Too many pattern attempts - Sony Tablet S

Hey guys, I got the tablet yesterday to get rid of that "too many pattern attempts" screen. The owner of course doesn't remember the credentials to his google account, so he gave it to me to get rid of the lock, without hard-resetting if possible.
I have no idea what the Android version is; I can't get past the log in screen. I can't root it/delete that one small file responsible for all of this since ADB isn't enabled. The Android recovery seems to be the only option, but of course, I can't use unsigned zips like AROMA File Manager... or can I?
I'd like to know if I have any options besides resetting to factory settings from the recovery screen. And what does it delete? Only apps, their data and system settings or pretty much everything?

Spaqin said:
Hey guys, I got the tablet yesterday to get rid of that "too many pattern attempts" screen. The owner of course doesn't remember the credentials to his google account, so he gave it to me to get rid of the lock, without hard-resetting if possible.
I have no idea what the Android version is; I can't get past the log in screen. I can't root it/delete that one small file responsible for all of this since ADB isn't enabled. The Android recovery seems to be the only option, but of course, I can't use unsigned zips like AROMA File Manager... or can I?
I'd like to know if I have any options besides resetting to factory settings from the recovery screen. And what does it delete? Only apps, their data and system settings or pretty much everything?
Click to expand...
Click to collapse
Try an update as it may removed the lock (although I think it will stay in place) Have a look at my stickied FAQ for how to and look at my signature for update zips.
Stifilz

Knowing how Android works, I would expect the update to either delete all the data or keep everything. I thought more of running something from the recovery, but I see how it may not be possible.

Spaqin said:
Knowing how Android works, I would expect the update to either delete all the data or keep everything. I thought more of running something from the recovery, but I see how it may not be possible.
Click to expand...
Click to collapse
The update will keep all the files. You can ONLY install Sony signed zips anyway so this is the only hope. Or a recovery of the password for Google... Which you stated is a no go...

stifilz said:
The update will keep all the files. You can ONLY install Sony signed zips anyway so this is the only hope. Or a recovery of the password for Google... Which you stated is a no go...
Click to expand...
Click to collapse
Downloaded the update from your thread (Polish version) and I can't seem to be able to open the zip... is it supposed to be like that? I'd see if I could modify it by any chance to delete/overwrite that one file.

Spaqin said:
Downloaded the update from your thread (Polish version) and I can't seem to be able to open the zip... is it supposed to be like that? I'd see if I could modify it by any chance to delete/overwrite that one file.
Click to expand...
Click to collapse
It is encrypted and signed by Sony. You can decrypt it, modify it and re-sign it but IT WILL NOT WORK. We do not have SONY'S private key for sigining... Otherwise we could ad SU etc, this is not the case.

stifilz said:
It is encrypted and signed by Sony. You can decrypt it, modify it and re-sign it but IT WILL NOT WORK. We do not have SONY'S private key for sigining... Otherwise we could ad SU etc, this is not the case.
Click to expand...
Click to collapse
Okay, thanks for that... Gotta try it, not many options left.
[edit]
"Prohibit update as a result of checking version or base sku" when trying to update, is there anything I can do with it now?

Spaqin said:
Okay, thanks for that... Gotta try it, not many options left.
[edit]
"Prohibit update as a result of checking version or base sku" when trying to update, is there anything I can do with it now?
Click to expand...
Click to collapse
Use adb pull /tmp/recovery.log after the update fails. USB debugging is always enabled in recovery

stifilz said:
Use adb pull /tmp/recovery.log after the update fails. USB debugging is always enabled in recovery
Click to expand...
Click to collapse
Weird, the device wasn't visible through adb devices...
Anyway, it doesn't matter much now since I tried updating to an older update (revision 1a? Sth like that) and it didn't fix the problem, so in the end I had to wipe data. I could probably experiment a bit if I didn't have to give back the tablet yesterday.

Just wipe the device via recovery, the key files are in /data/system so unless you have root and ADB then a wipe will have to do.
A wipe via recovery will not wipe the emulated internal or just external storage such as SD and USB.
Sent from my Nexus 4 using Tapatalk

Related

[Q] What build number do you have in your stock Browser?

I'd be grateful if people on 10.4.2.17 or 10.4.2.18 could check and let me know if the full version numbers on their stock Browsers include the correct build number.
I am currently on 10.4.2.17 though my Browser version says 10.4.2.15 and I believe this may be responsible for my failures to update to 10.4.2.18. Just wan't to check that the build number went up for everyone's Browser with the .17 upgrade.
Many thanks.
Restorer said:
I'd be grateful if people on 10.4.2.17 or 10.4.2.18 could check and let me know if the full version numbers on their stock Browsers include the correct build number.
I am currently on 10.4.2.17 though my Browser version says 10.4.2.15 and I believe this may be responsible for my failures to update to 10.4.2.18. Just wan't to check that the build number went up for everyone's Browser with the .17 upgrade.
Many thanks.
Click to expand...
Click to collapse
Mine says 17
flumpster said:
Mine says 17
Click to expand...
Click to collapse
Thanks. Thought so since all my other systems apps also say .17.
I do remember messing about with the browser after updating to .17 trying to get the damn sync with Google to work so what I think I've done is to restore the wrong version. Looks like this has been a big enough change to the system partition to stop the new update working :crying:.
So my next question is how and where do I get hold of the browser.apk from 10.4.2.17?
Restorer said:
Thanks. Thought so since all my other systems apps also say .17.
I do remember messing about with the browser after updating to .17 trying to get the damn sync with Google to work so what I think I've done is to restore the wrong version. Looks like this has been a big enough change to the system partition to stop the new update working :crying:.
So my next question is how and where do I get hold of the browser.apk from 10.4.2.17?
Click to expand...
Click to collapse
Gimme 5.. I'll pull it out the rom for you.
edit... there you go, attached.
flumpster said:
Gimme 5.. I'll pull it out the rom for you.
edit... there you go, attached.
Click to expand...
Click to collapse
Thanks mate. Will I also need the odex file for the .17 version or are they all the same?
Restorer said:
Thanks mate. Will I also need the odex file for the .17 version or are they all the same?
Click to expand...
Click to collapse
The odex file gets created from the apk. If you have a browser odex file then delete it and when you replace with the new browser.apk and restart it should create it.
flumpster said:
The odex file gets created from the apk. If you have a browser odex file then delete it and when you replace with the new browser.apk and restart it should create it.
Click to expand...
Click to collapse
OK, thanks. The new browser appears to be working just fine. I doubt it's the odex file since I have rebooted a few times. I will delete it though and see what happens.
Grrrr. No good - the droid's still going belly up after a minute or 2. But I am now getting a different error message. Instead of the Unknown Error I now get "The application is not compatible with the device ROM".
I've been right through /system and can't see anything else that would be out of place.
Is there anywhere in particular the update checks? I've tried factory reset and downloaded other copies of the update zip in case I got a bad one. Can you think of anything else I might try?
Restorer said:
Grrrr. No good - the droid's still going belly up after a minute or 2. But I am now getting a different error message. Instead of the Unknown Error I now get "The application is not compatible with the device ROM".
I've been right through /system and can't see anything else that would be out of place.
Is there anywhere in particular the update checks? I've tried factory reset and downloaded other copies of the update zip in case I got a bad one. Can you think of anything else I might try?
Click to expand...
Click to collapse
It is normally caused by something that has changed. Did you edit the build.prop? did you freeze any apps ? did you delete any apps ?
flumpster said:
It is normally caused by something that has changed. Did you edit the build.prop? did you freeze any apps ? did you delete any apps ?
Click to expand...
Click to collapse
The only thing I can think of is if there is a separate Google Bookmarks Sync apk that came with the .17 ROM? I was using an older version of this. If so can you pull me one and I'll try that.
Also I had been using browser2RAM before the update but I uninstalled it properly before doing the OTA update. It hadn't stopped me updating before either.
Restorer said:
The only thing I can think of is if there is a separate Google Bookmarks Sync apk that came with the .17 ROM? I was using an older version of this. If so can you pull me one and I'll try that.
Click to expand...
Click to collapse
Discovered how to extract the system apps from the blob file so found the syc apk (called ChromeBookmarksSyncAdapter) and got that working. While I was there I noticed that odex files were included in the ROM so installed the browser from there along with its odex but still the update failed :crying:.
I think now all I can do is go through the system.img from the .17 update and see if I can see anything different from what I have currently on the device.

VRALL4 rolling out now apparently

http://www.droid-life.com/2013/01/1...-2-receiving-surprise-update-to-build-vrall4/
Probably exynos patch.
Can someone grab the update.zip file and post it here?
Was just about to ask about this. I just got the update but I'm rooted so it failed, just wanted to see if it's anything worthwhile unrooting for
As long as you have a custom recovery it won't install.
So...someone capture the update URL by doing a logcat
adb shell logcat > logcat.txt, accept update and post it.
omgitswes said:
Was just about to ask about this. I just got the update but I'm rooted so it failed, just wanted to see if it's anything worthwhile unrooting for
Click to expand...
Click to collapse
Too bad you didn't logcat it.
Check your /cache for files.
Freakin website for info about it doesnt work either. verizonwireless.com\galaxynotellsupport is in the update page but cant tell if the "ll" is LL's or II's. Why wouldnt they just put the number 2 to eliminate issues. either site doesnt work. That is just ridiculously stupid web admins.
adrynalyne said:
Too bad you didn't logcat it.
Check your /cache for files.
Click to expand...
Click to collapse
Not sure how to do a logcat. Nothing is in my cache though
vtec2k7 said:
Freakin website for info about it doesnt work either. verizonwireless.com\galaxynotellsupport is in the update page but cant tell if the "ll" is LL's or II's. Why wouldnt they just put the number 2 to eliminate issues. either site doesnt work. That is just ridiculously stupid web admins.
Click to expand...
Click to collapse
yeah I tried all of the combinations none worked.
It just failed on my phone. Unfortunately I can only defer it for 5 days, but by then I figure a workaround will be found.
The update installs Google Wallet.
Kidding.
Sent from my SCH-I605 using Tapatalk 2
SeanPlunk said:
It just failed on my phone. Unfortunately I can only defer it for 5 days, but by then I figure a workaround will be found.
Click to expand...
Click to collapse
Too bad you didn't logcat it either.
Did you check /cache for any files?
adrynalyne said:
As long as you have a custom recovery it won't install.
So...someone capture the update URL by doing a logcat
adb shell logcat > logcat.txt, accept update and post it.
Click to expand...
Click to collapse
Hopefully this is what you need.
Looks like I was able to get the update.zip as well, gimmie a minute and I'll post that too.
ILMF said:
Hopefully this is what you need.
Click to expand...
Click to collapse
Unfortunately, no. It doesn't contain the needed info I need a full logcat.
Thanks for trying!
This was in /cache also the update only allows you to defer for 5 days so hopefully we can figure out what it does
I'm thinking that if, as I did, you gained root via the ExynosAbuse exploit application if you turn off the patch but keep root active (in the application settings) that will allow Verizon to patch the exploit however you'll still have root. I think this is correct but I'm not sure.
Here is the update. The file is downloaded to /cache/fota
ryngds said:
This was in /cache also the update only allows you to defer for 5 days so hopefully we can figure out what it does
Click to expand...
Click to collapse
Thanks!
I will let you know whats in it. The first thing I see, is a new bootloader. We can imagine why.
Ok updated are:
1. Phone
2. MMS
3. SystemUI
4. Settings
5. Modem
6. Bootloader
7. Browser
8. Contacts
9. HiddenMenu (maybe)
10. libbcc.so.sha1
11. kernel
I don't know what the updates are, I am going by patch size.
I'm rooted on stock with a few tweaks - nothing I can't live without. The initial update failed. I saved root using Voodoo, unrooted, and tried the update again. It failed the second time. I'm not inclined to do anything else until I see what the update entails and if we can retain root. I like my root
I used exynos abuse apk to achieve root. Then ota root keeper to protect it. I have many disabled apps and installed the ota with no issue and restored root fine.
I never unrooted either.

[Q] Deleting downloaded update

I was going through the process of rolling back my kindle to 13.3.2.8 from 4.5.3 and then manually updating to 4.5.2 and rooting. In the process I had to enable WiFi to install ES File Explorer. It immediately started to download the update to 4.5.3! In the Device settings for update, it is showing there is an update ready to install. Is there a way to delete this 4.5.3 update? I don't know what to search for to find the .bin file or whatever is there ready to install. I have renamed the OTA file in order to stop the automatic updates. Everything seams to be working fine but I think I'd feel better knowing that file was not there ready to install!
Thanks!
In need of help!
So I had followed the instructions for my KFHDX for rolling back back from 4.5.3 to 3.2.8 and manually updating to 4.5.2 and rooting and installing the gapps. All of this was successful with no problems at all! I was installing a couple of apps and was having some difficulty getting a program to link to dropbox (I don't know if this is relevant or not). I had downloaded this from the Play Store and had to install and re-install it to get things synced up. Eventually I got this all working... Then I believe what might have caused my problem is running an update on the Google Play Store. After that I am now stuck in the settings of the device and unable to get the home or back button to come up. I cannot get out of settings... I can connect to WiFi and change settings, see what applications are installed, etc., but I cannot get to any apps.
I had already changed the name of the OTA update file, but I cannot get to it to change it back to be able to run an update. In the process of this whole deal (which may be another part of the problem) is I tried to restore factory defaults...
So, can anyone help me either get this back to stock or any clue how I can get the Kindle to the home page in order to run File Explorer to rename the OTA file back in order to get it to possibly run the 4.5.2 or 3.2.8 rollback again? Anything really.. I'm in purgatory here!
Thanks
IMNOTL8 said:
So I had followed the instructions for my KFHDX for rolling back back from 4.5.3 to 3.2.8 and manually updating to 4.5.2 and rooting and installing the gapps. All of this was successful with no problems at all! I was installing a couple of apps and was having some difficulty getting a program to link to dropbox (I don't know if this is relevant or not). I had downloaded this from the Play Store and had to install and re-install it to get things synced up. Eventually I got this all working... Then I believe what might have caused my problem is running an update on the Google Play Store. After that I am now stuck in the settings of the device and unable to get the home or back button to come up. I cannot get out of settings... I can connect to WiFi and change settings, see what applications are installed, etc., but I cannot get to any apps.
I had already changed the name of the OTA update file, but I cannot get to it to change it back to be able to run an update. In the process of this whole deal (which may be another part of the problem) is I tried to restore factory defaults...
So, can anyone help me either get this back to stock or any clue how I can get the Kindle to the home page in order to run File Explorer to rename the OTA file back in order to get it to possibly run the 4.5.2 or 3.2.8 rollback again? Anything really.. I'm in purgatory here!
Thanks
Click to expand...
Click to collapse
You can open apps with ADB.
https://stackoverflow.com/questions/4567904/how-to-start-an-application-using-android-adb-tools
so no-one provided an answer to the question. Where do you look with ES File Explorer (root) to delete a pending update.
Updates are stored in /cache.
is there more than one cache folder? Please be very specific as to where I need to point ES file explorer to delete this update files or files. I'm new to this, and don't want to screw my kindle up. If I would have known how to delete this months ago, I could have had a kindle with an unlocked bootloader, but I got screwed by amazon with their updates.
thanks for you help
EncryptedCurse said:
Updates are stored in /cache.
Click to expand...
Click to collapse
rlkellyjr said:
is there more than one cache folder? Please be very specific as to where I need to point ES file explorer to delete this update files or files. I'm new to this, and don't want to screw my kindle up. If I would have known how to delete this months ago, I could have had a kindle with an unlocked bootloader, but I got screwed by amazon with their updates.
thanks for you help
Click to expand...
Click to collapse
In ES (or any file manager) open the "System" or "/" folder. Find "cache" inside of this folder. In "cache" search for the appropriate update file. "cache" usually doesn't contain vital files, so you shouldn't be able to much damage (if any at all) by tinkering with it. You can always save copies of any files you move/delete in cache to be extra safe!
What if an update already occurred? Is there anyway to uninstall it? The most recent update to kindle fire changed the look and layout of the home screen completely and I really don't like it.
ourljfam said:
What if an update already occurred? Is there anyway to uninstall it? The most recent update to kindle fire changed the look and layout of the home screen completely and I really don't like it.
Click to expand...
Click to collapse
Assuming you have a 4th gen 8.9" (Saturn) tablet that was recently updated from FireOS v4 to v5. The look of v5 is closer to 'native' Android but obviously not to everyone's liking. Unfortunately, there is no way back short of contacting Amazon to request a rollback. Not sure they are offering this option. Perhaps a better option is to become familiar with the new interface. FireOS v5 has a lot going for it and is generally a better option vs v4.
ourljfam said:
What if an update already occurred? Is there anyway to uninstall it? The most recent update to kindle fire changed the look and layout of the home screen completely and I really don't like it.
Click to expand...
Click to collapse
https://www.amazon.com/gp/help/customer/display.html?ie=UTF8&nodeId=201980430
if im not mistaken (and someone feel free to correct me if necessary) deleting the cache partition from stock recovery (Power+Left Vol) would also delete the downloaded update
jinxt said:
if im not mistaken (and someone feel free to correct me if necessary) deleting the cache partition from stock recovery (Power+Left Vol) would also delete the downloaded update
Click to expand...
Click to collapse
Accurate - but stock recovery does not offer a cache clear option on 3rd gen HDX. Not sure about 4th gen (Saturn).

Archos Platinum 55 - Settings Deleted...oops.

So... I have an Archos 55 and well, root is dangerous, particularly when you're being annoyed with pop up adverts and want to get them gone.
TL;DR:
So basically this all started when I found that web pages and adverts were just opening. Whether I was using the device or not, they'd just magically appear, sometimes ten at a time, accessing the internet at will. I was not best pleased as I have not long purchased the phone, but true to form, Archos have no idea what customer service means, so I was left to attempt to remedy the situation myself. Ordinarily, I would have just formatted and reinstalled the O.S, I do that with linux all the time alas I knew that was difficult.
Instead I sought to find out what exactly was causing the adverts. I deleted all the apps I had installed, but still the adverts kept coming. I did a factory wipe. Still with the adverts. At this point I was a bit stuck, so I grabbed an anti-virus app. It showed a few things that were causing problems including one trojan, under com.android.settings (or something to that name). I made a few enquiries and needless to say, this wasn't a false positive, but it had meant that I had a trojan...and I really don't like trojans. Cue the rage and the not thinking properly as I deleted com.android.settings without making a backup thinking... "shouldn't be too hard to put back"...oh how wrong I was...
I of course tried to make amends by grabbing a "copy" of settings from another site (and possibly a different phone) but I was told that it was ROM and no amount of permission changing was going to change that (I tried and I apparently failed, I may have possibly been doing something wrong, but I don't think my chown/chmod skills are `that` shabby).
The problem:
- No access to settings. Settings doesn't exist. (No access to USB Debugging either because that requires tapping the about phone bit and guess what...)
- Can't install apps as something has "Stopped".
- No access to WiFi
- Using Linux (Ubuntu something or other...15 I think).
- Mobile Tinkering Newb (But I'm not totally tech illiterate).
I do have access to fastboot mode apparently.
So what I think I need is a way to reinstall lollipop 5.1 so I can get back to square one, without (at least initially) using ADB (because I've tried and my device just refuses to show). I've also tried a few "needrom" things but, of course, they don't work because linux.
If anyone could possibly help me, I would be greatly appreciative in any way. I just want wifi back really. (I can see that wifi works and a network is available I just can't edit the settings to access it). If I can provide more information, please ask and I shall provide.
[SOLUTION]
Back up your device <- Essential
Grab a rom from NeedRom
Enable Fastboot.
Enable USB Debugging etcetera.
Use custom software (provided by NeedRom) (I know this seems dodgy but you try anything when you're desperate enough and this works so...if you're worried then take precautions and make a backup of your own phone first.) to open up the .pac file. Check where the files have been opened up to.
Copy the files to a more stable area (i.e from Temp to your Data drive), they should be in .img format as .pac basically appears to be some kind of archive that groups them all into one.
Use Fastboot (you might need to enable this so make sure you do it) and flash the .img files to the phone and sparse them to about 250MB.
Restart the phone.
Check phone works properly.
If works properly, consider donating to NeedRom.
Anyone?
Trojan
I have the same problem, but I didn't uninstall the setting, did your Trojan installed random apps too? Like MyApps or something like that?
Seeing the same problem I think the problem is that the device comes with it, but I haven't found anything else to do apart from installing avast to tell me when unknown sources get on to install a random app.
Talasa said:
Anyone?
Click to expand...
Click to collapse
Hey I fixed it, I have Uninstalled settings and successfully installed them again, no pop ups since.
Message me so I can tell you how to do it.
Fantasma198 said:
Hey I fixed it, I have Uninstalled settings and successfully installed them again, no pop ups since.
Message me so I can tell you how to do it.
Click to expand...
Click to collapse
Hi! How did you solve the problem? Please let me know
It appears to involve installing an apk installer from the Google Play stores (any will do it seems). Then by installing a copy of the Settings.apk.
Neither of which I am able to do as, due to getting rid of settings Google Play won't work. So....
Edit. I managed to get Google Play installed and then installed an APK installer. However installing settings is restricted as security won't let me install unofficial apps. >.>
How do u get rid of pop ups
Fantasma198 said:
Hey I fixed it, I have Uninstalled settings and successfully installed them again, no pop ups since.
Message me so I can tell you how to do it.
Click to expand...
Click to collapse
How do u get rid of them my phone is plaqued with them they are so annoying I didn't even root my phone just done a simple software update thanx
R3b3l3k8 said:
How do u get rid of them my phone is plaqued with them they are so annoying I didn't even root my phone just done a simple software update thanx
Click to expand...
Click to collapse
Hi,
What you have here is a virus.... and like me, it's probably embedded in settings. I.e It comes with the device.
There is no way to get rid of those adverts....except...by voiding your warranty. You will need to wipe your device and reinstall a rom, preferably not your original. (That or send it back to Archos). Taking your phone back to the store and demanding a refund is an option before I proceed further and this is the solution I recommend.
Take this moment to back up all your data.
What I did however and what seems to have gotten rid of them is firstly head over to NeedRom (search) and acquire a freely provided Rom of someone else's phone. There are two versions for the Archos Platinum 55 and it will depend on your specific phone.
Now you will need to flash (this will destroy all data on your phone so make sure you get it backed up) your rom. You can use the ADB solution but that couldn't work for me. So I used Fastboot instead, however to use this the rom provided by needrom is in a .pac file format, you need to get the .img file from it. You can do this by loading up the software provided by NeedRom (named FactoryUpload or something like that) load the .pac file and look at the file path locations. The one I checked was for System. I then went to where it said it was, in my case a Temp folder, copied and pasted all the data to somewhere not temp (all the .img files I needed were there).
Then I used Fastboot to flash the rom entirely there are much better Fastboot tutorials out there than I can explain myself. This flash included System, Recovery, Cache and basically everything, however it wouldn't let me do it all at once. I had to use a particular "flag" or "switch" so that it would `sparse` all the files over 250MB (that was the number I chose) and it worked after that.
This is the only way without returning the phone to get rid of the adverts *if* the virus is indeed in Settings. There's no way to remove Settings safely. I tried.

how to ensure a phone is malware free? especially from screen reading trojans

so I picked up a used pixel from craigslist. seems ok. but I starting thinking... how can I be certain this phone is not booby trapped. it would be awful to have a trojaned device and not really know it.
I searched quite a bit about about malware that can survive factory reset. so it seems that simply resetting is not so great.
then I thought adb sideload an official google factory image to both slot a and slot b would purge any demons. but then again, I cannot find any documentation that make it clear what get overwritten and and what doesn't. (eg do the bootloader or recovery partition remain intact... seems like a great place to hide malware on a booby trapped phone). similarly, it is unclear what /system paritition blocks get replace.. all of them? some of them? can a clever trojan/rat survive an ota?
and then there is the full factory image install via fastboot. the problem is that I cannot enable oem unlocking b/c Verizon locked bootloader. booooooo
final thing. and the trigger that really had me thinking about this. after setting up the phone and connecting to the network, I saw a notification that subtley asked to install a Google screen reader. no idea why. and no google searches return anything useful. was this device hacked already??!
specifically the notification said:
"install app for screen share" and "tap to install from the play store"
so, any security minded android users out there who can help me understand if I need to trash this phone?
Infrequent pop-ups when using a web browser or when running an app can be normal. However, if you are getting pop-ups even when you’re not opening a browser or when using a totally different app, there could be malware in your phone. Malicious pop-ups are often brought about by a bad app that you may have installed in the past. In some cases, legit looking apps may update to a sinister version after some time and cause pop-ups to be displayed.
Run the phone in safe mode and observe it. Safe mode is great tool in detecting a problem app. On this mode, all third party apps will be suspended so if the problem is absent when your Android is running on safe mode, that means there’s a malicious app in the system. While in this mode, you should be able to use preinstalled apps normally as well as use basic networking services without a problem.
My recommendation to have a malware-free phone:
Do a factory reset
Before re-installing any app install an anti-virus app
So will sideloading an official factory OTA image using adb from recovery, completely remove any malware? (I read about malware that can survive a factory reset.)
Also, has anyone else ever seen a notification asking to install a screen reader? This appeared after a factory reset, immediately after connecting to the wifi network. No apps installed.
A factory reset really only deals with the Data and the Cache partitions. System partition isn't affected. This is true regardless device is rooted or not So if malware got installed in System partition it survives a factory reset. A factory reset will also not remove any ROM upgrades or OTA's.
Hopefully by now you have a better understanding of what a factory reset is.
May be the browser - what typically is installed as system app / system-privileged app - is the culprit: Use another browser and see what happens.
I think I understand how the factory reset works. For this discussion, I am do used on Google Pixel line, no modifications, and no root, and only app from the official Play Store.
The adb sideload of a Google factory OTA is the part I don't fully understand.
For example, doe the OTA merely replace files? Or does to do a bitwise blocklevel swap? Does it modify anything in the bootloader, or recovery partitions?
I cannot find clear documentation on this.
The notification requests to install Screen Reader do not come from Chrome or any browser. They appear to come from the system. (Android 10).
So what I am trying to figure out is whether some malicious actor/app installed a persistent malware into the system partition, or the bootloader, or the recovery. Such that a factory reset cannot remove it (like with xHelper malware)
Like for example, can a malware get into the system partition, and a manual adb OTA sideload , or even manual fastboot factory image install, fail to remove the malware from the system partition? That would be. a nightmare for security.
Finally, I cannot find any documentation from Google that Pixel (3) on Android 10 will automatically try to install a screen reader as a native operation.
Basically, is this used, never rooted phone, permanently Trojan-ed junk now?
@thehighhat
Sorry to say this: I'll no longer waste my time with this ...
oops: duplicated post deleted
jwoegerbauer said:
...
My recommendation to have a malware-free phone:
Do a factory reset
Before re-installing any app install an anti-virus app
Click to expand...
Click to collapse
OK. Not sure why you're done with this - if you have insight, sharing it is good for everyone.
anti-virus (13 different ones) all show no malware. shows it is clean.
there are well known malware that can survive a factory reset.
the notification to install "screen reader" occurred immediately after a newly wiped phone connected to internet, even before any of the default apps (chrome, settings, etc.) opened
still looking for answers from someone who knows:
has anyone ever seen a system notification asking to install a "screen reader"?
does anyone know if
Code:
adb sideload official.google.ota.img
on a pixel modifies the boot partition or the recovery partition?
does anyone know if that manual ota install will guarantees the system partition contains only unmodified valid files/blocks?
thehighhat said:
OK. Not sure why you're done with this - if you have insight, sharing it is good for everyone.
anti-virus (13 different ones) all show no malware. shows it is clean.
there are well known malware that can survive a factory reset.
the notification to install "screen reader" occurred immediately after a newly wiped phone connected to internet, even before any of the default apps (chrome, settings, etc.) opened
still looking for answers from someone who knows:
has anyone ever seen a system notification asking to install a "screen reader"?
does anyone know if
Code:
adb sideload official.google.ota.img
on a pixel modifies the boot partition or the recovery partition?
does anyone know if that manual ota install will guarantees the system partition contains only unmodified valid files/blocks?
Click to expand...
Click to collapse
If you fastboot flash an official google system.img partition. From Google. With the correct hash value to insure correct download. It should flash the entire partition. Same goes for any other partition. If you have a certified unmodified image and flash it, the entire partition should be flashed, not just part of it.
With OTA updates. You only get patches. At least that's how the normal process goes. You got the smaller sized ota update and it only modifies the specific files that are being patched for that particular OTA update.
So with normal OTA only pieces of the partitions get updated. Sometimes they all are not touched with every update.
Delgoth said:
If you fastboot flash an official google system.img partition. From Google. With the correct hash value to insure correct download. It should flash the entire partition. Same goes for any other partition. If you have a certified unmodified image and flash it, the entire partition should be flashed, not just part of it.
With OTA updates. You only get patches. At least that's how the normal process goes. You got the smaller sized ota update and it only modifies the specific files that are being patched for that particular OTA update.
So with normal OTA only pieces of the partitions get updated. Sometimes they all are not touched with every update.
Click to expand...
Click to collapse
Thank you. This is exactly what I was looking for
So it sounds like file level replacement instead of block level.
Does the ota verify the other files on the system partition that it does not intend to modify?
thehighhat said:
Thank you. This is exactly what I was looking for
So it sounds like file level replacement instead of block level.
Does the ota verify the other files on the system partition that it does not intend to modify?
Click to expand...
Click to collapse
It does in the sense that it verifies before and after the process begins/ends, the correct size of the partition. This is true in the sense of Ssmsung devices and how the typical standard recovery image works.
But it is the update zip that does most if not all of the size/digest verifications after the files have been patched. Because there is no real way for the rom to know how big the updated build(s) is going to be before the update arrives.
Generally I've seen it verify all the hash values are the same as last time it updated when it begins. And the update zip specifies the ending size.

Categories

Resources