Better Mobile App

The TWRP Password Protection Thread

The TWRP Password Protection Thread
Yes, it has been discussed to no end. People say it makes no sense. More importantly, the TWRP team says it makes no sense:
Password protecting TWRP (lockscreen)
http://teamw.in/securetwrp
I've had people ask enough for a protected TWRP that I'm creating this page as a response so I don't have to retype. If you're seeing this page, you're probably asking, "Why doesn't TWRP offer password protection?" You want to lock down your device so that a would-be theif won't be able to wipe your device to get past your lockscreen and/or so they can't wipe away that cool app you bought from the Play Store that will let you track your stolen device via GPS. Well, here's the short answer:
Nothing trumps physical access to your device. If you've lost it, there's no way that TWRP can secure it.
For a longer answer, it's very easy for anyone with just a little bit of knowledge to get around any kind of security that TWRP might have. All they have to do is flash one of the other recoveries that's available that doesn't have password protection to get around it. Most, if not all devices have ways to flash recovery without needing to boot to either Android or recovery (usually via fastboot or download mode / Odin). Quite literally the only way to truly secure your device would be to render the USB port completely unusable which isn't an option for most newer devices that don't have removable batteries. Even then most devices could still be worked with via jtag though it's unlikely that a thief will go to the trouble of paying for a jtag service on a device that has a broken USB port. (Note: I am not recommending that you purposely damage your USB port as it will also likely make it very difficult to recover your device if anything ever goes wrong!)
I also don't want to offer a lockscreen / password protection because it offers such a superficial level of protection. Users rarely read and would skip over any disclaimers that we have that indicate that any protection that we displayed indicating that their device really isn't secure. If your device has fallen into someone else's hands, your best case scenario should be that you hope that they don't get your personal data. If you don't want someone getting your personal data, use Android's device encryption and a good lockscreen.
But it does makes sense in many cases. My objectives with this thread are: to change the minds of the TeamWin team members on this matter, and to discuss the best way to implement TWRP security. I will start by answering TeamWin's post.
1) Most people just want their data safe, not their phones unusable to burglars.
It is true that nothing beats encryption. But encryption with a trivially short PIN, pattern or password is useless. Raw access to the encrypted media allows brute forcing which in almost all realistic cases will recover the key in no time. Making it hard to reach the encrypted media would in these cases provide more security than encryption itself. And in any case, this would be added security, not replacement security, and can only strengthen the system (and in common cases, by a great deal).
The security of some phones is fundamentally broken, and there is nothing TWRP can do to fix that. The only fix could come from updated bootloaders. But bootloaders need to be signed by the phone manufacturer to work (so aftermarket bootloaders are not an option), and many companies are just not serious enough to care.
Case in point: dirty Samsung. All Samsung cares about is ending your warranty if you dare install software of your choice on your own phone. It has made it impossible for developers to overcome this by actually blowing physical fuses within the phone in their bootloaders if you exercise your freedom. Their "upgrade" bootloaders also blow fuses to prevent you from ever downgrading to the more permissive bootloader that might have been in the phone when you first bought it.
They care about invalidating your warranty a lot, but not at all about your data. I can grab a stock S3, flash whatever I want (voiding warranty, or so they say because in many countries it is rightly not so) and get to your data. So it better be encrypted because Sammy is not giving a damn to defend it.
But other phones actually make an effort to defend your data. This is the case of, for instance, all Google Nexus devices, and the OnePlus One. I name these phones because these are the only mass-market phones I know that do not try to take away your tinkering freedom with threats of voided warranties, and so are the only phones I consider when buying. (No feature is worth loosing your freedom IMO.)
These phones actually fully wipe your data when you unlock their bootloaders, a required step before any flashing is allowed. This means that if I grab a bootloader-locked nexus, I can wipe it but not get to the data without the lockscreen code. Well, unless TWRP is flashed. TWRP breaks the security that Google (and others) baked into their phones.
There used to be a good reason to avoid security in the old CWM days: CWM was not touch, and much less was capable of popping up a keyboard. TWRP has gone such a long way forward that now security can be easily implemented. There is no reason to break the security of good phones just because some phones are broken.
One could disallow access to the storage media on their phone (encrypted or not) by installing TWRP with a password and then relocking the bootloader. In this way, the modded phone would be as secure as its stock counterpart. Modding your phone would not longer mean zero security.
2) It turns out that those who want to disable the burglar's ability to reset the phone and sell it can actually do it in many cases!
It so happens that bootloaders usually do not wipe the phone themselves as it is "too complex" an operation. Many times during bootloader unlocking, the bootloader boots stock recovery instructing it to 1) do the wipe, then 2) reset the bootloader lock. If the bootloader is locked and TWRP is installed in place of the stock recovery and TWRP ignores these commands (as current versions do), then there is no way to wipe the data or unlock the bootloader (and thus no way to flash a door to the system) from fastboot.
So if you:
1) setup a TWRP lockscreen,
2) keep a flashable zip that unlocks your bootloader in your phone (see boot unlock scripts),
3) setup an android lockscreen,
4) download a root app that unlocks your bootloader (see BootUnlocker),
5) and lock the bootloader,
...then you are secure. You can recover bootloader access without wiping as long as either one of rooted android and/or recovery works. But you cannot use either without going through their respective lockscreens.
This prevents access to your data, but in the case mentioned here (recovery does the actual bootloader unlock) it also prevents wipes. In this situation, it is not difficult to imagine a burglar attempting to sell you back your own phone on the cheap. Of course suitable contact info would be displayed in your lockscreen. This is even more security than was planned by Google, and not less as is the current situation with TWRP.
I know for a fact that the OnePlus One works in this recovery-invoked-to-unlock-bootloader manner, and I suspect all Nexuses work in the same way. For these phones, anti-theft can be a reality, and getting them back after a robbery, a not so improbable scenario.
NOTE: It should now be obvious why it is very dangerous to lock your bootloader unless a working stock recovery is in place. If you cannot obtain root access in either android or recovery, your recovery is custom (and thus it does not unlock the bootloader), and your bootloader is locked, then you are stuck: you will not be able to unlock your bootloader without a JTAG rig. Under some circumstances this can render your phone unrootable or effectively bricked. This is in part our objective anyway: that burglars are not able to gain control of the phone, not even by full wipe. But it can seriously backfire if you make a configuration mistake or simply forget your passwords. Keep in mind that you can make these mistakes today, without security in TWRP. Bootloader re-locking in a scenario other thank return-to-stock is an intrinsically dangerous operation that only advanced users should attempt.
3) Encryption is insecure unless the boot chain can be trusted.
An adversary that gains physical access to your phone can dump and save a copy of the encrypted partition(s) and plant a password sniffer that later forwards the password to them. You cannot trust your password to a non-tamper-evident device that can be trivially modified. The only way to protect the boot chain from tampering in today's phones is locking the bootloader and restricting access to the recovery.
Countermeasures
Some SoCs are compromised. For example, a signed USB-fed bootloader for the Galaxy Nexus has leaked into the public domain, and with it the SoC of a Galaxy Nexus can be booted entirely via the USB port. A monitor software can be loaded that can read (or write) the complete eMMC (the storage). This is possible because either TI or Samsung leaked a properly signed debugging bootloader. This is an extremely rare case because this bootloader makes you God. I think some Kindle Fires also have a similar thing. Few phones had their security broken so drastically; compromised SoCs are the exception and are very few.
Finally, the attacker could open up the phone and use JTAG to directly access the eMMC. It requires equipment and know-how and work and time, and significantly adds to the full cost of robbing a phone, eating up their profit. Probably almost all phones could be recovered by JTAG.
But of course, there are countermeasures to countermeasures. Many people have discussed damaging JTAG traces, bond wires, or even the IC itself, and some JTAG ports can be irreversibly disabled by design.
Conclusions
1) TWRP is doing nothing in fundamentally insecure phones.
2) TWRP is disabling the security of secure phones.
3) Secure phones with TWRP could be as secure as they are with stock recovery.
4) In some cases phones with TWRP can be even more secure, preventing their unauthorized wiping and reselling.
5) A barrier blocking access to encrypted media can effectively protect more than encryption itself if short keys are used.
6) Encryption is insecure with an unlocked bootloader or an open-access recovery.
We have the rationale, we have the UI, we have the keyboard, and we have the great team of programmers behind TWRP: let's get this old rat hole plugged for good.

Implementation Ideas
Security is never trivial to implement, so I will accumulate some points here to guide the design of a solution. Fell free to contribute.
The passwords must be stored in an irreversible manner, using proven, properly salted cryptographic methods.
The password store (PS) should not be accessible to apps, or else they might attack it by brute-force. In /data/media devices, if the PS is stored in /data/media/0, it should be stored with restrictive permissions such that the fuse daemon will not reflect it into world readable /sdcard. Under kitkar (and even using a permission-less real fat32 /sdcard) files could be made inaccessible under folders in /Android i think. Otherwise the /data partition could work (ugly due interactions with nandroid backups). Also, bytes reserved in the /recovery partition itself could do the trick. NOTE: nandroid backups suffer the same problem: they are world readable copies of your passwords and auth tokens. It is imperative that general solution to this problem be found for TWRP. CM's recovery places the backup files outside of '0' in /data/media which is a good solution for /data/media devices. And going forward, this type of devices should be the norm.
adbd and mtpd should not start before the password is entered.
It is enough to ask for password once per boot.
adb on recovery is the data recovery method of choice when a screen is broken. it should be possible to enter the password via USB to enable adb and mtp with a broken screen. NOTE: by the same token, it should be possible to enter the phone encryption password via USB if any.
Both the recovery lockscreen/password and android lockscreen/password could be the same, since access to android's lockscreen data is needed for encryption support anyway and thus that code is already in place. But then, forget this one password and your phone is a brick!!!
If they are not the same, a way (an app) to change the password (or at least reset it) from root android should be provided.
There could be an official TWRP password manager app that stores the TWRP password in its private data in /data and TWRP could read it from there. (But the interaction with nandroid backups would kinda suck.)
To enter the password over USB, ideally a restricted adbd mode would ask for the password, then restart itself a la "adb root" switcheroo. So that standard adb can be used to enable adbd and another host tool is not needed.
There should be some throttling down of passwords tries both via the recovery popup keyboard and via adb. If the same password is used for android and recovery, then the throttling should not be less aggressive than android's.
Ideally the password hash in the PS should be stored in a way compatible with some proven challenge response authentication so that the data in the PS can support future unlock protocols that do not send the password in the clear.

kind invitation to read this thread:
@Dees_Troy
 @bigbiff
thanks!

Lanchon said:
Some SoCs are compromised. For example, a signed USB-fed bootloader for the Galaxy Nexus has leaked into the public domain, and with it the SoC of a Galaxy Nexus can be booted entirely via the USB port. A monitor software can be loaded that can read (or write) the complete eMMC (the storage). This is possible because either TI or Samsung leaked a properly signed debugging bootloader. This is an extremely rare case because this bootloader makes you God. I think some Kindle Fires also have a similar thing. Few phones had their security broken so drastically; compromised SoCs are the exception and are very few.
Click to expand...
Click to collapse
All MediaTek SoCs can be considered compromised, for every single one of them allows the entire ROM to be read back and reflashed using spFlashTool, even with a "locked" 2nd stage bootloader. Furthermore, their source code quality can be considered as "rotten to the core", I would bet my behind on the Mediatek kernel customization containing more than one exploitable hole.

harddisk_wp said:
All MediaTek SoCs can be considered compromised, for every single one of them allows the entire ROM to be read back and reflashed using spFlashTool, even with a "locked" 2nd stage bootloader. Furthermore, their source code quality can be considered as "rotten to the core", I would bet my behind on the Mediatek kernel customization containing more than one exploitable hole.
Click to expand...
Click to collapse
thank you for the contribution. it is good to know that all mediatek devices can be rooted and are effectively unbrickable.
it also seems that the opo is unbrickable: there seems to be a ColorOS leak that flashes the system by debug-booting the qualcomm soc.

This is really important stuff… pitty how most people are more interested in skins than serious security issues. Hope it gets the attention it deserves.

i forgot to mention in the first post that Philz Touch Recovery does have password support. (i think they are actually PINs.) i haven't checked how the security is implemented in Philz though. regrettably that recovery has been discontinued so further investigation seemed useless.
TWRP is such a great piece of software that i simply can't imagine any competition will dare take on it again. that's exactly why it's important to get security merged in TWRP.

Lanchon said:
i forgot to mention in the first post that Philz Touch Recovery does have password support. (i think they are actually PINs.) i haven't checked how the security is implemented in Philz though. regrettably that recovery has been discontinued so further investigation seemed useless.
TWRP is such a great piece of software that i simply can't imagine any competition will dare take on it again. that's exactly why it's important to get security merged in TWRP.
Click to expand...
Click to collapse
3 people in the entire world do a majority of the work for TWRP. We are welcome for contributions to the TWRP projcect at OMNI's gerrit for people who want to get this done.

bigbiff said:
3 people in the entire world do a majority of the work for TWRP. We are welcome for contributions to the TWRP projcect at OMNI's gerrit for people who want to get this done.
Click to expand...
Click to collapse
i thought of that, but adding a feature like this to TWRP probably requires too much effort for somebody who doesnt know the codebase. i imagine that TWRP is sort of an app framework in itself. i chose to advocate for it instead of implementing, i just can't justify the effort it would take *me*. i also tried to help by centralizing ideas on how it should be implemented, if somebody chooses to.
anyway, it's great to know you are not opposing the idea and you would consider merging if somebody implements, that is a good start.
btw, there is a tangentially related issue i'd love to hear your opinion on:
i hear TWRP can mount encrypted partitions and there is a UI for entering PINs, passwords, patterns etc. but i dont have my phone encrypted because if i break my display with the phone encrypted then im toast: i cant extract my files from the device anymore.
would you consider implementing a way to enter the encryption password via usb? maybe some sort of adb shell command?

UPDATE: Added a third item to the OP...
3) Encryption is insecure unless the boot chain can be trusted.
An adversary that gains physical access to your phone can dump and save a copy of the encrypted partition(s) and plant a password sniffer that later forwards the password to them. You cannot trust your password to a non-tamper-evident device that can be trivially modified. The only way to protect the boot chain from tampering in today's phones is locking the bootloader and restricting access to the recovery.

Thank you very much for this call, I highly appreciate it! Me, I consider securing Recovery also very essential, but instead of coding a patch I would like to contribute the overall discussion:
having a locked bootloader normally restricts you to booting a stock kernel without a bootloader-valid signature, right? Otherwise you could simply fastboot any kernel without flashing. But this can be an issue in case your kernel is outdated and has other security flaws which e.g. make it vulnerable from remote. In this case, you secure your device from offline attacks but stay vulnerable to online attacks. The hard questions is: which attacks are more realistic?
in "good old cm7 times", maniac103 implemented a password-protected CWM for the Motorola Defy which was based on entering a password sequence using the sensor keys (back, home, search etc.). See this commit.
many people argue against Android encryption because it is based on the "same password as for the screen unlock". This is essentially not true: It's just the front-end in almost all Stock ROMs which does not support it - the back-end does. You can set a much stronger passphrase for protecting your encryption key using comand line or a tool like this or this (both require root, stupid!). You still suffer from the hardcoded limitations in crypt.c (like only 2000 rounds, just 128bit AES, maximum 16 char limitation etc.) but much better than having just a numeric PIN! Please note that Android 5.0 also tries to store the encryption key in a more secure location than the footer of the disk partition as outlined here.
Even if you could overcome a TWRP password on a bootloader-unlocked device easily by fastbooting a different boot image, it still raises obstacles for a "stupid" attacker (e.g. you need a device with USB and not just a microSD card or USB drive+OTG cable). Although I would still consider it "security by obscurity", in essence, it's going in the same direction as JTAG also being hard(er) to exploit.
The same argument accounts for "dumping your encrypted partition and installing a sniffer" - it raises the barrier and the victim will likely notice that something is wrong (unless it's using a device that's unstable...) because the device will be off or rebooted. A counter-measure would be: if you find your device in such a state, boot into recovery and compare checksums of your boot and system partitions - probably many even more advanced attackers will probably forget to install rogue versions of md5sum/sha256 etc, and of course you could also carry a write-protected USB drive+OTG cable with a clean boot image, provided TWRP would allow you to boot from that (which afaik it currently does not).
Considering the huge security breach of an unprotected recovery, I would consider the option to recover stuff via adb from recovery a secondary objective. A more effective approach which could help against the problem of non-recoverable data from a hardware failure would be having the data already external - like in the approach I posted in this thread where I argue against keeping private data in internal phone memory. Unfortunately, on many devices this will not work with a locked bootloader unless you manage to modify the rootfs elsewise (but I assume recoveries like Philz seem to manage it already somehow with locked bootloaders).
There are many other attack vectors like a memory freeze which a locked bootloader can certainly make more difficult.

For instance, if we had a tool like https://play.google.com/store/apps/details?id=net.segv11.bootunlocker compatible with the OPO, it would be easy to have a pretty secure custom rom.
Scenario (encrypted of course) : unlocked bootloader, TWRP to flash some stuff, back to stock recovery then lock bootloader.
Each time you need back a custom recovery, you unlock the bootloader and to your stuff.
I always did that for the Nexus 4.

Defier525 said:
having a locked bootloader normally restricts you to booting a stock kernel without a bootloader-valid signature, right? Otherwise you could simply fastboot any kernel without flashing. But this can be an issue in case your kernel is outdated and has other security flaws which e.g. make it vulnerable from remote. In this case, you secure your device from offline attacks but stay vulnerable to online attacks. The hard questions is: which attacks are more realistic?
Click to expand...
Click to collapse
thanks!
no, it does not. android reference bootloaders (nexus, opo, etc) do not check kernel signatures when locked. they just disallow flash and boot commands. your point here is void.

Defier525 said:
Even if you could overcome a TWRP password on a bootloader-unlocked device easily by fastbooting a different boot image, it still raises obstacles for a "stupid" attacker (e.g. you need a device with USB and not just a microSD card or USB drive+OTG cable). Although I would still consider it "security by obscurity", in essence, it's going in the same direction as JTAG also being hard(er) to exploit.
Click to expand...
Click to collapse
personally i do not consider connecting the device to a host being any kind of bar raising at all. it is the realm of script kiddies and the standard way stolen phones are reset and/or returned to stock when they have a screen lock.
JTAG, on the other hand, is. it requires physically disassembling the phone and maybe modifying the board. it requires hardware and software tools that are not in the arsenal of the usual adversary. (i am not talking about the NSA!) i have JTAG hardware and use OpenOCD for hardware development but i have never attempted to JTAG a phone and probably never will. it is just too much trouble; not worth it.
modded phones will always be a minority. as long as mainstream phones do not need JTAG after being stolen, i predict modded phones that require JTAG to be recycled will not be recycled and will be sold for parts or maybe resold to the owner at a reduced price. (the "hey, i found this phone..." scenario.)

Defier525 said:
Considering the huge security breach of an unprotected recovery, I would consider the option to recover stuff via adb from recovery a secondary objective. A more effective approach which could help against the problem of non-recoverable data from a hardware failure would be having the data already external - like in the approach I posted in this thread where I argue against keeping private data in internal phone memory. Unfortunately, on many devices this will not work with a locked bootloader unless you manage to modify the rootfs elsewise (but I assume recoveries like Philz seem to manage it already somehow with locked bootloaders).
Click to expand...
Click to collapse
i do not. i do not encrypt my phone because i would not be able to access it with a broken screen. that proposition is unthinkable for me. i use software fallbacks such as keepass. this is a matter of priorities.
also, i dont consider the sdcard hack to be a valid alternative. i will answer to your thread here (but keep in mind that even if it were a valid alternative, this thread is about securing the recovery, not about other options):
-using an external encrypted sdcard with an untrusted boot chain leaves you vulnerable to all caveats of internal encryption, plus more. eg: wiping the phone to get control of its bootloader to plant an attack does not wipe the sdcard.
-the sdcard can be trivially dumped even with a trusted boot chain in place.
-many phones today, including my last 4 phones, do not even have sdcard slots (eg, most of the "free" phones: nexuses and the opo; some GPE phones do have slots) and you can expect the number keep falling down.
-sdcards are extremely slow compared to internal flash.
-sdcards tend to use much more power than internal flash.
-sdcards tend to be unreliable.
-the FTL in sdcards is not designed to handle the constant writing android will subject /data to. most FTLs do not provide good wear leveling, specially if cards are mostly full, and as a result the cards would probably fail soon.
-ASOP encryption of /data is all that is needed since the emulated "internal sdcard" is backed by storage in /data/media since reference android 4.0
-eMMCs in phones *do* provide secure erase commands! it has been a required part of the eMMC standard for years. commands are: SECURE ERASE and SECURE TRIM, and maybe later they added a SECURE DISCARD command, not sure. furthermore, reference android recovery does use these commands while wiping a phone.

Xoib said:
For instance, if we had a tool like https://play.google.com/store/apps/details?id=net.segv11.bootunlocker compatible with the OPO, it would be easy to have a pretty secure custom rom.
Scenario (encrypted of course) : unlocked bootloader, TWRP to flash some stuff, back to stock recovery then lock bootloader.
Each time you need back a custom recovery, you unlock the bootloader and to your stuff.
I always did that for the Nexus 4.
Click to expand...
Click to collapse
this is not solution. you can do this with the opo. it is trivial to use adb shell or the terminal to unlock the bootloader.
but what if android does not boot for any reason? you loose access to your phone? this is not a valid alternative for me.

Lanchon said:
this is not solution. you can do this with the opo. it is trivial to use adb shell or the terminal to unlock the bootloader.
but what if android does not boot for any reason? you loose access to your phone? this is not a valid alternative for me.
Click to expand...
Click to collapse
How do you do that with adb/fastboot without wipe ? (I mean I know oem lock / unlock but unlock implied wiping right)
For your second point, even if I lost access to the android boot, I always get fastboot screen so for me it's a pretty good alternative.

Xoib said:
How do you do that with adb/fastboot without wipe ? (I mean I know oem lock / unlock but unlock implied wiping right)
For your second point, even if I lost access to the android boot, I always get fastboot screen so for me it's a pretty good alternative.
Click to expand...
Click to collapse
you have to change one bit. you need to be root. there are threads that discuss how to, google them.

Lanchon said:
you have to change one bit. you need to be root. there are threads that discuss how to, google them.
Click to expand...
Click to collapse
Right, but adb don't use this trick.
That's why I said it will be cool when the bootunlocker app upgrade to handle OPO address bit.

Thank you for these comments! But could you (re-)post the arguments concerning the fitness of sdcards for /data in the other thread, please? This way we could keep the discussion more focused.
JTAG vs. fastboot: I agree with you, JTAG is a much higher obstacle for a thief and probably most will not go this way while I guess most "bring back to stock" tools work over fastboot anyways. I was just considering a different scenario, e.g. you leave your phone unattended for some minutes on a party.
Data recovery in case of hardware failure: Well this is in conflict with getting more security, unless you additionally secure adb in Recovery like you proposed...
Internal sdcard in /data/media since AOSP 4.0: This was new to me, but it seems to be implemented this way in my Nexus S. I just wonder why my Xperia V does not handle it this way then?
eMMC and secure erase: Okay this was new to me as well. But afaik, TWRP does not use these commands for wiping, does it?
locked bootloader and password protected TWRP: What if an attacker would try to fastboot erase the data or recovery partition? Will a locked, properly implemented bootloader prevent that?
My sd hack in general: I agree, that if this hack only works with a unlocked bootloader (like probably on my Sony) it is less secure than having a locked bootloader even without encryption. Therefore, I was already considering re-locking the bootloader and disabling the hack, but using at least a non-stock userland. Yet, the stock kernel will probably not see any updates anymore and thus will be vulnerable to any upcoming threats.
Yet I think that we both agree in the point, that having password protected TWRP would enhance security. Since TWRP already has all means of a password-unlocker screen in place (for dealing with encrypted /data), it should be trivial to provide a patch which asks for a password before it lets you do anything in TWRP. Maybe if I find some time I can try to see what it would take to implement it, but I am quite busy these days.
Nevertheless, I am quite interested in discussing the security of locked bootloaders and any attack vectors over fastboot in general here.

How can I unlock my phone?

Hi!, I have a RAZR D3 (XT919). It ships with Android 4.1.2, but I upgraded it to 4.4.2. A few days ago, I dropped it, and the screen shattered, the screen itself it's not broken, I mean, it displays what it needs to, but half of the screen lost the "touch" capabilities, meaning that I can't input my unlock pattern. I've tried everything in order to be able to unlock it (do not ask why I need it to be unlocked, I just NEED it unlocked), I tried through ADB, but, USB debugging is not enabeld (it actually IS enabled, but I can't confirm the debugging access to my pc because it does not show up the window that asks for confirmation, and, even if it did, I would not be able to tap it not because of the broken screen, because I think the touch part that is still working is in range, but because it would not let me tap it in the unlock screen), I tried through flashing a zip file (actually, lot's of them) that in theory disabled the pattern... yet, no luck (I'm aware that I may needed to input a random pattern, it didn't worked), I tried a file manager made for recovery mode, didn't worked either. So, in short terms, I tried tons of things to unlock the damn phone (factory reset is not an option) and nothing works. I just don't know what to do, I will be buying a new one, of course, but I need it unlocked right now. Oh, I also tried with a USB-OTG cable with either the pc keyboard and mouse, the device simply does not support it. So... yeah, I'm pretty much screwed. Don't be afraid to post any complicated solution, just keep in mind, to make it as clear as possible, thanks for caring and I hope somebody would be able to help me!

Do you have twrp installed?
If so, Go to twrp>file manager>data>system and there delete lockscreen.db and reboot

Black_Eyes said:
Do you have twrp installed?
If so, Go to twrp>file manager>data>system and there delete lockscreen.db and reboot
Click to expand...
Click to collapse
Sorry, I'm not sure that I do (most likely not), even if I did, how am I supposed to browse my files? I can't acces my phone through my pc either unless I enable US debugging (literally, it shows no folder neither files... it's like an empty windows folder), thanks for caring anyway

Nikephor said:
Sorry, I'm not sure that I do (most likely not), even if I did, how am I supposed to browse my files? I can't acces my phone through my pc either unless I enable US debugging (literally, it shows no folder neither files... it's like an empty windows folder), thanks for caring anyway
Click to expand...
Click to collapse
That's because phone is Pattern locked.
If there is no lock, you will be able to browse your files

Black_Eyes said:
That's because phone is Pattern locked.
If there is no lock, you will be able to browse your files
Click to expand...
Click to collapse
so... what can I do to unlock it?

what do u mean by unlock?
sim unlock or pattern unlock?

asadnow2k said:
what do u mean by unlock?
sim unlock or pattern unlock?
Click to expand...
Click to collapse
Pattern unlock, now the screen ins completly broken, it still shows the image, but the touchscreen itself does not work at all

i dont have any trick to bypass moto phones for samsung and lg i got

Nevermind guys, thanks for trying to help, but I already bought a new phone (LG F60). It's not that I wasn't gonna buy a new one anyway, but, I wanted to check some stuff on some apps that were on the functional part of the screen, anyway, you said you have some tricks for LG devices, if you know anything to get some tweaking or just for knowledge for any problem that I may encounter in the future, let me know (I don't want to root it yet because I will lose guarantee). With that said, thanks agakn for trying, I hope this is not the only time I'll get to this forum. See ya!

FRP locked Note 5

A friend of mine (not very technical) asked me for help - he has a FRP locked Note 5 (M1803e7sg) - 'this device is locked' 'This device is associated with existing xiaomi account' message constantly is on screen, so we cannot do much more than emergency call or connect with Wi-Fi.
Apparently, his son, who used the phone do not remember the email he registered an account (or do not want to remember it), so we assume there is no way to get it back, nor unlock miui.
This phone is legit, this friend of my has proof of purchase. He even send the phone to official Xiaomi warranty service prior to giving me, but they told him they cannot do anything. Like at all.
I tried multiple ways from youtube manuals, including wiping data or the one with Talkback. But none works in my case and a phone is still locked.
I'm aware that neither Miui soft won't work on this device. But could you guys advise if there is a way to get twrp in this state, erase, put new software (cyanogen mod or what not) and guide me the easiest way to do that?

Twrp is not possible without unlocking bootloader.
CyanogenMod no longer exist.
If you can provide the version of miui then maybe we can help.

Can you go to setting enabled dev mode and on oem unlocking? If yes, maybe you can watch youtube.

Of course it is MIUI 10.
SasugaWatashi said:
Can you go to setting enabled dev mode and on oem unlocking?...
Click to expand...
Click to collapse
nope, cannot get to settings

majk3l said:
Of course it is MIUI 10.
nope, cannot get to settings
Click to expand...
Click to collapse
Yes it can. Try search youtube. "Frp miui 10 fix" something like that.

Hey, so I was contacting xiaomi support. They failed to help me because I dont have Mi account ID nor email address bound to this phone?
Are they not able to say which ID I was using on this particular phone? Cause I am not - I erased it. I also lost emial bound to this account.
I have my phone case with all the numbers, original proof of purchase from local retailer. The phone is 100% legit.
I just lost mi account ID, why is it so much of a problem right now? It's only an aco**** that I was not using to anything.
This is only hardware, right? Why software limits how the hardware is running? You can always erase all the software that is there, including bootloader and load other, unlocked software. Am I wrong?
EDIT: no, I'm not wrong. I haven't found a solution so far, but fortunately my social engineering helped and I managed to restore mi account and pass.
It's a shame that Xiaomi do not have a better way to go in such cases.

RE:Help for lockpattern on huawei honor9

Hello,
I have Huawei Honor 9 STF-AL10(al09) (chinese version 6gb/128gb) which can not unlock. Before some days i gave the phone to my child for playing, then he put lock pattern and he forget it next day.I was using my phone with my fingerprint ,whitout know the lockpattern,and some days later, it says fingerprint suspend - pattern required. And i am trying everything and cannot unlock it. I know the email which is connect the phone, i try when open it in google devices, but is not allowed USB debug and not allowed Find my phone and cannot unlock. Is there have any way to unlock and keep information in. I have a lot of doc, notes and some apps.
I need to save everything as it is inside.
I can wipe and recover, but i need to save everything.
Is there any software do this(doesn't matter if its paying).
Until somedays i have option every 1 hours to try 3 times, but from now is every 24 hours only 1 time.
Or, if there have any way to unlock again with my fingerprint and after that i will allow usb debug and remove lockpattern?
Please help.
Thanks!
Regards,
Georgi

Have you tried third party programs like dr.fone?
This article has some positive reviews, check it out as well.
You can't unlock bootloader on huawei devices so you can't recover data from it :/
If you're desperate you can follow this article here to unlock bootloader on your device, it's quite expensive though.
Also unlocking the bootloader wipes all data and that's obviously not what you want.
Should all of the above mentioned fail then I really think wiping it is the only option.
Should you succeed then do post what worked for you here so anyone viewing the thread in the future knows what to do.

I can do wipe data/cache from boot menu and i can reset it, i know the email and everything, but i need to save everything as it is inside.
I was thinking, if there have any way to bring again to unlock with the finger print and i will fix it.
It is not a problem, i will pay for Dr Fone, but i was write to them to ask, is the software can help me, without losing anything inside, but they not responding me.
I am trying any combination with lock pattern, but the problem is that now is only 1 try in 24hours and killing me.
Yes, If i find solution i will post it, to save a lot of searching for somebody else.

jorkata785 said:
I can do wipe data/cache from boot menu and i can reset it, i know the email and everything, but i need to save everything as it is inside.
I was thinking, if there have any way to bring again to unlock with the finger print and i will fix it.
It is not a problem, i will pay for Dr Fone, but i was write to them to ask, is the software can help me, without losing anything inside, but they not responding me.
I am trying any combination with lock pattern, but the problem is that now is only 1 try in 24hours and killing me.
Yes, If i find solution i will post it, to save a lot of searching for somebody else.
Click to expand...
Click to collapse
If you know the email then why not reset the pin?
You can't get the fingerprint to work if it says fingerprint suspended, it's a security feature in Huawei phones and you have to enter your pin.
Try sending it to an authorized service center, they may be able to help you.

XDHx86 said:
If you know the email then why not reset the pin?
You can't get the fingerprint to work if it says fingerprint suspended, it's a security feature in Huawei phones and you have to enter your pin.
Try sending it to an authorized service center, they may be able to help you.
Click to expand...
Click to collapse
How to reset the pin? I have no PIN, i have lockpattern and fingerprint. Yes, it says fingerprint suspended.
I was try with Find my Phone, but i am not activate the location and the option find my phone and cannot connected when i open it from browser, i see my phone, i see the imei, but i cannot do anything more.
I was talk with the authorized center in my country Bulgaria, but they say, that they can only wipe data and restored, but I dont want this, i was ask them for the contact to the central service center, but they not gave me any information.

jorkata785 said:
How to reset the pin? I have no PIN, i have lockpattern and fingerprint. Yes, it says fingerprint suspended.
I was try with Find my Phone, but i am not activate the location and the option find my phone and cannot connected when i open it from browser, i see my phone, i see the imei, but i cannot do anything more.
I was talk with the authorized center in my country Bulgaria, but they say, that they can only wipe data and restored, but I dont want this, i was ask them for the contact to the central service center, but they not gave me any information.
Click to expand...
Click to collapse
What I mant by PIN is the device password, or lockpattern.
Did you try forgot my password?
If you have a Huawei ID and you're signed in on your device then follow this guide here.
If all of that failed as well then I'm sorry to inform you that your data is no longer recoverable.
Make sure to do regular backups to avoid this mistake again. I personally use this app.
Also turning on parental control mode when giving your device to your child is another way to avoid this happening again, I personally wouldn't blame my child for this.

XDHx86 said:
What I mant by PIN is the device password, or lockpattern.
Did you try forgot my password?
If you have a Huawei ID and you're signed in on your device then follow this guide here.
If all of that failed as well then I'm sorry to inform you that your data is no longer recoverable.
Make sure to do regular backups to avoid this mistake again. I personally use this app.
Also turning on parental control mode when giving your device to your child is another way to avoid this happening again, I personally wouldn't blame my child for this.
Click to expand...
Click to collapse
I can't remember to set Huawei ID.
Yes, for future i will know and not give it anymore ...
I will continue trying to searching , it must to have a way to do it.
Thanks!

jorkata785 said:
I can't remember to set Huawei ID.
Yes, for future i will know and not give it anymore ...
I will continue trying to searching , it must to have a way to do it.
Thanks!
Click to expand...
Click to collapse
I commend your determination annon, but please don't waste your time.
There is no way to recover the data. You don't have debugging mode on, no root, no unlocked bootloader or custom recovery, you don't have a Huawei ID, and google account/google find my device doesn't work.
I don't mean to interfere in your family issues, but as I said I wouldn't blame my child for it. Judging from the way you spoke they're still young.
Instead I'll turn on parental control mode before giving my device.

I will try to find a way with fastboot, if there have some way to do it, i can see the device in ADB terminal , it recognize it at fastboot device, when start the phone in fastboot recovery menu.
Yes, he is 8 year old, i'm not blame him, they are child - it is normal for them.

Realme 7 Pro Rejects my Password

Hello,
I have a realme 7 pro and this morning, after I turned it on, I entered the required password after rebooting and it rejected it.
The last time I used the phone was yesterday and I neither changed the password (it has been the same for months), nor did update.
How on earth is this possible?
I have never modified the system files since I bought the phone (no modding) and the bootloader is still locked (that's why I think I can't access the fast boot mode).
I can only access engineering mode and recovery mode.
Thank you in advance for your help.

thisisabyz said:
Hello,
I have a realme 7 pro and this morning, after I turned it on, I entered the required password after rebooting and it rejected it.
The last time I used the phone was yesterday and I neither changed the password (it has been the same for months), nor did update.
How on earth is this possible?
I have never modified the system files since I bought the phone (no modding) and the bootloader is still locked (that's why I think I can't access the fast boot mode).
I can only access engineering mode and recovery mode.
Thank you in advance for your help.
Click to expand...
Click to collapse
That's strange. Phone rejects the password even if it entered correctly if someone has tried to enter the password incorrectly earlier without your knowldge.
Please allow some time and then enter it again.

mvikrant97 said:
That's strange. Phone rejects the password even if it entered correctly if someone has tried to enter the password incorrectly earlier without your knowldge.
Please allow some time and then enter it again.
Click to expand...
Click to collapse
First of all, thank you for your reply!
I wasn't aware of this defense mechanism of smartphones, however to my knowledge no one has tried to access my phone by mistaking the password...
In any case, I will wait 24 hours without making any further attempts and then try again to enter it

I just tried again but nothing.
To your knowledge is there any company that performs such unlocks? I am only interested in recovering the data which is very important, otherwise I would have formatted it....

thisisabyz said:
I just tried again but nothing.
To your knowledge is there any company that performs such unlocks? I am only interested in recovering the data which is very important, otherwise I would have formatted it....
Click to expand...
Click to collapse
There are a few problems with such requests:
They often come from people with stolen devices (knowingly or not, no judgements here)
It's borderline illegal, which contests our 'do not get us in trouble' rule
There's often payment involved with such services (and rarely any guarantees), also against our rules
You'll find several "tools" to "help you" but they are often bundled with malicious software
In short, though we do support some good old exploit sparring, the topic resides in a dark corner. Nonetheless it's good to ask around, perhaps there's other people with the same problem (2 years after release, unlikely) or someone has heard of a rare bug related to the matter.
IMHO your best bet would be getting in touch with Realme (find them here). Definitely keep us updated if you do!

I also have this Realme 7 Pro (issue/bug? IDK) since January 11, 2023
I have set face recognition but useless after rebooting phone.
In Realme UI recovery mode v1.2, before using any commands like
1. Install from storage
2. Online update
3. Wipe data
Phone asks for lockscreen password FIRST. Even PIN is what I set.
Also I need to recover my data first before doing ALL Methods to gain access again.
Please help us.
Edit: I just add more details about mine.
RMX2170
Android 11
non rooted, I dont have plan to modify first.
That's why I did not enable "USB Debugging" before I encountered this "lockscreen PIN problem". Which is I need right now to establish connection between android & pc.
(Forgot password is also useless they just recommend to bring this to Service Center to factory reset but, goodbye files.)

exdeeei said:
1. Install from storage
2. Online update
3. Wipe data
Phone asks for lockscreen password FIRST. Even PIN is what I set.
Click to expand...
Click to collapse
It also applies to me
exdeeei said:
RMX2170
Android 11
Click to expand...
Click to collapse
My model is also RMX2170 but i have Android 12.
exdeeei said:
That's why I did not enable "USB Debugging" before I encountered this "lockscreen PIN problem". Which is I need right now to establish connection between android & pc.
Click to expand...
Click to collapse
Unfortunately, I am also in this situation, I can basically only use *#899#
For now, I contacted Realme who referred me to a local shop. I have contacted them but am still waiting for a response. I have a hunch that we will lose the data....

If the device is encrypted, you can not access data without unlock. Maybe Realme have something they can flash to EDL to unlock the phone and access data….