Related
ok have just been given a xdaII by work but can not get past the cognito software it is running. I have no access to any of its features or even the software. i cannot delete software as it is for work any help would be very apreciated thanks
griz
anybody know this software?
Cognito Mobile Management is a powerful administrator function, enabling user rights to be applied to mobile terminals. Managers are provided with the tools to define parameters for voice and email usage; apply restrictions to Internet browsing; dispatch configurations, software updates, address books and system templates; and remotely retrieve detailed usage analysis. Most importantly all capabilities are executed remotely and discreetly.
Is this the Cognito you mean, grizly, or are you talking about the mobile messaging Cognito which takes over the entire device?
Messaging Cognito I can tell you a bit about - With the Siemens SX-56, the software installed itself from an MMC card. If you took out the MMC card and performed a hard reset it would go into normal Windows Mobile. However, you do lose ALL your messages. I've stopped working with Cognito units now so I couldn't tell you what they did with the XDA2 - though it's a safe bet it's in the Extended ROM. Unfortunately the software is pretty watertight. Early versions had bugs which would cause the phone tones to be heard when you hit the right regions of the screen - and, I think, allowed dialing! - but they probably fixed that (not that there was actually any way into the OS from the phone) so you're pretty much stuffed unless you overwrite the ROM. And then you won't have the Cognito software or data, and you'll be totally screwed.
grizly, I think there is a suggestion that Cognito lets the controller know when attempts have been made to circumvent the system, in fact every single keycode is probably uploaded at intervals. Is it worth trying? There is a reason for the installation of the cognito system, maybe you could buy your own phone and play to your hearts delight.
well i know the software is run from the memory card and it does take over the complete device so nobody actually knows a waay to get round this without losing information?
so can take it there isn't anyway then
You could try removing the memory card if present then doing a reset but as was said they have probably written bespoke software to the extended rom then locked so that even a hard reset will loop back to installation from extended rom which puts you back where you began but minus any data you may have had on the phone. can you say what it is you were hoping to acheive if it was possible to access the functions of the phone, or is it a secret?
The Cognito messaging software is basically a messaging app. Cognito used to use devices which had a 40x4 LCD display and a keyboard - clever little unit, looked quite robust.. but people still managed to **** them up on a regular basis. NTL used to use them as well as the company I worked for. They ultimately turned off the national radio network that the devices worked on - and instead of adapting the existing devices to run on GPRS or GSM, they backed out of the hardware thang and bought COTS devices. To save themselves many problems with support calls, they simply removed the ability to use any Windows functionality. I mean *ANY* Windows functionality. Many of our staff finished up with a laptop, a company mobile AND a PDA-Phone with the software on it. Which was a bit stupid when they could have just had the damn PDA and made calls from that!
grizly - is this the system you mean? With a grey background? There is NO way round it - even if you hacked up the installer etc and managed to create some magic key combination to show the Start menu/Today screen, you'd lose all your data and you'd have to call HQ and ask them to resend everything. And that gets suspicious after the 3rd or 4th time.
.. please don't expect replies within 24 hours every time - I sometimes don't check this board for a week and I'm sure others are the same
madkat said:
Is this the Cognito you mean, grizly, or are you talking about the mobile messaging Cognito which takes over the entire device?
Messaging Cognito I can tell you a bit about - With the Siemens SX-56, the software installed itself from an MMC card. If you took out the MMC card and performed a hard reset it would go into normal Windows Mobile. However, you do lose ALL your messages. I've stopped working with Cognito units now so I couldn't tell you what they did with the XDA2 - though it's a safe bet it's in the Extended ROM. Unfortunately the software is pretty watertight. Early versions had bugs which would cause the phone tones to be heard when you hit the right regions of the screen - and, I think, allowed dialing! - but they probably fixed that (not that there was actually any way into the OS from the phone) so you're pretty much stuffed unless you overwrite the ROM. And then you won't have the Cognito software or data, and you'll be totally screwed.
Click to expand...
Click to collapse
You said that after taking out the mmc and hard reseting the device it goes to normal Window Mobile but it doesnt for my MAgician PM10B. I even tried flashing it but still the Cognito Starts up itself.
Pls Help
just a single hard reset and the device will on with windows mobile logo and qualities
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
looking for something kinda like this, but useful...
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
I have a customer that has an Asus Vivo with Windows 8 RT, and somehow he has lost/forgotten his password. I am new to the Windows RT environment, thus I can see why people dislike it. I was wondering if there is anyway to mount the Tablet to a PC to back it up; a way to possibly reset the password with out resetting the whole device to factory defaults; for I am lost and have searched the web for ways to do so, but no one seems to have an answer. Any help or suggestions would be very much appreciated.
Thank You
Jamie
If it was set up using a Windows Live account (or "Microsoft account" as they're now called), just use the standard paswword reset function on the website.
If it was using a local account (possible but not a great idea on RT) then the best bet is Safe Mode (Shift+F8 during bootup; might be possible with a Touch or Type cover but probably easier via USB) and log in as Admin, then force a password reset of the account. Possibly useful info: http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/
As a side note, resetting the whole device, if it was using a Microsoft account, is relatively painless; your apps will need to be re-installed but you won't be charged again, your email and such will need to re-download but should already be configured, all in all it's fairly straightforward. Now, if there's documents on the tablet that for whatever reason aren't anywhere else... that's a problem if you reset it. No way to pull the storage and mount it in another PC, either.
What's your beef with RT from what you've seen of it so far (which it sounds like probably consists of nothing but the boot screen and the login screen)? It's only meaningful distinction from full Win8 is the need for ARM-compiled apps and the restriction of third-party code, but the first is a fact of life for any ARM-powered tablet (damn near all of them until quite recently; still most of them) and the second is easy to bypass. From an administrative position (i.e. trying to reset a password) it's identical to Win7.
I appreciate the quick response. Unfortunately this is tablet was not setup with a Microsoft Account, but was setup with a Local User account.
The only way it seems you can get into the options for boot with this tablet is holding the shift key and restarting it while you are at the login screen. I have tried to hold shift and tap f8 at a fresh start-up and the tablet continues to boot to the login screen.
Now when I hold Shift and restart the tablet, it goes right to Choose an Option, then I click Troubleshoot > Advanced Options > and there all I have is Automatic Repair, Command Prompt (Which you can't use without logging in to the local user account), and Startup Settings.. Under Startup Settings the only options it has is: Enable low-resolutions video mode, Enable boot logging, Dissable Automatic Restart on system failure, and Disable early-launch anti-malware protection.. It seems to me that this Asus Tablet with Windows RT does not have safe mode..
Thank You,
Jamie
Windows RT doesn't support safemode. It's possible to get at with some BCD tweaks, but it's not very straightforward.
Actually, pretty easy to get to it just using msconfig (assuming you can boot into Windows first). The downside: no touchscreen drivers, no Touch Cover drivers, no support for many of the peripherals. You'll need a USB keyboard, and probably a USB hub and USB mouse as well. A less "minimal" configuration might work better.
If you think there's a reasonable chance you'll need Safe Mode in the future, I recommend adding a second boot option to the main boot list (just clone the default one) and configuring it for Safe Mode. That's probably the easiest way... but it has to be done proactively.
GoodDayToDie,
Where you say "Actually, pretty easy to get to it just using msconfig (assuming you can boot into Windows first)," what do you mean by "(assuming you can boot into Windows first)?" I can boot into windows, but I cannot login because my customer has forgot his password.
This is a reason why I have an issue with Windows 8 RT, for there is no Safe Mode by default.. Micorshaft seems to be like Apple, thus locking the OS down to where you do not have full capabilities to fix an issue with there OS. It is too bad that you cannot run typical diagnostic tools off of a disc, because of the Hardware that they chose for the tablets... Only if they would keep a traditional chipset for both Linux (android) and Microsoft (Windows 8 RT), you could do all that you could with x86 and 64bit architecture. They need to keep things simple and compatible, instead of using prioritized junk.
Sincerely,
Jamie
I mean "boot into an interactive Windows session". If you can't get past the login screen, *you* aren't really into Windows (the machine might be running it, when I said "you" I meant you, personally). That's as true for RT as for any other OS.
Out of curiosity, what would you do if the client came to you with a BitLocked laptop and said they forgot the password for that? Well, obviously you'd tell them to use the recovery key. But it turns out they ignored the advice of the BitLocker installer and never saved the recovery key anywhere. Not good, right? OK, now what if it was a smartphone, and they forgot the PIN? There's a policy in place from their employer that ten failed PIN attempts in a row will will wipe the device. Now what?
They're screwed. Just like your client is here.
Look, the default configuration of Safe Mode on x86 versions of Windows is a security liability. It's a trivilally exploitable direct-to-admin elevation of privileges... assuming you have physical access to the device. On desktops, and to a lesser extent on laptops, that's not really a concern; the assumption is that if the attacker has physical access, it's already game over. On tablets, that's much less true. Tablets are sealed devices; there's no easy way to get the hard drive (or rather, the flash memory chip) out of one. They're designed to be highly mobile, and to a certain extent are designed to be shared - certainly many of them are used at kiosks and the like. They're also both easy and attractive targets for theft. The threat model is very different.
On x86 versions of Windows, if you're concerned about a local-access attacker, you use BitLocker and you set a strong password on it. You also change the admin password, so even if somebody gets through BitLocker (or they got to your machine while it's running already), they can't trivially gain full control over it. That's because protecting against local attackers is not the expected level of protection needed, so it's not the default configuration.
On tablets, if you're *not* concerned about a local attacker, you might do things like enable Safe Mode (which, from a security perspective, is actually Unsafe Mode), or disable BitLocker key protectors (possible even if an Exchange policy forces you to turn BL on). Similarly, if you weren't worried about forgetting your password, you might use a local account and not bother to create a password reset disk (yeah, that's still possible. Nobody ever does it, but it's possible). That's because the most likely attack, by far, will be somebody who has stolen the whole device and therefore the default configuration is to provide whatever security which can be offered in the face of such a situation.
Apparently, if you are worried about local attackers but *aren't* worried about losing your password, and then you lose your password anyhow, the thing you do is go complain to an IT shop. The IT guy then comes and asks an online forum how to do his job. The forum gives him the help they can. The IT guy then rants about Microsoft when the help offered is "insufficient".
Here, pop quiz for you: Which of the following people is it the fault of that the customer can't access their account?
1) Microsoft, who provide at least five different ways to reset the password (online account, password reset disk, enabling the Admin account for normal login, creating a second Admin account, or enabling a Safe Mode boot option) plus allow you to have the tablet remember the password for you (auto-login) or use no password at all.
2) Myself and the other members of this forum, who are offering what help we can, unpaid, of our own free will, because we care enough about this OS that we'll help people adapt to it and hope for nothing more than a "thanks"?
3) You and any co-workers you might have, who despite doing this for a living, are unfamiliar with the security model of a new OS... but are willing to pile abuse on that OS and its developers when they close a security hole that you expected to find open?
4) Your customer, who ignored Microsoft's advice about using an online account (justifiable, but a nonetheless questionable decision given the intended use of RT) and also ignored or avoided good password management techniques (like using a hard-to-remember password without creating a way to change or reset it, and without writing it down anywhere)?
I'll give you a hint: it's not 1 or 2.
Oh, and you can totally run diagnostic tools. Hell, the tablet comes with a bunch of them built in, but you can also boot off USB. Yeah, they need to be compiled for ARM, but - as I just pointed out - Microsoft ships a suite of them with the tablet. They even include a tool that can solve an unrecoverably lost password: wipe the system and start again. On previous Windows versions, you'd probably to do a full re-install at that point! Think of the time saved. However, "login as admin without any password" (what the default configuration of Safe Mode allows) is *not* a diagnostic tool. It's a gaping security hole.
Also, Safe Mode is totally still available. However, much like logging in *all the time* using the built-in Administrator account (possible by default on XP and before, disabled by default on Vista and later), allowing anybody who wanted to to boot into a full-permission no-password (by default) account was deemed too dangerous on RT. I was suprised when I discovered Safe Mode missing from the RT boot menu as well... for about 5 minutes. Then the obvious reason for it clicked. I went and enabled Safe Mode on my tablet anyhow, because it *is* a potentially useful diagnostic tool... (although, since neither theTouch Cover nor touchscreen work in Safe Mode, it's actually really hard to use) but I also changed the Admin password, so for your use case it wouldn't do any good anyhow. That's OK; I have the ability to reset my own password if needed. Admittedly, MS could have taken care of this themselves by removing the ability to log into disabled accounts when using Safe Mode, instead of disablign the mode by default... but that wouldn't have done you any good either.
I think the tl;dr version of what GoodDayToDie said is as follows:
The fact that you can't get into this tablet isn't microsofts fault at all, its the customers fault for being a complete and utter moron who can't remember a password and completely ignored the fact that the windows 8/RT setup process really wants you to make an online account rather than a local one which if he had done wouldn't have left us in this position.
Safe mode is a total security liability. That's why in my school they have disabled safe mode and also password protected the bios which is setup so you can only boot from the hard disk. There is then a sensor on the case which triggers when the side panel is removed which then causes the bios to prompt for password just after the POST check on next boot. Stupidly they have soldered the screws down on some machines, hilarious watching them trying to get the machines open again, they sit there with dremels trying to cut new slots for another screw driver why they don't just remove the solder with the hot air guns and soldering irons in the workshops is beyond me.
You might be able to edit the bcd to enable safe mode, but I suspect that the tpm will fail checks and refuse to give the bitlocker key if you do that. I know it'll cause integrity checks to fail on x86/x64. If you have the bitlocker key then you can mount it in recovery and back up all the files, but you'll only have that if it's a registered ms account, or the owner went way out of his/her way to get it beforehand.
As ar as MS goes, this isn't their fault. This is your customer's fault and nobody elses. Getting rude and arguing won't solve anything. There is no real need for safe mode on RT, except for security exploits such as what you want.
I did put Safe Mode on my machine... it actually doesn't appear t upset BitLocke to do it, so long as I suspend BitLocker once, reboot, and re-enable it. The check for "has my boot process been messed with?" happens right before where you would get the boot screen. Booting an alternate option from the Windows bootloader doesn't appear to bother it at all.
GoodDayToDie said:
I did put Safe Mode on my machine... it actually doesn't appear t upset BitLocke to do it, so long as I suspend BitLocker once, reboot, and re-enable it. The check for "has my boot process been messed with?" happens right before where you would get the boot screen. Booting an alternate option from the Windows bootloader doesn't appear to bother it at all.
Click to expand...
Click to collapse
Bitlocker checks the state of the BCD before it releases the key. By suspending and restoring it you're saying that the new state is what it should be at. If you didn't suspend it and edited the BCD it should refuse to boot.
Im using a HTC 10 (EU variant). Today i was scrolling through "Netguard" (if you dont know it, its an app to prevent other apps from internet access), since i configured it to show system apps it displays way more apps than the normal app overview in the settings. In there i found an app called "RootPA" and one called "root", which seems strange since i didnt unlock the bootloader or root on my own. The details in the RootPA entry say "com.gd.mobicore.pa", no idea if thats helpfull to determine the origin of this mysterious app.
Can you help me with this?
Did you Google it?
I did, but the results were not realy usefull. I found someone with a modded Galaxy S3 who deleted a RootPA on accident and broke stuff, but that ssems unrelated. Are there any things i could do to find out more about the app installed on my phone without root?
I cant say its something I've ever seen. If this person in the past removed it, and it broke stuff, that would suggest that it may have been a system app and he was rooted. From what I managed to find on google, it is part of a security suite (mobicore) used by networks to monitor what the state of the phone is, presumably incase something happens, and it was the user fault, and they know for a fact because they have logs of what the phone has done.
[ACCESS_NETWORK_STATE] Allows applications to access information about networks
[INTERNET] Allows applications to open network sockets. (i.e send information)
[READ_EXTERNAL_STORAGE] Allows an application to read from external storage.
[READ_PHONE_STATE] Allows read only access to phone state.
A friend of mine got his HTC 10 2 days ago, ill ask him to look for this app. Its unlikely we would have the same virus/whatever installed.
Edit: He just reseted his 10 (due to missing language options, but thats another topic), but still found "root" and "rootPA" on his phone, so its preinstalled (although i still dont understand whats its purpose).
RootPA is provides service for provisioning secure applications that run on ARM trustzone and t-base OS (formerly mobicore). It is preinstalled in some vendors Android devices (search for this string on the internet: htc-devices-to-incorporate-trustonic-t-base-tee), but mostly unused as far as I know. The source code of some versions is available on the Internet (e.g. on github /Faryaab/android_hardware_samsung_slsi_exynos5410/tree/master/mobicore/rootpa).
It has nothing to to with rooting or unrooting the device.
PA route is very dangerous I had some I have somebody who has hacked into my phone through this particular program so to speak I have a lot of issues right now with my phone trying to get them off of my phone and this seems to be the root cause or the start of it have anybody knows how I can clear my phone and my Ram from the Vicious hacker I appreciate it I'm tired of being watched and recorded everything I do
Illfidusoon12 said:
PA route is very dangerous I had some I have somebody who has hacked into my phone through this particular program so to speak I have a lot of issues right now with my phone trying to get them off of my phone and this seems to be the root cause or the start of it have anybody knows how I can clear my phone and my Ram from the Vicious hacker I appreciate it I'm tired of being watched and recorded everything I do
Click to expand...
Click to collapse
PA route..... .rootPA ......2 different things. Hacked ? Unlikely, I think some OCD is kicking in. Want to be clean? RUU the device and do not restore anything