I tried to find more details about NCK, but could not so far. Can someone explain to me how network lock works in detail?
Here's what I understand so far:
- Network lock is a protection for providers, so they get their ROI by subsidizing the phone
- It is implemented differently in different phones, but mostly it's either a random or algorithm-generated code that you enter
- If algorithm-generated, it is possible to make a code generator
Funny is that best info I could find is on Wikipedia (cannot post links, but /wiki/SIM_lock).
Here's what I could not confirm so far:
- Since rooting is unrelated to this, it must be stored in a different place from where the actual Android OS is stored. Where then?
- Can the code or the lock status be read or written using adb / Android app / JTAG / other means?
- Does it really only depend on IMEI?
- If IMEI is changed, will the code be changed too?
Any links or pointers with tech info are greatly appreciated! Happy coding!
Related
Hi all
I am currently in the planning stages of developing a root security system for Android.
As everyone knows, there are security implications to rooting your phone etc. Untill now, I have used the normal means of controlling this (lock security, disabling ADB, Superuser.apk whitelist), but this is of limitted help if someone physically gets hold of your phone (while unlocked or ADB enabled).
There are a few things I would like to implement, and would like to gather some feedback on whether;
a) It will be of use to anyone but me, and
b) If anyone has any input as to the feasability (or has done any such work in the past)?
There are 3 areas I would like to lock down, somehow. It will not perfect the security, but will go a long way toward improving the overall security on rooted devices. I have not done much reasearch as yet, so some of this may be impossible. These are:
1) CWM recovery: Currently, CWM (and other recovery/pre-android resources) can be used to bypass almost anything you put in place to secure your phone. I would like to implement a password/passcode on CWM to lock out unauthorised changes. My personal preference would be to store this in /data somewhere it would be removed on wipe, and leave the option to wipe without passcode (so you don't end up with a brick if you forget the password), but lock out all security-sensitive operations like flashing. That way, someone could get to recovery, but would have to wipe data to be able to do anything usefull without authorisation.
2) ADB: Currently, even if your phone is locked you can get access to everything through ADB. The only way I currently see to do anything about this is to disable ADB when you are not using it, but this is irritating when you use it as much as I do. What I would like to do instead is either force a popup from Superuser.apk to grant root every time you connect, or implement a password which must be entered on connection. Both could be problematic, but I think forcing a confirmation (or even a check if the dev is unlocked) would be most useable, but my knowledge is limitted here. It may be that neither method is practical and disabling ADB is the only practical solution.
3) Superuser.apk: Everyone knows they should have security set up on their phones and not leave it lying around unlocked, but some don't like the hassle and most will occasionally forget to lock it. I would therefore like to implement securoty on Superuser.apk to stop (at least) new apps from aquiring root. This is the least important IMHO, but would be a further step towards improving security.
So, what does everyone think?
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums & Read the Forum Rules
Moving to Q&A
lufc said:
Questions or Problems Should Not Be Posted in the Development Forum
Click to expand...
Click to collapse
Sorry. I posted in Dev because this is the beginning stages of some development I plan to do, but fair enough.
I can only really answer the first question... I would be interested in something like this. I've actually taken an interest in mobile security recently, but I've constrained myself to existing products like avast and PDroid to give me some extra protection. When it comes to hardening these other components... I don't know enough about stuff at that level. But I would dig it.
Things like avast handle some things, like disabling debug if you remotely lock it. But it wouldn't solve things like securing CWM if the person simply reboots into recovery.
How do you disable ADB now?
please, do it!
drmouse81
As a poor ex-owner of a lost Samsung Galaxy Ace, I would love to have a password protected CWM recovery ... this would have propably saved my device (an have back my loved photos!)
My device was operator-locked, SIM was pin protected, screen was locked by pattern ... I rang to my lost mobile, taxi driver answered ... spoke with him ... asked him to return my phone I was offering rewarding. He laughted a lot!
Yes, there are apps to locate your terminal, ring loud, etc. But none solves the basic problem of someone that wipes the phone, puts a new bootloader, etc.
Most people do not knkow that IMEI blocking only works in home country of the SIM operator.
On the other hand, there were a lot of past discussions on this topic, but many people seem not to see this as feasible.
If you find a way to solve this, I am sure you will do a lot of money with companies, who are looking for a real solution to information loss on mobile devices.
Requirements: phone should be not functional. thieves would be able to use them only for spares ...
a) require password to make changes to bootloader / wipe (that is, recovery is also blocked)
b) encryption of user data (even in SD)
c) allow to swipe a new SIM, provide pin of the SIM, then block the phone but send SMS with new number and location. Show on screen customizable message (such as -- this phone is property of xxx and has been lost/stolen -- please contact owner at xxx or hand it to police --- )
Is this possible? Why previous discussions shut off this topics?
Best luck - would love to be guinea pig for this ...
CTone.
---------- Post added at 01:00 AM ---------- Previous post was at 12:39 AM ----------
www dot cyanogenmod dot com slash blog slash security-and-you
Hi
I stopped posting here for a couple of reasons, the main one being I have been too busy. I'm still planning to take this on, but it may be a while.
The other problem is that, although it will help, it will not secure the device completely. There will always be ways around it. Manufacturer supplied tools will still bypass it.
As for your phone, did you contact the police? Knowing the taxi driver answered, they should have been able to get it back, or at least prosecute they b#####d!
Sent from my MB860 using xda premium
You actually have a really valid and practical idea...
Have nothing to contribute here, just want to encourage you...
:thumbup:
If personal life does permit you, please do consider working on this
Typed using a small touchscreen
I work at a branch of BASF (chemical plant) and we have these lists of things that need to be checked regularly .. (valves and their state (open or closed), values for temperature, pressure, ...)
I was wondering if it would be possible to tag each valve/measurement with a QR code and have a device (tablet, or whatever..) that has a library of these valves/measurements and when a valve's/measurement's QR code gets scanned you could assign an open or closed attribute or a value.
This would make it much easier to get an overview of the entire situation, and would create a standard for the registration (one person does this differently then the next which sometimes leads to miscommunication)
Does anyone have an idea if this would be possible ?
I myself do not have the knowledge to create such an app, but I feel it should be fairly simple for someone who does.
If you can offer me any information on this matter It would mean a lot to me ! thanks in advance !
Hello,
I'm working for a telecommunications company in the UK, we are currently deploying a IMS / Volte solution, we have spoken to handset manufacturer vendors regarding the addition of our carrier configuration to support VoLTE, however this is proving difficult and long delays, I'm hoping someone is able to support us in editing or creating a new custom carrier configuration file with our specific parameters and settings,
We have access to various handsets, we have currently rooted a S9 and s9+ in the hope of creating these profiles but we can only view them, for example we installed EE UK CSC, but we can’t edit or add a new profile
Is anyone able to assist, your time and effort will be rewarded
Thanks, Regards
I feel for you, trying to get cooperation out of any of the manufacturers. One problem with what you're trying to do, though: Even if you were successful at modifying the rooted devices you have to accept your carrier IMS profile, that really won't help end users unless the manufacturer helps out. Whatever fix you would discover would no doubt require rooted access to the file system. That's something the vast majority of users won't be able/willing to do to apply the configuration.
I wish you the best. I can believe it's not easy to get them to help.
Thanks for the reply, it’s almost the chicken and egg scenario, we have completed installation of our IMS / VoLTE solution but need to test service, once we are confident on all the parameters and settings we need, we can provide this information to the manufacturers to add our carrier configuration to the OS, but the handset tech teams won’t be able to support until Q4 this year. Am I looking for a Google / Android developer for this?
Thanks, Regards
kieran_je said:
Thanks for the reply, it’s almost the chicken and egg scenario, we have completed installation of our IMS / VoLTE solution but need to test service, once we are confident on all the parameters and settings we need, we can provide this information to the manufacturers to add our carrier configuration to the OS, but the handset tech teams won’t be able to support until Q4 this year. Am I looking for a Google / Android developer for this?
Thanks, Regards
Click to expand...
Click to collapse
Ah, so then you're not looking to develop something for end users to deploy right now. You just want to get it working so you can tell the manufacturers what you need included in the stock OS. That makes way more sense. An Android developer would be useful, but mainly someone on the telecom side to know the parameters would be needed. It should just be editing stock configuration files, unless there's some weird authentication you need to do above and beyond the normal LTE stuff.
No. We're doing it in phases. We will allow inbound users on our network first. Then we'll open to our local customers after a period of time. We know what we need to configure to enable VOLTE, but we don't have access to those configuration files. Rooting obviously doesn't give enough access. Is there anyone online that would be able to support that you know off?
kieran_je said:
No. We're doing it in phases. We will allow inbound users on our network first. Then we'll open to our local customers after a period of time. We know what we need to configure to enable VOLTE, but we don't have access to those configuration files. Rooting obviously doesn't give enough access. Is there anyone online that would be able to support that you know off?
Click to expand...
Click to collapse
If there is, this would be the place to find them. Hopefully this is the forum. Sorry, I don't work for a manufacturer, or I'd help you out more directly.
BUMP, anyone able to support in this request. hoping to build a custom carrier configuration file to support a telecoms operator test VoLTE / IMS features
Thanks
kieran_je said:
Thanks for the reply, it’s almost the chicken and egg scenario, we have completed installation of our IMS / VoLTE solution but need to test service, once we are confident on all the parameters and settings we need, we can provide this information to the manufacturers to add our carrier configuration to the OS, but the handset tech teams won’t be able to support until Q4 this year. Am I looking for a Google / Android developer for this?
Thanks, Regards
Click to expand...
Click to collapse
I am interesting in this, i already pm you with my email . Let me know. thanks
If you know what files or folders you need to access, root does give you access. It sounds like you need to research some basic Unix commands and change permissions for the files/folders that you need to access. Root gives you full access to the entire system with super user (SU) privileges.
Hi all
I a searching for someone who is very experienced in making a secure custom rom for Android.
I have given some example links as a reference.
Create Custom ROM for Android —* which phones do you recommend ?
I have a recent Huawei. I would like to avoid spending many hundreds of euros on phones if possible
I would like a custom Secure firmware, that will be*
-*Protection from zero-days viruses
-*Hardened kernel
-*Stronger sandboxing and isolation for apps & services
-*Firewall & network hardening -**MAC Randomization
-*Security-centric user experience changes
-*Man in the middle doctor* —* Protection from SS7 attacks
-*IMSI catcher decor
-*Verifiable Source Code
-*Protection from silent sms
-*Protect your contacts and call history from unauthorised access
- How to change phone identifiers if I wanted to*
An example of phone software that I would like to emulate as much as possible.
sorry I had to remove the links as its my 1st post. It will be easy to find with this info.
esdcryptophone cryptophone-600g
esdcryptophone comparison
Thank you all for taking time to read my request
Felix
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
I too would be interested to hear about anyones experience regarding this OS
johndoe118 said:
Hey guys,
what do you think about GrapheneOS? (https://grapheneos.org)
I think there are some disadvantages:
- only Pixel devices (because only these have some security "flags")
- no root access
- hardcoded Google domains
and some advantages:
- good hardware support
- hardenized aosp
- closed bootloader after flashing
Now I would like to discus about this ROM
Click to expand...
Click to collapse
I'm interested in this ROM too. I have a Pixel 3a. I haven't flashed it yet because I'm trying to find out what people's experiences are first. There doesn't seem to be a lot of posts about it. Did you ever flash it? Also, what do you mean by "hardcoded Google domains"?
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi. That was one reason why I lost interest in the ROM. The other was the limited device support and missing root access. I absolutely need access to the iptables. As a one-man show, the ROM can be adjusted at any time.
johndoe118 said:
Well, the captiveportal contacts the Google servers regularly when you connect to a WiFi.
Click to expand...
Click to collapse
Do you have some kind of reference for that? I'm using it now and would really like some proof to bring up in their subreddit as a WTF.
graphene seems great, no root does not
I don't want the bootloader locked.
I want Magisk extensions
I need root for LP _only_ to remove ads. Is there something like LP that allows (interactively) disabling app activities?
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
GrapheneOS leaves these set to the standard four URLs to blend into the crowd of billions of other Android devices with and without Google Mobile Services performing the same empty GET requests. For privacy reasons, it isn't desirable to stand out from the crowd and changing these URLs or even disabling the feature will likely reduce your privacy by giving your device a more unique fingerprint. GrapheneOS aims to appear like any other common mobile device on the network.
HTTPS: https://www.google.com/generate_204
HTTP: http://connectivitycheck.gstatic.com/generate_204
HTTP fallback: http://www.google.com/gen_204
HTTP other fallback: http://play.googleapis.com/generate_204
Click to expand...
Click to collapse
nay_ said:
hardcoded google domains info from faq
https://grapheneos.org/faq#device-support
Click to expand...
Click to collapse
Thanks, right from there
I have Graphene OS taimen-factory-2020.07.06.20.zip on my Pixel 2 XL.Under "System update settings" is "Check for updates" but nothing happens if I tap.Only the field becomes darker.Has someone experience with this?
Update with adb sideloading to 2020.08.03.22 works.
OTA update from 2020.08.03.22 to 2020.08.07.01 likewise.
I'm personally not a fan of these kinds of projects, they aren't really all that 'secure', you're still using proprietary vendor blobs and such
help please
Hello! In the description
I pointed out that you can change servers just not through the GUI.
Has anyone tried this?
```
Providing a toggle in the Settings app for using connectivitycheck.grapheneos.org as an alternative is planned. The option to blend into the crowd with the standard URLs is important and must remain supported for people who need to be able to blend in rather than getting the nice feeling that comes from using GrapheneOS servers. It's possible to use connectivitycheck.grapheneos.org already, but not via the GUI.
```
captive portal leak + location services data leak
Few points:
1. General idea is that privacy/security oriented OS (as graphene is advertised) should limit network activity as much as possible, and not ping google using captive portal service every few seconds providing perfect IP-based location to google
It is possible to switch it off, but should be off by default
2. Connections of android location services to get GPS constellations were shown before to send sim card imsi and connected cellular tower id to provider (qualcom/google):
"blog.wirelessmoves.com/2014/08/supl-reveals-my-identity-and-location-to-google.html"
Graphene still allows those connections (check their FAQ on website)
W/O root no way to switch this off. Even some devices ignore config files and still leak data (on the level of cellular modem most probably)
3. Android services make other weird connections. Example: AOSP dialler app is querying phone numbers against online database leaking all contacts to google. How was this taken care of in graphene? Are all AOSP services/apps security-verified to not leak any data?
w/o root no way to install afwall to block everything
Is graphene built-in firewall capable of blocking system services from network access?