store app. When I flashed the July 2020 Security update I noticed the Play Store was still at the May 2020 version update. I didn't think much of it at the time, but after having to Factory Reset I noticed it now read July 1 2020. So I guess the 'worms' have the May version hacked. Sucks that villany loves working for free breaking stuff, but in order to build something up and protect it, it takes toil and coercion.
Finally (Not sure if this is actually a sign of malware or hacking, but the only reference I could find relating to it
was from a guy who was truly beleaguered by hackers)
theres a User Certificate under Biometrics & Security / Other
Security settings / User Certificates that reads as
'FindMyMobile' and purports to being necessary for VPN security and other applications. Well, I had Find My Mobile
deactivated and uninstalled via ADB and it still showed back up after being deleted numerous times and my VPN seems to work without it. It might be for the Note 9's
built-in Knox android VPN strengthening parameters, but I couldn't find nfo online about it anywhere except in the case I mentioned which seems very odd. Qualifying proof of its malicious intent for me?: After factory resetting it hasn't shown back up.
I dont think my N9 is cleaned or I should say I'll never trust a smart phone fully again, not until the outdated and hacked 40 year old SS7 protocol that runs all cellular communications is updated, not until something more reliably secure than 'somewhat' obsfucatingly complex baseband processors are present in phones and maybe something akin to a hardware firewall in the soc that can interpret and filter non-carrier invalid commands (prob only need to update that damn SS7 protocol!) I'd also love it if Google/Alphabet would dump Android and start over with a new updated mobile OS with security at the forefront (Think, updates delivered via 'Middleware', roms bought initially directly from the manufacturer that can be crytographically flashed up to three times with signed updates with each update burned and locked into the rom via fuses. Each factory reset brings you back to your last update. The roms are only updatable if a hardware dip switch is tripped which moves actual physical leads in the soc which powers the ability to flash this chip. And maybe screw AOSP, I wonder if all this open sourceness has actually given the malware creators more knowledge to
finess the software and the hardware. The so-called white-hat 'Ethical Hackers' (LOL! HOW can breaking into someone's personal space without permission outside of national defense be considered ethical?!? All hackers are criminals. If you want to be considered a 'good' hacker (*snort*) bring to light the measly exploits and software, the slime who make and distribute the same and tell how to protect against them and detect them and disable them. Criminals giving webinars and seminars about how to circumvent protections for devices that billions of people rely on for living should be outlawed FULL-STOP-PERIOD I'd rather have one slime who knows how to get into a system than having that slime be allowed to freely distribute the software and knowledge so that millions of other definately less conscionable scum can make use of his knowledge.)
hackers only care about making their fame and fortune by
beinging to light obscure and unknown exploits that no one has ever used or are likely to use than going after to exoloits that *are* in use and *do* affect those in the here and now. It must give some sense of ease not to be in contention with real criminality and the fear of any reprisals from the 'less-ethically saturated' in the tech community.
Just wanted to get that out somewhere. I know its pointless and no-one will listen. Look at what Edward Snowden sacrificed for people who were/are unworthy of *any* sacrifice by betraying everything bit by bit, battle by battle until it must one day be reclaimed (if it can be) via costly confrontation, disruption and perhaps irrevocable critical loss.
Okay, END RANT. Yeah, a slow day, corona cloud and all.
But seriuosly the Feds need to check all this electronic criminality, its gotten waaay out of hand. TO FEDS: Less hunting terrorists, MORE hunting electronic predators and anarchists!
Hi, @tamdwin,
Even though you believe your phone may have been hacked, DeviceKeystring, DeviceTest, EmergencyManagerService, FACM, IMS Service, IOTHiddenMenu, Samsung MirrorLink 1.1, Settings, Setup Wizard, Wi-Fi Direct & WlanTest are enabled on my Note9 with One UI 2.1, Security patch: 1 July 2020 (w/out Google Play Services/Google Play Store, Bixby, GearVR, DeX...only have Google Services Framework installed).
After downloading the 1 July 2020 Security update, I noticed that these services could no longer be turned off for wi-fi control.
Wish I never downloaded the update for the fancy camera features, lol.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
Some of the settings, such as disabling "Find My Mobile" from running in the background, reset/enable after you restart the phone.
Snowden? Have you read any of his articles on smartphone security? (you may want to throw your phone in a blender after reading...)
But will it blend!
https://www.youtube.com/watch?v=FN9mktgYZJ8
I am worried about these things, so I am looking at developing my own custom ROM.
Sorry for my English I Am brazillian
@P00r ROFL! The Samsung S4 Active shake looks delicious! Thank you for sharing the vid!
silvaBR said:
I am worried about these things, so I am looking at developing my own custom ROM.
Click to expand...
Click to collapse
That sounds like an excellent plan!