Copy recovery logs. Prove device was hacked. - Android Q&A, Help & Troubleshooting

I have a Samsung Galaxy tab s6 which I know to be hacked. I need to prove it was hacked. The person who did it, probably took my phone and entered in recovery mode in order to install malicious APK or unlock the phone.
I entered in recovery mode and used the option "read recovery logs".
It is hard to read it in the screen since there is no search option and the logs are long.
Is there a way I can copy these log files? I know they go to \cache\recovery.
I tried to access this folder using fx App, but I have no permission.
The tablet is not rooted.
Can I get these logs somehow using ADB in recovery? How?
Can I get these logs by rooting the phone first? Won't the logs be lost if I do it?
Is there a hint on what to look in these logs in order to prove someone inserted a USB drive or SD card and installed some .zip?
No anti vĂ­rus os detecting malware, but you know, this is not guaranteed to work or the spyware might have deleted itself when the spyer realized I was browsing for solutions. Do you know any other way I can prove I was hacked?

Related

Partially functional Atrix - Need Assistance or SBF File

So I as working on theming the Adeo ROM and must have messed something up. I didn't think it had to do with the framework files I had pushed so I did a factory reset to clear off all the 3rd party apps from the phone.
Well, since that reset, I can't access the phone in ADB, settings FC's, Market FC's, and I can't download/install an APK because of the security restrictions.
The phone is "functional", I can place/receive calls/sms and use the browser. USB to the PC works for everything except getting ADB access. I verified I can get it to recognize for RSDLite and for Fastbook so I figure using one of those methods should (eventually) provide me an avenue to get my phone 100% functional again.
Does anyone happen to have or know where I could find signed files for Fastboot to replace the entire /system partition or an SBF file to flash the phone back to stock? Or possibly any other solutions?
Also, before I get flamed as a n00b who broke a phone, I've worked on over a dozen different Android handsets and I was well aware I was working without a safety net. This is NOT my primary phone so if I need to I can patiently wait for an SBF to leak. I'm just checking to see if anyone knows any solutions already so I can get back to theming.
Sounds to me like a permissions issue. I had that after I fiddled with the contacts database to unrestrict pictures from third party apps. I would double check any files you modified and make sure they got chmod'ed back to what they should be.
You will have to somehow access the Settings to re-enable adb. When you did a factory reset, you disabled USB Development (aka adb).
For now the only known way to recover is through adb. No fastboot or signed update.zip for now.
navalynt said:
So I as working on theming the Adeo ROM and must have messed something up. I didn't think it had to do with the framework files I had pushed so I did a factory reset to clear off all the 3rd party apps from the phone.
Well, since that reset, I can't access the phone in ADB, settings FC's, Market FC's, and I can't download/install an APK because of the security restrictions.
The phone is "functional", I can place/receive calls/sms and use the browser. USB to the PC works for everything except getting ADB access. I verified I can get it to recognize for RSDLite and for Fastbook so I figure using one of those methods should (eventually) provide me an avenue to get my phone 100% functional again.
Does anyone happen to have or know where I could find signed files for Fastboot to replace the entire /system partition or an SBF file to flash the phone back to stock? Or possibly any other solutions?
Also, before I get flamed as a n00b who broke a phone, I've worked on over a dozen different Android handsets and I was well aware I was working without a safety net. This is NOT my primary phone so if I need to I can patiently wait for an SBF to leak. I'm just checking to see if anyone knows any solutions already so I can get back to theming.
Click to expand...
Click to collapse
When I lost ADB access because of a hard reset (I think), this is what I did to fix my issue: http://forum.xda-developers.com/showthread.php?t=974824
I never lost root after a hard reset so I went to the market and bought root explorer and sqlite editor and copied the adbd to the /sbin folder to fix adb. I then bought sqlite editor and followed this: http://forum.xda-developers.com/showthread.php?t=972760 to re-enable side loading of apps. To install apps that I had the apk's for.
I still lose adb after a reset, but I can copy the adbd file to the /sbin folder and adb works again until I reset the phone.
I made a post about losing adb access on the motorola support forums: https://supportforums.motorola.com/message/332307#332307 to see if there were any solutions, but Mark said he would get back to me after trying to reproduce my problem.
I hope this helps.
I think I'm just up **** creek without a paddle for the moment because I can't connect via ADB, the Market force closes, and the security restrictions won't let me side-load any applications via download from the browser. I can't manually add ADB because I have no way to move the files to where they need to be.
Thanks for the replies! airbillion, I'm following your thread at the Motorola Owners' Forum to!
navalynt said:
I think I'm just up **** creek without a paddle for the moment because I can't connect via ADB, the Market force closes, and the security restrictions won't let me side-load any applications via download from the browser. I can't manually add ADB because I have no way to move the files to where they need to be.
Thanks for the replies! airbillion, I'm following your thread at the Motorola Owners' Forum to!
Click to expand...
Click to collapse
No problem. That sucks, I'm not sure what you can do. Hopefully motorola or someone here will get a sbf soon so we can mess with our phones and have a way to fully recover. I hope you get it working again. Good luck!
navalynt said:
I think I'm just up **** creek without a paddle for the moment because I can't connect via ADB, the Market force closes, and the security restrictions won't let me side-load any applications via download from the browser. I can't manually add ADB because I have no way to move the files to where they need to be.
Thanks for the replies! airbillion, I'm following your thread at the Motorola Owners' Forum to!
Click to expand...
Click to collapse
Have u not tried sideload wonder machine love that thing used it alot when my wife had her backflip
Sent from my MB860 using XDA App
shadowscreation said:
Have u not tried sideload wonder machine love that thing used it alot when my wife had her backflip
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
Requires USB Debugging to be enabled, but I have no access to enabled it due to Settings force closing and no ADB access in pre-boot.
Could you download Android Terminal Emulator 's apk to your sdcard, then install it using a apk install you may already have that work.
If you can get any terminal access from your phone, do a su, then launch /sbin/adbd. This should hopefully give you adb shell access. Without needing to enable USB debugging.
adlx.xda said:
Could you download Android Terminal Emulator 's apk to your sdcard, then install it using a apk install you may already have that work.
If you can get any terminal access from your phone, do a su, then launch /sbin/adbd. This should hopefully give you adb shell access. Without needing to enable USB debugging.
Click to expand...
Click to collapse
It won't let me install a downloaded APK because of the security restriction.
If you have an SD card, try booting into recovery with an update.zip on the file.
I can get into the recovery, but the update.zip file needs to be signed. I created one that will push the original copies of the framework files I was working with but it won't install because it's signed with test keys. The stock recovery 3e needs update.zip files signed with the manufacturer release-keys which only Motorola has.
https://supportforums.motorola.com/thread/46051?tstart=30
I started a thread on the official Motorola Owner's Forum in hopes I can find a full factory restore method for the OS. It's unfortunate that unlike HTC and other manufacturers who release full wipe RUU files Motorola has chosen to keep their restore files internally.
http://www.4shared.com/file/7YXo_gmO/update.html
That's the link to the update.zip file I was trying to use that fails because it's only signed with test-keys.
Retracteddd

[Q] How to retrieve files from phone with smashed screen

My Samsung galaxy s2's screen reciently got smashed, nothing comes up but I believe the rest of the system works. Now when I connect to my computer it just charges. So I was wondering if there is any way to retrieve my contacts, internet favorites, pictures, and memos without replacing the screen.
Thanks
i cant do too much research at the moment, but I have an idea.
Assuming that you have clockwork recovery installed:
I think there is a way to mount the file system using clockwork recovery.
*You should try looking up the key combo to get into the recovery screen in boot
*Then look for specific instuctions on how to mount the file system.
*Since clockwork recovery is entirley controlled with harware keys you should be able to navigate without seeing what you are doing
*(just look at the instructions and press the appropriate keys, the appropriate amount of times to get to where you need to be)
Its a shot in the dark (bu-dum-chi) but I think it might be your best bet.
This should point you in the right direction:
http://forum.xda-developers.com/wiki/ClockworkMod_Recovery
If not, there may be a way to remove the internal storage and put it into a simmilar device and get the data that way. But I cant really help with that.
assuming it does turn on, turn it on and plug it to your pc, then use adb (android debug bridge) which comes with the android sdk to pull files out of your phone.
as for the contacts you can pull the sqlite db file:
http://www.droidxforums.com/forum/droid-x-rescue-squad/30987-acquire-contacts-via-adb.html
you can also parse them directly on phone with the sqlite3 command while in adb shell.
Is there any feedback on this.
dziridz said:
Is there any feedback on this.
Click to expand...
Click to collapse
I've just used Samsung Kies and was able to retrieve data, now I am looking for a way to format the internal memory.

[Q] Help! My tablet is messed (Edited some build.prop files)

Hello there,
I just registered on this forum to hopefully resolve my problem with the Kobo Arc tablet. I apologize if any similar issue regarding this was posted. So basically, my Uncle bought me a Kobo Arc tablet about 2 months ago and I know quite alot of things about it. Due to my stupidity I couldn't play a game I really wanted to and so I edited my build.prop to make my tablet compatible with the game. In build.prop I changed the product model to: "GT-I9100", product brand to: "Samsung" and product manufacture to: "unknown". After this I restarted my device. As I did, the kobo arc logo appeared and then a never ending start-up boot. I restarted my device many times but still couldn't get my device to fully on. I entered recovery mode by holding the up volume and power button together and tried to reset to factory, but my Kobo Arc just still won't go pass the never ending start-up screen. I even tried to connect it to my computer but it doesn't recognize it. I'm assuming it's bricked, is there any possible fix for this? if so I need to know asap.
Someone please help me, it would be so kind, and I'll appreciate it soo much.
Thanks in advance
SmootZ
Please, I'm in urgent need of help. I really want to go on my tablet again..
Any help to get my kobo arc to its original state and working properly again, I would be sooo grateful.
Do you have a nandroid backup? If so, restore it.
Otherwise, do you still have access to your SD card (probably using an adapter and connecting it to your PC)? Try using AROMA FM to edit build.prop to the original values.
If not, I'd suggest installing ADB (GIYF) and using that to edit build.prop.
For the last two solutions, you'll need to use the shell, and use a text editor such as nano, pico or vi (depending on what's available). BTW, how did you edit build.prop?
You can also flash back stock/any ROM. Restoring to factory settings doesn't restore build.prop AFAIK.
EDIT: Just noticed your PC doesn't recognize your phone. That rules out solution #3. Are you sure the required drivers installed on your PC?
Yes, I'm sure. But when I plug my tablet into my PC through my usb cable it makes a noise connoting its connected but it won't appear.
Could you possibly give me instructions on how to do a nandroid back-up or something that will get my device back with the following condition:
-My device not able to be recognized on my computer
EDIT: When I connect my device to my computer it charges, but it won't appear on my computer or anything, if this helps.
It's too late to make a nandroid backup now. Try using AROMA FM.
GermainZ said:
It's too late to make a nandroid backup now. Try using AROMA FM.
Click to expand...
Click to collapse
Could you possible give any instructions, I'm kinda new to this stuff.
SmootZ said:
Could you possible give any instructions, I'm kinda new to this stuff.
Click to expand...
Click to collapse
Click the link I posted.
Read the first few posts in full.
Ask about the specific part you don't understand.
I cannot even access my device apart from putting it in recovery mode since my device gets stuck at the start-up and loops, In addition I don't know how to access my sd card since my computer doesn't recognize my device as I said. Will this be a problem?and can I still do it?How do I access my sd card?
Sorry if this question seems stupid
Is your device still not detected in recovery mode?
To access your SD card directly from your PC you'll need a special reader/adapter.
Nope, it doesn't recognize it even in recovery mode. What is this "special" reader/adapter and where can I get it? Could you provide me a link or something?
Well, I'm out of ideas. Just Google "SD card adapter".
Actually my device does not offer any external memory card slot. Meaning There is no support for MicroSD or SD cards on my Kobo Arc.
What shall I do now?
Hey Germain or anyone else,
Is there any other possible way I can unbrick my tablet from this? Any solution would be grateful.
SmootZ said:
Hey Germain or anyone else,
Is there any other possible way I can unbrick my tablet from this? Any solution would be grateful.
Click to expand...
Click to collapse
I'm out of ideas you could try yourself. I'd try triple checking the drivers on your PC and see if you can get ADB to work.
Is sending your tablet to repair an option?
EDIT: Can't you update to the latest update using fastboot?
Hey.
First of all, messing with build.prop without backup wasn't the brightest idea in your life, but crap happens, like Forrest Gump used to say.
What is the exact model of your tablet? Kobo Arc? Kobo Arc 10 HD? Maybe Kobo released an update and you can update it directly by fastboot.
If not try to use Linux as it handles ADB much better than Windows, go to system and edit you build.prop back and wipe cache and dalvik cache. You need to have a working ADB to even think about reversing your changes.
Good luck.
Well thanks for the help.
Can I try taking this adb method without my device giving permissions for USB debugging? Since I haven't enabled this in my developer options as far as I know, in addition I cannot really check since my device is bricked but I'm 100% sure it's NOT enabled. Will this stop me from carrying an ADB method?

[Q] Hosts file corrupt?

Hello everyone,
I use an LG Optimus L4 II (e445). I rooted it but then decided I had too much on it and decided to restore to factory settings. It all worked fine. However, when I got to the Google Account sign in page, it gave me the "couldn't establish a reliable connection to the server" error message. I followed every single tutorial I could find online as to how to solve this. None of them worked. Eventually, I re-rooted it (using VRoot) and managed to download an apk of ES file explorer and locate the hosts file. This had one line that shouldn't have been there:
127.234.104.240 android.clients.google.com
From what I can make out, this is the address of google's sign in servers. So somehow (I suspect malware/dodgy rooting program?) my hosts file has been edited to stop me logging into google. Restoring the device does nothing, neither does unrooting/rerooting. When I open up the file in ES (when rooted) and edit out the bad lines, I can't save for some reason- I think the /system folder is write protected.
So I tried to make the /system folder writeable. I used the android sdk to do this (mount -o command) but this did not do anything. I downloaded the mount /system apk and installed that, it did not help either. I tried /pull and /push on the hosts file to edit it and send it back using the apk. I could successfully pull and edit it, but it would not let me push it back. I'm kind of stuck here. I can effectively not use my phone- I can't use most apps and can't download any, and have no other solutions up my sleeve. Any ideas?
Thanks a lot,
Louis
(PS I hope I've posted correctly, I'm a n00b to this website )
Louietheflyisme said:
Hello everyone,
I use an LG Optimus L4 II (e445). I rooted it but then decided I had too much on it and decided to restore to factory settings. It all worked fine. However, when I got to the Google Account sign in page, it gave me the "couldn't establish a reliable connection to the server" error message. I followed every single tutorial I could find online as to how to solve this. None of them worked. Eventually, I re-rooted it (using VRoot) and managed to download an apk of ES file explorer and locate the hosts file. This had one line that shouldn't have been there:
127.234.104.240 android.clients.google.com
From what I can make out, this is the address of google's sign in servers. So somehow (I suspect malware/dodgy rooting program?) my hosts file has been edited to stop me logging into google. Restoring the device does nothing, neither does unrooting/rerooting. When I open up the file in ES (when rooted) and edit out the bad lines, I can't save for some reason- I think the /system folder is write protected.
So I tried to make the /system folder writeable. I used the android sdk to do this (mount -o command) but this did not do anything. I downloaded the mount /system apk and installed that, it did not help either. I tried /pull and /push on the hosts file to edit it and send it back using the apk. I could successfully pull and edit it, but it would not let me push it back. I'm kind of stuck here. I can effectively not use my phone- I can't use most apps and can't download any, and have no other solutions up my sleeve. Any ideas?
Thanks a lot,
Louis
(PS I hope I've posted correctly, I'm a n00b to this website )
Click to expand...
Click to collapse
After trying for a few weeks now, I've still had no success. One idea has come to me though- installing a rom. Would downloading a custom ROM change my hosts file? Also, if so, could anyone recommend one that is similar to default android? One last idea that I've got at the moment is sonehow completely wiping the hard drive of the phone and reinstalling androud on it, though I have no idea whether that is even possible, and if so, how to do it. I would really appreciate some help here!
Thanks again,
Louis
After reading, I can only talk as one who knows less than you.
Let me say this from the start.
Root=/= unlock bootloader
Find a way to unlock boot loader first, with a Google search.
Use fastboot to flash a recovery (.IMG) made for your phone. fastboot is something like adb.
Let's just say that that is more complicated than rooting. It gave me a headache at first.
_______/
Pertaining to your problem, how about a reflash of the system image?
The official lg mobile support tool may help you with this.
Search for your phone model on the lg support page, look under manuals and downloads, then under software update.
J2270A said:
After reading, I can only talk as one who knows less than you.
Let me say this from the start.
Root=/= unlock bootloader
Find a way to unlock boot loader first, with a Google search.
Use fastboot to flash a recovery (.IMG) made for your phone. fastboot is something like adb.
Let's just say that that is more complicated than rooting. It gave me a headache at first.
_______/
Pertaining to your problem, how about a reflash of the system image?
The official lg mobile support tool may help you with this.
Search for your phone model on the lg support page, look under manuals and downloads, then under software update.
Click to expand...
Click to collapse
I'm not entirely sure I understand you here, but I'll try. What would unlocking the bootloader do to my phone? Would it enable r/w on the system folder? Also, what is a reflash of the system image? How would I do that?
I'll try these things if I can, but would still appreciate help.
Look around on http://wiki.cyanogenmod.org/w/Basic_concepts?
It should give you some info in flashing and unlocking.
It can give people quite a headache, with all those terms.
________
As for the part under the line, I'm talking about a restoring of the phone to the default state via official methods.
Instructions would be given by the official support programme.
J2270A said:
Look around on [I can't post urls yet ]
It should give you some info in flashing and unlocking.
It can give people quite a headache, with all those terms.
________
As for the part under the line, I'm talking about a restoring of the phone to the default state via official methods.
Instructions would be given by the official support programme.
Click to expand...
Click to collapse
Ok, so from what I can work out, cyanogen does not support my device. Would doing it for a similar device work? Are there any ROMs that support my device?
under the line, restoring the phone via the official ways actually just wipes the user data, not including the HOSTS file which is what I need to wipe. What I really need it is basically a ROM that completely wipes my phone and reinstalls some version of android.
Any other ideas?
While there may not be official support for a phone for a custom ROM, you may be able to find unofficial ports/versions if you search for it in the forums.
From what I know, a system reinstall via official methods wipes data and almost everything else, then downloads from its servers system files to be installed to the phone. At least, my phone was reverted to a stock ROM when I restored it after using a custom ROM. It may be different for some, but generally, this is what I think.
Important: only use a ROM made for your device model only, do not use the ones made for a similar phone, the small differences are no longer small in this case and will cause a system error(?)
Generally, once you have successfully unlocked boot loader using a method for your phone, the instructions afterwards are generally the same for all phones. You'll be able to get better answers in the threads specifically for your phone, so try to look for one and look for the already tried methods,
Here's one:
<You'll need to quote to copy link>
Louietheflyisme said:
Hello everyone,
I use an LG Optimus L4 II (e445). I rooted it but then decided I had too much on it and decided to restore to factory settings. It all worked fine. However, when I got to the Google Account sign in page, it gave me the "couldn't establish a reliable connection to the server" error message. I followed every single tutorial I could find online as to how to solve this. None of them worked. Eventually, I re-rooted it (using VRoot) and managed to download an apk of ES file explorer and locate the hosts file. This had one line that shouldn't have been there:
127.234.104.240 android.clients.google.com
From what I can make out, this is the address of google's sign in servers. So somehow (I suspect malware/dodgy rooting program?) my hosts file has been edited to stop me logging into google. Restoring the device does nothing, neither does unrooting/rerooting. When I open up the file in ES (when rooted) and edit out the bad lines, I can't save for some reason- I think the /system folder is write protected.
So I tried to make the /system folder writeable. I used the android sdk to do this (mount -o command) but this did not do anything. I downloaded the mount /system apk and installed that, it did not help either. I tried /pull and /push on the hosts file to edit it and send it back using the apk. I could successfully pull and edit it, but it would not let me push it back. I'm kind of stuck here. I can effectively not use my phone- I can't use most apps and can't download any, and have no other solutions up my sleeve. Any ideas?
Thanks a lot,
Louis
(PS I hope I've posted correctly, I'm a n00b to this website )
Click to expand...
Click to collapse
Well, the same problem persists on my phone as well. Whenever I change the hosts file by removing the additional line, it saves but after some time it comes again and I have to remove it again and again!
Ish Takkar said:
Well, the same problem persists on my phone as well. Whenever I change the hosts file by removing the additional line, it saves but after some time it comes again and I have to remove it again and again!
Click to expand...
Click to collapse
I have this problem with my S3 and I always delete the "hosts" file! I should find witch process make this file!!

Recover deleted data in Samsung S9+ Secure Folder

Hi Experts,
I have accidentally deleted some important files in my Samsung S9+ Secure Folder, and trying to find the best way to recover them. Looking for the Experts advice!
I read through the forums but it seems rooting and wiping the device is a must, and looks like rooting the device will kill my Secure Folder and Samsugn Pay forever. Despite this, I think it still needs to be done. Please if anyone could offer me some advice, it is greatly appreciated. I am also fairly new to Android, so please bear with me on the very technical side of things.
What I have tried:
1. Download file recovery apps in secure folder but it only restores files from the downloads/pictures/videos folders but my files did not sit there...
2. Tried multiple windows software and play store apps, all asking the device to be rooted first
2. Tried to root my device with Kingo Root, King Root, One Click Root and Towelroot, all failed to root....
Thanks in advance for any advice on this.
Jeffrey
Umm..... The whole point of the secure folder is to house content that you don't want people to be able to access!
So no, there's absolutely no way to do it.
Sent from my SM-G965W using Tapatalk
Devhux said:
Umm..... The whole point of the secure folder is to house content that you don't want people to be able to access!
So no, there's absolutely no way to do it.
Sent from my SM-G965W using Tapatalk
Click to expand...
Click to collapse
Thanks Devhux. But if I root the device and do a disk recovery treating it like a normal hard drive, applications should still be able to run a thorough scan on everything deleted on it?
Unfortunately, no. The secure folder is heavily encrypted. Considering that Knox is certified by the US Department of Defense and NSA, you're not going to get at the data that was in Secure Folder.
Also note that Android works differently due to using Media Transfer Protocol (MTP) when connecting to a Windows computer. That in itself won't let you create a disk "image" like you can on a regular computer.
There's also the issue that if you're running a Snapdragon 845 model of the S9+ you won't be able to root anyways.
Sent from my SM-G965W using Tapatalk
Got it, thanks for the details. I guess there is nothing I can do about this then.
I think you should root your Samsung S9+ first. Then try with an Android recovery software or app. Also, this Android data recovery must be helpful with you.
www.android-data-recovery.com
If he root the phone, Knox will be tripped and a secured folder won't work anymore. Why you didn't log in your account in the first place? So Samsung Cloud will do a backup and when you reinstall the phone, everything will be downloaded again.

Categories

Resources