Related
Does anyone know how to do it on the Droid?
Is there a single honorable reason why you would be interested in doing this?
I sure can't think of one.
well as soon as wifi packet injection works on android i am switching.
¿GotJazz? said:
Is there a single honorable reason why you would be interested in doing this?
I sure can't think of one.
Click to expand...
Click to collapse
Vulnerability testing... an auditor who wants to do bluetooth related pen test with his/her phone?
archangelugp said:
Vulnerability testing... an auditor who wants to do bluetooth related pen test with his/her phone?
Click to expand...
Click to collapse
Lets go with that . So I'm guessing theres no way yet?
alienware777 said:
Lets go with that . So I'm guessing theres no way yet?
Click to expand...
Click to collapse
Nope. Not yet.
I don't see why it matters to anyone why someone wants this.
I want this too. I don't have to explain to anyone as to why I want it. Because, it is absolutely none of your business. If you don't know how to implement it, then don't post.
Lol. This is a public forum. Of course you don't have to explain why you want something. Equally, if someone who could help doesn't want to, because they suspect you're up to no good, they don't have to justify their actions either, let alone help you. Blessed be.
cauli said:
Lol. This is a public forum. Of course you don't have to explain why you want something. Equally, if someone who could help doesn't want to, because they suspect you're up to no good, they don't have to justify their actions either, let alone help you. Blessed be.
Click to expand...
Click to collapse
Touché. I'll admit it. The main reason I want this is to mess with my friends. Nothing actually detrimental. Same reason I like sms bombers, and caller id fakers.
But still, this would be great to add on to my list
This would be so awesome..just from a security standpoint to be able to show and explain to friends and family to not there guards down when it comes to cyber theft and to turn off your radios when not in use
I never quite understand answers like this. This forum is for the exchange of information, not personal opinions. People that think their some kind of 'ethics police' need not be on this type of site. This site is for the exploration, hacking and development of our phones. Rooting & custom firmware is frowned upon by security researchers and manufacturers alike, but because your into it, it's morally correct?
supern0va said:
I never quite understand answers like this. This forum is for the exchange of information, not personal opinions. People that think their some kind of 'ethics police' need not be on this type of site. This site is for the exploration, hacking and development of our phones. Rooting & custom firmware is frowned upon by security researchers and manufacturers alike, but because your into it, it's morally correct?
Click to expand...
Click to collapse
Yep, one man's "not needed" is another man's necessity. This is no less needed than say someone thinking they need a ps3 controller (or wiimote) working with their phone, but no one really complains about that.
here's a very legitimate reason for you so if you know how PM me
Hi,
A friend of mine has an older mobile with a broken touchscreen - the phone no longer has a SIM or a RAM card and is in "Music Sync" mode when it connects to a PC via USB.
They are currently in a court case and need to get their old SMS's off the broken phone - all the "forensic" mobile software out there (from $500 up to $5000!!!) require that the phone is in PC-Suite (or PC-Sync) mode. This can't be changed on the phone as the touchscreen doesn't work.
The only way to get to the SMS's is by Bluesnarfing, so if you know of a PC program or a WinMo 6.5 program that will let me access their phone PM me.
Thanks.
Why is there always that one person that offers no assistance, takes up bandwidth questioning your motives...
For those that don't know:
"Bluesnarfing is the theft of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to a calendar, contact list, emails and text messages. Bluesnarfing is much more serious in relation to Bluejacking, although both exploit others’ Bluetooth connections without their knowledge. Any device with its Bluetooth connection turned on and set to “discoverable” (able to be found by other Bluetooth devices in range) can be attacked. By turning off this feature you can be protected from the possibility of being Bluesnarfed. Since it is an invasion of privacy, Bluesnarfing is illegal in many countries."
Thread closed
Hey All,
Has anyone attempted to access the Fingerprint sensor? I know that Moto has not released the dev kit for this yet (and may not), I am wondering if we can get a look at the files and determine how to program to it on our own. Any ideas?
-BluePlanetMan
I'm no (Android) dev but what could they even do with it? Not being an ass, just wondering.
Sent from my MB860 using XDA App
Thread moved.
roharia said:
I'm no (Android) dev but what could they even do with it? Not being an ass, just wondering.
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
Lock apps individually or require fp for access to sensitive files.. First thing I thought of anyways..
BluePlanetMan said:
Hey All,
Has anyone attempted to access the Fingerprint sensor? I know that Moto has not released the dev kit for this yet (and may not), I am wondering if we can get a look at the files and determine how to program to it on our own. Any ideas?
-BluePlanetMan
Click to expand...
Click to collapse
My understanding is its an Authentec sensor and that Moto has to have an agreement from that company to allow access to the sensor driver/api.
I've been in the fingerprint industry for 7 years and Authentec can be a pain to work with. They are very stingy about their fingerprint algorithm. They make very good sensors but I’ve never been thrilled about their SDKs.
Anyway, a fingerprint device isn’t like most input devices. Just being able to talk to the device driver isn’t enough because without the algorithm you really can’t do much. Fingerprint algorithms are not simple i/o, they are complex image comparison and fingerprint minutiae measurement and probability matching.
Now, I will say that because the locking app calls the fingerprint driver you could probably analyze that code and see the call structure for the fingerprint functions and copy that. If its like on the Windows Authentec drivers it shouldn’t be all that complicated. There are functions for sampling and storing the fingerprint templates, and then for verification of live fingerprints along with threshold settings for tolerances (how strict the match should be, for example 70% confidence).
My company is registered with Motorola and I’ve requested they open up the FP api for us. If they do, I’ll be one of the first to jump on it and I’ll drop a note here.
jeffc said:
My understanding is its an Authentec sensor and that Moto has to have an agreement from that company to allow access to the sensor driver/api.
I've been in the fingerprint industry for 7 years and Authentec can be a pain to work with. They are very stingy about their fingerprint algorithm. They make very good sensors but I’ve never been thrilled about their SDKs.
Anyway, a fingerprint device isn’t like most input devices. Just being able to talk to the device driver isn’t enough because without the algorithm you really can’t do much. Fingerprint algorithms are not simple i/o, they are complex image comparison and fingerprint minutiae measurement and probability matching.
Now, I will say that because the locking app calls the fingerprint driver you could probably analyze that code and see the call structure for the fingerprint functions and copy that. If its like on the Windows Authentec drivers it shouldn’t be all that complicated. There are functions for sampling and storing the fingerprint templates, and then for verification of live fingerprints along with threshold settings for tolerances (how strict the match should be, for example 70% confidence).
My company is registered with Motorola and I’ve requested they open up the FP api for us. If they do, I’ll be one of the first to jump on it and I’ll drop a note here.
Click to expand...
Click to collapse
Interesting... I'll check this thread again lol
Sent from my MB860 using XDA App
Please check the Motodev site for recent news on this topic.
First off, I want to apologize if this information is either or both regurgitated and irrelevant.
I was looking for information on eMMC, and there really isn't much, and I found an old article that describes how data reliance works with eMMC. At least a cursory look.
One of the features of Reliance (and Reliance Nitro) file system is that it never overwrites live data. It will always use free space on disk or in case there is no space, it will give “disk full” error back to the application. Reliance also has a special transaction mode called “Application-controlled”. In this case, Reliance only conducts a transaction point when asked by the application.
Click to expand...
Click to collapse
Full article here. Information about integration with embedded linux, here.
What struck me was the "Application-controlled" part. It would explain the technology that is undoing changes to /system when the system kills the temp root. I wonder if its possible for temp root to trigger the "commit" function of reliance once some small changes have been made...
Hope this is of some use.
CyWhitfield said:
First off, I want to apologize if this information is either or both regurgitated and irrelevant.
I was looking for information on eMMC, and there really isn't much, and I found an old article that describes how data reliance works with eMMC. At least a cursory look.
Full article here. Information about integration with embedded linux, here.
What struck me was the "Application-controlled" part. It would explain the technology that is undoing changes to /system when the system kills the temp root. I wonder if its possible for temp root to trigger the "commit" function of reliance once some small changes have been made...
Hope this is of some use.
Click to expand...
Click to collapse
Just an FYI, system is an EXT4 FS. This would require not only a custom kernel, but a lot of one offs in the way it's dealing with data. From what I've seen, this isn't what they are using.
But that's a very good find, I am looking into some of the information. Never heard of this before.
Thanks for the info. I would love to find out more about how this memory technology works. More articles are welcome!
Isn't that basically just wear leveling?
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
edufur said:
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
Click to expand...
Click to collapse
In all reality, I'm thinking this is the eventuality. Sprint knows that with root access we can circumvent the WiFi tether that they want to charge you for. They would never be OK with that.
Sent from my PG86100 using Tapatalk
Just an FYI, system is an EXT4 FS. This would require not only a custom kernel, but a lot of one offs in the way it's dealing with data. From what I've seen, this isn't what they are using.
But that's a very good find, I am looking into some of the information. Never heard of this before.
Click to expand...
Click to collapse
Given that you have taken a much closer look at the inner workings than I have, I will defer to your observation with a caveat
According to wiki eMMC supports something called Reliable Write. This suggests that the reversion capability is a part of the eMMC standard. Reliance sounds more and more like a commercial implementation of this function decoupled from a specific media type. After looking it over again, nowhere in the article about Reliance is eMMC mentioned.
Isn't that basically just wear leveling?
Click to expand...
Click to collapse
Wear leveling is a byproduct of what reliable write is doing. The difference is the ability to defer commitment of file system changes, so that a failed system update wont brick the device.
I do not know if changes made to the device are immediate and revertable (i.e., if eMMC is not told to commit a write, the changes just "go away" when its remounted). Nor do I know if reversions can be made on the fly, as we are experiencing when temp root gets deactivation.
There really isn't much information out there about this that is easy to find.
Is your name Ben? Or are you perhaps searching on this because of a post that Ben made on HTC? His claim was that even with an unlocked bootloader, that the eMMC could still be locked and prevent us from getting root. This seems far fetched to me.
Click to expand...
Click to collapse
Neither. eMMC isn't "locked" per se. HTC is using some mechanism that will revert the contents of /system to a prior state when some unknown condition is met. I do not mean to suggest that this is being done through "reliable write" or "Reliance", since it has already been pointed out by someone much more knowledgable on the subject than I that a standard EXT4 file system is being used. I honestly have no idea. I found this information somewhat by accident, and thought that if it could prove useful I should share it here.
Something is dynamically protecting the contents of /system. Once the phone is rooted, I have no doubt that this "something" will be rendered quite impotent. If it were not possible to do so in the first place, OTAs wouldn't work
Sprint knows that with root access we can circumvent the WiFi tether that they want to charge you for. They would never be OK with that.
Click to expand...
Click to collapse
The first part of your statement is true, Sprint knows full well that we can circumvent their attempts to charge us for WiFi tethering with root access. They have known this for years. They also know that in reality there is no way they can completely prevent someone from tethering their phone in one way or another. Even without root access. Ref: PDANet.
In my opinion, this protection of the eMMC contents was designed to reduce support costs from failed OTA updates bricking phones, and perhaps as protection against malware that can attain root, not unlike what Temp Root does.
I am not as paranoid as some here and refuse to accept that this was done specifically to thwart efforts to root the phone. The vast (and i mean VAST) majority of people who buy this phone will never even consider rooting the devices. This same majority has a subset of people that are easily stupid enough to screw up an OTA update or download and install malware.
I will take it a step further and opine that the only reason HTC is unlocking the bootloader is because we are such a minority AND that by tinkering with an unlocked device, we are actually helping HTC improve their product. They would rather have a more appealing facebook page than worry about losing a minuscule fraction of wifi tethering income.m Moreover, take a good look at where Sprint stands in the market, and what they have done recently to improve their position. They are doing a lot of really cool things, and have taken impressive steps to improve customer service and corporate image. That they would allow this bashing of HTC to continue unabated over a handful of tethering dollars is unlikely.
I appreciate your canter, very informative. A thanks will come your way.
Sent from my PG86100 using Tapatalk
Does pdanet allow wireless tether? I didn't think it did.
Sent from my PG86100 using Tapatalk
Nutzy said:
Does pdanet allow wireless tether? I didn't think it did.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
It doesn't act as a hotspot, no.
Sent from my PG86100 using XDA App
Nutzy said:
I appreciate your canter, very informative. A thanks will come your way.
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
Much appreciated!
Sent from my PG86100 using XDA App
So, I would be interested in hearing more thoughts on this. Is the eMMC independent of the OS? In other words, would a custom ROM have to obey and work with the eMMC? Or could a custom ROM be made to either disable the eMMC or make it do what we want?
edufur said:
So, I would be interested in hearing more thoughts on this. Is the eMMC independent of the OS? In other words, would a custom ROM have to obey and work with the eMMC? Or could a custom ROM be made to either disable the eMMC or make it do what we want?
Click to expand...
Click to collapse
I think you're misunderstanding this. The eMMC is the memory inside the device that everything is stored on. It replaced the old NAND chips in older devices.
The OS is stored & runs off of eMMC memory, it's not independent. If you were to 'turn off' the eMMC the device would do nothing. A lot of the security features available on the chip itself probably aren't in use. HTC has been using their own form of write protection since early last year, even on the NAND based Evo 4G. I'd stake a bet they're using the same system here, and we just need to find a way to flash the ENG bootloader like we did last year to get around it.
I agree with you. reliance is setup to ward against "unauthorized" changes to the /system partitions. i believe the developer community takes way too deep a look at each action made by a corporation (htc) and view them as "big brother", when infact most changes are actually approved, reviewed, and committed by someone in accounting with no technical skills whatsoever. these people are forced to look at the bigger scheme of things and make a decision about it (after working for sprint for almost 2 years now...i can tell you how many decisions are literally made by someone who has no idea what the heck he is making decisions on).
instead of looking at them "trying to stop the development community from unlocking wireless tether" look at them as a CEO (who most of the time has no technical knowledge) and a PR rep (who really only cares about how their company is viewed) and using this kind of encryption is only there to "safeguard" their devices against attacks.
one would think the secret to perm rooting the device is triggering the reliance write function so it commits the changes instead of reloading them. if /system doesnt get changed unless theres an OTA of some sorts....theres more than likely a hash table that reliance would check against to verify...so an OTA would need to write to that table first, then make the changes....
more than likely some other noob has already said something along those lines and been flamed for it as well...just throwing it out there....
newkidd said:
.........
one would think the secret to perm rooting the device is triggering the reliance write function so it commits the changes instead of reloading them. if /system doesnt get changed unless theres an OTA of some sorts....theres more than likely a hash table that reliance would check against to verify...so an OTA would need to write to that table first, then make the changes....
........
Click to expand...
Click to collapse
that stuck out in bold to me..... hmmmmmm
I probably was overlooking what eMMC was, however based on the links the user gave, I later learned a little more about its potential. It would appear that HTC is doing something along the lines of the operations expressed in the link. And if they are not fully replicating efforts, it would be a shame. I like the concept of wear leveling and efficient read/writes. It would be my hope that we could integrate all those functions within a custom rom.
I found a page on the Micron site on eMMC. In the tech notes section there are informational downloads for just one chip. Specifically, the Qualcomm QSC6695
You have to register to download them. A process I have already started. Their site claims it takes a half hour to register a new account.
Once I have the PDFs, I will attach them to the OP.
I don't know if this is the chip the evo 3d is using, but if it is these may prove beneficial to have.
EDIT: Nevermind. i'd have to sign an NDA first.
EDIT: Although, this looks interesting.
Geniusdog254 said:
A lot of the security features available on the chip itself probably aren't in use. HTC has been using their own form of write protection since early last year, even on the NAND based Evo 4G. I'd stake a bet they're using the same system here, and we just need to find a way to flash the ENG bootloader like we did last year to get around it.
Click to expand...
Click to collapse
Perhaps, but a hint at the design really tells me that it would only make sense to offload this protection to the eMMC. Posted a link just a minute ago with the eMMC "enablement" model in PDF form. Interesting read...
CyWhitfield said:
I found a page on the Micron site on eMMC. In the tech notes section there are informational downloads for just one chip. Specifically, the Qualcomm QSC6695
You have to register to download them. A process I have already started. Their site claims it takes a half hour to register a new account.
Once I have the PDFs, I will attach them to the OP.
I don't know if this is the chip the evo 3d is using, but if it is these may prove beneficial to have.
EDIT: Nevermind. i'd have to sign an NDA first.
EDIT: Although, this looks interesting.
Click to expand...
Click to collapse
VERY interesting link & read for sure
CyWhitfield said:
The first part of your statement is true, Sprint knows full well that we can circumvent their attempts to charge us for WiFi tethering with root access. They have known this for years. They also know that in reality there is no way they can completely prevent someone from tethering their phone in one way or another. Even without root access. Ref: PDANet.
In my opinion, this protection of the eMMC contents was designed to reduce support costs from failed OTA updates bricking phones, and perhaps as protection against malware that can attain root, not unlike what Temp Root does.
I am not as paranoid as some here and refuse to accept that this was done specifically to thwart efforts to root the phone. The vast (and i mean VAST) majority of people who buy this phone will never even consider rooting the devices. This same majority has a subset of people that are easily stupid enough to screw up an OTA update or download and install malware.
I will take it a step further and opine that the only reason HTC is unlocking the bootloader is because we are such a minority AND that by tinkering with an unlocked device, we are actually helping HTC improve their product. They would rather have a more appealing facebook page than worry about losing a minuscule fraction of wifi tethering income.m Moreover, take a good look at where Sprint stands in the market, and what they have done recently to improve their position. They are doing a lot of really cool things, and have taken impressive steps to improve customer service and corporate image. That they would allow this bashing of HTC to continue unabated over a handful of tethering dollars is unlikely.
Click to expand...
Click to collapse
I completely agree with all of that. Other carriers have taken many steps to try to prevent wireless tethering. They've asked google to filter certain apps from the market from their customers, they've sent out letters to their customers who they suspect of tethering, they've used ECM's to try to stop it.
But Sprint...they've been remarkably silent on that front. Hell they don't even seem to plan on putting any usage caps in place. In my opinion, I suspect that Sprint wants to be different from the other carriers. They can't outright allow tethering because people would go nuts with it and it would saturate their network. Instead they have this approach of telling you that you can't do it without paying extra, but they look the other way when you do.
I don't know if I fully agree on why HTC locks the phone so tight though. I mean they really went out of their way to make sure nobody touches it. There could have been far more simple countermeasures in place to prevent malware yet still be open to somebody who has physical access to the phone.
It can't be that Sprint insisted on it being that way, otherwise Sprint would have insisted that the Nexus S be fully locked, so I don't believe that this is a carrier issue at all, at least not as far as the Evo 3D is concerned.
One of my suspicions is that HTC may make a profit off of having certain apps installed, much in the way that PC OEM's get paid to preload different apps (e.g. norton.) It could be that they want to make sure that you can't remove them. However that profit they make off of these apps may be significantly offset by having a really negative facebook page, hence the decision to unlock.
Hard to say really.
I had to call VZW with an issue, about my razr, earlier this week. When I called the customer service number, they asked for my cell number. Then they informed me that they have the capability to remotely troubleshoot my Razr...... Then they asked for my consent to do just that. Of course i declined. If they have the capability to remotely access your phone WITH your consent, they have the capability to remotely access your phone WITHOUT your consent.
I have been searching for this for a few days now and can't find anyone discussin this at all. That surprised me. I would figure this to be a big issue in this community.
That all being said, here are the questions I have....
1. Does anyone have any knowledge of this, or was this just an isolated incident?
2. Is there any way to "freeze" software on the phone so they can not access my phone remotely?
Thank you in advance for any insight and help you all may provide.
w8-4-me said:
I had to call VZW with an issue, about my razr, earlier this week. When I called the customer service number, they asked for my cell number. Then they informed me that they have the capability to remotely troubleshoot my Razr...... Then they asked for my consent to do just that. Of course i declined. If they have the capability to remotely access your phone WITH your consent, they have the capability to remotely access your phone WITHOUT your consent.
I have been searching for this for a few days now and can't find anyone discussin this at all. That surprised me. I would figure this to be a big issue in this community.
That all being said, here are the questions I have....
1. Does anyone have any knowledge of this, or was this just an isolated incident?
2. Is there any way to "freeze" software on the phone so they can not access my phone remotely?
Thank you in advance for any insight and help you all may provide.
Click to expand...
Click to collapse
I also would be interested in knowing abou this!
Anytime I have a problem and I call and they ask that I say I dont have my phone handy and will call back. I then restore it and call back. Usually depending on the problem they wany to to do a factory reset , check your software to see if your updated. Now if you are having a hardware issue like buttons or something they might just send out a replacement.
I'm pretty sure all they can access is the current state of your phone (basically just the info in ABOUT PHONE). They can't actually control your phone. They use the info to make sure you're supportable (not rooted, or running some crazy OC kernel). Makes sense for the non-rooted, but can get you some snarky remarks from CS if you are...
\\Carved into this thread by my RAZR//
http://android-gz.com
IP IHI II IL said:
I'm pretty sure all they can access is the current state of your phone (basically just the info in ABOUT PHONE). They can't actually control your phone. They use the info to make sure you're supportable (not rooted, or running some crazy OC kernel). Makes sense for the non-rooted, but can get you some snarky remarks from CS if you are...
Well to find out, I'm gonna root and try it. Maybe I can shut down whatever'app' they use?
\\Carved into this thread by my RAZR//
http://android-gz.com
Click to expand...
Click to collapse
Sent from my MB855 using Tapatalk
This is the Rescue Security app that shows up under all apps and in the/system/app directory. Yes, it is a full remote access client, no, it can't be accessed without your giving them specific codes when you enter the key combination specified. Just like enterprise remote access for support. Good idea, I thought.
Here's the info, you have to download this app first: https://market.android.com/details?id=com.lmi.moto.rescue
Sent from my XT910 using xda premium
Hi All,
You might call me paranoid but I am concerned about where my fingerprint (the data) is stored when I use this feature om my Z5(compact). Is it saved on the phone only? Is it secure/encrypted? ect.
I seem to be the only one asking this question because i can't find anything about it. I also tweeted Sony's xperia account but they are not replying.
I find it weird that when apple came out with there fingerprint scanner there was a lot of controversy surrounding this topic but it seems forgotten now that more phones have a scanner. I still find this a very important question though, as my fingerprint is something i would only like to use securely.
You can state of course that if you don't trust it, you shouldn't use it... Which is fair enough, but I still find that this kind of info should be available.
FloggingHank said:
Hi All,
You might call me paranoia but I am concerned about where my fingerprint (the data) is stored when I use this feature om my Z5(compact). Is it saved on the phone only? Is it secure/encrypted? ect.
I seem to be the only one asking this question because i can't find anything about it. I also tweeted Sony's xperia account but they are not replying.
I find it weird that when apple came out with there fingerprint scanner there was a lot of controversy surrounding this topic but it seems forgotten now that more phones have a scanner. I still find this a very important question though, as my fingerprint is something i would only like to use securely.
You can state of course that if you don't trust it, you shouldn't use it... Which is fair enough, but I still find that this kind of info should be available.
Click to expand...
Click to collapse
FWIW, under Marshmallow, fingerprint data is stored in a secured area of the phone. It is never uploaded to the cloud.
http://www.androidpolice.com/2015/1...ments-for-fingerprint-sensors-in-android-6-0/
I've no idea how Sony do it under Lollipop.
thedosbox said:
FWIW, under Marshmallow, fingerprint data is stored in a secured area of the phone. It is never uploaded to the cloud.
http://www.androidpolice.com/2015/1...ments-for-fingerprint-sensors-in-android-6-0/
I've no idea how Sony do it under Lollipop.
Click to expand...
Click to collapse
Tnx for your reply. This was partly the source of my concern. Because Google made sure to let users know this and in the case of Sony here we can only guess.