Related
Even if one has installed some kind of lockdown/tracking software + lock pattern there is always the possibility that a thief would know how to reflash and/or wipe the phone or be able to use Google to find out how.
Has anyone worked on adding the possibility of locking access to fastboot, recovery and OS boot? (Password protecting adb would also be a nice addition.)
There is not much these forums about it. Here is a thread that died: http://forum.xda-developers.com/showthread.php?t=531225
I would be fine with compiling my own recovery image if that is what it takes to get my own password, but I guess fastboot is the biggest concern.
I hope some smart developers will take their time to read this and think about it. Let's hear some input on how big of a task this is. I am sure it can be done, so take the challenge and show us some love.
wow this is an awesome idea. ya because apps like mobiledefense or wavesecure would be useless if the thief knows how to wipe the phone. this would be great and i would love to see it work. i dont know crap about making my own recovery or else i would do it if thats what it means to make my own password protected recovery. but like u said, fastboot is a greater challenge.
I could see recovery maybe having this but the bootloader you are out of luck unless you have a dev or holiday version of the nexus. We currently cant flash custom SPL's because they are sig checked.
What happens when you forget your password? Brick?
MatMew said:
What happens when you forget your password? Brick?
Click to expand...
Click to collapse
Damn if you forget it than you are just too stupid, lol Jk
but good question, however i don't think any development on this will be done anytime soon, id definitely support it though if it ever starts.
Locking the SPL would require us to be able to write/flash one, which is currently impossible
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
I want it
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
We'd also need to find a way to 'type' a password (for the recovery option) while in the bootloader, since there's no keyboard. You could use the volume toggle to cycle through letters or numbers, but this puts this option far past a 'trivial' change to the SPL code. This may be why Google didn't include the option in the beginning.
theslam08 said:
Maybe a petition to google to set forth this new option then?
Because I was thinking the same thing...our laptops can do it, because duh, if someone steals your lappy they could just wipe to get the hardware so we can put a BIOS password so even thats impossible.
Our so 'open' phones should follow suit...please google, read this. It would be a fantastic option, that way its rendered completely useless to anyone that steals it and is smart with them (aka anyone reading these forums ).
THANKS
Click to expand...
Click to collapse
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
bubbahump said:
I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.
The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.
An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.
Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.
Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.
Click to expand...
Click to collapse
This would be really great... an idea, if ever possible, to overcome the bricking phone by password being lost, is somehow emailing it to the registered google account... or maybe sending an sms to a known phone number that was registered before...
dalingrin said:
A computer bios password only keeps people from changing bios settings. They can still format the hard drive.
Click to expand...
Click to collapse
Actually you can set an ON-BOOT password, which will prevent it from being booted at all without the password. Unfortunately, it is not that great a security measure, since you can just reset the BIOS using the jumper on the motherboard. Also, every BIOS manufacturer leaves a backdoor in case of forgotten passwords, just do a Google search for BIOS DEFAULT PASSWORDS.
But, the main thing to remember here is that we do not have a keyboard, and very limited buttons to use. So, what are you thinking of using? A combination of buttons (similar to the quick-reboot)? Or, cycling through with the volume/trackball, kind of like on a briefcase/suitcase (argh, imagine the frustration).
The next thing would be the implementation of such an idea.
If the SPL is to be modified to be password protected, we would need to source code - which I don't think is available.
If the recovery is to be password protected, it would need to have immediate access to a rewriteable portion of the internal memory for storage/retrieval of said password (as would the SPL, but first things first - gotta have the source).
A simple qwerty on-screen keyboard and using the trackball to select characters would work fine. Up and down with volume keys or whatever to type in characters is not a viable option for long passwords.
It seems all this would be of no use without the possibility of flashing our own SPL, so I guess this is a bigger task than I thought at first. We all know SPL's have been hacked many times before, so I believe it can be done on the Nexus One too. But, because of the already unlocked SPL opening up flashing heaven, I am not so sure anyone is going to use any time on figuring it out.
This is what we are left with:
1. Find a way to flash a custom SPL. Piece of cake right?
2. Create an SPL with the possibility of adding password protected fastboot/recovery. Protecting boot will probably not be necessary, as it would make it impossible to trace a stolen phone.
Let me comment on the privacy issue: I am not really very concerned about the data on my phone. Of course I would not want all the pictures and videos I have shot to fall into the hands of complete strangers, but I try not to keep secret/sensitive data on my phone. It is not really very difficult to take the sdcard and put it in any other device or card reader to get all the data off of it. All the password protection in the world will never get us around some physical security. (Maybe I should make another request for encrypting the sdcard?)
What I want is to be able to somehow find the bastard(s) that took my mobile and get it back without it being wiped first. Though there is always the risk that they would not get past the unlock pattern and just throw it away right away. Let's just hope they left it powered on within network coverage.
How does Android store Gmail login credentials? Are the information cookie-like (only session information) or is there an actuall password (encrypted or not, doesn't matter) stored somewhere? If the latter than that would be very bad for the security of the Gmail account (most critical apps there are Mail and Checkout). It would probably be a good idea to change the Gmail password as soon as one starts missing his Android phone.
--
One way of increasing the odds to get a stolen phone back would be to flash a custom ROM with an embeded and preconfigured security application that installs automatically and silently after a wipe. Not perfect because a thief could just flash another ROM but there's a greater chance of a device getting wiped than not getting wiped, right?
I guess a password in recovery would add an extra percentage to those odds too.
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
maedox said:
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.
Click to expand...
Click to collapse
Sorry for the bump. But seriously this is a must.
Any Nexus with unlocked bootloader leaves the internal memory unprotected (All your photos in DCIM folder, etc).
You just need to enter fastboot and flash a custom recovery.
Hello
Well i have a phone that has exactly what was being mentioned in this thread and i have literally tried everything everyone is saying about flashing, etc.
Did anybody try to encrypt the z3compact? Is the performance hit noticeable or negligible?
I'm very fought about encrypting my phone. Would I lose the smartlock feature?
Thanks in advance
I encrypted it, including SD card. There is no visible impact I would say. I think PIN and password is the only unlock option after encryption, the biggest drawback for me is that you can't manage it with Sony Companion after encryption (as Sony did not manage to implement support it seems).
PIN and password are the only options available after encryption and you'll probably lose smartlock.
In KK at least performance was about the same. Though it did reduce my battery life...
i9300usr said:
I was curious to know if this was true with Sony Bridge too (Mac app), and I found this thread on the Sony forums. The Sony mods there insist that this is a choice by Sony to maintain security. Apparently none of them have heard of encrypted backups (à la iPhones). So, possible this will never be implemented.
Click to expand...
Click to collapse
It's not that important, ADB backups work and are more complete, only drawback is the time they take
i9300usr said:
I was curious to know if this was true with Sony Bridge too (Mac app), and I found this thread on the Sony forums. The Sony mods there insist that this is a choice by Sony to maintain security. Apparently none of them have heard of encrypted backups (à la iPhones). So, possible this will never be implemented.
Click to expand...
Click to collapse
i9300usr said:
So, just to make sure I understand you correctly: ADB allows users to make backups of encrypted Sony Xperia phones? Are the backups encrypted or unencrypted? And is the restore process straightforward?
Click to expand...
Click to collapse
Yes ADB allows you to make a full encrypted backup of your phone (including apps installation files). The restore process is straightforward as well but it's not as complete as say an iPhone backup. ADB might not be able to access some files, especially ADB might restore all your apps but not your launcher settings, folders, etc...
Even though the backup is encrypted, keep in mind that if you use a four digits code it can be bruteforced in less than 10s so encryption does not mean much in this regard.
difto said:
...Even though the backup is encrypted, keep in mind that if you use a four digits code it can be bruteforced in less than 10s so encryption does not mean much in this regard.
Click to expand...
Click to collapse
This is interesting. Are you referring to a code ADB requires or the code used on the phone? I use a pattern on the phone.
scottjb said:
This is interesting. Are you referring to a code ADB requires or the code used on the phone? I use a pattern on the phone.
Click to expand...
Click to collapse
If you encrypt your phone you cannot use the pattern anymore. The ADB password is the same as your phone password so either 4 digits or a real password.
difto said:
If you encrypt your phone you cannot use the pattern anymore. The ADB password is the same as your phone password so either 4 digits or a real password.
Click to expand...
Click to collapse
I have my phone encrypted and use a pattern. I was not required to change it to a PIN when I encrypted it.
That's why I asked, I wonder how ABD would handle the pattern.
You can transfert files when the phone is mounted as mass storage and unlocked, that's why Sony isn't consistent. You can also transfert files using a third party ftp server like es file browser.
I encrypted my phone last week. Not really noticed any difference in terms of general performance and battery life. One thing I hate is that if you fail to enter the correct password 10 times your phone gets wiped. I hate this because it just makes it easy for people to troll you and makes a thief's job easier because your essentially getting your phone ready to be sold on and also locking yourself out so it can't be tracked.
Another negative is startup takes forever but, you don't really reboot phones much anyway
i9300usr said:
Sounds like something I might actually use. Thanks for the feedback.
So, this is by default and can't be disabled by the user? Hmm, Apple's iOS at least makes the wipe optional.
So much this. Makes backing up your phone every day a necessity just in case. But then:
a) how many people are actually aware the wipe is mandatory for encrypted phones,
b) how many would be mean-spirited enough to actually do this,
and
c) how can people tell if your phone's encrypted?
I think the likelihood is low, but I guess that depends on the company you keep. But if it's that kind of company, you're probably wise enough to keep the phone in your possession all the time anyway.
Unless you're running 5.1, and have enabled "Device Protection" - if Google have actually implemented it? Did the promised "kill switch" actually make it to our phones?
How useful is the tracking anyway? Do the Police even care? I've read articles where the owners themselves had to retrieve their phones, and that can be a very tricky prospect.
Yup, very infrequently these days.
Well, this is all better than the non-existent encryption on my S3.
Click to expand...
Click to collapse
Sadly, no you can't disable the wipe after 10 failed attempts. Well I'm uni student and you know what some people are like when it comes to trolling! I don't think z3 compact has the device protection. Not mine anyway. The police should track it. Well I've heard they help here in the UK
I think it's better to go without encryption, root with locked bootloader and install Cerberus to system partition, and use a strong lock pattern or password.
No worries of 10 try wipes, more secure lockscreen options, and can still track the phone even after a factory reset (unless they reflash the entire system.)
cschmitt said:
I think it's better to go without encryption, root with locked bootloader and install Cerberus to system partition, and use a strong lock pattern or password.
No worries of 10 try wipes, more secure lockscreen options, and can still track the phone even after a factory reset (unless they reflash the entire system.)
Click to expand...
Click to collapse
I think there's a tendency to speak too lightly of rooting. It invalidates warranty, which is a big deal for a US$400–600 phone such as this. Even after the warranty expires, I think it places far too much responsibility on the user to solve any problems that may arise, which can be onerous if the phone actually serves a purpose (as opposed to being merely a prestige item, which I'm sure it frequently is).
Rooting is a nice concept, but it presents real-world problems that can entirely negate any benefits gained; it's not the panacea it purports to be.
My P9 is my favorite phone I ever used, however the only aspect that makes me sad is that I searched all over the Internet, and I cannot find any confirmation that the device supports whole device encryption. Rather everything indicates that the data on the phone is not encrypted.
I travel abroad regularly, in a country where unfortunately some Westerners go to engage in child abuse, which means that when I come back to my country, I am often required by customs to let them inspect my phone, and the device could be taken away from me to extract and analyze its data. I would love to have my P9 to take fantastic shots of this beautiful country, however I do not want to let my government have access to all my intimate conversations with my wife, all my passwords, all the websites I visit and all my personal pictures. And no, simply wiping the device, if the device doesn't support encryption, is not sufficient to remove the sensitive data from it.
Unless I can find other information to the contrary, I'll travel to this country with a backup phone that does support encryption.
WDE is a requirement for all new Marshmallow devices onwards so yes it has it.
Actually I thought I read that Google ended up withdrawing this requirement.
At any rate, I certainly haven't found the functionality anywhere. It's not anywhere in the parameters, and although you can launch it with the activity launcher, it just reboots the phone without encrypting anything.
After I unlocked bootloader and installed TWRP, when rooting, it said can not mount data in red (but still got root).
Same error when I tried to do a backup in TWRP.
One video suggested changing the disk format and changing it back, and then when I turned on my phone after that, it said password was there but unable to be used and kept booting back into recovery until I wanted to kill myself.
Seems the reason was because the phone was encrypted and changing the format fkd it all up.
So yes - it is encrypted (at least on my P9)
Hi there,
After the advice of John on this thread
https://groups.google.com/a/googlep...forums.com?utm_medium=email&utm_source=footer
I finally got passed the boot loop after another attempt. I am travelling in China and this country is so beautiful that I could not stand living without a camera. So I simply tried again and it worked. (I have a software VPN that helps to reach the Google servers).
So I have setup a hosted network on my Windows 10 device with the VPN on it and went ahead with the install.
It went all fine (a bit longer as the packets have to transit via San Fransico hardware VPN hosted by VPN Express) however once I'm on the "Verifying your account" page, I enter my email and it grays out in the wait of completion but it rolls and rolls, it never ends.
I have searched on Google search engine about documentation to fix that quick and I ended in an ocean of people running around like headless chickens, sake oil dealers etc etc. So what's all these hurdles about this FPR thing???
I am scared.
I am in china and my phone helps me to get around.
It's now a useless paper weight.
What if I end up in a trap because I asked some people for my way and I get hurt? Am I allowed to blame the new fancy "security" policies?
PLEASE HELP ME FAST - I NEED URGENT ASSISTANCE - I will be refreshing my email every 30mns from now.
vonz33 said:
Hi there,
After the advice of John on this thread
https://groups.google.com/a/googlep...forums.com?utm_medium=email&utm_source=footer
I finally got passed the boot loop after another attempt. I am travelling in China and this country is so beautiful that I could not stand living without a camera. So I simply tried again and it worked. (I have a software VPN that helps to reach the Google servers).
So I have setup a hosted network on my Windows 10 device with the VPN on it and went ahead with the install.
It went all fine (a bit longer as the packets have to transit via San Fransico hardware VPN hosted by VPN Express) however once I'm on the "Verifying your account" page, I enter my email and it grays out in the wait of completion but it rolls and rolls, it never ends.
I have searched on Google search engine about documentation to fix that quick and I ended in an ocean of people running around like headless chickens, sake oil dealers etc etc. So what's all these hurdles about this FPR thing???
I am scared.
I am in china and my phone helps me to get around.
It's now a useless paper weight.
What if I end up in a trap because I asked some people for my way and I get hurt? Am I allowed to blame the new fancy "security" policies?
PLEASE HELP ME FAST - I NEED URGENT ASSISTANCE - I will be refreshing my email every 30mns from now.
Click to expand...
Click to collapse
There are a few options you can take (if you have an unlocked bootloader). The quickest would be to simply delete the SetupWizard apk from TWRP.
Another option is to download and flash a ROM without Google Apps (make sure to download the camera apk of your choice- whether it be Snap or Google Camera).
Finally, you could try another VPN service (or server).
Go to a country that allows Google services to be used, or simply be patient as the VPN is apparently the problem. Your last two questions are likely rhetorical, but if you end up in a trap and get hurt it's your fault, not Google's. So no, you can't blame them for their Factory Reset Protection.
The "issue" with FRP is a simple one. It requires knowing the last Google account used and its password. This affects two different groups of people: those with "burner" accounts, and resellers.
In the case of the burner accounts people create a Google account with a password and don't bother to remember it because they don't want to give any information to Google. Then when they have to reset their devices for whatever reason FRP kicks in and they're screwed. Since they don't know the Google account or password they can't get back into the device.
The resellers purchase used devices and try to move them. However the person selling the device often does not clear out the account information from the device or does not remove the device from their account. When the device is sold the new owner attempts to enter their information and gets tripped up by FRP as they don't have the last Google account and its password.
"Burner" accounts are a pathway to disaster. Resellers are a bit more careful, and instances of FRP on a used device from a reseller have gone down.
negusp said:
There are a few options you can take (if you have an unlocked bootloader). The quickest would be to simply delete the SetupWizard apk from TWRP.
Another option is to download and flash a ROM without Google Apps (make sure to download the camera apk of your choice- whether it be Snap or Google Camera).
Finally, you could try another VPN service (or server).
Click to expand...
Click to collapse
Thanks for these options!
Yes, good old TWRP... Good option however since the phone is not rooted it would require a way to root it via fastboot flash, and also a way to push TWRP the same way.
I would perhaps rather downgrade to 6.0 or even 5.0 to see if I get lucky.
I could also buy a new phone here but the pricings are rather prohibitive and the models they have would be of no use outside of China.
I have tried mucking around with other VPNs today, it allowed me to go one or 2 steps further but the procedure finally s+++t itself in the end.
I should be in Vietnam tomorrow so hopefully the local telecom towers will allow me to finish my install....
I have no idea how i'm going to tell the taxi driver that I need to go to the train station without a portable system like an android phone, time is a bit short to chase down a paper dictionary.
If you still have some more leads on your TWRP methods that would solve this, please post ahead. I have no guarantees that Vietnam will solve this at this point in time.
Cheers mate.
Strephon Alkhalikoi said:
Go to a country that allows Google services to be used, or simply be patient as the VPN is apparently the problem. Your last two questions are likely rhetorical, but if you end up in a trap and get hurt it's your fault, not Google's. So no, you can't blame them for their Factory Reset Protection.
The "issue" with FRP is a simple one. It requires knowing the last Google account used and its password. This affects two different groups of people: those with "burner" accounts, and resellers.
In the case of the burner accounts people create a Google account with a password and don't bother to remember it because they don't want to give any information to Google. Then when they have to reset their devices for whatever reason FRP kicks in and they're screwed. Since they don't know the Google account or password they can't get back into the device.
The resellers purchase used devices and try to move them. However the person selling the device often does not clear out the account information from the device or does not remove the device from their account. When the device is sold the new owner attempts to enter their information and gets tripped up by FRP as they don't have the last Google account and its password.
"Burner" accounts are a pathway to disaster. Resellers are a bit more careful, and instances of FRP on a used device from a reseller have gone down.
Click to expand...
Click to collapse
Not Google's fault? Lets unpack this one... I am a council fixing up a foot path. The engineers have let a slight gap in the concrete due to a fabrication method process. If you trip and hurt yourself it's your fault yeah?
Secondo, it's not Google's job to make my phone safe from thieves, it's mine. Why in hell would they make my life complicated because some idiots spends $2000 on a phone a forget it in a taxi, I don't want to have to do all these things, I just want my phone to be able to be serviced easily. and especially if i'm in a critical area, my safety is more important than these people's concerns about thieves. An the cherry on the pie is that today with the cloud sync technology, who cares in the first place.
""Burner" accounts are a pathway to disaster." Mate, look up the word disaster's definition from the dictionary and see if it applied to a chum that has got his phone stolen and get back to me with that.
Kind regards
I normally don't dissect posts but...
vonz33 said:
]Not Google's fault? Lets unpack this one... I am a council fixing up a foot path. The engineers have let a slight gap in the concrete due to a fabrication method process. If you trip and hurt yourself it's your fault yeah?
Click to expand...
Click to collapse
It's not Google's fault as you have alternative options you could take. For instance, a dedicated GPS receiver from Garmin or Tom Tom. I keep both a Garmin GPS and a street atlas in my car as a backup to my N6 and I live stateside. Should I encounter an issue, I have a means to get where I need to go. It's called "being prepared".
Your argument is a strawman argument, because Google's Android software is working as intended. Your argument might have more weight if there was a bug in the software that prevented you from using it. FRP is not a bug.
Secondo, it's not Google's job to make my phone safe from thieves, it's mine. Why in hell would they make my life complicated because some idiots spends $2000 on a phone a forget it in a taxi, I don't want to have to do all these things, I just want my phone to be able to be serviced easily. and especially if i'm in a critical area, my safety is more important than these people's concerns about thieves. An the cherry on the pie is that today with the cloud sync technology, who cares in the first place.
Click to expand...
Click to collapse
Bit of a strawman here as well, as the issue isn't the person accidentally leaving his device in a taxi, but the person who gets their device stolen. Add to that the hyperbole of a $2,000 phone and you have a funny comment.
This is Google complying with California's kill switch law that went into effect two years ago. Since people travel in and out of California all the time and it's nearly impossible to target devices with "California-only" firmware Google implemented FRP worldwide. The entire idea of FRP is to make the phone impossible to use if it is stolen.
""Burner" accounts are a pathway to disaster." Mate, look up the word disaster's definition from the dictionary and see if it applied to a chum that has got his phone stolen and get back to me with that.
Kind regards.
Click to expand...
Click to collapse
The situation you describe is exactly why FRP was implemented on devices. Burner accounts will lead to disaster because it is inevitable that the owner will have to reset his device for whatever reason. When he does, he's screwed. I will clarify one thing here: when I refer to a "Burner" account I refer to an account with a random string of letters and numbers used for both email address and password with the express purpose of preventing Google from tying data collected from the device to the owner of that device. Ideally, if you really want to use a throwaway account, you at least make up an email address and password that are both easy to remember.
For the record, here's the definition of "disaster". Definition 3 applies to this conversation.
dis·as·ter (dəˈzastər)
noun
1. a sudden event, such as an accident or a natural catastrophe, that causes great damage or loss of life. "159 people died in the disaster"
synonyms: catastrophe, calamity, cataclysm, tragedy, act of God, holocaust; accident. "a subway disaster"
2. denoting a genre of films that use natural or accidental catastrophe as the mainspring of plot and setting.
modifier noun: disaster. "a disaster movie"
3. an event or fact that has unfortunate consequences. "a string of personal disasters"
synonyms: misfortune, mishap, misadventure, mischance, setback, reversal, stroke of bad luck, blow. "a string of personal disasters"
P.S. When quoting something written in quotes, double quotes are replaced with single quotes. Thus, in quoting me you want to say, "'Burner' accounts are a pathway to disaster."
Hello,
I'm a bit of desperate and I come here to XDA with the hope to find some useful advide. :crying:
I know you probably have read many posts like these, but if you will read mine I hope you will find it different because there are some technical things to be explained (interesting at least for me).
I've lost 99% of my photos and videos taken in July on my phone (64 GB Memory model).
I know I know I should have implemented some sort of backups whatsoever in the cloud or with a home NAS, but unfortunately for me I'm not that kind of guy. The Android built-in backup is also disabled.
What has really happened here I think that probably somehow my daughter has grabbed my phone and has played with it and has deleted about hundreds of photos and videos taken in July. Of her mainly! Never underestimate the damage capabilities of a toddler.
In the meanwhile I've taken lots of photos in August and used a phone a lot and also got the OTA update to Oxygen 4.1.7 / Android 7.1.1
Now I have found that most of July media files are missing!!!!
At the moment there are 25 GB used out of the whole 54 in the Internal Archive Memory as it seen on the Phone Setup.
I have bought DiskDigger Pro for Android but somehow it cannot find the right files all it finds are Whatsapp Images and other files. Does not really find the missing files which I suspect have been somehow deleted.
I think it needs root privileged to dig deeper but I don't understand why, in theory the files should be recoverable on the same partition as the DCIM folder. To my understanding the files should be marked as "deleted" in the same partition as where the DCIM folder is. But there is also this TRIM mechanism on the newer phones flash memories that confuses me.
Q1) Can you please clarify why this and all other media files recovery programs which seem to be a bit serious need root to recover missing media files?
So given as assumption that I need to root, I've read here and there and it seems that sometime ago for OP One that was the possibility to root without unlocking the boot loader. But if I unlock somehow all the data will be wiped. And I fear this will make any further software base recovery method like diskdigger or photorec hopeless even with elevated root privileges.
Q2) Can you confirm that I cannot root without unlocking the bootloader and therefore without wiping the device?
For your information I have also bought tonight a 100 USD root + files recovery package one oneclickroot but the agent promised to refund me after I told her the model of my phone (scary!).
Q3) I know a couple of things in Linux, do you think is it possible without root to create a raw image of the internal phone memory or the proper partitions with a tool such as "dd" ? Then I would process those raw images on a Windows or linux PC with file recovery software.
Q4) Do you think that the wiping caused by the bootloader unlocking will render any possible further diskdigger like solution without hope? Or should I go that way because the wiping is not so deep after all?
I don't know what to think, the fact that the phone is also encrypted makes me fear the worst. Maybe after the wiping it will get re-encrypted over.
Q5) Any advice in general before contacting kroll on track and pay thousands of dollar with the hope to recover?
Thanks a lot for any useful reply! I hope this topic will bring a definitive guide on how to recover files on unrooted oneplus 3t!
I can't answer all your questions here, however I can say with 100% confidence that you cannot root without unlocking bootloader. Some people claim of other methods, but keep away from them.
And there is nothing to be scared of when rooting OnePlus 3T if you follow the correct steps.
Are you sure that your daughter deleted those photos? How can she specifically delete photos taken in July? Do you have Google photos installed?
Aneejian said:
I can't answer all your questions here, however I can say with 100% confidence that you cannot root without unlocking bootloader. Some people claim of other methods, but keep away from them.
And there is nothing to be scared of when rooting OnePlus 3T if you follow the correct steps.
Are you sure that your daughter deleted those photos? How can she specifically delete photos taken in July? Do you have Google photos installed?
Click to expand...
Click to collapse
Thanks for your answer.
I'm not scared of rooting, as I have rooted other phones in the past. I'm ready to spend 1000USD and maybe even more to recover these media files and therefore I'm not really scared of rooting or bricking the device. What really scares me is that by
unlocking bootloader -> wiping -> rooting -> (new encryption of the filesystem ?)
I will render the deleted missing files completely unrecoverable.
I don't have google photos and I'm not 100% sure that my daughter has deleted the files. Maybe I've done a cut & paste which has not worked correctly on the phone as I've only 1 or 2 days of the beginning of July in my external hard drive. But it's more likely that my daughter has played with the gallery application on the phone.
I don't have a lock gesture or pin and my screen can be unlocked just by sliding, however it seems my phone is encrypted.
This encryption I don't know how it works and how it relates with the bootloader unlocking, if someone have more information I would be glad to hear.
And also I've done some more research and it seems impossible to perform a "dd" command of the partitions without first being superuser / root. ;-(
Regards,
Claudio
Did you try connecting your phone to the pc and use the programm recuva?
I managed to restore my files with it once
I can feel your pain of loosing those valuable moments of your daughter. I feel sorry that I can help you much with this.
In future, I suggest you to use Google photos which can automatically backup all your photos for free.
StarShoot97 said:
Did you try connecting your phone to the pc and use the programm recuva?
I managed to restore my files with it once
Click to expand...
Click to collapse
I don't think that recuva can do anything here. I am not allowed to past links here but as explained here
ht*ps://forums.androidcentral.com/ambassador-guides-tips-how-tos/500142-guide-recovering-deleted-files.html
and here
ht*ps://forum.xda-developers.com/galaxy-nexus/general/guide-internal-memory-data-recovery-yes-t1994705
Recuva can't do anything for internal memory.
But thanks for the hint!
Aneejian said:
I can feel your pain of loosing those valuable moments of your daughter. I feel sorry that I can help you much with this.
In future, I suggest you to use Google photos which can automatically backup all your photos for free.
Click to expand...
Click to collapse
One of the most affordable options I'm considering is this:
1) get another oneplus 3t
2) take some pictures and videos on it
3) delete those pictures and videos
4) root it
5) Install diskdigger to check if he can find anything after the wipe
I feel huge pain, my wife is also kindly pushing me. ^^
The problem ought to be that since this phone is force encrypted per default, unlocking the bootloader will destroy the encryption key for the previous installation won't it? Isn't that they point as to avoid anyone accessing your data by simply doing a factory restore and still keep the data in the internal storage. At least that's what I though, else where's the security of someone steals your phone.
Without that, any recovery software will just see rubbish when trying to recovery anything since it's encrypted.
pitrus- said:
The problem ought to be that since this phone is force encrypted per default, unlocking the bootloader will destroy the encryption key for the previous installation won't it? Isn't that they point as to avoid anyone accessing your data by simply doing a factory restore and still keep the data in the internal storage. At least that's what I though, else where's the security of someone steals your phone.
Without that, any recovery software will just see rubbish when trying to recovery anything since it's encrypted.
Click to expand...
Click to collapse
Thanks a lot, eventually some technical info on xda
If I lose my phone someone can use it and read everything because there is no lock, no pin, no gesture nothing. I would try a remote wipe via google android devices or something like that. Life is too short to unlock your phone every time you look at it even if it is via finger print!
This being said I've read year
ht*ps://source.android.com/security/encryption/full-disk
this paragraph among the others is not clear to me
Upon first boot, the device creates a randomly generated 128-bit master key and then hashes it with a default password and stored salt. The default password is: "default_password" However, the resultant hash is also signed through a TEE (such as TrustZone), which uses a hash of the signature to encrypt the master key.
You can find the default password defined in the Android Open Source Project cryptfs.c file.
When the user sets the PIN/pass or password on the device, only the 128-bit key is re-encrypted and stored. (ie. user PIN/pass/pattern changes do NOT cause re-encryption of userdata.) Note that managed device may be subject to PIN, pattern, or password restrictions.
Does this paragraph give me hope or not?
Thanks a lot for your interest! Sleepless nights go on here.
lallissimo said:
I know I know I should have implemented some sort of backups whatsoever in the cloud or with a home NAS, but unfortunately for me I'm not that kind of guy.
Click to expand...
Click to collapse
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
---------- Post added at 10:53 AM ---------- Previous post was at 10:46 AM ----------
lallissimo said:
I'm not really scared of rooting or bricking the device. What really scares me is that by
unlocking bootloader -> wiping -> rooting -> (new encryption of the filesystem ?)
I will render the deleted missing files completely unrecoverable.
I don't have a lock gesture or pin and my screen can be unlocked just by sliding, however it seems my phone is encrypted.
This encryption I don't know how it works and how it relates with the bootloader unlocking, if someone have more information I would be glad to hear.
Click to expand...
Click to collapse
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
lallissimo said:
I'm not 100% sure that my daughter has deleted the files. Maybe I've done a cut & paste which has not worked correctly on the phone as I've only 1 or 2 days of the beginning of July in my external hard drive. But it's more likely that my daughter has played with the gallery application on the phone.
Click to expand...
Click to collapse
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
redpoint73 said:
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
Click to expand...
Click to collapse
Thank you for the interest in my thread I really appreciate it.
I know a things or two about backups and I see your point. There is an ancient Chinese proverb saying something like this: Backup is that thing that should have done before.
However, being on xda I'd like to keep the discussion on a technical level if possible.
If you have any information or links on the way the internal memory is managed at physical level I'd like to discuss about it. As far as I know in order to extend the duration of this solid state memories the system makes his best to write on the blocks the least possible. I don't think I have already overwritten all the blocks of the internal memory. We'll see.
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
Click to expand...
Click to collapse
I'm almost sure that the wiping does not scrape the memory with all 0 and 1. That would take really a lot of time and also that would reduce the duration of the memory.
Take a look here for example
h*tps://www.krollontrack.co.uk/blog//top-tips/what-you-need-to-know-about-androids-factory-reset-function/
so my real enemy here is encryption.
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
Click to expand...
Click to collapse
You could be right, still I need to be root to dig deeper.
lallissimo said:
I'm almost sure that the wiping does not scrape the memory with all 0 and 1. That would take really a lot of time and also that would reduce the duration of the memory.
Take a look here for example
h*tps://www.krollontrack.co.uk/blog//top-tips/what-you-need-to-know-about-androids-factory-reset-function/
so my real enemy here is encryption.
Click to expand...
Click to collapse
This is just wishful thinking. That article sounds really paranoid to me. Whatever method the system is using to "scramble" the data is going to put it out of the realm of the cheap, consumer data retrieval tools (as you've pretty much already experienced). The article states:
A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format
We aren't talking about free or $5 Android apps here. We're probably talking about specialist software that costs thousands of dollars. Yes, technically data is almost always retrievable. Law enforcement has tools that can retrieve "ghost" data images even after being overwritten multiple times. But such tools are feasible for consumers from a cost/benefit standpoint.
redpoint73 said:
This is a really weak excuse. If the photos were that valuable to you, you should have been backing them up. There really is no excuse. Backup options are available that are effective, free, and require hardly any action on your part (aside form the initial setup - you've done more by disabling the default backup options).
Recovering deleted data is always a hit-or-miss proposition, at best. The longer you have the phone on, the higher the chance those memory sectors will be over-written. May have already happened.
---------- Post added at 10:53 AM ---------- Previous post was at 10:46 AM ----------
It doesn't matter. Unlocking the bootloader wipes all data on the phone by definition, regardless of whether it is encrypted or not. At least that is how it worked on previous Android devices I've owned, that did not have encryption by default. So I'd be willing to bet the same is try on the 3T.
I find it a little unlikely your daughter deleted all the photos. I don't see an easy way she could have done that to hundreds of photos, without an improbable number of screen taps. I'd use a good file explorer, and just keep digging. They might just be moved somewhere odd.
Click to expand...
Click to collapse
redpoint73 said:
This is just wishful thinking. That article sounds really paranoid to me. Whatever method the system is using to "scramble" the data is going to put it out of the realm of the cheap, consumer data retrieval tools (as you've pretty much already experienced). The article states:
A recovery is possible by looking at the data structures from a low-level and using specialist tools to recreate the data into a useable format
We aren't talking about free or $5 Android apps here. We're probably talking about specialist software that costs thousands of dollars. Yes, technically data is almost always retrievable. Law enforcement has tools that can retrieve "ghost" data images even after being overwritten multiple times. But such tools are feasible for consumers from a cost/benefit standpoint.
Click to expand...
Click to collapse
If someone has more technical information about the encryption part I'll gladly look at it.
As far as wiping is concerned I have given a quick look at the source code, so for example here:
https://www.pentestpartners.com/sec...ta-from-wiped-android-devices-a-how-to-guide/
and if this is still what's inside my android phone I'm sure that mkfs.ext4 is nothing to fear when you need to recover data.
Problem for me is encryption, but yest I'm considering expensive solutions too. Just for the sake of the technical satisfaction, of course.