Related
Ok, before everyone jumps to conclusions on multiple accounts let me get this out there.
1. I am not a noob when it comes to forums and no how to search ie my search results:
http://forum.xda-developers.com/showthread.php?t=989241
http://forum.xda-developers.com/showthread.php?t=1067003
http://forum.xda-developers.com/showthread.php?t=913958
2. I am not a noob when it comes to android devices and would call myself moderately knowledgable in the subject and really cant think of any other ideas also google nor sprint is not helping in the slightest ( and honestly I dont expect them too).
3. The story below is true and i DID NOT STEAL or receive a STOLEN phone, nor am i some jealous boyfirend. I am doing this for a friend, so here it goes.
My coworkers son commited suicide and has asked me to look at his phone to see if i can find away to unlock it so he can either know if anybody knew this was happening or most likely i think for closure of this whole ordeal. When given to me he had already given the phone to many gestures and gives me the google account lockout screen. the father just wants to see the latest messages on the phone as well as anything that might have come up. now this is what i have done so far:
PHONE: EVO 4G
Status: Stock AKA NOT ROOTED
1. I have taken out the SD card to see if i can grab anything off of there but the last time the text messages were backed up were on 7-31-2011, so that really doesn t help me there. I cant think of any other folders to look in in order to find anything else.
2. The phone was never set to USB debugging so there is no chance of rooting the phone (although i am not sure this would even unlock the phone at this point)
3. His father does not know the gmail account and I have only found a few other accounts through facebook and odd random searches that you can scarely do on the internet. After reading some other posts though I am not sure i could do what i was thinking with this because it only updates the computer and not the password on the phone.
4. Tried calling the phone. The phone doesnt even register as if someone is calling. The father said he didnt turn off the phone yet, and it makes since as i am creepily getting text messages as we speak.
So this is where i am at. I cannot think of too much more. Like i said i dont want the phone, it isnt stolen, and i am really just trying to help the guy out. Google told him becaus ethe kid is older then 18 ther eis nothing they can do and if that is there policy then that is BS especially in this situation. and sprint told him they can do a factory reset on the phone. so those are out of the question.
If you're positive that usb debugging is off, then there's not much you can do.
If you can reset the password to his Google account, and the phone has an internet connection, then inputting the new Google information should unlock the phone. I'm not sure if a connection is automatically created during this process. If you'd like, I can test the theory on my own Evo if you can't get any further.
Most people use the same password for everything. If you can find a password for anything, it's likely that's the password for his Google account. Check his computer as well. If he has saved his login information in his web browser, you should be able to pull that information.
Unfortunately you would have many more options if the phone was rooted. You could do a nandroid backup then sift through the data.img. I'm not sure if the stock recovery allows for anything that will help you. When you get into the stock recovery, it looks like you don't have any options. I believe holding both volume buttons simultaneously on the screen with the red triangle/exclamation point will give you a list of options.
If you cannot get into the phone, the SD card is probably going to be your best source of information - though it's unlikely that you'll get much. Browse through all of the directories. He could've switched SMS Backup apps and the information could be stored in a less obvious location. Try /sdcard/data and /sdcard/android/data.
If I can think of anything else I will post it. Both ADB and MyPhoneExplorer (I'm not positive that's the name) would be helpful in this situation, but without usb debugging on I don't think you'll be able to use them. Research further into enabling usb debugging without access to the OS.
I'm sorry for your friend's (and your) loss. I hope that in some way, even if not through the phone, he can find closure.
Sent from my Evo + MIUI using Tapatalk!
Thanks for the response good ideas, and I will try them. Turns out this kid never had a computer and in talking with the friends they only had his other email accounts so I will think of someway to get around that, but anyways thanks again.
Your best bet would be something like the Cellebrite UFED that was getting some attention a few months ago. There are other mobile forensics utilities - I'm not sure if they can be purchased by a single person or if there are guidelines these companies must follow before selling the devices. I'm also sure that they're not cheap, so unless you or your friend are very well off, you probably couldn't buy one yourself anyway.
I took a Computer Forensics course and we spent a week on mobile forensics. This was before Android was popular, and I believe that we used the device on a BlackBerry. The device (I don't remember the name) made an image of the contents which we then looked through using Forensic Toolkit or something similar.
If you know anyone in a computer program, ask if they have access to a similar device. We were allowed to use whatever tools were available during specified times (mainly for lab work, but we could use them for other reasons), so this would be your best bet for getting information off of the phone. Other places, like repair shops (and police departments) may have access to similar technology. If you can find someone empathetic to your situation with access to mobile forensics tools then you may be able to get somewhere.
It's a long shot, but I had the thought & wanted to bump your thread for you in hopes that someone with more knowledge could help you out.
If the device happens to have wifi on & is connected, you can also hack into it over the network. If this is the case and you need more information, shoot me a pm and I'll give you what information I know on ways to do so.
Sent from my Evo + MIUI using Tapatalk!
thanks for sharing.................
Hello everyone,
I might have a big problem.
This morning I booted my HTC One M7 as usual, and when it finished booting it opened a browser tap with a fake whatsapp update. I closed the browser immediately, and five minutes after this, the exact same thing happened. I started thinking how this could happend, and honestly I have no clue. All my apps are from the play store, and I only download documents for school. I haven't even downloaded a new app in the last week, however 15+ of my apps aren't up to date.
I scanned my phone with malwarebytes and it couldn't find anything. I rebooted my phone after the scan, and the problem seems to be gone. I was telling this story to a friend of mine this afternoon, and my mother said that she experienced the same thing, just a couple hours before I experienced it. After further investigation, it wasn't exactly the same. When she opened whatsapp, it asked her to do a weekly back-up of her chats. At first, she closed whatsapp, but when it appeared again, she clicked yes. She wasn't very clear about this, so I don't know if it was a fake menu, or the real deal. I have also scanned her Moto g (2013), and it found no malware.
I don't know if this could be harmfull. Especially because my parents use their phones for mobile banking.
This is a screenshot of my HTC
It could easily have been done through whatsapp. Part of the reason most people have stopped using it. Viruses run rampant I'm just about all of Facebook apps. And no anti virus will find them as they are vastly different then normal viruses.
zelendel said:
It could easily have been done through whatsapp. Part of the reason most people have stopped using it. Viruses run rampant I'm just about all of Facebook apps. And no anti virus will find them as they are vastly different then normal viruses.
Click to expand...
Click to collapse
In the Netherlands literally everybody uses it, but it's good to know that this could indeed happen! Should I be worried about this, and what should I do when it returns?
Dark-shot said:
In the Netherlands literally everybody uses it, but it's good to know that this could indeed happen! Should I be worried about this, and what should I do when it returns?
Click to expand...
Click to collapse
Yeah I heard alot of people in Europe use it alot, here in the states almost no one uses it really except for kids. Most have moved to hangouts.
If I was you I would completely back up the device and then wipe everything and reflash the device.
Things like this will not be picked up by so called virus scanners.
I'am afraid that it is something like ShiftyBug (https://blog.lookout.com/blog/2015/11/04/trojanized-adware/). In the article it says that you have to install apps from third parties, but I have almost never done that. I have downloaded popcorntime in the past, but I have deletet it almost 6 months ago.
I'm afraid that if I reflash my device, that it will come back fairly soon. Is it possible that it has spread over my wifi network? Because of the fact that my mother got something similar on the same day.
But how do I know for sure that it is a virus? After I restarted my phone (12 hours ago), it hasn't shown up yet. Am I worried for nothing, or is there a big chances that I'm infected?
Thank you for all your replies!
Dark-shot said:
I'am afraid that it is something like ShiftyBug (https://blog.lookout.com/blog/2015/11/04/trojanized-adware/). In the article it says that you have to install apps from third parties, but I have almost never done that. I have downloaded popcorntime in the past, but I have deletet it almost 6 months ago.
I'm afraid that if I reflash my device, that it will come back fairly soon. Is it possible that it has spread over my wifi network? Because of the fact that my mother got something similar on the same day.
But how do I know for sure that it is a virus? After I restarted my phone (12 hours ago), it hasn't shown up yet. Am I worried for nothing, or is there a big chances that I'm infected?
Thank you for all your replies!
Click to expand...
Click to collapse
The key word there is almost. If you reflash the device and it comes back then it maybe something that someopne else downloaded and was shared through your network. As you said your mother also saw it so I would go through her phone as well.
There are many apps out there that do this that are in the play store. So it is all a matter of being careful.
There is a chance. If it is big or not depends on how you use your device. It could also have come from a website someone visited. Im not saying you did but many porn sites are set to infect devices when they visit them.
If it was me. I would just start from scratch with each device and make sure that all the things installed are legit.
You could also run a logcat and try to reproduce it. That would tell you what is causing it.
Doesn't seem dangerous.
JohnColston said:
Doesn't seem dangerous.
Click to expand...
Click to collapse
Then you have not been paying attention. Any browser pop that tells you to update an app is 99% an infected apk. It is a common practice for those that take apks and re-package them with malware
After reading more i must admit you are right.... My bad:good:
So I have to flash my phone, aren't there any other options? And if not, how do I reflash The HTC firmware to my phone?
Should I make a back-up before doing this, won't the malware spread again if I instal the back-up on my phone?
Thanks again!
EDIT:
Unfortunately, I still haven't been able to reproduce the problem.
I still haven't been able to reproduce the pop-up.
I do propably know where the problem came from, a friend of mine sent me a older version of soundcloud (the new one can't cache music). I installed that app, decided that it was to old for me and deleted it. The malware must have spread right after the first use. I'm planning on flashing my phone inthe weekend.
EDIT: I can reprodce the pop-up! It's linked to opening the app 'night mode', this app was downloaded in the official play store 2 years ago. Since then it hasn't got a lot of updates though.
Hey,
Time for a little update.
Last weekend, I contacted HTC's customer support due to the fact that I couldn't find my software version. They told me that I should execute a RUU, but they couldn't find the right version, so I had to contact the Dutch customer support (I didn't do this in the first place because the Dutch customer support wasn't open in the weekend).
The next monday (23-11) I contacted the Dutch customer support and asked them for the ROM, and unfortunately due to the regulations they don't publish the ROM's. However, they told me to do a factory reset and that should solve the issue. Unfortunately, it didn't. After the reset, I now get a different Whatsapp pop-up once or twice a day. The pop-up isn't connected to opening an app, like it was before the reset.
A friend of mine experienced the same problem this week on his new Moto X. All the other phones in my home network don't have this problem.
I hope someone will be able to help me!
Thanks in advance!
Dark-shot said:
Hey,
Time for a little update.
Last weekend, I contacted HTC's customer support due to the fact that I couldn't find my software version. They told me that I should execute a RUU, but they couldn't find the right version, so I had to contact the Dutch customer support (I didn't do this in the first place because the Dutch customer support wasn't open in the weekend).
The next monday (23-11) I contacted the Dutch customer support and asked them for the ROM, and unfortunately due to the regulations they don't publish the ROM's. However, they told me to do a factory reset and that should solve the issue. Unfortunately, it didn't. After the reset, I now get a different Whatsapp pop-up once or twice a day. The pop-up isn't connected to opening an app, like it was before the reset.
A friend of mine experienced the same problem this week on his new Moto X. All the other phones in my home network don't have this problem.
I hope someone will be able to help me!
Thanks in advance!
Click to expand...
Click to collapse
There's a chance that it might've spread over a certain network.... Is you and your moto x friend uses the same network ?
sdeepb said:
There's a chance that it might've spread over a certain network.... Is you and your moto x friend uses the same network ?
Click to expand...
Click to collapse
Yes, we both use the wifi network at our high school. But I did the factory reset friday evening, and since then I haven't connected to that network.
It might have spread through that network though.
Dark-shot said:
Yes, we both use the wifi network at our high school. But I did the factory reset friday evening, and since then I haven't connected to that network.
It might have spread through that network though.
Click to expand...
Click to collapse
Depending on the malware a factory reset will not remove it. In fact most malware cant be removed that way. You have to flash the whole device to get rid of it.
Dark-shot said:
Yes, we both use the wifi network at our high school. But I did the factory reset friday evening, and since then I haven't connected to that network.
It might have spread through that network though.
Click to expand...
Click to collapse
In my opinion after starting all over again as you've already been told, you should do all that you did before and monitor each step with patience and concentration to actually understand what's behind this... This may help out
sdeepb said:
In my opinion after starting all over again as you've already been told, you should do all that you did before and monitor each step with patience and concentration to actually understand what's behind this... This may help out
Click to expand...
Click to collapse
As he said. Here is what I would do if I was in your place. Anyone got any extra steps to add feel free to chime in. This would kinda suck for a bit.
You will need a custom recovery. And a bit of time to set up
1. Take everything off device.
2. Format full device in recovery. Not factory reset. Format system, data, internal storage and both caches.
3. Flash complete stock firmware.
4. Get root before rebooting
5. Reboot, do not connect to wifi during set up. Do not restore anything.
6. Get Catlog from the play store and run it.
7. Then continue set up. Wifi and ect. Scan backed up files with a pc virus scan but only return what you really need.
8. When restoring from TIBU install apps fresh from the market and restore data only to apps. (sucks I know but only way to be sure) make sure to delete old back and redo.
Then monitor catlog. This will tell you everything going on. You would be able to figure it out.
Lol... Use adaway or adblocker and such pop up will be gone ... These are the new tricks from those freaking advertisement companies. They are now smart buddy. Even they can access the vibration as the pop up will come phone will get vibrate and users understand this as genuine and click on those ads . You got whatsapp pop some got browser pop up. Hope this will help u ...
Even you can flash moaAB ADBLOCKER from recovery.
veer.killerboy said:
Lol... Use adaway or adblocker and such pop up will be gone ... These are the new tricks from those freaking advertisement companies. They are now smart buddy. Even they can access the vibration as the pop up will come phone will get vibrate and users understand this as genuine and click on those ads . You got whatsapp pop some got browser pop up. Hope this will help u ...
Even you can flash moaAB ADBLOCKER from recovery.
Click to expand...
Click to collapse
If you would've read it fully than you'll know that the case is far bigger than what you're thinking it is
Hey guys, i got a scareware pop up last night and rebooted my phone.
Then it popped p again so I googled I should disable my ad preferences. but While I was looking through my google stuff I found a ton of these "modules"
I don't remember them being there before. Between the Chimera Virus and the Chimera tool floating around out there, and not being able to find good information on it..., , it makes me pretty paranoid.
I noticed in settings that I have these Chimera Modules in the bottom part of my google services info.
Does anyone know what those are and why they are there?
First of all, this would be better suited for the Q&A forum.
To somewhat answer your question, if I were to take a guess, something you installed, probably in the hopes of gaining root or unlocking your device, was either malware or a scam. There is a site for this tool which looks really shady. I've never heard of it, so I could be completely wrong. If I were you, I would uninstall your most recently installed apps and see if it goes away. Otherwise, I would do a factory reset to protect myself.
Would second the factory reset - if you're rooted I'd also take a scorched earth approach and wipe as much as I can within recovery just to make sure.
I found similar modules on my phone in Google Setting "[internal] section. But from what I can see inside it lists only packages from Google Services and after a bit of searching Google Services contains package with "chimera" in its name namely: "com.google.android.chimera.container.*". Therefore I think it don't have to be connected with any adware/spyware etc. you might have accidentally installed on your phone. Maybe it showed up lately on many phones with some update or it was there already for sometime? Waiting to hear about it from other users.
how can you make your ph delete what is added because ive got stuff on my ph & dont know what all has been added since i bought ph had 1 yr my furst i know nothing about them
[/COLOR]
comprohacked said:
I have Chimera Modules "Listeners", "Stagefright" Virus, c.betrad.com, GPS Locations popping up in Las Vegas (The exact same time I'm sitting on my bed in El Cajon, CA) on a LINUX using Chrome 44.something, which is very strange, being as I only have smartphones to use that keep getting hacked and/or being destroyed by being rendered completely useless. There are files I didn't put on my device (s) and I can't access them, I've been completely locked out of email accounts I've had since my children were going into Junior High School. Countlesd, irreplaceable photos, cherished momentz and video are all gone!!! Our Precious Memories that only I took the time to capture, are not expected to ever be seen, again!! I just found out my Router has also been hijacked, I'm learning terminology I was never before interested in learning (and, really...I still am not...I am and app chick...I love trying and using new apps)! My calls, posts, texts,, emails have been intercepted and, responses have been returned as though I were compiling the messages in whatever form, now, none of my old friends will speak to me....so, I have no social life, anymore. I'm constantly being redirected elsewhere on the web, I passed background and DMV checks for both Uber and Lyft, but, I can't drive for them when even their Driver apps are badly compromised, that I cannot even get to the part of the app where I log on, I just keep being redirected!!! Since this all started about a year ago, I may spoken to an actual employee of my Service Provider....MAYbe 4 times...it took me a long while before I realized my outgoing calls were intercepted and I was speaking to an imposter!!! Oh and ALL of the so-called Antivirus apps are completely bogus and easily disarmed (while returning false results that your "device (or, apps or, files or, system, etc) are safe and virus-free"....and you are LOOKING AT THE VIRUS WORK ON THE APP AND YOU SEE ALL THESE REALLY MESSED UP COMMANDS IN THE LOGS AND URL STRING AND, PFOGRAMS, BUT your device is SAFE!!! UNfrkgbeLIEVABLE!!! This stuff is so REAL AND UNFRKGREAL!!! WTH???? You'll never catch these supervillain superbeings with their superintelligence who are on a supermission....I'm one of them. I had a lot of stuff here in this box, but I didn't copy like I usually do and now a huge chunk of it is gone. Nevermind, I'm not in the mood, anymore. Carry on with making me supermiserable in your superdon'tgivdadamn way. I'm just going to go to bed, watch YouTube, if you let me and, chill in a superchill way. Carry on, Carry on. By the way, Kaspersky didn't last e minutes of the first layer of attack by cyberthemfkngangsta...I'm telling you it Kaspersky was disarmed and effectively rendered disabled and wholly ineffective. Better come deep and loaded on brain grains...feeling much more powerful than your websites. Simple as that. Good luck.
Click to expand...
Click to collapse
Hi comprohacked .. Its nice to know in not the only one .. I am a network engineer with a bachelors in computer science, so I'm much more familiar with the things I have seen. Fighting it has only proven to render my devices unusable, but it has been extremely educational for me. I can tell you some of the things vie learned so far: first of all they use UPnP and a vulnerability in Adobe to gain access. They even moved my Adobe from the programs list to my windows update list. They are very stealthy as my system event codes show them errorig out hundreds of times until they get a success, then continue, what they were doing was elevating their access beginning with default then user, up to admin, and continue until the have system access .. Basically as far as programs or anything else, its windows itself making requests. Then they use what's called a root kit, they actually flash your bios and create a second bios that can not see or access. They map your I/Os and reserve memory space on your periphials ad flash the ROMs of your video, audio, network card, USB ports and really everything else .. And while they take complete root control and ownership of all the hardware, they use network discovery to find every device, cell phones, playstations, Xbox,notebooks, routers, modems, anything connected and do the same thing to all of these, then set up a raid, meaning fault tolerance, or lets just call it a backup of each system on other systems on the network, that way even if you get passed the b
Mbr rootkit somehow, and somehow able to regain control of your PC or phone and reset it, they just put it back as soon as it boots up again. They basically sandbox you as a child environment, while they have a parent profile that overlays whatever they want you to see. They Grey out buttons for setting that can potential trip them up, proxy your web traffic .. They configure servers for your dns and the list goes on. You see on captures that your dns traffic is going out to your loopback address of 127. The will have small portion of your hard drive where they keep whats called metadata, lets just say they have backups of their backups .. Ive experienced everything you listed and more .. They use legitimate software from windows or google but hide the rest,and since they control the OS they tell the programs whrrr they can and canyon look.
These are nit kids doing it, it is far too advanced fir that, and with the language packages I would say nit just America, but several other countries . They eveN have bk
You described to a t exactly what I have on all of my devices. Can you share about what to do about it?
I'd like to drop some information about what your describing Phil, and some of the people/organisations connected with developing it, and how it has been used in the finance and trading sector. Can you or anyone suggest links to places on the web or ways I could do that? Effectively, so that the information spreads quickly.
Have u found a soultion
My husband and I are currently dealing with the same issue down to a t. Any more info on any of it so far?
Same thing
It started about 2 months ago. First i use comcast internet. Comcast was out front on the pole doing something idk cause i dont have neighbors an my internet was fine. Then a week later a public utilities truck was across the street on a pole that didnt have a transformer on it. They installed a box at the top. Proware technologies. I walked over to them and they hurriedly got down and left. I thought strange. So i went to my desktop and looked at my network and even wierder is i had a some pc connected by ethernet to my comcast modem that was sitting in front of me. I only have 1 computer hooked up by ethernet that i know of and can see only one cable to my pc. So i hurriedly copied all the info from mac address etc of the mysterious connected pc. After about an hour they had chsnged my name of hetwork and had hidden there pc. Theres a lot more that i wont blab on about but i think its the FBI. The box came down last weekend in the middle of the night- but i still cant get any internet company they all tell me they dont service my area when ive had them in the past. Im connected to sum modem i have no idea where cause its not the one i should be connected to. Its crazy. I feel crazy. Drives me crazy! Friends cell phones get all screwed up wen they come over. Its aweful. What can i do?
My wife and I have also had this same NOBUS level hack done to us and after 9 months I realized a few tricks that have shut them down several times but they always seem to figure some new hack to thwart my efforts until I finally took a screwdriver and shorted out my MOBO out of shear frustration. That seemed to work! Lol well now I do everything on my cell that I had to root to eliminate their emulated files and restore a custom ROM. As for the PC that is a harder nut to crack...
Thank God, I thought I was losing my mind,3 laptops, 2 cable companys and 3 different phones, and now these modules, my daughter thinks I'm nuts but I know what I see and I know what I have done, factory resets don't work, I keep changing my password info my wifi info even my numbers, if I'm not using my phone or wifi I keep it disconnected this is crazy, what's the purpose.
OK I've done some extensive research on this google play services chimera. It's not a bug or virus or . It's google play services latest secret weapon to control our devices. It's a container full of different modules. I've blocked some through amplify. They start as an alarm. Then turn to wakelocks. One is a system update server that runs continually while our phones try and sleep. Killing our batteries. I'm running Oreo Android 8.0 and have just recently started seeing this said activity. It's no wonder normal people that don't root their devices have no idea what these are. Being slipped in on updates. They know what we know and it's their efforts to go around that and try different things to regain control of anything computerized. Take for instance. Was talking in conversation the other day. Mentioned New Nike shoes. Low and behold next day it's in my damn Facebook feed. Uninstalled fb, that's just way to much for me. Hope this might help. But definitely not a virus
Oh my god i am so glad i found this i am crying. I literally thought i might be insane. Been dealing with this for over 2 years but has lately gotten worse by a mile. For now I'm just relieved I have company. I do not believe it is Google. There is a "real" Google out there and everytime I interacted with them they were helpful. Currently though I'm connecting to some imposter "Google" in India. I also have comcast but the router in my basement is NOT the one I am connecting to. Everyone thinks i am a lunatic when i tell them any of this. I kept seeing the term Firefly come up and it feels important
Same same
Comprohacked and ppl below. Exact same thing has been happening to me for months. No one will help not even family. No one speaks to me. I knew nothing at all at first. Ive been scammed etc. Phone after phone. About 30 this yr. I dont know if this will work because everytime i type something om a forum it never sends or theres always an issue with it redirecting etc. I dont even log onto google anymore om a new phone but theres still a hidden account connected and **** downloading itself. Photos get deleted. I have a daughter now and ive lost everything. Im embarrassed for her to see how lonely i am when she grows up. Its all government related. I do know that and how corrupt this world is. How google are allowed to do whateber they want. Im on medication now. I dunno if anyone has had any luck on how to claim there lives back but im just about done for good. Just thanks to everyone coz i know im not alone.
What the hell is going on in here? I feel like I'm scrolling through a conspiracy post on reddit or something. I need more info!
HackedInAz said:
My wife and I have also had this same NOBUS level hack done to us and after 9 months I realized a few tricks that have shut them down several times but they always seem to figure some new hack to thwart my efforts until I finally took a screwdriver and shorted out my MOBO out of shear frustration. That seemed to work! Lol well now I do everything on my cell that I had to root to eliminate their emulated files and restore a custom ROM. As for the PC that is a harder nut to crack...
Click to expand...
Click to collapse
It's funny you say that. Not considering the other ways described previously in this post, I just knew my modem was the source of my issues, thinking I had eliminated all other possibilities. Ironically a screwdriver through the Ethernet device (not sure of exact terminology here) took a screwdriver through the center of it. Worked well for turning it into trash lol.
Targeted
You people who have been locked out of your own devices and online accounts...google "Targeted Individual."
Aight so I have this Samsung Galaxy J7 Max that I've been trying to unlock for more than 2 years now. I of course, don't want to lose the super important data it holds. It got locked out randomly and hasn't been able to take up the pattern I had put on it till date. I'm absolutely sure no one changed its lock screen pattern and its the phone that is unable to recognize the exact same password it had before this happening. I got hold of it today and yet again, started looking for solutions on YouTube and the internet itself. After all of my research, one thing is clear. There is only one way that the pattern lock can be removed in such a condition; by deleting this system folder called gesture.key that lies within the phone itself. I am by no means a nerdy software dev or something but I do have very little knowledge about these workarounds. I used an ADB via a cmd terminal to contact my phone. But it turns out that due to my usb debugging setting not being turned on in my phone, the adb didn't have the required authorization to make any changes to the target. I then got my phone into stock recovery mode and chose the Install through ADB option there. Now when I input the command adb devices, the prompt showed me my device ID, but instead of the "unauthorized" indicator beside it, it now had the indicator "sideload". I had no idea of what had to be done when such happens, so I tried the adb shell > cd data/system > su > rm *.key [taken from an XDA forums thread] commands again. But right on the second step it displayed error this time. I have tried using a key eraser via sd card too, but it just doesn't happen, the sd card folder in the stock mode does not display the contents of the folder.
Now the phone isn't being an obstacle in my life right now, but I really hope there's a way to fix it. Early help would be appreciated. Thank You.
If the data is super important why isn't it redundantly backed up?
Having a set lock screen and storing data on the OS is a sure fire way to lose data, eventually.
Maybe you'll get lucky... is that drive encrypted?
If not it may still be corrupted and unusable.
Don't put yourself in this position again... been there, done that
@blackhawk As I said, this was an absolutely random incident, had never even thought this could've been the case someday. Its not like the phone crashed and then this happened, I turned off my phone's display and the next time I woke it up, the pattern wasn't working anymore. Furthermore, the timed attempts that happen after 5 incorrect tries wasn't existing anymore. Now it could be that someone did get the timed attempts wrong as well [it isn't my own phone]. But I really don't see any other reason to that occurrence.
About the backups, I mean cmon, I was 15 back then, a medico student even more so. I never got my hands around backing up anything. But yes, have been backing up every single bit of data within these two years.
The storage drive shouldn't be encrypted. It was a regular phone bought online that had pdfs, images, recordings and videos stored. The google account was not that of the owner either! It was my uncle's account that was being used ever since he bought it. And since there was never a problem having used his account for quite a while, we never cared to change it to a new google account. Now my uncle's google account itself handles another device, his own phone, exact same model, Galaxy J7 Max. I have tried using his account at the Google Find My Device app to locate and unlock the phone that way [I hope you know it has the three options Ring, Secure and Erase Data]. But it happens so that the Secure phone with password option only for devices that have been lost and don't have a security lock already setup, which wasn't, unfortunately, my case. So that option was greyed out.
For the data corruption, you might be correct. But that phone still does receive SMS texts, calls, whatsapp texts and other notifications. They just don't show up on the lock screen anymore. I honestly had the "Screw the data, I'll erase it anyway" thought yesterday, but during my latest tries, I found the XDA forums website to be quite helpful. Had not it been the damn USB debugging, the solution I approached from this forum would've got the job done in a couple minutes. Again, if the data might've gone corrupted, I will erase the data [I mean I would have to]. But this little glimmer of hope that I experienced yesterday is what is preventing me from doing that. I really hope there is a fix to my situation.
@Chinmay47
a phone can get booted into these modes
Normal ( AKA Android OS )
Recovery
Fastboot
Sideload
EDL
Sideload mode is used to flash OTAs and/or ROMs.
Recovery mode allows you to perform some ADB actions as e.g. pull userdata, but this reqires ADB ( read: USB debug ) got enabled.
So my guess is you can't recover phone's userdata at your own, this would have to be done by an external service who can pull out phone's internal SD-card and has the forensic tools to read it.
@jwoegerbauer Surprisingly the idea of taking the phone to a forensic service struck me yesternight too. As you mentioned, since I can't recover the phone's data myself, all tips and tweaks on the web should now be struck off of my list of solutions. I'll leave the data to some forensic services then. Let's hope the recovery is worth the hassle. The thread is still open to more suggestions though. Thanks for the replies everyone. Really appreciate it!
Chinmay47 said:
@jwoegerbauer Surprisingly the idea of taking the phone to a forensic service struck me yesternight too. As you mentioned, since I can't recover the phone's data myself, all tips and tweaks on the web should now be struck off of my list of solutions. I'll leave the data to some forensic services then. Let's hope the recovery is worth the hassle. The thread is still open to more suggestions though. Thanks for the replies everyone. Really appreciate it!
Click to expand...
Click to collapse
It not a card they can pull. More than likely it's on a BGA chipset, the hardest kind there is to work with.
If they can't access the data on/with the mobo they will have to unsolder the chipset without damaging it then put it into a test jig or another mobo (after pulling that mobo's matching chipset).
If they can access the data on the mobo, not so bad. Otherwise not so good.
Let us know how this plays out for you.
Here's one I found showing you this complex procedure: https://flashfixers.com/recover-data-dead-phone-chip-off-data-recovery/
They may be able to help you, but I have no personal knowledge of this company.
blackhawk said:
If they can't access the data on/with the mobo they will have to unsolder the chipset without damaging it then put it into a test jig or another mobo (after pulling that mobo's matching chipset).
Click to expand...
Click to collapse
Actually thought of this idea right after a couple days from the beginning of the problem. Yes its gonna take loads of precision and patience but it does sound doable. Maybe that's what is gonna be the last option for the forensic service too in case, god forbid, they aren't able to do it the "simple" way. Can't say yet, but I'm gonna keep this thread updated with all the developments that take place.
Chinmay47 said:
Actually thought of this idea right after a couple days from the beginning of the problem. Yes its gonna take loads of precision and patience but it does sound doable. Maybe that's what is gonna be the last option for the forensic service too in case, god forbid, they aren't able to do it the "simple" way. Can't say yet, but I'm gonna keep this thread updated with all the developments that take place.
Click to expand...
Click to collapse
If they need to remove the chipset the chances of failure increase. Flash memory retension is generally good for 10+ years but it may be damaged in the removal process if so, snake eyes.
Get price quotes up front for the whole process.
Once they got the phone, they got you by the balls. Not saying they aren't trustworthy but feel them out. If it's a couple hundred and you get the data back, you did good.
No idea of the cost though, my guess is $400-1000+ especially if they need to pull the chipset.
That's high risk even if they do it by the book.
If their policy is no data, no charge... expect higher rates to cover their loses.
@blackhawk All of that sounds kinda terrifying if you ask me. Well I mean, there is always a first option that can be tried without any mentions of pull-aparts. Yet I will surely judge the person well before I hand my device in his hands. I would try my level best to not take it to the critical stage, but if it needs be and there is a really high chance of losing my data, I can factory reset my data at home by myself too can't I? Future shall tell I suppose.
If you factory reset it all data will be lost.
It will not be recoverable!
If you want the data you will need to use a service like I showed you. They will need physical access to the phone to recovery the data.
The phone may be scrape afterwards
@blackhawk Sure does look like it would be! But paying to get your phone reset for you is way to harsher than doing it yourself. It is only in case the data is nearly impossible to recover that I'll reset the phone myself.
Chinmay47 said:
@blackhawk Sure does look like it would be! But paying to get your phone reset for you is way to harsher than doing it yourself. It is only in case the data is nearly impossible to recover that I'll reset the phone myself.
Click to expand...
Click to collapse
Reset? Most likely destroyed.
Do you really want the data?
blackhawk said:
Reset? Most likely destroyed.
Do you really want the data?
Click to expand...
Click to collapse
I actually do though. But well, if it ain't coming back then why wish for it. Yeah the data was really important.
Chinmay47 said:
I actually do though. But well, if it ain't coming back then why wish for it. Yeah the data was really important.
Click to expand...
Click to collapse
Call them up and see what they say.
Since it's not physically damaged they may be able to access it none invasively.
blackhawk said:
Call them up and see what they say.
Since it's not physically damaged they may be able to access it none invasively.
Click to expand...
Click to collapse
I'll do that and report back ASAP. Thanks for the help sire!
I inherited this phone from my father 2 years ago, but didn't have the 6-digit code to get in. I didn't want to do a fresh install, because I was hoping that at some point I could retrieve data from it (last messages and pictures, etc). I left it at a company that was specialized in this kind of data recovery, but according to them (as of last summer), there still isn't a way to decrypt the damn thing. I've also asked at Huawei, but never received a reply.
Does anyone here maybe have a tip on what to do? Is there a way to retrieve that data, or should I just sell it? Many thanks in advance for your replies.
Neven from Austria
I guess I'm the 10th million asshole asking this question.
In my days, everything was hackable and decryptable, but it seems only the CIA is now able to do this. Maybe I'll call them.
NevC said:
I guess I'm the 10th million asshole asking this question.
In my days, everything was hackable and decryptable, but it seems only the CIA is now able to do this. Maybe I'll call them.
Click to expand...
Click to collapse
do you still have the phone. maybe i can try and help you
NevC said:
I inherited this phone from my father 2 years ago, but didn't have the 6-digit code to get in. I didn't want to do a fresh install, because I was hoping that at some point I could retrieve data from it (last messages and pictures, etc). I left it at a company that was specialized in this kind of data recovery, but according to them (as of last summer), there still isn't a way to decrypt the damn thing. I've also asked at Huawei, but never received a reply.
Does anyone here maybe have a tip on what to do? Is there a way to retrieve that data, or should I just sell it? Many thanks in advance for your replies.
Neven from Austria
Click to expand...
Click to collapse
Any news?