I feel super awkward and a bit embarrassed to ask this question, but I'm asking for help from this community (see last 2 or paragraphs for ask if you want to skip the boring details) and I think I need to explain briefly why to define my ultimate goal and why I even have to ask rather than sift through searches and assemble the steps/versions I need, etc.
My 22 year old daughter died recently (unexpectedly). I obviously want to preserve everything I can of hers, but I'm not firing on all cylinders mentally. I was able take her ThinkPad and virtualize it to my ESX system and also yank and clone the physical drive for safe keeping. But even doing that took me a while (which it shouldn't, that's kind of what I do for a living - I should be able to do that in my sleep, but it took 3 days and a lot of screaming). I was able to access her google accounts, facebook accounts, etc. and preserve a ton of stuff from there.
Ultimately while I would want to do with her phone the same thing I did to her notebook - preserve it virtually so I could examine it without fear of changing/modifying anything, but I don't think the product exists that allows me to virtualize an existing Android phone with apps and everything intact into a PC environment. I think I could install a whole new Android emulator in Windows, but that's not probably what I want.
I had just given her a Samsung S5 SM-G900T running on Ting for her birthday about 2 weeks before she died. It was unlocked but unrooted, it's rare that I would do nothing to the phone prior to giving it to her - but I pretty much just turned it on and handed it over with no custom ROM or anything - mostly because I was pressed for time the day of her party and it was shipped late.
When I got it back from the police a few say ago (they held it for 2 months) and charged it and turned it on 2 days ago, it upgraded from Lollipop to Marshmallow 6.0.1 (baseband is PE1), which was apparently pending. I don't know if that complicates things. It pissed me off, though. I have copied off local photos off and videos and already took control of her Google and Facebook accounts as I mentioned.
My slightly confused brain tells me normally I might install TWRP or CWM and make a NAND backup and copy it off someplace and at least have a restorable copy of her phone. I haven't done much of this sort of thing with phones for a year or two, I don't know what's changed in the latest OS versions and beides, plus I sort of "lose it" a bit, especially going through her personal things.
I'm not an idiot, I'm just not all here, yet. I'm asking if someone can please give me steps to safely preserve an image of her phone (IE, install TWRP or CWM using specific version xxx, etc., using Odin version xxx, etc.) - If I can virtualize it, too, I'd love to know what product does that, but again, I don't think I can.
I don't know why I feel the need to do these things, I just do.
Any help would be greatly appreciated.
Bump. Somebody please help this fellow. This is too important for me to try advising him, I don't know enough.
So even though half my brain is addled, I did some more research and found out a few interesting things, should anyone care to try this. I found there are a couple of open source tools built for android forensics:
Open Source Android Forensics Toolkit
https://sourceforge.net/projects/osaftoolkit/
Santoku
https://santoku-linux.com/about-santoku/
And there are commercial products, , like NowSecureForensics, some (if not most) built on the toolkits I just mentioned. Another is the painfully ironically named (for me, anyway) Autopsy.
This interesting website verified (to me anyway) that rooting the phone and changing access is still fundamentally sound forensically:
http://freeandroidforensics.blogspot.com
And it confirmed there is no way (yet) to truly "virtualize" the phone entirely (unless you are the manufacturer and you have some proprietary software).
For a "live" example virtually, the best you can do is install an Android emulator and restore an ADB backup of an app. This obviously may or may not work if the app is very hardware dependent. But for a simple program it might work fine.
So in addition to rooting my daughter's S5, installing TWRP, and backing it up, I also got my daughter's HTC One M7 to finally power up, and I rooted it and installed TWRP for backup purposes as well. Many of the forensic tools I mentioned will then report from the standard TWRP backups, with no risk to changing the phone. Some want to look at the phone themselves, even offering to root them, which I find more risky.
I haven't found any one tool to fully provide what I need, you need a Windows PC, a Linux PC (or VM), one or more toolsets (each comprised of other toolsets) and then a lot of time/will to really piece together things. I haven't completed the examinations - even typing is harder now for some reason, but should anyone else need this sort of thing (hopefully for different reasons than mine), the above info is a good start.
Related
hey i am new to android and got myself a acer liquid e2 as was told it was a good phone for the price etc, i do find this phone very surprising and i am totally happy with it apart from 1 problem i come across about 20 times a day, "storage space" i have plenty of space on my sd card it is the phone that is the problem, and every day i need to keep clearing my data and cache as it shuts all my emails etc down when the space has run out which is annoying when it is servral times a day, i have apps on my phone which i dont use and dont need but cant delete these, ive been reasearching this now for a few weeks and everything that i have came across says root and delete, its not that simple is it? i would say that i can be quite good at this sort of stuff as ive made quite alot of my stuff to operate the way i want it, but every time i see anything about rooting it always say your phone can be bricked and i cant afford it to be bricked, i need it beleive it or not, anyway this site seems to have alot of very brainy and smart people on it, hence why i joined :good: can anyone help me with this problem, easy and safest way, will be most appreciated, i was just about to go down the kingo app way but decided to do more reasearch on it before hand and that has put me off it as people are saying there is stuff about spy cams and malware etc iplease help thanks. oh i ment to say i manage to turn my developer options on by total mistake and playing around with my phone so i have that on , if that helpsnetwork 3 in uk cheers guys.:cyclops: p.s. i have jelly bean 4.2.2
bazzaboy1 said:
hey i am new to android and got myself a acer liquid e2 as was told it was a good phone for the price etc, i do find this phone very surprising and i am totally happy with it apart from 1 problem i come across about 20 times a day, "storage space" i have plenty of space on my sd card it is the phone that is the problem, and every day i need to keep clearing my data and cache as it shuts all my emails etc down when the space has run out which is annoying when it is servral times a day, i have apps on my phone which i dont use and dont need but cant delete these, ive been reasearching this now for a few weeks and everything that i have came across says root and delete, its not that simple is it? i would say that i can be quite good at this sort of stuff as ive made quite alot of my stuff to operate the way i want it, but every time i see anything about rooting it always say your phone can be bricked and i cant afford it to be bricked, i need it beleive it or not, anyway this site seems to have alot of very brainy and smart people on it, hence why i joined :good: can anyone help me with this problem, easy and safest way, will be most appreciated, i was just about to go down the kingo app way but decided to do more reasearch on it before hand and that has put me off it as people are saying there is stuff about spy cams and malware etc iplease help thanks. oh i ment to say i manage to turn my developer options on by total mistake and playing around with my phone so i have that on , if that helpsnetwork 3 in uk cheers guys.:cyclops:
Click to expand...
Click to collapse
Unfortunately removing the preloaded apps won't help your storage issues at all. Those apps are located in a different part of the system (/system/app) than the apps and data (/data/app + /data/data) that you add. You can (if rooted) move apps to the /system/app partition, but they don't always work or update correctly from there as it requires special permissions to run from there. But there really isn't much to do besides rooting it and doing some modifications to your set up. They don't call em budget phones for nothing.
Options include swapping the internal and external mount points so it reads your external as your main internal storage, creating a partition on your external and using a script to link your /data/app and/or /data/data folders to that partition so it reads as one big space (however big you make that partition), or using an app like Folder Mount to create a link between big folders on the internal to the external (mostly helpful for big game data). All of these require a bit of knowledge, but nothing that some time and reading can't help you with. It is not exactly rocket science. Knowing what update you are on though is important, both so you pick the right rooting method (there are multiple options if not on 4.2.2 yet) as well as, if, worst case happens, you know what version of the software you need to reload. You can find this info under Settings / About Phone. Make note of not just the android version, but the build or system version as well as there can be mini updates to software that changes things but not the actual android version.
As far as Kingo, I've never read anything other than hearsay about any potential malicious activity on their part. The reason you see most people freaking out about it is because when it first was introduced, it was known to send IMEI info back to their servers in China. Kingo never tried to hide the fact, explained their position about why they were doing it (diagnostics), and promptly changed how that was done. Now, by nature of what it is doing (root = gaining admin access to the operating system), it needs to download closed sourced scripts and files to gain this access . They don't want to disclose their sources for 2 reasons: 1) if the manufacturers of the phones that don't want it rooted see how it is done, then it's much easier to patch that on the next update and 2) so other people don't steal their work. Makes sense to me, but some people are concerned about closed sources (even though many apps already installed or that you download are closed source as well). I've used it on quite a few devices and have never had problems. You can uninstall the companion app it installs (it does this for some devices to help gain access through a backdoor) and update the SuperSU app and binary it installs via the Play Store, so don't really see it as an issue.
bazzaboy1 said:
hey i am new to android and got myself a acer liquid e2 as was told it was a good phone for the price etc, i do find this phone very surprising and i am totally happy with it apart from 1 problem i come across about 20 times a day, "storage space" i have plenty of space on my sd card it is the phone that is the problem, and every day i need to keep clearing my data and cache as it shuts all my emails etc down when the space has run out which is annoying when it is servral times a day, i have apps on my phone which i dont use and dont need but cant delete these, ive been reasearching this now for a few weeks and everything that i have came across says root and delete, its not that simple is it? i would say that i can be quite good at this sort of stuff as ive made quite alot of my stuff to operate the way i want it, but every time i see anything about rooting it always say your phone can be bricked and i cant afford it to be bricked, i need it beleive it or not, anyway this site seems to have alot of very brainy and smart people on it, hence why i joined :good: can anyone help me with this problem, easy and safest way, will be most appreciated, i was just about to go down the kingo app way but decided to do more reasearch on it before hand and that has put me off it as people are saying there is stuff about spy cams and malware etc iplease help thanks. oh i ment to say i manage to turn my developer options on by total mistake and playing around with my phone so i have that on , if that helpsnetwork 3 in uk cheers guys.:cyclops: p.s. i have jelly bean 4.2.2
Click to expand...
Click to collapse
es0tericcha0s said:
Unfortunately removing the preloaded apps won't help your storage issues at all. Those apps are located in a different part of the system (/system/app) than the apps and data (/data/app + /data/data) that you add. You can (if rooted) move apps to the /system/app partition, but they don't always work or update correctly from there as it requires special permissions to run from there. But there really isn't much to do besides rooting it and doing some modifications to your set up. They don't call em budget phones for nothing.
Options include swapping the internal and external mount points so it reads your external as your main internal storage, creating a partition on your external and using a script to link your /data/app and/or /data/data folders to that partition so it reads as one big space (however big you make that partition), or using an app like Folder Mount to create a link between big folders on the internal to the external (mostly helpful for big game data). All of these require a bit of knowledge, but nothing that some time and reading can't help you with. It is not exactly rocket science. Knowing what update you are on though is important, both so you pick the right rooting method (there are multiple options if not on 4.2.2 yet) as well as, if, worst case happens, you know what version of the software you need to reload. You can find this info under Settings / About Phone. Make note of not just the android version, but the build or system version as well as there can be mini updates to software that changes things but not the actual android version.
As far as Kingo, I've never read anything other than hearsay about any potential malicious activity on their part. The reason you see most people freaking out about it is because when it first was introduced, it was known to send IMEI info back to their servers in China. Kingo never tried to hide the fact, explained their position about why they were doing it (diagnostics), and promptly changed how that was done. Now, by nature of what it is doing (root = gaining admin access to the operating system), it needs to download closed sourced scripts and files to gain this access . They don't want to disclose their sources for 2 reasons: 1) if the manufacturers of the phones that don't want it rooted see how it is done, then it's much easier to patch that on the next update and 2) so other people don't steal their work. Makes sense to me, but some people are concerned about closed sources (even though many apps already installed or that you download are closed source as well). I've used it on quite a few devices and have never had problems. You can uninstall the companion app it installs (it does this for some devices to help gain access through a backdoor) and update the SuperSU app and binary it installs via the Play Store, so don't really see it as an issue.
Click to expand...
Click to collapse
Wow thanks very much, a was not exspecting that reply and so quickly, so thanks , well as i said i am new to the android, and the whole rooting thing makes me nervous as i havent done it before, and i dont want to break my phone, i do know there is always a risk in anything really, but would like to know if possible the best for my phone, i am on jelly bean 4.2.2 and kernel 3.4.5 and is it the build number you need or the custom build version? also i dont know if this is important but i actually dont have wifi and use the usb tethering for my pc to get online, is it still possible to do it this way? cheers
bazzaboy1 said:
Wow thanks very much, a was not exspecting that reply and so quickly, so thanks , well as i said i am new to the android, and the whole rooting thing makes me nervous as i havent done it before, and i dont want to break my phone, i do know there is always a risk in anything really, but would like to know if possible the best for my phone, i am on jelly bean 4.2.2 and kernel 3.4.5 and is it the build number you need or the custom build version? also i dont know if this is important but i actually dont have wifi and use the usb tethering for my pc to get online, is it still possible to do it this way? cheers
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2518094
That's a guide with everything you should need to fix the phone if anything were to happen or to just return it to it's original state if wanted / needed. Read through the thread a bit and see where other members were having trouble and the solutions to those. If you get comfortable with that and how it works, then modding your phone becomes much less scary. And once you are rooted, tethering is even better because you can typically hide your activity much more. I don't know if it is a big deal with carriers around where you live, but here, most people have to pay for tethering or make sure to have special plans that typically cost more than ones that don't include it.
es0tericcha0s said:
http://forum.xda-developers.com/showthread.php?t=2518094
That's a guide with everything you should need to fix the phone if anything were to happen or to just return it to it's original state if wanted / needed. Read through the thread a bit and see where other members were having trouble and the solutions to those. If you get comfortable with that and how it works, then modding your phone becomes much less scary. And once you are rooted, tethering is even better because you can typically hide your activity much more. I don't know if it is a big deal with carriers around where you live, but here, most people have to pay for tethering or make sure to have special plans that typically cost more than ones that don't include it.
Click to expand...
Click to collapse
Thanks very much!! a will go have a look at the thread just now, really appreciate your help and time, thanks
So my wife broke her phone. (A car ran over it) .
As you can imagine the phone is pretty messed up. Originaly the phone still worked(for a few weeks) and then she bought a new phone and left that one.
Now a few weeks later i try to turn it on to take the pictures off and it boots into the bootloader and thats where i am in need of your help. If there a way for me to get the pictures off of this phone?
Photos shows you have an M7, and this forum section is specific to the M8. While the devices have some similarities, its always best to get help in your specific device forum, in case of any M7 specific naunces, pitfalls, etc.
What I can say, in general:
1) Try booting into recovery, and see if it will mount the internal storage if you connect to a computer. I know custom recovery (TWRP) will let you do this, but I don't know if stock recovery (since it looks like the phone is stock and never modded) has this ability or not (I'm thinking probably not, but hey its worth a try). It might be a long shot, but if you can mount memory, you should be able to simply browse to the folder where the pics are saved, and just copy and paste them to your computer.
2) These devices have a good amount of cloud backup apps built-in (Google Photos, Dropbox, HTC Backup). Depending on whether your wife opened any of them, and agreed to backup the pics, they may already be on the cloud, and can be easily accessed by logging into the specific service's website on a computer. Again, might be a longshot, but one can always hope; and it doesn't hurt to check.
3) Short of the above, if the phone won't boot into OS, you may be somewhat stuck. If the phone can't bootup into OS, and won't mount recovery otherwise, the only options I can think of to get OS or custom recovery on the phone, involves unlocking the bootloader; which will wipe the storage and defeat the whole purpose.
I know hindsight is always 20/20. But I've lost count how many times I've told folks on here and other smartphone forums: If the data is important to you, than back it up. With so many options to do so (backup to computer, cloud, removable SD) there is really no good reason not to. As already mentioned, in particular the cloud backup solutions take very little interaction, and fully automated once you've accepted the option to use them to backup the pics.
I know you've mentioned its your wife's phone. But regardless of whether its her device or yours or whatever; the previous paragraph applies to everyone with a smartphone. At least moving forward, you and your wife should start backing up your personal data (if you haven't already). Waiting for a disaster is not really the best time to started considering backup methods; but late is better than never.
Rant over. Good luck recovering the pics, in any case!
Hello!
TL/DR version:
How do I ultimately gain complete control over my own phone?
Android version 6.0
SecPatch 2016.03.01
Kernel 3.10.49
Build MRA58K
Software US37510b
CPU: Qualcomm Snapdragon 210
Long version:
For various reasons, I decided I needed a pocket portable Android computer, and a cell phone seemed to be the best option open to me. In researching for what would suit my needs and budget, I discovered the local U.S. Cellular store was having a penny promotion for the LG K8 US375 prepaid. Did some research, and decided it was a good deal for seeing if a phone works for my needs, as I don't care about the phone part.
It has been a headache. I am used to PCs. I knew it would have a reserve amount of storage for system files, but I wasn't expecting 50%. Then I installed the programs to do what I wanted, and was left with 500MB left. This won't do. Got a bargain on a PNY 32GB Class U3 SD card, and installed it. I then discovered I had to manually move files to it, only partial data would be moved, and only certain programs would move at all. I tried to find a way to set it to be a default install location like a second hard drive, but found nothing. Best I could come up with is adoptable storage. Which appeared to be disabled on the phone. I would also like to remove files I don't want or need. I talked it over with an online tech from LG, and he basically said I needed to root the phone.
I have spent two weeks, and I don't even want to know how many hours researching here & elsewhere how to do this. I keep coming up with dead ends. Either the method doesn't work for Marshmallow, doesn't work with LG, doesn't work for this kind of LG phone, is known to brick/bootloop the phone, requires programs that have been removed from the links provided, or required unlocked bootloader. Finding how to unlock the bootloader has been about as fruitful as rooting.
I am done researching. I have lost too many nights being sucked into the project to the point I am rereading the same threads without realizing it. I have 21 bookmarks regarding how to do this, and the best I have is a method for unlocking adoptable storage on a Sony phone with the brief mention that it worked on someone else's K8. I haven't felt this overloaded with tech information since I crammed for the A+ cert test. (I did not pass) I know I need to do this manually, I have unlocked dev commands, picked up adb/fastboot, poked around a bit, and I think I can get to the point where I would have a clean boot. Like installing a new OS after formatting on a PC. It's everything that comes after that I am lost on. Please advise.
mageofthesands said:
Hello!
(...) Please advise.
Click to expand...
Click to collapse
Not everything can be root.
Try asking the thread Lg 2-3g Tool 9.21 Update. LG G5, ...
My wife bought an S7+ from Amazon and it's been fine for a couple of months. She had a popup today which warned that the device would be locked because it was part of a trade in scheme and there was some sort of problem. I assumed some sort of malware but I was working so I didn't do much with it but now the device appears to have locked into a sort of "kiosk mode" where we just get 2 screens:
https://imgur.com/a/Z4N9TLy
All the blurb is plastered with "Samsung Electronics UK" but the domain the email is going to is "tradeinresponse.co.uk" which after some Googling seems to have been linked with some scam stuff in the past.
I've tried safe mode with the same locked screen, plugging the tablet into a PC results in it locking to the first screen.
I can get into recovery and I wanted to try a wipe, but the wife has some drawings on there she's done in Sketchbook that she would like to keep.
I'm a software developer by profession but I work with Windows/.NET and SaaS stuff so I've not got much experience with droid devices (a bit of java here and there in the past, but not so much XP with the OS itself)
So my questions are:
Does anyone know if this is any sort of official thing or is this malware/scam stuff as I suspect?
Is a factory reset likely to resolve the issue?
If I want to factory reset, can I pull files off the devices internal SD via ADB or some other tool before I do it?
Do I have any other options?
Kind of a wind up - I'd just have factory reset it by now to find out but like I said, I don't want to lose any of the wife's data if possible. If she gets anything back I'm going to make sure she sticks it in the cloud.
Any help would be appreciated and thanks in advance!
Always backup critical data redundantly to at least 2 hdds that are physically and electronically isolated from each other and the PC.
Or you will lose data eventually.
Factory reset but you will lose all data. If the drive is encrypted, you likely already have.
Sounds like ransomware. Contact Samsung and do some Google searches. See what you got and if there are any work arounds.
You may need to reload the OS completely if it's a rootkit and running on Android 8 or below.
This could be a nasty little bugger...
If it wasn't present on the device when purchased, your wife either downloaded or installed it. She needs to be more careful!!!
Maybe this will impress that onto her...
Thanks for the advice but I've already googled as much as I can. The domain doesn't go anywhere except a holding page though through reverse lookup it seems there are also other domains on the same host including some legitimate businesses that appear to do Samsung second life schemes for devices.
I've googled the actual lock message but no-one on the net seems to have seen it before.
The wife hasn't installed anything, she got the device a few weeks ago (from Amazon, supposedly new) and did a transfer from her old s6 (that has gone to my daughter) to the s7 using Smart Switch. Since then she's not installed any other applications.
It's not "critical data", per se, it's just drawings she'd like to keep, plus copying stuff onto physically disparate hard drives seems a bit overkill given she can just drop the files into a cloud storage account and have way more redundancy than you/I could ever reproduce by doing manual backups.
I'm posting in an s7 forum about an s7 so it's going to be running Android 10 at the minimum (given that's what the device ships with). Not sure why the comments about Android 8.
Anything she could have installed would have been from the Play store (and I don't believe she installed anything other than what automatically installed from what was on her old s6), plus her apps are from a reputable vendors (Autodesk etc). My son has a tablet and he installs all sorts of crap and hasn't had this issue because the OS prevents stuff like this from happening unless you allow side loading.
Is it possible to install a rootkit from the play store? I didn't think so ..?
So, either it was on there when we got it, it's legit or it's a vulnerability that exists in the OS and we are some of the first people to see it...
You can do what you want but any backup database that requires a password can be lost.
I have close to a dozen backup hdds, there's no way to I can lose my entire database.
At least use 2 OTG flashsticks to completely backup the data but hdds are still preferable.
NEVER encrypt data drives... and verify the backups are complete and readable.
As to how it happened you're going to have to sort that out or suffer the same fate possibly again in the future.
A factory reset seems inevitable at this point.
Afterwards change all passwords.
Malware has always existed on Playstore albeit not much or for long. She may have imported from your daughter's phone.
You got some potentially gigantic problems now.
Personally I would have already gone full nuke by now. It's simply not worth the risks.
In the future hawk the download folder daily for files you didn't authorize. Delete any unknowns without opening. Scrutinize all downloads and installs carefully, always. Scan as needed with Malwarebytes. Online Virustotal can be used to scan smaller files and apks.
There are also maliciously scripted jpegs too that can cause damage to any files in the same folder when opened. Be aware of any changes or strange behavior in the download folder. Vet all downloads before moving into your database.
Use a good brower like Brave and be careful what links you click, in the browser, emails and texts.
I can't even begin to estimate how many websites I backed out of, closed that tab or wiped the browser data over in the last year alone. Better safe than sorry. Zero malware infections in over 1.5 years and that's running on outdated Pie.
Almost all malware, rootkits etc are loaded by the user. Some will self install if the device's security isn't configured correctly or if not spotted on a timely basis. Androids, even ones with out of date OSs are generally very secure unless the user does something stupid... learn or get burned.
blackhawk said:
You can do what you want but any backup database that requires a password can be lost.
I have close to a dozen backup hdds, there's no way to I can lose my entire database.
At least use 2 OTG flashsticks to completely backup the data but hdds are still preferable.
NEVER encrypt data drives... and verify the backups are complete and readable.
As to how it happened you're going to have to sort that out or suffer the same fate possibly again in the future.
A factory reset seems inevitable at this point.
Afterwards change all passwords.
Malware has always existed on Playstore albeit not much or for long. She may have imported from your daughter's phone.
You got some potentially gigantic problems now.
Personally I would have already gone full nuke by now. It's simply not worth the risks.
In the future hawk the download folder daily for files you didn't authorize. Delete any unknowns without opening. Scrutinize all downloads and installs carefully, always. Scan as needed with Malwarebytes. Online Virustotal can be used to scan smaller files and apks.
There are also maliciously scripted jpegs too that can cause damage to any files in the same folder when opened. Be aware of any changes or strange behavior in the download folder. Vet all downloads before moving into your database.
Use a good brower like Brave and be careful what links you click, in the browser, emails and texts.
I can't even begin to estimate how many websites I backed out of, closed that tab or wiped the browser data over in the last year alone. Better safe than sorry. Zero malware infections in over 1.5 years and that's running on outdated Pie.
Almost all malware, rootkits etc are loaded by the user. Some will self install if the device's security isn't configured correctly or if not spotted on a timely basis. Androids, even ones with out of date OSs are generally very secure unless the user does something stupid... learn or get burned.
Click to expand...
Click to collapse
With all due respect we aren't getting anywhere here, I don't want backup advice or malware advice, I want to know the answers to the few small questions I asked about whether this is legit and if I can access the device files or not.
You seem to be convinced it's malware, you also seem to be skim reading my posts which is fine - but I don't think your input is helping me.
I'm not going to use a different "paranoid" browser - chrome is fine, the tablet doesn't have a "security configuration" that is any different from the hundreds of thousands of other S7+ devices out there since it's a tablet and out the box it's ready to go. I'm not checking the downloads folder daily just in case some random malware has somehow "installed itself" onto my device, I'm also not keeping random flash sticks and hard drives lying about - I'll just use that geo redundant pretty solid cloud storage like most of the populace.
Yes you can put malicious content in a JPEG or a JPEG header, but it requires that there's an exploit in the OS or the app opening it (for example hiding a javascript eval in the file metadata); I don't think that's an attack vector on a tablet as far as I know given that she only browses, watches Netflix and draws using her S-pen on the device.
She's not imported "malware" from someone else's phone because if you read my post properly you'd understand that it was HER device that she transferred her data from - one that she's since given to the daughter (who has no issues). If you know how Smart Switch works you'd know that it's an unlikely vector (it just transfers data from application storage and then reinstalls the apps from the play store), plus the fact the original device doesn't have the issue...
Stop telling me to "learn or get burned". This is not a "misuse" problem. The wife is on Android 10, it's a relatively new and secure O/S and she didn't install anything she shouldn't have (she didn't actually install anything at all - it was the stock samsung application and the play store that installed the apps she ALREADY HAD on her previous device). It's not a "learn" scenario. Nothing she did should have caused this - if it is/was an OS exploit or some sort of security issue what could she have done to prevent it? Nothing.
What I have done is:
* Contacted the vendor of the device (we can still send it back if they've sent us a refurbed device instead of new as advertised)
* Sent an email to the address advertised to see what response I get (if they demand money then clearly a scam)
I've checked and the domain in the above shares a host with a company called MTR which happens to be a DCC Group company (one of the groups of companies I actually consult for) so worst case I'll speak to someone from DCC Group and see if they can shed any light.
Seems like it might be legit and quite possibly a mix up.
Do what you will... if you understand the origin of that phrase.
Anything that can't be IDed is considered malware until proven innocent
The fact that you're now completely locked out speaks volumes.
Good practices and backup are your only defenses. They apply to the future not the past... so much for flavors
Personally I think it's already too late for that device's OS load and data.
Of course I could be mistaken.
If you really want the data, take it to a data recovery specialist. They may be able to recover it.
When your at the beginning you can determine how potential data lose will end. When at the end, the outcome has already been predetermined by your actions or lack of.
You are now at the end... likely a dead end.
Been there, done that... actions have consequences.
@Charleh: if I were you, I would back up all important data and do a clean firmware flash with Odin. And a factory reset on top of that, just to be sure. Definitely sounds like you got hit by a scammer.
AnonVendetta said:
@Charleh: if I were you, I would back up all important data and do a clean firmware flash with Odin. And a factory reset on top of that, just to be sure. Definitely sounds like you got hit by a scammer.
Click to expand...
Click to collapse
Like I said there's not really any important data on there, just some drawings the wife would like to keep. Also, I can't backup anything since I can't access the device.
I'll probably just speak to DCC group and see if this company is one of theirs.
If the data is lost we are just talking some drawings the wife has done, there's nothing important on there, she just loses the layers (they are stored as multi page tiffs and sketchbook uses those as layers). She has all the images as flat renders on her cloud storage drive and on Instagram.
Think we just need to invest in some extra cloud storage as the free 15gb that Google give you isn't enough to store what she wants at the moment as the images are tens of megabytes each.
Worst case scenario I factory reset and flash it, best case I get someone at DCC telling me what's what.
The bit that gets me is that there are no ransom demands at this point so I can't be sure what's what. Usually by now with crypto ransom malware you are already being given demands...
We will see.
blackhawk said:
Do what you will... if you understand the origin of that phrase.
Anything that can't be IDed is considered malware until proven innocent
The fact that you're now completely locked out speaks volumes.
Good practices and backup are your only defenses. They apply to the future not the past... so much for flavors
Personally I think it's already too late for that device's OS load and data.
Of course I could be mistaken.
If you really want the data, take it to a data recovery specialist. They may be able to recover it.
When your at the beginning you can determine how potential data lose will end. When at the end, the outcome has already been predetermined by your actions or lack of.
You are now at the end... likely a dead end.
Been there, done that... actions have consequences.
Click to expand...
Click to collapse
It's not a big deal mate.
Stop flogging a dead horse, the most annoying thing is just that the device is unusable, regardless of me making backups or signing a pact with the devil or putting candlewax on my nips, it wouldn't have prevented this from happening..
The only reason I haven't tried a factory reset up to now is because if there's a chance I can get the drawings off the device I'd like to try it first before I nuke it.
Stop talking about my lack of actions, it's getting really boring. There's nothing I could do to forsee this happening and not my fault the wife didn't put the drawings on her cloud storage.
Go bother someone else with your multiple flash disk tinfoil hat backup routines (I bet you've got a tape drive in that routine somewhere too), stop trying to be helpful by saying "told you so" after the fact, instead try answering the questions I asked.
@Charleh: The way I see it is this:
The device's data partition/internal storage (where the drawings are stored) are encrypted by default, by Samsung. So, unless you can manage to use a MTP USB connection or ADB to make copies of them, then you're locked out and there's nothing you can do to recover them. Since they're located in an encrypted area, I highly doubt that even a professional data recovery business would be able to get them back. There are certain encryptions out there that even the US govt (NSA/CIA/FBI) can't break.
I'm assuming that you're not a l33t hax0r with uber skills, so unless you can successfully boot into Android again, your recovery chances are almost zero.
Or, maybe this company can help you out. It's worth a shot. But if I were a gambling man, I'd wager a lot of money that you will end up having to clean flash/reset, without being able to recover anything.
In the future, think about making copies of this stuff before bad things occur. As the saying goes, anything that can go wrong, will go wrong, sooner or later. I rarely lose access to my data because I'm frequently backing it up.
Good luck!
AnonVendetta said:
@Charleh: The way I see it is this:
The device's data partition/internal storage (where the drawings are stored) are encrypted by default, by Samsung. So, unless you can manage to use a MTP USB connection or ADB to make copies of them, then you're locked out and there's nothing you can do to recover them. Since they're located in an encrypted area, I highly doubt that even a professional data recovery business would be able to get them back. There are certain encryptions out there that even the US govt (NSA/CIA/FBI) can't break.
I'm assuming that you're not a l33t hax0r with uber skills, so unless you can successfully boot into Android again, your recovery chances are almost zero.
Or, maybe this company can help you out. It's worth a shot. But if I were a gambling man, I'd wager a lot of money that you will end up having to clean flash/reset, without being able to recover anything.
In the future, think about making copies of this stuff before bad things occur. As the saying goes, anything that can go wrong, will go wrong, sooner or later. I rarely lose access to my data because I'm frequently backing it up.
Good luck!
Click to expand...
Click to collapse
Thanks - that was a helpful answer. I suspected that droid encrypted the data - I was looking at making an ADB connection using Android tools. Might as well give it a try before I nuke.
I can't use MTP as the device auto locks when I plug in a USB cable.
Like I've said a few times it's not a massive issue if I lose the data - I work in IT, I know the importance of backing up important data. I've seen a client lose months worth of data to crypto-ransomware (they cancelled their backup solution a few months before saying they were moving to Azure soon so they didn't need it).
I've explained though, it's not my device and it's up to the wife to put her stuff on her cloud storage if she wants to keep it. She uses Google Drive for her docs etc.
Worst case scenario I complain to Amazon, wife is saying she doesn't remember the screen having a protector/film on it when she opened it and we still have time to return/exchange it since I have a Prime account.
@Charleh: AFAIK, Amazon has a 30 day no questions asked return policy for almost everything. If you're still within that return window, then I guess you just have to decide whether the loss of drawings is worth returning it, assuming all recovery efforts fail. I bought my Tab S7+ new direct from Samsung, I haven't encountered like what you describe. And your edge case is the first one I've seen.
I think it's possible that you bought a refurbished device that was preowned but sold as new. The original buyer didn't finish paying it off, returned it, it's sold to you, you get this message. It's either legitimately locked, or someone has remotely locked it and intends to scam you. Contact that company ASAP.
Another option is to find a local techie/shop that can remove this lock for a fee, preferably without data loss. They make want to see proof of purchase, if they're legit. This would at least give you the ability to use the device again. People used to bring me locked phones/tabs all the time, this is pretty much what I did for side cash. As long as they didn't outright admit they were stolen, I didn't care.
Ok speaking to Samsung support and it's legit - what's happened is that someone's returned the device to the supplier after doing a trade in with it and receiving a new device from Samsung Trade In.
Supplier has refunded us and told us to keep the device until the issue is resolved with Samsung.
Now fighting with Samsung themselves about it. Absolute pisstake.
Basically I have a brick and although Samsung have the capability to unlock the device through Knox they won't do it until a resolution is found with the supplier.
Fun-times. Sent a complaint email to Samsung as they are essentially holding the wife's artwork to ransom because of an issue they have created with the rules of their trade-in program.
I've already received the refund too - sounds like the Amazon reseller is trying to wash their hands of it.
@Charleh: So, they refunded you AND they're going to let you keep the tablet? I'd be quite happy with that.
AnonVendetta said:
@Charleh: So, they refunded you AND they're going to let you keep the tablet? I'd be quite happy with that.
Click to expand...
Click to collapse
Depends if the tablet is ever going to be functional again...
Fingers crossed!
Time to reflash, ODIN or do whatever and see if you can and up with his + hers new(sort of) tablets.
Hello, some solution?
Charleh said:
Depends if the tablet is ever going to be functional again...
Fingers crossed!
Click to expand...
Click to collapse
How did this end?
corb06 said:
How did this end?
Click to expand...
Click to collapse
still ongoing - Amazon is trying to get hold of the original supplier but they've gone dark; I complained to Samsung and they are looking into it, just waiting for a reply.
They took almost a month to get back to me - only did so when I started complaining publicly on all social media platforms (Twitter, Instagram etc) - they don't like it when you do that.
Will update when I know more.
Charleh said:
still ongoing - Amazon is trying to get hold of the original supplier but they've gone dark; I complained to Samsung and they are looking into it, just waiting for a reply.
They took almost a month to get back to me - only did so when I started complaining publicly on all social media platforms (Twitter, Instagram etc) - they don't like it when you do that.
Will update when I know more.
Click to expand...
Click to collapse
Sorry to hear it's taking so long. I'd be super pissed. Next time, buy direct from Samsung, you wouldnt have to deal with this ****. Because they wouldnt sell you a used/refurbished device unless it's clearly marked as such, and i'm pretty sure they only sell new devices anyway.
Can you post a link to the seller's Amazon page? They could be a fly-by-night op.
If you cant get your money back or an exchange, just contact your bank/card issuer and do a chargeback. This is a last resort ootion, if nothing else works. Explain the whole situation to them. Chances are, they would force the seller or someone else responsible, to give your money back. The only caveat is that if you wait too long, it might not work. i've inititated chargebacks against sellers who dont respond to support requests, it usually worked in my favor.
Edit: If you go the chargeback route and Amazon is forced to refund your money, they may retaliate by banning your account. it recently happened to a friend. Just so you know.....
I have a A52 5g and a tab S7+ wifi, that are both remotely controled and monitored, and serve as gateway to my home network and basicaly every device connected to it. I noticed it at first and mew NOTHING related to this, didnt even know what open source was. Since then i have come to understand that, somehow, my phone seems to run a custom version of android, my guess is, built from AOSP and designed to disguise itself as oem samsung ui, but in background enables remote access and total takeover of every function. I have discovered, using total commander, that storage has been partitioned in 2 separate locations, and that one folder in there is called root system file, and filled with data/apk/installkits/etc.. this has me asking for help in 2 specific questions:
Am i holding a rooted device or is there another possibility that creates this situation? I was convinced its rooted untill i read here that root prevents from using samsung pass, secure folder etc.. and those seem to work on mine(or is it a version of those apps?) If its indeed rooted, will it wype everything if i flash it with the stock rom? And should i trust a small cell repair store to do that or learn how to do it myself?
2: i have bought 3 brand new phones since august, and made sure not to use my usual accounts, no use backups, not even set it up near my home wifi, and it almost instantly started self installing harmful software in background. I see no other way for it to link itself to be owned by me at initial setup, but for the sim card, new of course, but with my usual phone number and service transfered to it. Is that enough to make a breach and compromise a new device? If so, what would be different after fpashing the stock rom, if everything reinstalls itself? Do i need to change my number? Change cellular service provider even? I know its an unusual request but im a fast learner, i have compiled lots of technical info on specific apps, ip's, servers, build id numbers etc.. that i know would make more sense to anyone more qualified than me, and i am about ready to try and wype/flash the thing myself, i just would feel better with a little help since i have gone this far pretty much alone, since no service provider or manifacturer actualy feels like this is their problem to solve....
Here you can download firmware for your phone and flash with Odin, which you can also download at the bottom of the page, there are instructions on how to do it also.
Make sure to download correct firmware for exact device you have. There are few different A52 5G models.. SM-A526B, SM-A526U, SM-A5260, SM-A526U1, SM-A526W.
You will lose all data after flashing new firmware. After this your phone will be like brand new from Samsung..
If your device is rooted then that means your warranty is void and manufacturers and carriers are under no obligation to help you.
I'm trying to understand your situation but its so conflicting I don't know where to begin.
For example, you say your device runs a custom AOSP with a Samsung UI. Thats exactly how it actually works. Samsung take the AOSP, customise it with their own functionality, then overlay their own skin as the UI. Theres absolutely nothing unusual about that.
I'm conflicted as to whether your rooted or not. If the manufacturer or carrier has physically seen the device and won't repair it then that would suggest your definitely rooted. If you spoke to them virtually and told them your rooted then they will use it as an excuse whether you're truly rooted or not. The partitions you mention could be the internal storage and an sd card which can be seen non-rooted. I dont know what you mean when you mention a "root system file". Is it an actual folder called "root" or is the app you're using just telling you that you've reached the "root" of the filesystem? I can't quite work out what you mean. You also say Knox-powered apps still work which just adds to the confusion.
You stated you have had 3 new devices and they all self-installed harmful software. To get one device compromised is possible. To get three compromised means your either a high profile government target (which I doubt because they wouldn't be so sloppy as this) or your doing something to compromise your own devices such as continuously visiting dodgy websites.
Flashing will fix things but so would having a new device. The only common denominator is you so either you're doing something wrong or you truly are a government target in which case I wish you good luck!
First let me appologise for the long silence, i cut off most online activity for a while and just read your answers. To clarify, i have not solved my prolem yet. But ill try to explain better what you ask about my situation:
About de os version arobase40 got it right. I Asked google play help reps. And a stock samsung version of android would not trigger googles warning about running a custom version of android. So that point to a modified after-the-fact more than to the fact samsung has their propierary version installed.
About beeing rooted or not, ylwhat you are asking is what im not totaly certajn of, also. I know partition can happen without rooting, its seems to have created a "virtual sd card" since its named as such when sd card slot is actualy empty. About the root files folder, i cant say for sure, all i can say is that its holding a large amount of Gigs that dont get taken into account when looking at storage capacity and usage, and accessing that folder gives me a message that root files cant be access from this device. Does it mean my device had root acess privileges revoked to prevent viewing files that hide what is given control of the software remotely, so i dont find out or have the capacity to remove or alter those files?
What is absolutely sure is that if it is rooted, it wasnt done by me. As for the chance the devices were not factory brand new, 1 of them was not, got it opend box from amazon, a saudi arabia version, but my prkblems had started months before getting it, did not keep it more than 2 months, and all others before and since are 100% pure factory new, some directly from my cellular service provider, as financed device came with 2 year agreement of service,(actualy 2 of them i got this way) and the last one is my tab s7+ i got online directly from samsung canada website, on preorder, delivered on release day.
And lastly the fact i cant seem to shake those persistent leeches, is not from having reckless habbits online, but from having careless and uneducated habbits before that all started, usual older lazy dude stuff, like not changing my wifi password after a ruff breakup with bipolar psycho ex gf, or having only a few passwords reused on most my accounts. I have stopped doing those things long ago now that i know better, but i suspect that i could have been unaware something gettnng installed and staying dormant for a while, maybe? The ex had way more opportunities than needed to do something like this and is more than psycho enough to realy do it also. For having the skills to do it, lets say she has "assets" that can easily get her guys willing to help about that. It may also be coming from somwhere else, but as you say im not a super spy or a high ranking gov. Official. Im not even that interesting, and have absolutely no usable id for fraud or anything, my credit history would raise more red flags then there is in all china. So after so long struggling with this still very active, i cant even think of a rational reason to do so much effort into this, theres nothing to gain, i only can imagine that maybe a twisted mind seeking revege, or with a sick way of amusing themselves could see the point to all that, but i dont realy care. I only want to get rid of it.
As for the way it manages to be so much persistent, i can only see one option left i didnt remove from the process, and its through my phone number/account on the sim card, even a new sim on a new phone, still is linked to my cell service. I did initial setup with only that new sim card, accounts freshely created during setup, with no info or anythink linkable to my previous accounts, and even did it sitting outside, far from any building that could get me in range of a wifi network. And it still was no more effective at staying secure.
Thats why i did not yet try to flash a stock rom myself on my device, because it would, at best, become exactly like it was when brand new, and i know that this is not enough to keep it secure, and that means theres still something im missing in the whole picture.