Dump Your Phone Memory - Optimus V Android Development

Follow these steps to dump all of your phone's memory. What use is this? It can be used to locate your MSL code if other methods fail. This method should work even if your phone is "bricked". This could potentially be used to retrieve lost information. At the very least it contains all your texts.
I am also currently exploring a possible security fail on the part of android/google. My phone dump contains my google account password in plain text....not just once. It has my password in plain text over 120 times. I am investigating how this could be. My google password is unique to that one account, and it is paired with my google login in the phone dump. I have not input the password in any other place outside of when I first setup my phone. I have not input that password in any app or browser. You may want to check if your login credentials are also being mishandled and possibly logged.
Phone Dump: (portions of this were taken from the PRL guide)
Connect your phone to your computer using a USB cable.
Open Device Manager.
Ports > LGE Android Platform USB Serial Port > Properties > Port Settings > Advanced > COM port number
Make a note of your COM port number.
Download and install QPST v2.7.
Open "QPST Configuration".
In the "Ports" tab, if your com port isn't listed, select "Add New Port" and write in your com port as "COM#" (# being the number you noted in step 4). Verify that your com port is listed.
Make sure your phone appears in the the "Active Phones" tab.
Run the "Memory Debug" program from QPST.
With your phone connected via USB and selected via the "Browse" button, press "Get Regions".
This will reboot your phone into "Download mode". You will most likely lose the connection to your phone because download mode uses different drivers and possible a different port. Go into device manager -> Ports (COM & LPT) and find your phone's new COM port.
Go into the QPST configuration and setup the new port.
Go back to the "Memory Debug" program, browse for your phone again, and select "Get Regions" again.
This time it will show you a bunch of options. Leave them all checked and select "SaveTo" and pick an empty folder to dump your phone memory to. This will take up a little over 500 megs.
It will take a good amount of time to finish (possibly 30 min to an hour).
When you are done, you will have the following files:
Code:
adsp_rama.bin, adsp_ramb.bin, adsp_ramc.bin, adsp_rami.bin, mdsp_rama.bin, mdsp_ramb.bin, mdsp_ramc.bin, mdsp_regs.bin, load.cmm, ebi_cs0.bin, and ebi_cs1.bin
If you want your MSL code, open ebi_cs0.bin with a hex editor. Look at the following HEX addresses:
Code:
0162ABCE
01BA6BDC
Both should contain your 6 digit MSL code in plain text.
If you want to find your ESN:
Code:
0104B5C2
What is more interesting is when you search in both ASCII and Unicode for your google account password in ebi_cs0.bin and ebi_cs1.bin. This is a raw dump of your phone memory. It will contain your contact list and other person information, but I see no reason for your account password to be logged in plain text. Another user has already reported finding his password using this technique. Please search for yourself and report back what you find. My guess is that this is not unique to the Optimus V.
Update:
I changed my account password. My phone then prompted for my new password. I entered it in. I then synced my contacts, rebooted, and then dumped the contents of my phone. My new password was in there in plain text twice. The old password was still there too. Something is logging my internet traffic or my keyboard inputs.

I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.

JerryScript said:
I can confirm my email address and password are together in plain text in multiple locations. I don't know much about mem dumps, but it appears to indicate it is google's sync service:
ebi_cs1.bin
0D565490 .... 8 NOOP..TCH 48(
0D5654A0 .... UID FLAGS)...."p
0D5654B0 .... assword"........
All other instances were preceded by imap or smtp.
Click to expand...
Click to collapse
Thanks! With you that makes 3 of us to experience this. The address for the password(s) are different for me which is expected. Where as the MSL code would be located in a certain unchanged portion of the phone, this mysterious log would constantly be changing and could even be fragmented over the flash drive. I don't have (UID FLAGS) anywhere in either file.
What I also have is many Groove IP references with my Groove IP related google login and password. This looks like it is capturing it as internet traffic. I don't see why Google or Groove IP would log a password they both have encrypted access to.

mmarz said:
Something is logging my internet traffic or my keyboard inputs.
Click to expand...
Click to collapse
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.

obijohn said:
It's the keyboard. The OS isn't logging your passwords, at least as far as I can tell. If you select a different keyboard than the default, you will see a security warning popup which says that the keyboard can log everything, including your passwords. Well, this is normal, because softkeyboards need to be able to store words you enter into their dictionary/history to enhance their spelling and prediction. This is why your old password is still there after you changed it, and why they are stored in plaintext (because dictionaries are never thought to be encrypted).
Whether or not the softkeyboard is storing "words" that your entered in password fields in plaintext is not an Android security hole, it's the keyboard's, so complaints and/or advisories should be directed to them. They should at least give us the option of marking password fields as something not to store, and if we do want them remembered, for jimminey cricket's sake store them in a separate encrypted dictionary.
Click to expand...
Click to collapse
There are a few reasons I don't buy this as being the cause.
Where would this unencrypted keyboard log be? I have data2ext going. My password was found on my internal phone partition. Whatever is doing this has permission to modify files outside of the data folder.
My password was present repeatedly. Even when I changed my password, it appeared twice even though I had only entered it once.
You have to manually select when you want to add words to the dictionary, otherwise all your misspelled tweets would be added. In password fields, this is not possible because only a single letter is inputted at any given time. No word is ever developed.
My other passwords are not in this log file. For example, my titanium backup password that I have to constantly use when I restore backups is not in here. Also my internet search phrases and other relevant items that I have typed in.
Update:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!

mmarz said:
I just got this from KSmithInNY:
http://androidcentral.com/android-passwords-rooted-clear-text
Any app with root access has the ability to get your google credentials because android stores them in plain text. Wonderful!
Click to expand...
Click to collapse
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg

csrow said:
Use the 2-step verification for your Gmail account and also set up an application specific password for your android device.
http://www.youtube.com/watch?v=zMabEyrtPRg
Click to expand...
Click to collapse
Wouldn't this mean that you have to enter a verification code when entering your normal password, but if malware were to steal your application specific password that you created just for your phone, they could access your account using it and bypass the verification process?

Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.

csrow said:
Application specific password will only work on that phone. If you lose your phone, you can revoke that password for that phone which will block the access.
Click to expand...
Click to collapse
No, they work on any device. There is no way for google to know what device is using it. You personally assign them for that phone, but if the password were to be stolen, then it can be used on any device. Also, if your account were to be compromised, you wouldn't know which password was stolen. With each application password you create, you are allowing another passcode that can be used to access your account. This seems very unsafe.
Update: I just tested this and I am right. I can use the same application specific password on all my apps and phones. So if this password were to be stolen, anyone could use it to login to my account. This is a major fail on the part of google....again.
Update2: Application specific passwords can be used to create login tokens. That means you can use a program like trillian to log into your gtalk using it, and then use the login token it produces to get access to your main google account through a web interface.

Well, that completely defeats the purpose of 2-part authentication. Oh well.

I hope you've reported this security hole... because obviously the intent is to be more secure than it actually is.

Which hole are you referring to? How google's two step verification is worthless because of one step passwords they force you handout to automated login apps? How Android's own password storage system keeps passwords in plain text and protects it by setting the file permissions to "please don't read this"? Or are you taking about how putting all these issues aside, I can still see my password in plain text in some sort of data capturing log that I found in a data dump of my phone's internal memory?
If you are talking about the last one, I'm still trying to find out exactly where the password is being stored in the dump and by what process. I've been searching through my phone's internal memory while it is on, but I can't seem to find it. I also want to rule out malware or something stupid that I might be doing before I start yelling about the sky falling. If more of you guys try this out, maybe we can rule out malware since all of us can't have the same bug. It really can't hurt your phone to dump it. It only takes 40 mins of your time.
(The more I learn about this stuff, the angrier I get.)

so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?

ummkiper said:
so after 3 tries i was able to dump the memory and after hours of searching i cant find my mn_aaa or mn_ha shared secrets,does anyone know the location of these? i have tried qxdm and after sending the spc i send
requestnvitemread ds_mip_ss_user_prof
and i get
22:53:26.203DIAG RX item:
22:53:26.203requestnvitemread - Error response received from target.
or is there another way to find them?
Click to expand...
Click to collapse
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.

srmuc69 said:
Any luck? I have the same issue with the Optimus V, e.g. I used another phone and reading the NV item was no issue. Seems to be specific to the LG.
Click to expand...
Click to collapse
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.

ummkiper said:
well i think ive gotten further with qpst i opened service programming and put in my spc read the phone then saved to file. i double clicked the file and a viewer opened and i viewed it in text format i seen alot of nv items there but have yet to figure out which ones they are.
Click to expand...
Click to collapse
Any luck? I did the same thing but as I have read in many other blogs the LG Optimus V times out in qpst, so did mine too.
I still have information in the file and I found the NV_ITEM_ARRARY in the file. What I do not know is how that array is built, e.g. is there a developer guide for CDMA phone where they detail the information. I was looking for the 1192 nv item and it should start wit the length like 0A for 10 digits of the AA Password. No luck so far without knowing what the bytes are and from just locking for 0A you get tons of hits.

What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.

mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?

srmuc69 said:
I'm trying to get the NV_ITEM 1192 and 466 from the LG Optimus V which is on Virgin Mobile. When I do that with CDMA Workshop it says access denied once you save the file. Now I'm tyring to find what these values are on my LG Optimus V. Do you think the dump will have this and how would I go to find the NV ITEMs, e.g. in which file are they and at what hex position?
Click to expand...
Click to collapse
yeah the dump should have all nv items.the hard part is figuring which ones are which.

mmarz said:
What are you guys trying to accomplish? What is that code used for?
The dump should contain everything that is in the phone's memory. If the code is not encrypted or compressed in any way, it should be in there. The problem is that if you don't know the code, then you can't look up its location. Kind of a catch 22.
Click to expand...
Click to collapse
well the mnha and mn aa are paswords needed to get your data working when you want to use a different phone ie the Samsung Epic on virgin mobile.you can clone all info from the optimus v to the epic but with out those password data will not work.i may not be inclined to do this anymore since the motorola triumph is coming out.meaning i wont need to find a better phone and clone this one.

Related

[IDEA/REQ] Simple wallet app

I've used Sony Ericsson phones before I went over to WM-phones, and on the SE phones there is a standard app that is very simple, but genious.
It is a very simple app to remember your pin numbers and/or passwords.
It works kind of like this:
At first use, you select a password and a control word. You enter the password every time you enter the program and it then displays your control word so you can check that you wrote the right password.
Whatever password you enter at program startup will get you inside, no error messages or anything. But entering the wrong passord will also display your control word wrong - whatever it might be. When inside all stored pins/passwords are displayed, but only if you write the correct password when entering they are correct. That way someone not knowing the password will not be able to tell if they actually guessed the password as the "pin numbers" show anyway, but with completely randomized numbers. So they are basically just waisting their time.
Not sure if I managed to explain so anyone can understand or if there is such an app already? I've tried dosens of wallet apps, but not succeded in finding one that is as simple and good as the one in SE phones.
I've been wanting something like this for a while. I can't use the last one I had (Flexwallet) since I had to hard reset and lost the registration number.
There are bunch of free apps to do this on your Windows Mobile device:
Cryptowallet
http://www.freewarepocketpc.net/ppc-download-cryptowallet.html
KeePassPPC
http://www.freewarepocketpc.net/ppc-download-keepassppc-v0-4-4.html
LockCrypt
http://www.freewarepocketpc.net/ppc-download-lockcrypt.html
Blender
http://www.freewarepocketpc.net/ppc-download-blender-v1-1.html
eSec
http://www.freewarepocketpc.net/ppc-download-esec-v1-0.html
You can also browse some more security related apps here:
http://www.freewarepocketpc.net/ppc-tag-secur.html
Hope that helps !
If you are interested in iPhone like interface, check this out
Password Safe
It's free too.

[Q] Gmail-recent activity notification on phone

Hey guys, before I begin I want to say yes I did a search on XDA and searched around Google for about an hour and couldnt find an answer.
Im wondering if it is possible through your phone to check recent activity or if its possible to get a notice if someone is trying or has accessed your Gmail account from another computer. yes I know if you log into gmail through a browser you can scroll down and click recent activity and see all the ip address that have accessed your account. I spend about 90% of my time on my phone and rarely use a computer so having a notification on my phone would be very useful.
Thanks guys
-Archer
Nope. Your only choice is a browser. However, if you use 2-step authentication and a good password, you should be safe.
archervanadin said:
Hey guys, before I begin I want to say yes I did a search on XDA and searched around Google for about an hour and couldnt find an answer.
Im wondering if it is possible through your phone to check recent activity or if its possible to get a notice if someone is trying or has accessed your Gmail account from another computer. yes I know if you log into gmail through a browser you can scroll down and click recent activity and see all the ip address that have accessed your account. I spend about 90% of my time on my phone and rarely use a computer so having a notification on my phone would be very useful.
Thanks guys
-Archer
Click to expand...
Click to collapse
Could you logon via the phone's browser to check recent activity like you can from a desktop's browser? I haven't heard of a capability of that nature with the exception of accounts via a corporate server. That is not to say that is does not exist. I'm just unaware of it.
drmacinyasha said:
Nope. Your only choice is a browser. However, if you use 2-step authentication and a good password, you should be safe.
Click to expand...
Click to collapse
How do you enable a 2 step authentication for Gmail?
archervanadin said:
How do you enable a 2 step authentication for Gmail?
Click to expand...
Click to collapse
https://www.google.com/accounts/SmsAuthConfig
Go there and go through the setup. Note the following:
1) When they say "lose your phone/these codes and you won't be able to access your account", THEY MEAN IT. If you lose Google Authenticator/the phone number you SMS to, your backup phone number, AND the codes they give you, you are BONED.
2) Any program or device that logs in directly to your account (Chrome Sync, Cloud Print, your phone, Trillian, PBXes, etc.) will need an application-specific password. There's instructions on how to do this, but you will not be able to retrieve said password once you have generated it and clicked the "hide password" button.
3) You will have to enter the generated code on your phone at each new browser you try to log in to your account from, both the first time, and every 30 days.
Try this one: SignMeOut
as featured on Lifehacker "Sign Me Out Helps You Track Unauthorized Access to Your Gmail and Facebook Accounts" and Comments.
But please consider you are giving your gmail credentials out to another 3rd party app / organisation. You possibly don't improve your Gmail security but lose some of it.
Please decide yourself.
edit: Meh... first post, so I'm not allowed to give you direct links...

Disable the lock code if needed (By-pass exchange policy)

TESTED ON MANGO, AND WORKED FINE
Gentlemen,
I have found the reg key in some posts to disable the lock code for the windows phone, if you have configured the exchange e-mail account in Phone.
I was unable to view the specific reg key in normal registry editor. So I have converted the reg key to an xap file by using provxml method. And you can apply the key even if you don't have the registry editor app installed on your device.
Steps:
1. Deploy the xap file to your developer unlocked device.
2. Launch the app.
3. Tap on the green button, it should gibe you a success message.
4. Uninstall the app.
5. It may require to restart the device, since this is a registry change.
5. U r done. Now u will be able to turn off your phone security code even if you have configured the exchange e-mail account in your phone.
I have tested on my chevron unlocked HTC HD7, and it is working fine.
Hope some one will be looking for this.
Note: it's recommended to keep your phone with lock code enabled, but sometimes we need to keep the phone unlocked for some reasons.
If you install this xap, it will enable another wonderful feature..
By default, the 10 invalid attempts will erase ur phone. But after you install this xap, the password will be locked out for 1 min after 5 invalid attempts. Then after each attempts, the lockout time will double. I have tried untill the phone lockedout for 64 minutes. Then I stopped trying with the invalid lock codes. It will help you to keep the data safe, if anyone play with the phone, especially kids.
Note: Please don't try after 5-6 attempts if the phone didn't get locked out, may be this not compatible on your device. You may lose your data. I applied this on my T-Mobile HD7, and it is working fine.
Hit thanks if you like my post..
Thanks
JAZEEL
So I just applied the registry change in your provxml, and it temporarily works,i.e. it enables the option in the lock and wallpaper screen to disable the password, but next time you sync email the policy is reenforced and you have to set a pin again.
Are you also changing the permissions to that reg key in your xap somehow? haven't got a machine with the dev tools handy to try the actual xap out.
benneh said:
So I just applied the registry change in your provxml, and it temporarily works,i.e. it enables the option in the lock and wallpaper screen to disable the password, but next time you sync email the policy is reenforced and you have to set a pin again.
Are you also changing the permissions to that reg key in your xap somehow? haven't got a machine with the dev tools handy to try the actual xap out.
Click to expand...
Click to collapse
I have tested myself, and it's a permanent solution. It's stays for ever. But I don't know what will happen if you reconfigure the exchange account..
Is there any way to keep a timeout for the lock? I find it very irritating to enter the unlock code every time the device wakes up
@OP, what is the reg key for the change? You must know that to make an XAP?
timmymarsh said:
@OP, what is the reg key for the change? You must know that to make an XAP?
Click to expand...
Click to collapse
This is the key which deploys through the xap..
[HKEY_LOCAL_MACHINE\Security\Policies\Policies]
"00001023"=dword:1
Doesn't Work ...
Hi I tried this unlocker but it is not working for me every time I connect to the computer (Zune and Windows Phone Device Manager) it relocks and have to chevron unlock again.
Any suggestions?
Hello OP,
I have a Sprint HTC Arrive, I got the following message just trying to launch the xap file:
(WARNING)
(The carrier doesn't exist in database. Please contact your carrier for connection setting and go to Setting>cellular>edit
APN for further configuration.)
Theres no APN in my settings that I see, any help would be great, thanks
Striving said:
Hi I tried this unlocker but it is not working for me every time I connect to the computer (Zune and Windows Phone Device Manager) it relocks and have to chevron unlock again.
Any suggestions?
Click to expand...
Click to collapse
This is to disable the lock code on the phone if you have enabled the exchange account which will force to put the lock code.
To permanent developer unlock, please search in xda, someone already posted it before and I have applied that on my HD7.
purian23 said:
Hello OP,
I have a Sprint HTC Arrive, I got the following message just trying to launch the xap file:
(WARNING)
(The carrier doesn't exist in database. Please contact your carrier for connection setting and go to Setting>cellular>edit
APN for further configuration.)
Theres no APN in my settings that I see, any help would be great, thanks
Click to expand...
Click to collapse
I have checked on my HTC HD7 T-Mobile unlocked.. It's working fine..
Search for the reg key for your specific device, and if you find I will help you to deploy it on your device..
jazeelkk said:
This is to disable the lock code on the phone if you have enabled the exchange account which will force to put the lock code.
To permanent developer unlock, please search in xda, someone already posted it before and I have applied that on my HD7.
Click to expand...
Click to collapse
Thanks for the response funny a little while after I realized that is was for something other than the dev unlock. And happily I have gotten have way there I am unlock but have to make sure I remember to put phone in flight mode before connecting it.
rhn said:
is there any way to keep a timeout for the lock? I find it very irritating to enter the unlock code every time the device wakes up
Click to expand...
Click to collapse
i 2nd that!
jazeelkk said:
I have checked on my HTC HD7 T-Mobile unlocked.. It's working fine..
Search for the reg key for your specific device, and if you find I will help you to deploy it on your device..
Click to expand...
Click to collapse
Thanks for your response, the only reg i've ever found to disable the lock on my device is the one you posted and built into your xap file. For some reason the reg doesn't exist in my phone and I can't create it either.
Most likely why you put this together for us. But on my end here, I now have to app to my phone, once I go to launch it I get the message from my previous post, it just wont deploy/launch. Any ideas up i'm for trying.!!
Thank you,
The reg key is protected, so you can't browse to it, but you can still use a tool like advanced explorer to set it by manually specifying the full path and value to change.
I was able to set the value manually like this, but like I mentioned the value is set back automatically next time your phone sync's with exchange. The policy must get checked on every sync with exchange, and gets set back if your exchange server requires a PIN policy.
From what I can ascertain this XAP simply sets that value, so you would have to run this xap after every sync which isn't a great solution.
barrychon said:
i 2nd that!
Click to expand...
Click to collapse
I have tried it as mentioed in some old posts. But it is not working. Only thing I could do is to activate the ON/OFF button with this reg key, so that I can disable the code at any time.
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
EvilWhiteDragon said:
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
Click to expand...
Click to collapse
You are right. I recommend to keep the phone locked always.
It meant for some situation, where we need the phone need to be stayed unlocked. Atleast we should have the option for it.
EvilWhiteDragon said:
I presume you guys know this already, but just for the heck of it.
You're bypassing a policy. A policy that's most likely you companies' policy. If you do lose your phone and people are able to access files or e-mails that are highly important and/or confidential, you could take the blame for leaking this information.
This could mean the company would sue you for all kinds of things, and it would be very much possible they would fire you. There is a reason the policy is enforced.
I can see why you want to disable the policy, but, as said, there is a reason your company wants that policy on a device that connects to their Exchange server and it's not to annoy you.
Click to expand...
Click to collapse
Thanks mum. But seriously...
I think this is a perfect example of a security policy being set which isn't realistic, so users find workarounds. Like when you mandate everyone has a 50 character password which has to be changed once a week, everyone simply ends up writing them down on post it notes.
The PIN code every time you want to use your phone is bloody annoying. It could improved to make it more useable, e.g.:
Only require a PIN if it's been more than 30 minutes since you last entered it.
Only require a PIN when accessing data in exchange like calendar/email.
Specify certain actions which don't require a PIN unlock, e.g. playing music or games.
Anyhow this is mostly irrelevant as this hack is only temporary and the setting reverts so that's a killjoy.
benneh said:
Thanks mum. But seriously...
I think this is a perfect example of a security policy being set which isn't realistic, so users find workarounds. Like when you mandate everyone has a 50 character password which has to be changed once a week, everyone simply ends up writing them down on post it notes.
The PIN code every time you want to use your phone is bloody annoying. It could improved to make it more useable, e.g.:
Only require a PIN if it's been more than 30 minutes since you last entered it.
Only require a PIN when accessing data in exchange like calendar/email.
Specify certain actions which don't require a PIN unlock, e.g. playing music or games.
Anyhow this is mostly irrelevant as this hack is only temporary and the setting reverts so that's a killjoy.
Click to expand...
Click to collapse
Lol, you have a point, but or colleague above is quite correct, the policy is enforced for a reason. At my company, such an offense can mean instant dismissal
(if you use exchange for just calendar and contacts, as i do, a pin is not required to unlock, the policy is only enforced for email strangely enough....)
I agree the Pin should be how it was in WM 6.5 where you could have it only ask after 2 hours or evey 24 in some cases. That way if was a good balance. This business of requiring the PIN every time you look at your phone is crap. I have removed it from my droid device and I am fornunate that my company will not hassle me over it. Still though its a bunch a crap to enter it every 5 minutes.

[Bounty $500] My note 10+ was hacked with stalkerware

My phone was infected with stalkerware, they had access to my files, could view what was on my screen, listen into my mic, view my cameras remotely, everything! It's incredibly creepy! From what I can tell they somehow loaded q hacked version of Google Chrome and or android web viewer. After getting suspicious I downloaded Kaspersky and ran a scan, I found 2 versions of Google Chrome on my phone one of them had the dual messenger app icon on it. The other one said it wasn't a current version from the apps store. I Uninstallerd and downloaded the current version through the app store. I tried to see if a packet sniffer would lead me to them but I think I was too late by that point. I also pulled the Chrome app qnd decompiler it. There was some weird things in there like ignore playstore version but nothing that I could find that would lead me to who was watching me. Is there anything I can still do that will lead me to who did this? I have a strong idea of who it was but need evidence so I can prosecute them. Any help would be appreciated. Im putting up a 500 dollar bounty if anyone can help me get some solid evidence.
dangerruss said:
My phone was infected with stalkerware, they had access to my files, could view what was on my screen, listen into my mic, view my cameras remotely, everything! It's incredibly creepy! From what I can tell they somehow loaded q hacked version of Google Chrome and or android web viewer. After getting suspicious I downloaded Kaspersky and ran a scan, I found 2 versions of Google Chrome on my phone one of them had the dual messenger app icon on it. The other one said it wasn't a current version from the apps store. I Uninstallerd and downloaded the current version through the app store. I tried to see if a packet sniffer would lead me to them but I think I was too late by that point. I also pulled the Chrome app qnd decompiler it. There was some weird things in there like ignore playstore version but nothing that I could find that would lead me to who was watching me. Is there anything I can still do that will lead me to who did this? I have a strong idea of who it was but need evidence so I can prosecute them. Any help would be appreciated. Im putting up a 500 dollar bounty if anyone can help me get some solid evidence.
Click to expand...
Click to collapse
Try logging into your Google account from a computer. Look at what devices have access to your account. I looked at mine a couple of months ago and saw a phone I never owned on AT&T. Funny thing is I have NEVER had AT&T. I've always and still have Verizon. I immediately removed, blocked and reported the device.
HyperChick said:
Try logging into your Google account from a computer. Look at what devices have access to your account. I looked at mine a couple of months ago and saw a phone I never owned on AT&T. Funny thing is I have NEVER had AT&T. I've always and still have Verizon. I immediately removed, blocked and reported the device.
Click to expand...
Click to collapse
That was the first thing I tried. Didn't find anything unfortunately. These a holes are good.
dangerruss said:
That was the first thing I tried. Didn't find anything unfortunately. These a holes are good.
Click to expand...
Click to collapse
Did you run a log of your IP addresses?
HyperChick said:
Did you run a log of your IP addresses?
Click to expand...
Click to collapse
Not until after the connection was severed. My first thought was to run a virus scan. The only thing I found was an application was installed feb 1st and the clean version of chrome stopped uploading on Feb 1st.
Why are there two of these? And how did they use dual messenger to install doubles? I've disabled all of them.
dangerruss said:
Not until after the connection was severed. My first thought was to run a virus scan. The only thing I found was an application was installed feb 1st and the clean version of chrome stopped uploading on Feb 1st.
Click to expand...
Click to collapse
Did you delete the corrupt Chrome already? The IP history may be in there...
you wish to find your IP address Internet history, you can easily do so directly from your Internet browser.
Step 1
Open your Internet browser, and click on "Tools" located in the horizontal menu bar at the top of the window.
Step 2
Click on "Internet Options"
Step 3
Click on "Settings" located beneath the "Browsing History" subheading.
Step 4
Click on the "View Files" button to find your IP address Internet history.
If you post the chrome apk that you dumped or anything else that you have that was related to the "infected" files, they might be helpful in looking for clues.
These are the apk files that I suspect could have been infected. Unfortunately I didn't pull them until after they were updated. But I believe there is still a change log kind of manifest if you decompile them.
On mobile? Im not seeing those options
HyperChick said:
Did you delete the corrupt Chrome already? The IP history may be in there...
you wish to find your IP address Internet history, you can easily do so directly from your Internet browser.
Step 1
Open your Internet browser, and click on "Tools" located in the horizontal menu bar at the top of the window.
Step 2
Click on "Internet Options"
Step 3
Click on "Settings" located beneath the "Browsing History" subheading.
Step 4
Click on the "View Files" button to find your IP address Internet history.
Click to expand...
Click to collapse
From what I can see, those apks unfortunately appear to be normal un-tampered files. The manifest I believe you are referring to is a component of the apk that dictates things like permissions and interfaces, but it does not perform any sort of logging or historical record sadly, as the entire apk is replaced when an app is updated or installed over an existing installation.
I am not sure how much cleaning you have done of your device since it happened, but aside from clues or records which might be available from various services you use (finding connected accounts that aren't yours, history of any account activities that weren't initiated by you, etc), your next best bet would probably be to dig through the files on the device in search of anything that shouldn't be there. Hopefully there is still some artifact of the infection which could potentially point towards its origin. I will follow this thread, happy to dig through files in my spare time.
Does anyone know if android keeps a log of installs or qnything in the root folder perhaps?
Isn't there a relation between duplicate app instances and secure folder?
OnnoJ said:
Isn't there a relation between duplicate app instances and secure folder?
Click to expand...
Click to collapse
Yes but I've never set up secure folder. Never felt a need to.
First thing I do is a factory reset (and hope that gets it) and reset the Google password.
Keep that bloody device 100% isolated from your PC and data backup copies including the SD card*. Wipe the SD card in the device before the reload and again after the reload. Do NOT connect the card or phone to your PC before the new load is proven clean. Load data directly to SD card from the PC then to the 10+ just in case.
Try to piece together when and what did it but that is a secondary concern. Consider it a drill.
Better get while the gettings good... that level of being compromised means no time to lose ditching the OS. I most likely wipe the SD card too and use one of the clean data backups I keep for just such an event. Torch all data on the device.
If it gets into your backup data copies you're boned.
OSs are 100% expendable, critical data is not.
*you can scan it with everything on the planet and still miss trojans, tainted jpegs/pngs, etc if no definitions exist yet. Expect multiple hidden infections now and go full nuke.
Isolating the infection to that device is only priority. It's possible the infection(s) are already on one or more backups and/or your PC. That's why it's important to keep multiple time staggered backups on multiple electronically isolated hdds.
I keep a 3 tier backup and my PC is never internet connected.
Keep your head and limit the spread...
dangerruss said:
Why are there two of these? And how did they use dual messenger to install doubles? I've disabled all of them.
Click to expand...
Click to collapse
looks normal to me. Those are typical apps that run when dual account messenger service is used .

Question No Google Account Sign In Prompt

So I just got my Pixel 6 Pro and I've been loving it, except for the fact that I never get any Google Account sign in prompts on it. My Oneplus 8, which is signed in to the same Google Account, does get the prompts, as well as my Pixel 4. Has anyone else had this issue/has any insight into this?
Are you talking about 2FA prompts?
Edit: If that's what you're talking about, there is a better way.
First off, the automatic prompts method of 2FA has one VERY serious drawback, which is that it is completely proprietary and depends on access to your google account in order to authenticate with your google account. This can lead to a paradox in that you need the code to access the account in order to get the code. Obviously this is a bad place to end up.
So my suggestion is that either instead of or in addition to this method, you should also set it up for TOTP. This means that you don't need access to the google account in order to generate the authentication code -- just the secret and the current time.
So start off the enrollment process here; https://myaccount.google.com/signinoptions/to-step-verification/enroll-welcome . Select "authenticator app". It will tell you to download and install the GOOGLE authenticator application, BUT, you can use *any* TOTP application of your choosing. I suggest andOTP, which is open source: https://f-droid.org/en/packages/org.shadowice.flocke.andotp/ . The google website will show a QR code, which you can scan with andOTP, which will then be able to generate 6 digit authentication codes.
The really great thing about andOTP is that its settings can be exported/backed up, which means that you can keep the code in a safe place in case you lose everything, then you can regain access to your account. And the even better part is that you don't even need to use andOTP to generate codes when you have the secret. On Linux, you can use 'oathtool' to generate the codes.
You'll likely have to dive into the deep Google rabbit holes to find the right place to enable it on your new phone (if you're talking about 2FA as @96carboard asked). I know I did yesterday, but it was just chance I happened to be in the right place to do it and jumped at the chance while it was in front of me.

Categories

Resources