Related
Hi!
Have forgotten my windows-systempassword. Using the built-in extra password protection that comes in WM. Ironic ive change my password yesterday because i find it to easy.
So, is there any option to get it back without reseting the phone?
Even if one has installed some kind of lockdown/tracking software + lock pattern there is always the possibility that a thief would know how to reflash and/or wipe the phone or be able to use Google to find out how.
Has anyone worked on adding the possibility of locking access to fastboot, recovery and OS boot? (Password protecting adb would also be a nice addition.)
There is not much these forums about it. Here is a thread that died: http://forum.xda-developers.com/showthread.php?t=531225
I would be fine with compiling my own recovery image if that is what it takes to get my own password, but I guess fastboot is the biggest concern.
I hope some smart developers will take their time to read this and think about it. Let's hear some input on how big of a task this is. I am sure it can be done, so take the challenge and show us some love.
wow this is an awesome idea. ya because apps like mobiledefense or wavesecure would be useless if the thief knows how to wipe the phone. this would be great and i would love to see it work. i dont know crap about making my own recovery or else i would do it if thats what it means to make my own password protected recovery. but like u said, fastboot is a greater challenge.
I could see recovery maybe having this but the bootloader you are out of luck unless you have a dev or holiday version of the nexus. We currently cant flash custom SPL's because they are sig checked.
What happens when you forget your password? Brick?
MatMew said:
What happens when you forget your password? Brick?
Click to expand...
Click to collapse
Damn if you forget it than you are just too stupid, lol Jk
but good question, however i don't think any development on this will be done anytime soon, id definitely support it though if it ever starts.
Locking the SPL would require us to be able to write/flash one, which is currently impossible
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
I want it
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
We'd also need to find a way to 'type' a password (for the recovery option) while in the bootloader, since there's no keyboard. You could use the volume toggle to cycle through letters or numbers, but this puts this option far past a 'trivial' change to the SPL code. This may be why Google didn't include the option in the beginning.
theslam08 said:
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
Click to expand...
Click to collapse
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
bubbahump said:
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
Click to expand...
Click to collapse
This would be really great... an idea, if ever possible, to overcome the bricking phone by password being lost, is somehow emailing it to the registered google account... or maybe sending an sms to a known phone number that was registered before...
dalingrin said:
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
Click to expand...
Click to collapse
Actually you can set an ON-BOOT password, which will prevent it from being booted at all without the password. Unfortunately, it is not that great a security measure, since you can just reset the BIOS using the jumper on the motherboard. Also, every BIOS manufacturer leaves a backdoor in case of forgotten passwords, just do a Google search for BIOS DEFAULT PASSWORDS.
But, the main thing to remember here is that we do not have a keyboard, and very limited buttons to use. So, what are you thinking of using? A combination of buttons (similar to the quick-reboot)? Or, cycling through with the volume/trackball, kind of like on a briefcase/suitcase (argh, imagine the frustration).
The next thing would be the implementation of such an idea.
If the SPL is to be modified to be password protected, we would need to source code - which I don't think is available.
If the recovery is to be password protected, it would need to have immediate access to a rewriteable portion of the internal memory for storage/retrieval of said password (as would the SPL, but first things first - gotta have the source).
A simple qwerty on-screen keyboard and using the trackball to select characters would work fine. Up and down with volume keys or whatever to type in characters is not a viable option for long passwords.
It seems all this would be of no use without the possibility of flashing our own SPL, so I guess this is a bigger task than I thought at first. We all know SPL's have been hacked many times before, so I believe it can be done on the Nexus One too. But, because of the already unlocked SPL opening up flashing heaven, I am not so sure anyone is going to use any time on figuring it out.
This is what we are left with:
1. Find a way to flash a custom SPL. Piece of cake right?
2. Create an SPL with the possibility of adding password protected fastboot/recovery. Protecting boot will probably not be necessary, as it would make it impossible to trace a stolen phone.
Let me comment on the privacy issue: I am not really very concerned about the data on my phone. Of course I would not want all the pictures and videos I have shot to fall into the hands of complete strangers, but I try not to keep secret/sensitive data on my phone. It is not really very difficult to take the sdcard and put it in any other device or card reader to get all the data off of it. All the password protection in the world will never get us around some physical security. (Maybe I should make another request for encrypting the sdcard?)
What I want is to be able to somehow find the bastard(s) that took my mobile and get it back without it being wiped first. Though there is always the risk that they would not get past the unlock pattern and just throw it away right away. Let's just hope they left it powered on within network coverage.
How does Android store Gmail login credentials? Are the information cookie-like (only session information) or is there an actuall password (encrypted or not, doesn't matter) stored somewhere? If the latter than that would be very bad for the security of the Gmail account (most critical apps there are Mail and Checkout). It would probably be a good idea to change the Gmail password as soon as one starts missing his Android phone.
--
One way of increasing the odds to get a stolen phone back would be to flash a custom ROM with an embeded and preconfigured security application that installs automatically and silently after a wipe. Not perfect because a thief could just flash another ROM but there's a greater chance of a device getting wiped than not getting wiped, right?
I guess a password in recovery would add an extra percentage to those odds too.
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
maedox said:
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
Click to expand...
Click to collapse
Sorry for the bump. But seriously this is a must.
Any Nexus with unlocked bootloader leaves the internal memory unprotected (All your photos in DCIM folder, etc).
You just need to enter fastboot and flash a custom recovery.
Hello
Well i have a phone that has exactly what was being mentioned in this thread and i have literally tried everything everyone is saying about flashing, etc.
I ask because after installing stock MRA58R the contents of my N6 were still visible in Windows Explorer. So I reformatted userdata & cache, and then used the new NRT 2.0.7 to flash MRA58R again - wipe, no root, no recovery, no no-encrypt, just bog-standard install. The "Encrypting device" appeared for literally a few seconds, and now as it's sitting re-installing my apps from Google I can still see the contents of internal memory in Explorer. No USB debug, just a "Use USB for file transfer".
I have a multi-digit PIN on the phone, set up as part of the initialisation process.
I went through all this because my wife's phone was stolen last weekend and it was a wake-up call for me about my data security.
I'm sure I'm being particularly stupid. Can someone please educate me?
Thanks...
And maybe I'm answering my own question...
The contents are visible to me because I entered the device PIN?
Anyone without the PIN gets to see nothing?
And that includes any access via ADB/fastboot?
But is this any different from a non-encrypted device?
dahawthorne said:
Anyone without the PIN gets to see nothing?
Click to expand...
Click to collapse
It is a method to store data that is only readable with the key used for encryption.
Your pin is something different and is used for access permission of a device.
Thanks, but my understanding is that the device PIN is the encryption key. You can't set encryption without having a device PIN. What else could it possibly be using?
So I guess I still don't understand if having my device encrypted is any better than having a simple PIN-secured unencrypted device. If someone can see my data via bootloader mode or some other back door how secure is it?
If I look at an encrypted file I expect to see hieroglyphics. That's not what I'm seeing here. I see either nothing at all because the device isn't recognised by my PC, or I have full access to the data.
So what effect should I expect to see that is different/more secure than a simple PIN-protected device? What's the actual benefit of encryption?
dahawthorne said:
Thanks, but my understanding is that the device PIN is the encryption key. You can't set encryption without having a device PIN. What else could it possibly be using?
So I guess I still don't understand if having my device encrypted is any better than having a simple PIN-secured unencrypted device. If someone can see my data via bootloader mode or some other back door how secure is it?
If I look at an encrypted file I expect to see hieroglyphics. That's not what I'm seeing here. I see either nothing at all because the device isn't recognised by my PC, or I have full access to the data.
So what effect should I expect to see that is different/more secure than a simple PIN-protected device? What's the actual benefit of encryption?
Click to expand...
Click to collapse
Ill be honest. Your device is only as secure as the person that steals it. No amount of security has been 100% proven to prevent the data being attainable if they have access to the device its self. While I am not saying the average thieve will be bale to do it but, then all they care about is the device and end up wiping the device and reselling it without a care about the info inside it.
dahawthorne said:
Thanks, but my understanding is that the device PIN is the encryption key.
Click to expand...
Click to collapse
That wouldn't be a good encryption, you usually need at least 256 bits to encrypt a volume. The pin is only to unlock the encryption key that's stored on a separate partition. Also to unlock the phone.
If you stick a USB cable into a phone that's on, it switches to USB charging mode by default, so you need to unlock it to change it to MTP or Camera. If you want to connect as USB debugging, you first must allow the new computer's fingerprint to connect, so you need the pin to unlock the phone again.
If encryption is used correctly, then you must enter your pin to resume boot. But you can just set MTP as default connection in a custom ROM, build it as userdebug that doesn't require ADB fingerprint, and set pin for unlocking lock screen only
Thanks, people. It looks like encryption is pretty well pointless then if any Tom, **** or Harry can just install a new ROM or recovery and get access to the data... Burning my battery for nothing but a lot of security hot air...?
Speaking of which, I've just rebooted my phone and despite having checked the "Require passcode to start Android", which actually did work at least once (meaning I had to enter a PIN 3 times, for Android, SIM and device), this time there was no Android challenge, only SIM & device.
This security really isn't up to the job at all.
That is incorrect. With out knowing the key, as long as you select require pon at boot, the only thing they could do is reformat your phone and continue using it. No matter what, the key to your data is needed to access it.
dahawthorne said:
Thanks, people. It looks like encryption is pretty well pointless then if any Tom, **** or Harry can just install a new ROM or recovery and get access to the data... Burning my battery for nothing but a lot of security hot air...?
Click to expand...
Click to collapse
I really don't get where this comes from?!? It's a very serious security measure, and it's really not its fault if people dynamite holes into the phone's security like using userdebug builds, and having custom recoveries.
The point is, you have to decide if you want a phone open for modding and to use to store sensitive data on it. There isn't a system that really can accommodate both.
But if you don't have any sensitive data on your phone then encrypting is really pointless.
Thanks again, guys.
@scryan - "select require pin at boot" - does this mean the "require PIN before starting Android"? This is what I mentioned I had but now I don't. An extra layer of security disappeared for no reason I can think of, and I see no option to switch it back on, since the only time it was offered to me was during the initial setup. I still have SIM lock and device lock, but more is better, no?
@istperson - I get the trade-off between security and flexibility. I would consider my photos, for example, to be secure data - even if I'm happy showing them to people I know, I don't want strangers poking around in them.
So bottom line - I still see no argument that says that encryption provides something that the PIN doesn't. How exactly is a PIN-protected encrypted phone more secure than a PIN-protected unencrypted phone?
Edit: I found the "require PIN on boot" option in one of the security tabs, and it appears to work. Back to 3 levels of security, but still in the dark about encryption benefits.
dahawthorne said:
So bottom line - I still see no argument that says that encryption provides something that the PIN doesn't. How exactly is a PIN-protected encrypted phone more secure than a PIN-protected unencrypted phone?
Click to expand...
Click to collapse
If they hit you on the head, take your phone, tear it apart, and remove the sdcard, it won't be readable because of the encryption. If it's unencrypted they can access every data.
But don't store naked selfies on you phone. or in the cloud, then you're safe.
Also the pin to boot doesn't go away by itself without tinkering. Go back to Settings/Security and switch on the Require pin to boot, or whatever it's called.
Basically encryption is how the data is stored on the device. Instead of the normal readable format, its scattered all around in a pattern that requires a key to calculate how to put it all back together.
When you computer goes to read a file, it pulls out a chunk of data, looks at what the right pattern is, then ignores the pieces it doesn't need.
When you phone is running you dont see any of this, because your phone is always in the middle decoding.
If I tried to access your data by circumventing the OS and its checks, all I would see was scrambled randomness.
Decent little wiki entry from arch linux
https://wiki.archlinux.org/index.php/Disk_encryption#How_the_encryption_works
Its more aimed at computers, but its the same thing...
"it won't be readable because of the encryption."
That I understand - thanks. I suppose I was just a bit uneasy because it seems a bit too simple to get in, but obviously tinkering with my own device is far simpler than tinkering with someone else's.
I'll put this one to bed now. I'm very grateful for everyone's patience in answering my questions.
Hi!
I've got a serious problem accessing my TF701T. My daughter had set a pattern lock to the tablet and... now she can't remember it.
The tablet is not rooted, not unlocked and I don't know if I had USB debugging enabled....
I tried several patterns in the hope of accessing the tablet by using my google account. But unfortunately it never shows this dialog option. After some wrong tries I have to wait 30 seconds to try again....
I also tried to set a new password via the Google Device Manager. The GDM locates the device and when I "lock" the tablet with a new password (e.g. 1234) it turns out. Back on it shows the (optional) text message but there's no textbox to enter the new password. Also the GDM says that the device is already locked and a new password is not necessary.
Does anyone can help me (without doing a factory reset)?
Thanks in advance,
Michael
Ohhh... yeahh!!! After 100+ tries I found the right 5-dot pattern!
It's a solution that satisfies my needs but it could be interesting to know a technical solution.
Hello,
I have am issue with my Galaxy A71.
Two years ago I have setup fingerprint unlock for the phone, I don't remember setting up a PIN for the phone, but I do remember that I did setup fingerprint and a pattern to draw.
Everything worked without any issues, I even upgraded to android 12 this year and all was good.
This morning the phone decided to ask me a PIN to unlock. I don't remember setting up a PIN for it, and I tried all of the pins that I usually use, nothing works.
I can't bypass the phone lock, the bad things is that the phone is not registered to findmyphone by Samsung and USB debugging is not enabled.
I have looked on the entire internet on how to bypass the phone lock and I'm posting here because I'm desperate, I don't want to factory wipe because I have important data on it (the phone is also used for work, I know, you can mock me for everything).
While I was trying to troubleshoot it, I have had an idea and I'm posting it here in hope there is some one that can help me.
I can force the phone into recovery mode, and I saw the option to apply update from SD Card.
My question is, is there a way to write a script that removes the PIN lock (sort of like ADB gesture.key removal), put in on SD Card and use the SD Card to update the phone?
I am really desperate.
Thanks!
Nevermind, I factory reset it. F it
maikkan said:
My question is, is there a way to write a script that removes the PIN lock (sort of like ADB gesture.key removal), put in on SD Card and use the SD Card to update the phone?
Click to expand...
Click to collapse
Nope, not possible as far as I know.