Related
Hi guys, so obviously is much better to root our phone, and I have it rooted, and I also have cerberus installed as a system app and hidden, BUT let's say that tomorrow someone steals my phone, I want to be prepared to block it or track it in more than just one way, and I have read that using the miui account block is also a very good way, but I dont know, since the bootloader is unlocked, isn't it very easy for the thief to just flash any rom and have it working well?, I know that much of the thiefs dont know anything about all this, but as I said I wanna take every precaution possible.
What would you recommend me to keep my phone more secure in case anything bad happens? Maybe I don't know, keep it rooted but still lock the bootloader, maybe this statement is very dumb haha Im no expert.
Just dont let your phone get stolen.
Modern problems require modern solution.
xjudexiii said:
Just dont let your phone get stolen.
Modern problems require modern solution.[/QUO
Click to expand...
Click to collapse
Lock your recovery is the only security you have. Lol. But like he said take good care of your device youl be just fine.
I have unlocked bootloader, custom recovery with PIN and Cerberus with fake shutdown in lockscreen. but I know that all this is just to make the thief's life a little difficult, because either the locked or unlocked bootloader is possible to bypass and format the phone.
now your question / scenario begs for little details!
on Unlocked bootloader,
1. you can always flash stock recovery (found in fastboot rom of beryllium) and replace twrp or
2. never flash recovery on unlocked bootloader and always boot it via fastboot command for security sake
HOWEVER
1. lets assume some one steal your device and boot is unlocked and he/she can flash twrp then what you should never flash DFE (disable force encryption treble) (via twrp) so that your internal storage stays ENCRYPTED and any recovery will be unable to MOUNT IT
2. use digit screen lock method so that any recovery will ask for password
The idea is, since hardware is stolen but the theif won't able to access your peronal information! and if he tries to boot up, he won't able to unlock by the digits you set as screen lock, wrong screen locks eventually trigger miui mechanism to give warning to wait few hours before retrying and until you reach a point where miui will NOT even allow you to unlock the fone. miui will consider it stolen.
(LG V30+ unlocked used with Metro) Everything was working fine last night, I woke up this morning and noticed my alarm never went off (I use 2 just incase so I didn't just miss it) I can't mess with my alarm, I can't change my phone settings, I can't access my gallery, I haven't downloaded anything strange, lookout says I'm clean, I noticed I got pretty close to running out of space but even after making tons of space it's still strange, I've pulled out my sim and sd, restarted the phone without them, no fix If I try to upload an attachment from my gallery it shows an empty gallery, android system says it can't take save screenshots, and I can't download apps, I'm at a total loss. I DO know that all my data is in there, just locked away.
Ace452 said:
(LG V30+ unlocked used with Metro) Everything was working fine last night, I woke up this morning and noticed my alarm never went off (I use 2 just incase so I didn't just miss it) I can't mess with my alarm, I can't change my phone settings, I can't access my gallery, I haven't downloaded anything strange, lookout says I'm clean, I noticed I got pretty close to running out of space but even after making tons of space it's still strange, I've pulled out my sim and sd, restarted the phone without them, no fix If I try to upload an attachment from my gallery it shows an empty gallery, android system says it can't take save screenshots, and I can't download apps, I'm at a total loss. I DO know that all my data is in there, just locked away.
Click to expand...
Click to collapse
You could try dirty flashing the stock ROM and removing magisk modules( run magisk in core only mode it's in settings)
tech_infinity said:
You could try dirty flashing the stock ROM and removing magisk mode( run magisk in core only mode it's in settings)
Click to expand...
Click to collapse
I have no idea what that means.
Ace452 said:
I have no idea what that means.
Click to expand...
Click to collapse
Are you using a rooted v30 or is it completely unmodified?
tech_infinity said:
Are you using a rooted v30 or is it completely unmodified?
Click to expand...
Click to collapse
totally unmodded
Ace452 said:
totally unmodded
Click to expand...
Click to collapse
When you say "unlocked" that means two different things -- "carrier unlocked" or "bootloader unlocked/rooted".
Carrier unlocked we don't really care about for stuff like this. What you were describing could be root app/module conflicting with another.
But you are completely stock.
Have you installed any new apps recently? I know you said nothing "strange" but strange doesn't come in the app title.
Something is corrupted about your phone or something is BLOCKING normal phone functions. If it's not an app you recently installed, then the only solution is to re-set your phone and/or reinstall your firmware.
If you were bootloader unlocked and rooted, you would have the option of restoring a recent system backup you made -- but you said you are not modded.
So...
1) You need to Master Reset your phone -- which will lose all your data. (Master Reset is sort of factory reset, but using the hardware buttons.)
With your device powered off, press and hold the Power button and Volume Down buttons simultaneously for a few seconds.
When the LG logo appears, quickly release and then re-hold the Power button while keep holding the Volume Down button.
Let go of the buttons when the onscreen menu appears.
When you see the option to Delete all user data (including LG and carrier apps) and reset all settings message prompt, press the Volume Down button to highlight Yes.
Then press the Power button to reset the device.
Wait until the reset is complete then reboot your device. If it’s able to boot up successfully, proceed with the initial setup.
Click to expand...
Click to collapse
2) If that doesn't work, then you need to use Dev Patched LGUP in Refurbish mode to reinstall your stock firmware. (Are you on Oreo US998 or Pie US998?) That will also lose your data.
there has got to be a way to do this without losing all my data...the crazy part is that I can't seem to get the phone to show as a hard drive on my pc when I plug it in.
Ace452 said:
there has got to be a way to do this without losing all my data...the crazy part is that I can't seem to get the phone to show as a hard drive on my pc when I plug it in.
Click to expand...
Click to collapse
As I said if you were rooted, there would be another way. You could boot into TWRP and restore a recent backup. Like going back in time.
But the two methods I just noted in my previous post are your choices, I believe. If you functionality doesn't come back after Master Reset, then the you need to reinstall stock firmware using Dev Patched LGUP in Refurbish mode.
Sure, if anyone has any other suggestions, please chime in.
______
You said you have V30+, but WHICH variant V30+? US998, I assume? But I hate to assume. Are you on Oreo or Pie? If US998 Oreo, which one? 20b, 20d, 20h? Or maybe even still on Nougat 10d?
---------- Post added at 08:46 AM ---------- Previous post was at 08:35 AM ----------
Ace452 said:
there has got to be a way to do this without losing all my data...the crazy part is that I can't seem to get the phone to show as a hard drive on my pc when I plug it in.
Click to expand...
Click to collapse
OK. If you are on older firmware, it might be possible to flash a firmware update in UPDATE mode which would save your data. This UPDATE might fix some stuff that is broken.
The more sure method is REFURBISH mode, but that definitely wipes out your data.
So, answer the questions I have been asking.
US998?
Are you on Nougat, Oreo, or Pie? If Oreo, which letter version?
The problem with getting my exact model number is I'm not sure where to look, not like I can look at my phone info in my settings. :/
I'm gonna look at my newegg order history and see if I can get those details
chazzmatt said:
as i said if you were rooted, there would be another way. You could boot into twrp and restore a recent backup. Like going back in time.
But the two methods i just noted in my previous post are your choices, i believe. If you functionality doesn't come back after master reset, then the you need to reinstall stock firmware using dev patched lgup in refurbish mode.
sure, if anyone has any other suggestions, please chime in.
______
you said you have v30+, but which variant v30+? us998, i assume? But i hate to assume. Are you on oreo or pie? If us998 oreo, which one? 20b, 20d, 20h? Or maybe even still on nougat 10d?
---------- post added at 08:46 am ---------- previous post was at 08:35 am ----------
ok. if you are on older firmware, it might be possible to flash a firmware update in update mode which would save your data. This update might fix some stuff that is broken.
The more sure method is refurbish mode, but that definitely wipes out your data.
so, answer the questions i have been asking.
us998?
Are you on nougat, oreo, or pie? If oreo, which letter version?
Click to expand...
Click to collapse
ls998 unlocked
Ace452 said:
ls998 unlocked
Click to expand...
Click to collapse
The only way to carrier unlock LS998 is to convert to carrier unlocked variant. I bet it's now US998 and probably still on 2 year old NOUGAT 10d.
Go to Settings/System/About Phone/Software Info.
You can use Update mode of Dev Patched LGUP and update to Oreo 20h, keeping your data. This will possibly fix your issue.
ChazzMatt said:
As I said if you were rooted, there would be another way. You could boot into TWRP and restore a recent backup. Like going back in time.
But the two methods I just noted in my previous post are your choices, I believe. If you functionality doesn't come back after Master Reset, then the you need to reinstall stock firmware using Dev Patched LGUP in Refurbish mode.
Sure, if anyone has any other suggestions, please chime in.
______
You said you have V30+, but WHICH variant V30+? US998, I assume? But I hate to assume. Are you on Oreo or Pie? If US998 Oreo, which one? 20b, 20d, 20h? Or maybe even still on Nougat 10d?
---------- Post added at 08:46 AM ---------- Previous post was at 08:35 AM ----------
OK. If you are on older firmware, it might be possible to flash a firmware update in UPDATE mode which would save your data. This UPDATE might fix some stuff that is broken.
The more sure method is REFURBISH mode, but that definitely wipes out your data.
So, answer the questions I have been asking.
US998?
Are you on Nougat, Oreo, or Pie? If Oreo, which letter version?
Click to expand...
Click to collapse
ChazzMatt said:
The only way to carrier unlock LS998 is to convert to carrier unlocked variant. I bet it's now US998 and probably still on 2 year old NOUGAT 10d.
Go to Settings/About Phone.
You can use Update mode of Dev Patched LGUP and update to Oreo 20h, keeping you data. This will possibly fix your issue.
Click to expand...
Click to collapse
I can't use settings
Ace452 said:
I can't use settings
Click to expand...
Click to collapse
OK then we'll have to assume what I'm sure is the situation.
I'm at work right now, but tonight I can post more Instructions.
ChazzMatt said:
OK then we'll have to assume what I'm sure is the situation.
I'm at work right now, but tonight I can post more Instructions.
Click to expand...
Click to collapse
Ok, I appreciate it
Ace452 said:
I can't use settings
Click to expand...
Click to collapse
See screenshot for what you should be seeing.
ChazzMatt said:
OK then we'll have to assume what I'm sure is the situation.
I'm at work right now, but tonight I can post more Instructions.
Click to expand...
Click to collapse
There has GOT to be a way to see all that with some sort of PC tool
Ace452 said:
There has GOT to be a way to see all that with some sort of PC tool
Click to expand...
Click to collapse
Dev Patched LGUP should tell you what firmware you're currently on. Program us installed on PC. You put phone into Download mode, attach to PC, before opening the program.
I can tell you more tonight.
ChazzMatt said:
Dev Patched LGUP should tell you that. Installed on PC. You put phone into Download mode before opening the program.
I can tell you more tonight.
Click to expand...
Click to collapse
How do I get into DL mode, and don't worry, answer whenever, I appreciate it
@ChazzMatt: You deserve even more credit for your helpfulness than you're already getting around here.
@Ace452: You could try LG Bridge on a PC and see if it can back up your phone. It may not if the system is completely messed up, but it's worth a shot. If it works, it can save the contents of Internal Storage to the PC so you have your photos etc. Saving App data is more doubtful given the situation, but still worth a try.
I apologize for wagging a finger, but I would point out that this is why regular backups are a good habit with any computer. Once a failure hits (which it always does, sooner or later) it's usually too late to save the date. In your case, there is a good chance that Google will have backed up some data, which can be restored after factory reset or on another phone.
Good luck to you. You have the best help you could possibly want!
Ace452 said:
How do I get into DL mode, and don't worry, answer whenever, I appreciate it
Click to expand...
Click to collapse
ENTER DOWNLOAD MODE
1) Power off
2) Hold VolUp
3) Insert USB cable
4) Wait for Firmware Update screen
5) NOW start LGUP
EXIT DOWNLOAD MODE
1) Hold VolDown & Power for few seconds
2) Phone should reboot
Hello
I am enjoying the life with Redmi note 9 pro, unlocked bootloader and custom rom.
However, I was thinking, if someone gets physical access to the phone he could boot in fastboot or recovery and get inside, right?
So if this is possible, what do we do to protect our information? Is it possible to password protect the booting?
Not if you use encryption. That's why it's there. If you have unlocked phone they can get to bootloader abd for example reinstall whole system a basically make their stolen/found phone working, but that is not possible without full wipe, which means also your data.
Gajdalf said:
Not if you use encryption. That's why it's there. If you have unlocked phone they can get to bootloader abd for example reinstall whole system a basically make their stolen/found phone working, but that is not possible without full wipe, which means also your data.
Click to expand...
Click to collapse
Hi,
Is there a guide for how to enable encryption after unlocking the bootloader on the Note 9 Pro?
Thanks!
Gajdalf said:
Not if you use encryption. That's why it's there. If you have unlocked phone they can get to bootloader abd for example reinstall whole system a basically make their stolen/found phone working, but that is not possible without full wipe, which means also your data.
Click to expand...
Click to collapse
If that's the case then I am ok. My primary objective is the data to be secured.
And do you know why there is no option to encrypt the SD card? I am at MIUI 11 V11.0.4.0.QJZMIXM
BuzzyMind said:
Hi,
Is there a guide for how to enable encryption after unlocking the bootloader on the Note 9 Pro?
Thanks!
Click to expand...
Click to collapse
Hi. The easiest way to accomplish this is to go to settings and search for "encrypt". Activate the "Encrypt device using lock screen password".
Just remember that if you forget this password there is no way to get your data back, and also the microSD card is not encrypted.
BuzzyMind said:
Hi,
Is there a guide for how to enable encryption after unlocking the bootloader on the Note 9 Pro?
Thanks!
Click to expand...
Click to collapse
Unlocking has nothing to do with encryption. These 2 things are not connected in any way. So if you have encrypted system (which is usually by default) unlocking bootloader will not change that.
I don't know where exactly it is on MIUI system, but if you search for encryption in setting you should be able to find it (exactly like Smartie083 said).
If I remember correctly some systems were able to encrypt also sd-card (not sure tho). If your system allows it (you will need to have such option somewhere in security), keep in mind that this will render such sd-card usable only in that device, not anywhere else. So taking it out and connecting to PC will not work etc.
Also if you are interested in security of your system, you might be interested in ditching MIUI, installing clean rom without gapps and if you need G-services then using it through microG (although interesting, I consider this as valid option just for total paranoia people, or people which are running away from law).
Also avoiding root and ensuring that selinux is enabled is helpfull.
Follow the instruction of your OS (GrapheneOS or CalyxOS) as normal, then just before locking the bootloader back follow the guide here. The end result is a OS with Magisk and root, but the bootloader can not be lock again (because of the root process).
So, if you would like to be able to record call, block advertisement and enjoy your device because it is your freedom to do with your device what ever you want, root your OS.
PS, if security is more important then privacy, rooting is not the way to go, at the moment I didnt find how to maintain both
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
shoey63 said:
Locking the bootloader will be essential in the future when Google enforces Hardware Backed attestation for those who use contactless payments.
This is good to know.
Click to expand...
Click to collapse
Source?
96carboard said:
Source?
Click to expand...
Click to collapse
It's all in This thread
Edit: More reading Here
shoey63 said:
It's all in This thread
Edit: More reading Here
Click to expand...
Click to collapse
Your links seem to be showing something about current issues that people are having, not about something "in the future" regarding enforcement of locked bootloader.
Edit: what I'm looking for is some statement from gooble that they intend to make some changes with respect to this, otherwise it appears to be just speculation.
Edit 2: The subject is also pretty off topic, since there's a good chance that it doesn't come into play at all with graphene or calyx, both of which do NOT include integrated binary gooble services. Graphene goes to a lot of trouble to make it installable, but strongly isolated from everything else, which includes restricting hardware status flags from being readable by it. Calyx promotes microG.
96carboard said:
Old news.
And technically, you CAN relock the bootloader if you wanted to, by resigning everything. There's links (somewhere, you'll have to search for it) to a program on git that someone wrote to do this, but I haven't tried it.
The reality is that locking the bootloader really doesn't do much for you. It might protect you a BIT if you lose physical control over it, but when you lose physical control over a device, you have to assume that its been compromised anyway.
Click to expand...
Click to collapse
It may be old news for you, I didnt find it anywhere. That is why I posted it here, just in case there are people like me that looking for that answer.
Asking in the GrapheneOS chats, I only got an answer that rooting is not supported and not recommended.
Since I'm using call recorder to my work and will be glad to block advertisements locally, and god forbid, I also would like to use either Graphene or CalyxOS.
I dont see other way around it unless using root.
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
HQwarp said:
Can you please send your links for looking back the bootloader? that will be awesome. Thanks!
Click to expand...
Click to collapse
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
96carboard said:
Use the search bar at the top of the screen, or read through all the other threads in the 6 and 6pro forums, that's what I would have to do to find it for you.
Click to expand...
Click to collapse
Very sad respond from you. You can be helpful and point me to the right direction and with less arrogance attitude of yours...
XDA is a place to share knowledge, not to show your arrogance on how good you are to type in google search.
FYI, if anyone want to sign the bootloader after using Magisk this is probably the way
Rooting Graphene/Calyx/LeOS/DivestOS/eOS/CopperHead completely defeats t he purpose as now it gives potentially a malicious app root abilities.
As the head of Graphene's Twitter once said "but why... that opens so many security risk doors"|
You can't re-lock the bootloader with root unless you create a new avb-key. Don't bother rooting security roms, its pointless.
Yes, you are right, it is lowering the security of the phone. But, that's ok, each one with his use case of attack. If it is ok for you to use your phone without sudo, good for you. Since I'm not Edward Snowden and I'm not afraid to use sudo on my machines, and when I do, I know enough when and how to use it.
Therefore, I don't see why I can't use sudo on my phone. Especially when some of us do need our phone to perform tasks that currently are not supported by Security oriented OS as you mentioned, AND also do want to lower our information footprint on the net. For this case using sudo on the formation ROMs seems ideal.
HQwarp said:
Very sad respond from you.
Click to expand...
Click to collapse
Very sad that you expect to be spoon fed when you have the capacity to search for yourself.
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
This is exactly what I needed https://github.com/chenxiaolong/avbroot
I believe so anyway, still actually trying to get it to work, just need to setup android studio as far as I can make out
then you can easily patch the rom with magisk and sign it with your own keys
And this information could be useful as well https://forum.xda-developers.com/t/signing-boot-images-for-android-verified-boot-avb-v8.3600606/
FireRattus said:
to make it easier for people who may look for it (I was one of those people)
this is that script mentioned earlier which will allow you to resign the rom to allow you to lock the bootloader with Magisk https://forum.xda-developers.com/t/...s-and-add-adb-root-and-other-changes.4440367/
Click to expand...
Click to collapse
So how would this work? Would I have to unlock and wipe after every update
cammykool said:
So how would this work? Would I have to unlock and wipe after every update
Click to expand...
Click to collapse
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
FireRattus said:
I have been working on this when I have had time, I have been able to successfully flash Graphene with Magisk and lock the bootloader, turning what I learned into this guide https://forum.xda-developers.com/t/lock-boot-loader-magisk-root-grapheneos.4510295/
I believe there is a way to update with signed OTA files that are patched with Magisk, using AVBRoot that I use in the guide
I haven't figured this part out yet. it took me long enough just to work it out for the firmware/system rom but I will definitely be trying and updating the guide as I learn more about the process
Click to expand...
Click to collapse
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Spl4tt said:
That sounds extremely promising.
Since proton is obsolete now, I'm searching for a rom with sandboxed google play that I can root. Rooting GrapheneOS seems to be the only way for that.
Locking bootlaoder doesn't really matter to me, but rooting graphene and then being able to dirty flash updates later (I don't care about OTAs, even if it's cool and comfortable) is important.
How would you update graphene right now when you're rooted? Just dirty flash the new rom, then flash patched boot.img?
Click to expand...
Click to collapse
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Follow step 6 in the previous section to patch the new OTA (or an existing OTA with a newer Magisk APK).
Reboot to recovery mode. If stuck at a No command screen, press the volume up button once while holding down the power button.
Sideload the patched OTA.
Reboot.
Click to expand...
Click to collapse
FireRattus said:
If you don't care about locking the boot loader you do lose some physical security advantages of it
but it does make the process easier, I believe you should just be able to use AVBRoot as it's intended
GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
Maintain Android Verified Boot using a custom key while rooted with Magisk - GitHub - chenxiaolong/avbroot: Maintain Android Verified Boot using a custom key while rooted with Magisk
github.com
Once you have completed all the initial steps then updates are as simple as
Click to expand...
Click to collapse
If updating is that easy with a locked bootloader I'm gonna try this. Thanks for your efforts man
Anyone know if I can I expect the same procedures to work for GOS installed on a Pixel 5 or 4?
Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
missmilla said:
Please be kind if this is a stupid question - I'm very new to this and learning fast.
Would it be possible to add a signature to aromafm or to a lock pattern removal script, using the leaked Samsung platform certificate (as recently reported), and if so would that allow it to be sideloaded to stock recovery in a Galaxy S9?
I recently had to add a pattern lock - which I somehow managed to immediately forget. Even though it was a simple pattern specifically chosen to fall naturally under the hand so that I wouldn't forget it... I've tried so many variations that it's now making me wait 24 hours between attempts. It also turns out that data that I thought was backing up externally was actually only going to internal storage, so I really don't want to do a factory reset without trying absolutely everything else first.
Galaxy S9
Not rooted
Bootloader is locked
USB debugging is enabled
ADB can see the phone but it's not authorised
ADB sideload does work - but of course any scripts need the Samsung signature.
The phone is not registered with Samsung, so I can't unlock it through my Samsung account.
I realise it's clutching at straws but would the leaked platform key be a way in?
Click to expand...
Click to collapse
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
V0latyle said:
While XDA prides itself on being hacker friendly, we shy away from anything that could result in legal liability, which is why we do not permit the sharing of any proprietary material, even if it's already in the public domain.
So in a nutshell....I imagine that if one did have a valid key, and signed an update package using that key, they could potentially use it to exploit their device, such as changing the props to allow bootloader unlocking, thereby permitting custom recoveries. Samsung as far as I know does not protect the system image with Verified Boot, so it is possible to modify /system without incurring a boot failure.
All that being said, the point is pretty moot, because as I pointed out we do not allow sharing anything that is licensed intellectual property, so any discussions on the topic would have to be rather...vague.
Click to expand...
Click to collapse
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
missmilla said:
Thank you, that's really helpful. I was thinking more whether simply adding a signature to a script would let that script be used directly with stock recovery, rather than unlocking the bootloader to flash a custom recovery (which I suspect would be beyond me), but it sounds as though in theory it might be worth a try. At this stage I probably have nothing left to lose as I'll have to to a full reset anyway if I can't find anonther way in.
Click to expand...
Click to collapse
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
V0latyle said:
I'm honestly no expert on this kind of thing, but if I'm correct in my assumption that Samsung does not protect the system image, then yes - you could, in theory, use the leaked key to sign an update package that could patch /system to gain root. This would require knowledge of exactly how Samsung signs their updates. However, if the system image is protected, this would cause a boot failure, as AVB would detect the modification.
But.
If the above were possible, then the best course of action would be to create a script that would set ro.oem_unlock_ability=1 and sys.get_unlock_ability=1, after which the user would immediately reboot to download mode and unlock the bootloader, because once you've unlocked the bootloader, you've removed a lot of restrictions - you can flash a custom recovery, flash a root patch, flash anything you damn well pleased.
Click to expand...
Click to collapse
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
Click to expand...
Click to collapse
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
blackhawk said:
I doubt it's that easy unless you have in depth detailed knowledge of the encryption system and precisely how it's implemented. It's designed to be hard to hack. As for the stolen Samsung data be careful what you download. You may end up with something extra like a partition worming rootkit(s). boom. That was too easy.
A data recovery specialist that works with Samsung's is your best shot if you really need the data. Around $800 seems to be a going rate, maybe less but expect to pay a couple hundred.
In the future redundantly backup critical data to at least 2 hdds that are physically and electronically isolated from each other and the PC. Copy/paste only then verify the copy file size and that the backups are readable. Otherwise sooner or later you will lose data, money or both.
Click to expand...
Click to collapse
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
It's ludicrous that Samsung won't let you unlock a phone if you can prove it's your own.
blackhawk said:
If in the US try a Samsung Experience center at a Best buy.
I never set locks on my phones, bios's or use encryption on data backup drives because you are always the one most likely to be locked out, sometimes through no fault of your own
Digital data is fragile unless it's redundantly backed up.
Click to expand...
Click to collapse
Thank you. I'm in the UK but we do have a couple of Samsung Experience Centres here so I'll try asking. Oh I will definitely be making multiple, unencrypted backups from now on! I will also be rooting the phone and installing a custom recovery just in case.
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
missmilla said:
Thank you, I will do some more digging around. Would unlocking the bootloader that way not wipe the data?
Click to expand...
Click to collapse
Unlocking the bootloader will always require a data wipe.
missmilla said:
Do you think it would brick the phone if I tried and it didn't like it, or would it just give the signature verification error like it does now?
Actually, looking again, I think I might have misunderstood. I thought the certificates themselves had been published (so wouldn't have to download anything), but what's shown may just be a hash of the certificate and so wouldn't give me the actual key anyway... I'm finding it all rather confusing.
Click to expand...
Click to collapse
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
blackhawk said:
If you start playing with the firmware bricking the device is always a real possibility especially if you don't follow the protocols correctly. I never had to flash any of my Samsung's in 12 years, all are still working today. I don't do OTA updates either, ever, the potential to brick them like that is higher with you having zero control.
Samsung would really love to sell you a new expensive phone...
Some lessons you end up learning the hard way. I lost a 30yo database that is irreplaceable
Learn from your mistakes and press on. It's a lot easier though to learn from other's mistakes.
Click to expand...
Click to collapse
Probably not something to be messing around with when I don't know what I'm doing then.
Ouch! No wonder you're so careful with backing up... as I will be too from now on. Lesson learned
V0latyle said:
Unlocking the bootloader will always require a data wipe.
The stock recovery will refuse any packages that are not signed, or are signed with an unrecognized key. There's other measures in place as well.
Click to expand...
Click to collapse
It's sounding like I'd probably better count my losses and leave it alone. And be more careful in future. All this has got me itching to try stuff out though. Possibly not on my one and only phone, but maybe if I can get a cheap second hand one to play with, or the S9 once I eventually upgrade - it sounds so much fun!
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Skorpion96 said:
You can use the key to sideload an update, if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures, but the problem on this is where you can find the certificate? Nobody will tell you where you can find it because who has it remains silent and also communities do not allow this kind of sharing.
Click to expand...
Click to collapse
Thank you. Yeah, I thought I had seen someone publish the certificate, but I misunderstood. So wouldn't be able to get hold of it what with not being familiar with the dark web!
Skorpion96 said:
if I were you I'll try to flash a blank vbmeta and magisk boot so that you can bypass dm-verity and other measures
Click to expand...
Click to collapse
you can always flash blank vbmeta on low level (such as usbdl, edl or bootrom mode) but that's not how it works.
aIecxs said:
you can always flash blank vbmeta on low level (such as edl or bootrom mode) but that's not how it works.
Click to expand...
Click to collapse
Depends, if your device is made in USA you can't. I was only suggesting a way to bypass flashing restrictions hoping that bootloader lock don't block you. Normally bootloader lock blocks unsigned flashing but if you are able to bypass it during flash maybe you can boot unsigned firmware, I'm not sure though. To flash stuff you can use an exploit or escalate privileges with a signed app that updates a system one to become uid 1000 and after that you can do setenforce 0 or setenforce permissive to set kernel permissive
No no, locked bootloader prevents booting unsigned boot, vbmeta, etc (not flashing in first place)
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
aIecxs said:
@missmilla just realized you wanna break into your device? this was always possible for S9 (encrypted with default_password) but it's not easy
https://www.forensicfocus.com/news/samsung-exynos-support-in-oxygen-forensic-detective
Click to expand...
Click to collapse
Apparently the Qualcomm variants aren't suspectable to this hack. Only Exynos models are listed.