Related
Someone mentioned this in another thread, but this is a topic that should have it's own separate thread.
Some of you may have already read the news: Michigan: Police Search Cell Phones During Traffic Stops
Don't assume it won't come to your town.
I can't say I plan to do anything that would warrant police suspicion, yet I don't like the idea of anyone being able to easily pull data from my device. And we know cops won't be the only ones with these devices. So I've been wondering, how can we protect our Android devices from the CelleBrite UFED?
Check out this video that shows some of the features it has, keep in mind it does much more and can even extract DELETED data.
See the company's product page here: http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
This research paper talks about the CelleBrite UFED and other extraction methods. (CelleBrite UFED is talked about starting on page 9.) I doubt there's a means to prevent all of those methods given some involve long term handling of the device, but CelleBrite UFED can extract data when a device is retained by the CelleBrite UFED user for a short period of time. It looks like HTC Android type devices can only be extracted from via the (micro)USB Port and it requires USB Storage and USB Debugging turned on. The CelleBrite UFED has to gain Root Access. It can get by screen passwords and root even a device that was not yet rooted.
There's another thread where someone was requesting a ROM that would not work with the CelleBrite UFED. I'm not sure how to make a ROM or anything else that would not work with the CelleBrite UFED without limiting certain features we all may use from time to time.
Over on Slashdot, someone said they hacked their device (Nexus One) to not do USB client mode. This is another option that would limit some features many of us may use.
So, how can we protect our privacy and our data? Does it mean sacrificing some features like USB storage mode?
The biggest problem is what's missing from Android itself. Meego might be protected but not Android.
You would need an encrypted boot loader that retains root for some users.
A kernel and os files that support different users so the default user is not root like Linux and a prompt with a password for superusers not just an Allow like now for Android.
Encryption libraries that would support truecrypt encryption of both internal and external (SD card) encryption in toto not just individual files.
A true trash system that overwrites files like srm in linux and sswap for wiping the swap file after every system reboot.
Ultimately I don't see it happening. In theory if you were running Ubuntu on your phone then yes cellbrite would just crap out not knowing what to do with your phone. Same possibly with meego. But then no real app support, no navigation and driver support is crap even for ROMs using the same os let alone a different OS like true linux.
It's amazing how many don't even bother deleting thumbnails hanging around on their computers or securely wiping files on their computer. Same with swap files retaining passwords or even website cookies that have the same password as their computer.
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
This is where that cheap Boost Mobile phone comes in, or any other prepay phone. Just hand the officer that one. Store your personal data on your smartphone.
chbennett said:
Best thing to do, don't keep anything that could be bad on your phone. Use a cloud system or home server sync that requires a seperate login every time and keeps no local files. Or as I do, encrypt the hell out of anything you find valuable, which currently is only my complete backups...
Sent from my Xoom the way it should be, rooted and with SD card.
Click to expand...
Click to collapse
Hello, All. This is my first post at xda-developers!
Since I'm new to Android, data security has concerned me. Climbing the learning curve of rooting and tweaking my SGH-T989, I've focused on control, security, and privacy. So far pretty good, thanks largely to members' posts at this site. Thank you very much!
Then this thread crushed me. Visions of "1984", "THX 1138", "Terminator", etc.
I considered the suggestions here. Thoughts about the OS seem right to me, but that's beyond my abilities. I did try following chbennett's advice: I enabled encryption in my backups and moved them to the internal SD.
But I don't yet know how to do the 'home server / log in on demand' scheme for contacts and calendar. I will appreciate any help with that.
Meanwhile, I looked for a way to make a 'panic button' that would let me wipe my phone immediately. What I chose was making a contact whose phone number is the USSD code for Factory data reset.
Maybe Tasker, etc. could streamline this approach; but my trials showed that, unlike MMI codes (e.g., to toggle caller ID blocking), USSD codes cannot be submitted to the OS indirectly. So swiping a contact, direct dial shortcut, etc. did not work. On my phone, all that worked was either 1. manually dialing the code, or 2. dialing the contact name, then tapping the contact.
So the routine to use this 'panic button' is:
1. launch Dialer
2. dial the contact name
3. tap the contact name in the search results
4. tap "Format USB storage" in the "Factory data reset" dialog
5. tap "Reset phone" button in the "Factory data reset" dialog.
It sounds clunky, but it's actually pretty quick. I named the panic button contact "XXX" to avoid confusability when dialing (it needs only "XX" for a unique match.)
If you can suggest improvements to this scheme, or think it is misguided, please let me know. Thanks.
Any updates on this? I'm curious as to how to guard against ufed.
I think an instant hard brick option would be better so theres nothing to recover as i dont believe the factory reset is a secure wipe
Possibly a voice activated secret phrase or keypress u could say/do super fast in a tricky situation that autoflashes a corrupt/incompatible bootloader and recovery to device after secure superwipe that should stump them for awhile
im still interested in this i disabled usb debugging on my phone but unsure if the UFED can still access anything on my ICS full encrypted passworded evo3d im assuming they could dump the data at most but i highly doubt they could access the decrypted data unless you used an insecure pass
If you have encryption enabled for your data partition, then all you need to do is to turn off your phone when you see a cop. If they take it from you, they can turn it on and hook up their device, but they will only be able to snarf the system partition, which does them no good. They'd need your password to mount the data partition.
If you look around on this forum, you can find the steps necessary to switch the lock screen back to a simple pattern lock while leaving the disk encryption enabled.
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
dardack said:
Are you sure Cellebrite and UFED or w/e can't access encrypted data partion? I know it can take an image of the phone "hard drive". They then can run password tools against image to unlock it no?
Click to expand...
Click to collapse
I'd like to know about this too. I am about to set up encryption on my device and I'd like to know more about what type of attacks it can beat.
Edit to add: I assume brute force attack protection is like any other type of encryption.....dependent on the strength of your password. But, assuming we all know that already, I'm still curious about this.
If the question is how to protect your device when you think someone would scan your phone, you'd have to have some sort of inclination that a scan is about to happen. I'm assuming this is many people's concern as they're considering wiping their device through a quick process. In that scenario, just turn off your device. Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
smokeydriver said:
...Unless you warrant suspicion of something fairly bad, they wouldn't be confiscating your cell phone.
Click to expand...
Click to collapse
We all wish all law enforcement was just and honest, but so far in world history that has not been the case. Even a pretty woman may have her phone scanned by a curious cop snooping for pics.
Sent from my HTC One using Tapatalk 2
I would still like to know if there is an answer here...
So I recently had some dealing with assisting in a Cellbrite search. We initiated and enlisted the help of law enforcement for an employee who was doing some illegal activity which is not relevant to this discussion other than the person used an iphone. Anyway, the investigator came in and wanted to know if I can enable the bypass for the automatic screen lock in 5 minutes because when it locked, it disabled the Cellbrite copy.
Now, couple things here, he was only doing what he was "allowed' to do in the local municipality, and he did say they sell a more expensive Cellbrite device which would be able to crack it. I did find it interesting that the simple corporate Activesync policy I have set up was actually having this effect. Anyway I removed the policy and it worked. Funny thing is he could have done it himself had he known anything about that kind of thing. He was presented to us as an expert but I guess that mainly covered a basic Cellbrite expertise.
So, I do think encryption would be a great answer as the partition would be hard to bust in to. Nothing is impossible but I would rather not smash my phone on the highway next time I get pulled over so I would like to know definitively that this is the right approach. This is definitely not paranoia as there are at least 3 states where it looks like it happens regularly.
Time to look at a 2600 group for stuff like this I guess. I am early in my investigation
Later
Hey !
I've searched the web as well as the forum but i didn't find any solution and it seems i'm not the only one wanting to do that.
Is it possible to see hidden folders of internal sdcard through MTP ?
I really talk about hidden folder like ".android_secure", not the photos that aren't yet scanned by the media scanner service.
In my windows environment i already set the view all hidden files/folders as well as view system files.
If i have to change folders permissions through terminal what are the correct permissions i should put ?
Thanks for the help !!
Am i the only having that problem ?
Do you guys see the hidden folders through mtp connexion ?
If you'd bother reading a bit before asking questions, you might have the answer already.
http://en.wikipedia.org/wiki/Media_Transfer_Protocol
MTP and PTP specifically overcome this issue by making the unit of managed storage a local file rather than an entire (possibly very large) unit of mass storage at the block level. In this way, MTP works like a transactional file system - either the entire file is written/read or nothing.
More or less, it is designed to keep hidden what should be hidden stick to USB storage or FTP/SCP.
PS: can't believe we're using a transfer protocol designed by Microsoft in a Linux-based system mastered by Google. The horror, the pain... no wonder it doesn't work on my Mac!
VAXXi said:
If you'd bother reading a bit before asking questions, you might have the answer already.
http://en.wikipedia.org/wiki/Media_Transfer_Protocol
MTP and PTP specifically overcome this issue by making the unit of managed storage a local file rather than an entire (possibly very large) unit of mass storage at the block level. In this way, MTP works like a transactional file system - either the entire file is written/read or nothing.
More or less, it is designed to keep hidden what should be hidden stick to USB storage or FTP/SCP.
PS: can't believe we're using a transfer protocol designed by Microsoft in a Linux-based system mastered by Google. The horror, the pain... no wonder it doesn't work on my Mac!
Click to expand...
Click to collapse
Thx for the link ! I knew what mtp is but its always good to refresh things up
I read the whole article and unfortunately it doesn't answer my question.
I understood that its the same for all of us meaning that we are not able to see hidden folders.
But the main question is if there is a way to bypass this behavior ? Where is this defined exactly ?
It seems according to the article that its not on the file permission layer ? Should it be at partition level ? How can mtp know what to share with the host ?
It's not a "behaviour" per se, but more/less a database. Remember that media scanner program which wakes up every time you change something on your SD card, be it internal or external ? it simply keeps a "database" of files which are presented to the MTP client (your computer) and hides away the phone's internal folders which are not supposed to be seen by the end-user.
Theoretically, this is done in order to have the iPhone-like behaviour: seeing the entire device memory as one big unified storage which you can fill as you want (no more of those partition size limitations which brought us the app2sd hacks). In my opinion, it's more or less just a small step done in order to "secure" phones for DRM protected content.
Studios and media companies require devices to have such measures of protection in order to allow you to sell media content (like movies, books, etc) and since Google wants to push its business further with the Play Store, it needs to cave in to the studios' demands. In the future, it will probably even become illegal (DMCA-style) for me to give you the information below
Back to the technical part of our show now.
At the first boot in the life of the device, Media Scanner will look under /system/media and index everything there. After that, it will scan everything under /mnt/sdcard (hence your external SD card too, if you have one, as it's mounted under /mnt/sdcard/external_sd). On some devices, you have an "internal.db" file and one "external-123xyz.db" file; that's a unique ID of the SD card which was scanned. The idea here is you might have 2-3 SD cards which you swap often, and it's not nice to do a full rescan each time you change the SD card. These databases are in /dbdata/databases/com.android.providers.media (on my phone, there is only one "external.db" for example).
So what you're looking for is a way to populate this database with all the files found by the Media Scanner. But Media Scanner doesn't want you to see the hidden folders you mentioned above. So, you get an application which doesn't ignore them, like Rescan SD Card! or SDrescan.
Happy now ?
Thank you very much i really enjoyed reading the explanation as it answers completely my questions and it makes sense !
Ill give a try to the apps but i'm also curious to investigate on those files
Cheers
PS. Is this a disguised way to support non open source protocols ?
Well, you could poke around inside the database with sqlite if you want. But don't really see what's so interesting about them.
It is just another protocol which is supported, which happens to be designed by Microsoft (and probably licensed/paid by Google to be used in Android). I understand the technical explanation behind this decision, but I'm also wary that someday UMS will be disabled by default and enabling it will disable content purchasing for that device (just like having a rooted phone now disables some "sensitive" apps, like banking and online TV).
As a system admin its interesting to know whats happening on my system
As a hobby its interesting for my personal knowledge
And from a development point of view it gives me some ideas for maybe future apps
You say that its just another protocol which is supported but to my understanding there are not so many of them ! So i would say that Google was kind of forced to use the MTP method, first from a hardware point of view and second to be compliant with the rest of the world.
Is there any other protocol that could suite their needs ? Since USB mass storage is not usable on some devices and MTP is well spead.
.HiddenAndroid folders in Win - Here Yesterday, Gone Tomorrow
<Win 7 and GN2>
What's curious and a bit frustrating to me is that, yesterday, when I mounted my device ALL of the hidden (.folders and .files) were visible and searchable. Today, when I went to explore some more, all are gone. I understand that I can use a 3rd party app, just can't figure out why it was visible yesterday and not today.
Hmmph
Did you ever resolve this issue? I really hate MTP for several reasons but this is one of the reasons why! I need to back up all my directories on the SDCard because some apps store them as hidden files in hidden directories. Furthermore, I came across the Play Store bug that requires me to delete a "temp.asec" file in the ".android_secure" directory, but of course it is not visible.
In a post further up it was suggested to use a "Rescan" app to force the DB to include hidden files/directories, but I have tried no less than 4 of these apps, and all they do is trigger the built-in android media scan, which is the problem in the first place!
So has anyone ever been able to access hidden files and directories using MTP?
EDIT: I have an HTC phone that actually shows hidden files and directories, so they have obviously implemented their own media scan. The problem I am currently having is on a Samsung phone (Epic 4G touch)
It may depend on the implementation. For example, using stock rom for the phone doesn't show some files and folders, for example folders starting with dot. But if you use Neatrom Lite it will show all files and folders.
Flash forward about 6 years and Samsung still does not show hidden folders/files when viewing the phone contents in Windows File Explorer, but HTC does.
The reason this is still a problem for me, is that I want to backup the contents of a particular directory (WhatsApp) which contains some hidden folders, so I can restore it anytime on a new phone or the same phone.
I recently switched from HTC to Samsung and alas, it seems the problem with this implementation still exists. Anyone found a workaround to this to allow File Explorer to see the hidden folders?
Update: It appears that hidden .nomedia files (and probably others) appear under regular folders, so the problem is limited to hidden folders themselves
Hi *,
I'm very new to forum and hardware hacking. I'm also new to android dev (I have done some WP7 development).
I want to write application about radio conditions (RSCP, EcNo) and also wanna to decode ASN.1 messages to get some 3GPP layer 3 messages (RRC). To do that, I suppose that low level access is required.
So, is there any tutorials, guides etc. on how to do that for android devices (I know about android telephony class) or WP7/WP8 devices.
I also know that that is not possible on every device due manufacture restrictions.
I'm interested in Galaxy S(2/3), Nokia Lumia, Nexus, etc (device doesn't need to have qualcom chipset, all i wanna to do that).
I also know that some of companies like ASCOM are working together with chip suppliers for that kind of applications.
So, is it possible to do on market smartphones...
Thanks in advance for answers
Cheers!
TK
It's troublesome thing.
Every modern mobile solution does split into AP (Application Processor) and BP/CP/Modem (Baseband/Call Processor), sometimes these are integrated into one SoC (QC chips) or are splitted into 2 SoCs (like Exynos AP+QC/Infineon CP), on AP there's working ARMLinux with Android platform.
Platform does communicate with RIL HAL (proprietary lib), RIL does communicate with modem through some dedicated HW interface using kernel driver, nowaday its common shared-memory topology with abit of control through UART/GPIOs before RAM-share is set up (modem bootup, assuming AP does startup first, which is case in 2xSoC topology, on QC SoCs modem does startup first and does perform bootup of AP submodules).
The problem is - BP OS is closed source. In best case (rather unlikely) low-level transmission params might being received by RIL from AP but not being passed to platform, then you probably would need to patch RIL binary to expose these values to platform. If these transmission params aren't being transmitted from CP to AP, the easiest (and the ugliest) way to do is trying to find network structures inside of modem OS and pooling them from AP (assuming you've got direct access to all of CP memory). More advanced way would be integrating additional data into BP-RIL interface (modifying both RIL and modem binaries), what then narrows down to "best case".
If you aren't familiar with ARM assembly - analysing modem binary is pretty big task, prepare for at least few weeks of intense reversing.
This is a very interesting question!
So far, AFAIK, no one here at XDA (or elsewhere) have been able to successfully extract L1 radio parameters from the modem, using any form of API or other. So anyone who would successfully be able to do this, would be an instant XDA hero! (As for L3, I don't know.)
But then again, I don't think anyone have tried hard enough either. I have tried to a limited extent in my research of the Intel XMM6260 and trying to use some of the Android internal telephony API. Others have managed by hacking the AT command line interpreter, directly in the modem image of some limited versions of the 2xSoC's (like those of Intel/Infineon) used for jailbreaking <4S iPhones. These modem images are "only" 10 MB, whereas the Qualcomm modems "images" consists of 50-60 files and have a size up to 60 MB!! Although we should be able to find the AT command Processor (ATcP) in those...
As I see it today, we only have these options how to get these parameters in the Android eco-system.
1) We believe that the modem AT command interpreter/processor have the capability to provide radio parameters to the outside world. But this direct access often seem to be crippled:
a) by denying local or external terminal (UART) serial-access.
b) by being filtered by the RIL daemons and accompanying RIL libraries
c) by being complicated due to using modified IPC (shared memory) communication, rather than regular serial devices. However, by putting the device into "download/debug" mode, sometimes these devices re-appear!
(This is what ODIN, QPST and other programs does, see (4).)
2) We know that the Android internal phone API can use the following calls to get particular modem "stuff" (including sending AT commands): RIL_OEM_HOOK_RAW and RIL_OEM_HOOK_STR
The problem is that no one seem to know how to use it, nor how it depends on the hardware...
3) We know that the Service Mode's (settings/menu) are displaying many of these parameters, so that the phone OS certainly can get have access to these. So another option is to hack and understand how this is done by the service mode menu and the underlying modem software. This is where reverse engineering would come to its right!
4) We also know that many of the OEM phone debug/repair software, like QPST and QDART (Qualcomm) and "CDMA work-shop" etc. have full access to these variables as well...
Actually, if you're on a Qualcomm based device and can put it into QXDM mode, you can have all radio data to be output to the QXDM (3.12.754) software and possibly interface API. Thus... if we can understand the handshake and protocol they use we should eventually be able to make an app that can fetch this data as well...
Thx for your answers!
It looks like I need many hours to investigate and learn! Sound like fun, hope it will be...
I hope that soon I'll post something new on this thread about question.
Thx and hear ya!
Little update: Regarding radio conditions, here is telephony API http://developer.android.com/reference/android/telephony/package-summary.html and here is Signal strength class http://developer.android.com/reference/android/telephony/SignalStrength.html!
So I have these information (at least I hope so, because I don't have device for testing and I don't have dev environment set yet).
Also, regarding WP7 Samsung devices: there is samsung app called Diagnosis, where you can access root/debug screen in Test Mode... I was looking little into that app (I have unlocked Samsung Omnia W device), and there are very interesting informations, like list of neighbour cells with CellID and signal strength and many others (Handover test, antenna/ADC, RRC state, Tx Channel, Tx Power, EcIo, RSCP, L1 (looking now it's PCH_Sleep value ??), etc)
I need that kind of information + need to find way for decode L3 messages like RRC and RLC. From L3 you can find many other information (RAB establishment, IRAT handover, all 3GPP information element for GSM/WCDMA/LTE and so on!)...
hi *,
What about Gobi platform and GOBI dev?
BR
TheKrigla said:
hi *,
What about Gobi platform and GOBI dev?
BR
Click to expand...
Click to collapse
Hi, i was just looking for GOBI, too.
But they only show 4 Devices, with the Gobi-Modem inside:
qualcomm.com/gobi/products/finder?type=Smartphones
But there are buid in a few UMTS/USB-Sticks, Mobile Hotspots, a Router and some Notebooks (SubNotebooks),
Not bad, if you can use it as an external device, like the mobile router.
So it looks like a very special solution.
Did somebody check the HTC, Motorola or Samsung SDK ?
I am also trying to get low network info, and it looks like AT commands that exist (at least on my Samsung S3) do not provide this information. So I think emulating what QXDM does is the secret sauce... but that's hard
You can probably find what you need in the "QMI" related documents from THIS post... Let us know how it goes!
E:V:A said:
You can probably find what you need in the "QMI" related documents from THIS post... Let us know how it goes!
Click to expand...
Click to collapse
I quite don't fully understand how QMI works. The SDK appears (C++) to run on Windows. Is it possible run QMI directly on android? Also one post said that really low level information like Signaling can only be through the diag port. Perhaps there is a way to emulate QXDM on the android and connect to it to grab this info
Chipset access
I am wondering how tools like qualpoc from SwissQual work. They seem to have access to every damn thing happening in the android phone. Do they have any special API access from Qualcomm ?
enigma99a said:
I quite don't fully understand how QMI works. The SDK appears (C++) to run on Windows. Is it possible run QMI directly on android? Also one post said that really low level information like Signaling can only be through the diag port. Perhaps there is a way to emulate QXDM on the android and connect to it to grab this info
Click to expand...
Click to collapse
mknair said:
I am wondering how tools like qualpoc from SwissQual work. They seem to have access to every damn thing happening in the android phone. Do they have any special API access from Qualcomm ?
Click to expand...
Click to collapse
Thanks.
http://www.swissqual.com/
Probably nothing special. What is special, is that they have full access to all their documentation. If you can download their white papers and the Android app, I'll tell you how they do it!
Is it possible to connect something like a 4G dongle to the usb port to create a roaming RF scanner and get the RSCP ECIO details from that? It's a bit mental but it doesn't look like we will be able to get this detail from the phone without paying the tens of thousands for the documentation anytime soon...
I tried to connect a Sierra Wireless device which can provide this info but I cannot seem to compile the module against the kernel.
I got QMI talking just fine on android 100%. But I need layer 1 info etc as well (DIAG)... Qualcomm docs look easy enough for the packet structure but now i just need access... And I'm totally stuck. USB is one way, but isn't there to get access locally? Like through UART or some other means? I believe all communication goes to the /dev/diag device but so far I have not been able to get access
E:V:A said:
So far, AFAIK, no one here at XDA (or elsewhere) have been able to successfully extract L1 radio parameters from the modem, using any form of API or other. So anyone who would successfully be able to do this, would be an instant XDA hero! (As for L3, I don't know.)
Click to expand...
Click to collapse
Well, I guess I am a XDA hero then I have successfully extracted L1 radio info, etc on Android itself. DIAG is pretty powerful and not very well documented so I had to figure everything out myself, but when it works you can get just about anything possible.
enigma99a said:
Well, I guess I am a XDA hero then I have successfully extracted L1 radio info, etc on Android itself. DIAG is pretty powerful and not very well documented so I had to figure everything out myself, but when it works you can get just about anything possible.
Click to expand...
Click to collapse
Any thought about sharing solution?? Not cool man...
enigma99a said:
Well, I guess I am a XDA hero then I have successfully extracted L1 radio info, etc on Android itself. DIAG is pretty powerful and not very well documented so I had to figure everything out myself, but when it works you can get just about anything possible.
Click to expand...
Click to collapse
Is that right? There were never any heroes who didn't prove their worth. So why don't you share it with us? (Or if you don't want to share, at least tell us why not?)
E:V:A said:
Is that right? There were never any heroes who didn't prove their worth. So why don't you share it with us? (Or if you don't want to share, at least tell us why not?)
Click to expand...
Click to collapse
Yeah, sorry guys for the late reply. Basically I had to rewrite the diag driver to get diag info. And this project is for profit, so I can't put myself at a competitive disadvantage after spending many weeks on it But if anyone has questions, I would be happy to answer
Hi at all!! My hero, enigma99 please tell me (or who knows)!!
I'm developing a app with SDK that use the java methods of classes like SignalStrenght and Telephony. But those methods dont work very well. (they are slow, and in much smartphone dont return the Ec/Io)
Do you think if in 3g tecnhology (UMTS, HSPA) the modem part always returns all measure (RSCP and Ec/Io)??
What's the way to follow for return this values? recompiling kernel? programming with NDK?
enigma99a said:
Yeah, sorry guys for the late reply. Basically I had to rewrite the diag driver to get diag info. And this project is for profit, so I can't put myself at a competitive disadvantage after spending many weeks on it But if anyone has questions, I would be happy to answer
Click to expand...
Click to collapse
Is this for sale yet? Curious minds would like to know.
Hi,
I try to be as brief as I can but I'm known to write "walls of text". Please, I really try to write differently but it always ends up with at least one A4...
I need some input from you who have vastly more knowledge then me, I have a few pondering's that I need to ask if they hold or not.
As you know I'm "rusty" in my knowledge so I have been reading up. Especially on SELinux.
I have a Note 3 that is plain vanilla and 2 days ago I got an "SELinux rules update #16". Didn't know how to take a screen pic of it. Sorry.
Did anybody else get that? I didn't even saw that there was a way to turn it on/off.
I know that SELinux is a bunch of text-files. It's making a MAC-solution for the kernel and can hinder you from accessing parts in system-space.
If can control all vital functions in user-space, including fs, files, sockets, network, processes and run own processes without disclosing them to
you as a user. They are simple text-rules. Pretty straight forward.
Made a "wall of text" -- > http://forum.xda-developers.com/showpost.php?p=48287600&postcount=1392 again.
I'm sorry if I c/p some from that, you can just sift it through if you feel for it
This is from their own White-paper on Knox:
Secure Boot requires the device boot loader, kernel, and system software to be cryptographically signed
by a key verified by the hardware. Secure Boot uses X.509 certificates and public keys which are embedded
into the boot loader of the device. A secure hash of the certificates is fused into hardware Read-Only
Memory (ROM) at the time of manufacture. The Secure Boot loader will only continue if the authorized
secure signed binaries are present. Next, Secure Boot verifies the cryptographic signature of the Linux
kernel and system image before handing control to the OS.
So they boot-loader contains the SELinux and it won't boot if it's not verified for a cert in your phone.
This has been planned for a long time.
Since I don't have any I9505 but and I9506 (that only has one bootloader so far. Knoxed) I need to ask a few questions to see if my assumptions hold or not.
Q1: Is it true that if you upgrade to a Knox-bootloader never can downgrade?
Q2: If you trip the Knox-flag can you do that or is it still impossible?
Q3: Can you while already having a Knox-bootloader downgrader WITHIN the Knox-bootloaders?
Good and bad
Bad: They can have your Prog->serial that you signed in your store->You. Sinister, as I think Knox is this is bad.
Good: It's still a PROM. There might be some way to read from it. Next year Knox is totally integrated on a chip, black boxed, WITH E-FUSE.
Then we are toast and can all buy a HTC...
If Q1 holds then you always have a boot with SELinux. The bootloader fit's a kernel just fine, right?
I get a strange error on my phone. It's saying I have space left on my device but when I try to download from Play it says I'm out of space.
Q4: Is this a know bug? Is this software? Have anyone had it before Knox?
I took and started to read a bit on Wikipedia. It's good sometimes for quick info: Selinux,
So it's a container basically. I also stumbled over this baby: NSA SEAndroid
So this leads me to some other questions.
Q5: Could it be possible that the device is virtualized?
Q6: Do we have some programs that can go deep into the system and pick up system info?
Q7: Does all custom kernels work after the Knox (with the flag tripped of course). Where are they loaded? The bootloader or somewhere else?
It's hard to know if you ARE virtualized but not impossible so there need to be some comparison between a pre-knox and knoxed device. I don't own any.
So I ask here is anyone does?
Q7: Has someone verified that it refuses to boot the pre-Knox bootloaders with or without trippning the flag?
Because it would make perfect sense. We have the hardware for it for sure. They are still chit-chatting about their bootloaders and warranty and that is
something I don't have to care about since I have written permission to flash away, as much I want from my cell-provider.
So I don't know if this is just a wild theory of mine or not but I started to wonder why the enforcement and the total lockout when it comes to the bootloader.
If what they also say in the White paper is true then there is no way that we CAN make a non-Knox boot, can we?
Privacy wise this is also a catastrophe. They can connect the device directly to you, with targeting, for instance, a grouping of some kind. Good or bad.
Up to the ones that controls the phone, right?
So sorry for maybe obvious questions but I though that here, if anywhere, if the place to asked them.
Oh, another thing, I stumped over this one when I was researching why my Windows was desperately making contact with the standard 6to4 replay
that there is a written about. I see that it does that over and over (among trying to make a tunnel through ICMP when you turn on Skype). Caught them on that.
This one: Geoip Locator
How does it show at your place? I've turned off all my localisation platforms. Hard. I even run behind a VPN.
But when I run it in Chrome (where I should have it turned off and are behind a VPN it's waaay to close).
In FF you can turn it off with the about:config --> geo.* and put the value to false the the address to localhost.
But I did the same in Chrome but it's still leaking.
When it comes to IE. If you have your "Localisation policy" set to "ON" you can turn it off in IE. If you disable it it's greyed out (I have Win 8.1).
Think I'll soon move to BSD totally....
All the best,
Abs
Good day!
Since version 4.x of the Android mobile phone operating system, Google has removed the USB Mass Storage mode and replaced it with Picture Transfer Protocol (PTP) and Media Transfer Protocol (MTP). This means that the phone appears as a camera or scanner in Windows Explorer, without a drive letter, and that means that many file types cannot be copied to the phone, no new files created there, many PC based recovery and synchronization programs do not function properly, etc. The feature was removed to take control out of users' hands, because a lot of things would be a lot easier to achieve if one could access all directories and files on the phone from the PC -- a disk/hex editor is a powerful tool. Yes, some people bricked their devices by using them stupidly, but given all the locks and hurdles that manufacturers and carriers increasingly impose on customers who paid a huge sum of money for their little toys with every new version of the operating system, there is a clear tendency to see: milk consumers for all they are worth, but keep in control and decide what they are allowed to do.
To partially remedy the problem, most tutorials recommend to install a WebDAV server on the phone and map it as a network drive on the PC via Wi-Fi. Unfortunately, many of the more interesting operations need to be done before the phone is up and running, before software is installed and before a Wi-Fi network can be configured/established, and other operations can simply only be done via USB cable.
There is a company called Cranking Pixels that produces a PTP as well as an MTP driver for Windows, which bring back the drive letter for file-based (not sector based) operations. Unfortunately, there do not seem to be any recent versions floating around in the netherworld, and the price for the software is rather steep, especially when needing several copies. Therefore I would like to ask ...
a.) User experience
Does anybody have experience with the software and can say whether it offers sufficient bang for the buck to justify the expense? This means being able to access all folders & subfolders, create/copy/delete/edit/move all types of files from/to the phone and PC? Can system files be modified/patched so that certain flags that the phone system sets when detecting a rooted phone can be modified in a way that things like OTA updates, secure folders and banking applications still work?
b.) Similar programs
Is anyone aware of similar solutions that do the same or more but cost less?
c.) Alternative solutions
Are there other approaches that bring back Mass Storage USB mode to Android Oreo and Pie, be it flashed files for the phone, be it modified USB drivers for the computer or whatever?
Yes, phones can be rooted and so on, and so on, but it usually requires manual intervention to keep things running smoothly after every update and security patch. There are also many situations when being able to treat the phone like a mass storage device (external hard disk or USB stick) is simply more convenient and quicker or preferable for other reasons.
Any pointers and tips will be appreciated. Thank you for your attention and have a pleasant afternoon.