Related
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
looking for something kinda like this, but useful...
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
This is not troll baiting or OS Slamming...
Looking for knowledgeable and constructive feedback regarding device security. I'm thinking in terms of an Executive or VP or Network Admin or such loosing the device. a piece of software
1) to do more to control access than a squiggly line
2) to allow for remote GPS tracking and/or device data wiping
3) that is stealthy and/or hard to remove.
I know there are a few "security services" out there but that leads me into "how do i know whose who and who can be trusted in the android segment". I place a great deal of trust in the developer of my ROM. That he/she/they are benevolent and not including by intent or negligence loggers or other malware. then i have a companies like Wave and Norton and Good all angling to get installed on my device. i don't know Wave nor Good and I have no luv for Norton.
The EVO allows for RDC and VNC sessions. It allows for VPN access and has the pwd's to my personal and work email. meebo has me signed into all my chat networks. As a long time Windows person I guess it's just a lil disconcerting when i stop and think on it. this device can easily be configured to hold everything needed to access a secured network. Perhaps this is a reflection on my lack of understanding the system in depth. perhaps i'm not sure how well the opensource community will communicate "problem" apps and developers.
Also, and kinda sorta related. Applications in the marketplace. sometimes you get an application and the types of security access it is asking for seems a bit "off". occasionally in the comments the developer may comment that "i need to access X in order to provide Z". It usually makes sense (whether true or not i cannot say), but is there any nice cross-reference of what types of actions require what access level. or why so many apps need to know the phone state and identity or general location or full network access and what exactly that means to me as the end user. this second paragraph is proving difficult to put to paper..i may come back and edit for clarity.
and lastly, i guess is a question on how to protect from apps like this...
http://www.networkworld.com/news/2010/060210-android-rootkit-is-just-a.html?page=1
http://www.zdnet.com/blog/security/commercial-spying-app-for-android-devices-released/4900
If the app seems fishy don't download it you can allways get lookout from the market it will pull your phone up on the gps and tell you exactly where it is I've tested you can also make it chirp real loud as for them accessing your phone put the pattern lock on in stead most thiefs are not hackers so they probably won't be able to access your phone even if you hard reset you still have to draw the pattern I mean unless they full root the phone and wipe it in petty sure you will be ok hope that helped
Sent from my PC36100 using XDA App
Lookout kinda falls into the same category at Good or Wave. (at least to me thus far). All appear to be fine and yet somehow free products. I'm looking for a corporate solution, not end user solution. a free solution would be swell, so long as trust can be established.
i am looking at this from a corporate IT security perspective. not a young person, a enthusiast nor regular end user. heck, if I could get all of my users to actually know what is meant by "if the app seems fishy don't use it", most of my job would be completed. but to be honest, i'm still trying to get a grasp on that myself in the android world, hence the question about access levels in last paragraph of original post.
the zigzag is nifty and should protect from casual access. Froyo will provide an interface that a secured Exchange server would prefer to have. that will help.
( BTW ... if anyone knows how to make the red line not appear when you mess up the pattern lock...you'd be my personal hero for the day)
its not thieves that I'm worried about...it's my own end users that have to be protected from themselves. if a device was left in a bar or cab and did end up in the wrong hands....data could be sold, deals could be lost, people could be embarrassed, with the type of data that 'can very easily' exist on these devices...network security itself can be compromised. and sadly, i must assume that a good many end users will disable security if they are able to. for the same reason they ***** at automatic screenlocks on their desktop/laptop computers.
would you rather your IT team "hope/pray/expect the device will be picked up by some incompetent/benign/lawabiding citizen" or the opposite?
i choose to prepare for the worst...hope for the best. not the other way around. hence, my questions.
Isn't remote wipe being built into froyo somehow? Thought I read that somewhere.
I have my exchange email set up on my device and it requires me to use a passcode. I cannot disable it.
Sent from my PC36100 using XDA App
As for wiping data remotely wave secure will do that it might be close to what you need or something for the time being hopefully this will help
Sent from my PC36100 using XDA App
This is kinda sorta what I'm lookn for.
http://www.downloadsquad.com/2010/06/28/understanding-the-android-market-security-system/
http://www.thenewspaper.com/news/34/3458.asp
http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
regardless of my reasons behind this this makes all phones inherently tappable if stolen etc or from other corporate espionage attempts
this is a serious flaw and i would like to see if its possible for you custom rom bakers to cook us up some protection
if they want my info they should subpoena my records from sprint or Google not be able to brute force into any and every phone with a device
i and many other would be more then happy to donate for such a solution especially if it wasn't dependent upon only 1 rom
seen this but doesn't yet support the evo
http://www.whispersys.com/whispercore.html
+1 to this for my hd2 too please! or just android
I'll throw in
We should start a Kickstarter for this or something. Either way, count me in to contribute $150+
I could foresee a specific app that launches when plugged into a computer.
If the phone fails to receive user authorization or is plugged into a blacklisted device (say, CelleBrite UFED), then the phone is locked down/wiped.
And/or spoof information, a fake system dump.
tropicalbrit said:
I could foresee a specific app that launches when plugged into a computer.
If the phone fails to receive user authorization or is plugged into a blacklisted device (say, CelleBrite UFED), then the phone is locked down/wiped.
And/or spoof information, a fake system dump.
Click to expand...
Click to collapse
excellent thinking glad im not the only paranoid one at this point
or make it so ur phone gives it a virus or borks the device somehow
{ParanoiA} said:
or make it so ur phone gives it a virus or borks the device somehow
Click to expand...
Click to collapse
Wouldn't want to screw up the device, they ain't cheap. A bit too aggressive
Bumping for continued interest.
im not sure if the fulldisk encryption option in android negates this or not but i believe with ICS if u have full disk encryption enabled should negate what this can do correct me if im wrong
spyngamerman said:
im not sure if the fulldisk encryption option in android negates this or not but i believe with ICS if u have full disk encryption enabled should negate what this can do correct me if im wrong
Click to expand...
Click to collapse
Only if you can manage to power off your device before the cops take it from you. Otherwise, the data partition is already mounted, and they can suck it down into their UFED via the ADB interface.
A question, though: if you have USB debugging disabled, then ADB isn't available over USB, so could the UFED still access your data? The cops would need to turn on USB debugging, wouldn't they? And if you have a pattern/passcode lock, they wouldn't be able to get into the settings to do it.
Anyway, encrypting your data partition and powering off your phone before the cops get to it is the safest option. Use a really long passphrase, though, because they could still grab an image of your encrypted data partition and take it to a lab where they could try to brute-force the passphrase.
whitslack said:
Only if you can manage to power off your device before the cops take it from you. Otherwise, the data partition is already mounted, and they can suck it down into their UFED via the ADB interface.
A question, though: if you have USB debugging disabled, then ADB isn't available over USB, so could the UFED still access your data? The cops would need to turn on USB debugging, wouldn't they? And if you have a pattern/passcode lock, they wouldn't be able to get into the settings to do it.
Anyway, encrypting your data partition and powering off your phone before the cops get to it is the safest option. Use a really long passphrase, though, because they could still grab an image of your encrypted data partition and take it to a lab where they could try to brute-force the passphrase.
Click to expand...
Click to collapse
yes good points
the simplest method i find to protect against this is use Full disc encryption for starters
then use cryptfs to set a long ass password for preboot and keep a short pin for lockscreen that's reasonable and have a nice shortcut for immediate poweroff on lockscreen if concerned about this and then powering off is easy/fast
and ofc keep usb debugging off unless needed
if your really adventurous you can also use yubikey key second slot for partial password for the preboot if you have a microsd adapter for it and your device supports it preboot via OTG etc as input
then
type in a brainpassyouknow+yubikeyslot2
and its 2 factor auth and secure as **** long ass random password combining something you know and something you have
I'm also interested in this project
Let me tell you a little story about a guy (me) who was sitting in a car while his girlfriend was working when an officer approached. I wasn't doing anything wrong but due to a little misfortune I had nowhere I could go and stay so I had to just sit in the car until she was done working. The cop came to the car and asked me what I was doing and why I was sitting in the car on my laptop in a public garage. I told him I had nowhere to go and I was waiting on my girl. I noticed his hand placed on his weapon and I realized very quickly this was not going to be a casual encounter. he asked me to step out of the vehicle and I asked him why. Now I know normally you shouldn't question an officer but something seamed very off about this gentleman. It was when I locked the doors that things started to escelate and my anxiety went through the roof. I told the officer that I did not feel safe with him holding his weapon to me when I had done absolutly nothing wrong. He just became aggitated like a guy on steroids and called in some other officers. Well things wasn't looking good for me but I decided to try and use my phone camera as some added protection so I wouldn't get shot for absolutlly no reason at all. Well the cops did back off, but this is where things got really crazy. a few minutes later, and it couldn't have been more than 5 minutes, my phone went to some screen like when you have emergency dialing only. I tried calling my girlfriends job but nothing worked at all. I got scared so I dialed 911...NOTHING!!! These guys basically turned my phone into a paperweight. I couldn't do anything with it. I didn't know what to do so I called out the window to a crowd of people and told them to call 911 for me. I then noticed the officers leaving in their vehicles and I got out and ran to my girlfriends job where I stayed until she got off of work.
Now in all of this there is two main points that I really feel are extreme issues. One is how is it legal for anyone, even an officer of the law, to take away your ability to use emergency services?? And second why do they need this software that basically can give them an opening to do whatever they want to you without you being able to protect yourself. Law enforcement is becoming more and more alarming to me with all the technology that they have at their disposal. I say if they want to be able to have surveillance on us 24/7 I believe we should get the same respect. We cannot stand by and have our basic human rights violated like this!!!!
Ok its not note2 specific just that I have a note 2....
I need to create an app that can read a text, send a text, and read/write a file from an external usb stick, it sounds easy but.....
So I'm open to suggestions as to what IDE/toolchain I should be aiming at, I have wrote ''an app'' that does this, but its actually in picbasic and runs on a pic 18f2550 with a serial modem and internal flash
I want to do away with the pic/modem and just an android phone.
One other thing, the file on the usb stick, the usb stick isnt, its actually a controller for other hw devices, i just make the controller appear to usb as mass storage as that makes a simple text file an easy way for it to communicate, if its possible...I'd sooner make the controller appear as a serial coms device like the 9600 8n1 standard but I dont know if i could get away with that via OTG where as I know OTG can read write a text file..
I haven't started playing with it yet, but you might find Intellij Idea to be a tool you can learn to use.
For Open Source Projects it's free.
Grant Barker said:
I haven't started playing with it yet, but you might find Intellij Idea to be a tool you can learn to use.
For Open Source Projects it's free.
Click to expand...
Click to collapse
Thanks, I'm not too bothered what I write it in anything from C to zx81basic would do the job, its just getting it into a form the phone can execute
..
Just wondering if you tried using google for your question.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
If I were you, I would check out Tasker on the play store. Theres a huge following with tons of available and customizeable profiles.
If you haven't heard of it, it's an extremely powerful app that allows you to write (or apply) various profiles to automate almost anything, whether youre a beginner or advanced user.
http://tasker.dinglisch.net
spycedtx said:
Just wondering if you tried using google for your question.
-----
I would love to help you, but help yourself first: ask a better question
http://www.catb.org/~esr/faqs/smart-questions.html
Click to expand...
Click to collapse
I half agree, but for a generic question like this, it's much more effective to ask in a community of mobile enthusiasts who might have a little more insight. Imo.
Sent from my SGH-T889 using Tapatalk 2
Thanks guys, I just had a look at app inventor and it made me want to cry...
I'm used to c/basic/asm (dare I say cobol, well i am 46....) so anything drag and drop I find infuriating/restrictive/non intuative, even tough there supposed to simple to use, I find them not...
you will no doubt be aware of such apps as prey, find my droid, wavesecure, they all can read an incoming text for a keyword and if present perform an action, thats similar to what i am trying to achive, well its part of it etc
easiest way to simplify this is imagine a lighthouse for boats, I need to be able to send a message to my phone at the top of a lighthouse, to turn the light on. I also need to be able to query the light status.
now doing this with a arduino/pic and a bag of relays was no biggy, what was the issue was the phone was connected via its connector running serial data at 9600 and modem AT protocols from the 1970's....
this all worked fine, 100% working, but the phones had the issue that after a random amount of days they would stop responding to commands, but would say 'ok' to every command given...
so replaced with a modem module and a seperate 2 line lcd, this worked fine, but put the cost up....
so decided that as old android phones with damaged screens are often very cheap, and most support OTG, the way is open to try doing this once again, using the phone to receive a text, reply to the text, and control the light by writing out a txt file to the ''usb mass storage stick'' thats simply light.txt and is a txt file containing the word 'on' 'off' or 'status'
The pic controller which is happy to pretend to be USB storage, and look for this file, and take the required action, if it sees 'on' or 'off' it simply toggles a pin to on or off, if its 'status' it sense the light, and creates a file of answer.txt with 'yes' or 'no' as content
the app can look for the answer.txt, and depending on it being 'yes' or 'no', send a replay text with 'ok' or 'bring a spare bulb'
of course I dont have a lighthouse, but you see what i'm trying to achive with an android phone over the old working but unreliable T68i (I have a few of them about a dozen left I think, all have same firmware bug)
Wow. I hope you're not making anything dangerous. SMS text `cancel'. SMS text `bang'.
Seriously though, I'm 44. So respect to any middle-aged dudes in the house. :good:
Grant Barker said:
Wow. I hope you're not making anything dangerous. SMS text `cancel'. SMS text `bang'.
Seriously though, I'm 44. So respect to any middle-aged dudes in the house. :good:
Click to expand...
Click to collapse
Lol no its a replacement for a circuit that of all things originally started with a motorola startac and a relay across button '5' to dial help
I dont want to be too open about the 'final design' as I want to present it to the forum as a working prototype that others can copy/use and dont want beating to the finish etc.
I've put many years of work into this on and off, even bought 20 2nd hand phones for the 'beta test' which then 'cancelled' due to the phones not being able to be left on 24/7 without locking up, and i killed a few making them 'battery free' and some more making a reboot circuit that just pulled power which they didnt like happening too often, so I abandoned it till now, I now think I'm onto a winner with the new 'design'
I have a customer that has an Asus Vivo with Windows 8 RT, and somehow he has lost/forgotten his password. I am new to the Windows RT environment, thus I can see why people dislike it. I was wondering if there is anyway to mount the Tablet to a PC to back it up; a way to possibly reset the password with out resetting the whole device to factory defaults; for I am lost and have searched the web for ways to do so, but no one seems to have an answer. Any help or suggestions would be very much appreciated.
Thank You
Jamie
If it was set up using a Windows Live account (or "Microsoft account" as they're now called), just use the standard paswword reset function on the website.
If it was using a local account (possible but not a great idea on RT) then the best bet is Safe Mode (Shift+F8 during bootup; might be possible with a Touch or Type cover but probably easier via USB) and log in as Admin, then force a password reset of the account. Possibly useful info: http://www.howtogeek.com/107511/how-to-boot-into-safe-mode-on-windows-8-the-easy-way/
As a side note, resetting the whole device, if it was using a Microsoft account, is relatively painless; your apps will need to be re-installed but you won't be charged again, your email and such will need to re-download but should already be configured, all in all it's fairly straightforward. Now, if there's documents on the tablet that for whatever reason aren't anywhere else... that's a problem if you reset it. No way to pull the storage and mount it in another PC, either.
What's your beef with RT from what you've seen of it so far (which it sounds like probably consists of nothing but the boot screen and the login screen)? It's only meaningful distinction from full Win8 is the need for ARM-compiled apps and the restriction of third-party code, but the first is a fact of life for any ARM-powered tablet (damn near all of them until quite recently; still most of them) and the second is easy to bypass. From an administrative position (i.e. trying to reset a password) it's identical to Win7.
I appreciate the quick response. Unfortunately this is tablet was not setup with a Microsoft Account, but was setup with a Local User account.
The only way it seems you can get into the options for boot with this tablet is holding the shift key and restarting it while you are at the login screen. I have tried to hold shift and tap f8 at a fresh start-up and the tablet continues to boot to the login screen.
Now when I hold Shift and restart the tablet, it goes right to Choose an Option, then I click Troubleshoot > Advanced Options > and there all I have is Automatic Repair, Command Prompt (Which you can't use without logging in to the local user account), and Startup Settings.. Under Startup Settings the only options it has is: Enable low-resolutions video mode, Enable boot logging, Dissable Automatic Restart on system failure, and Disable early-launch anti-malware protection.. It seems to me that this Asus Tablet with Windows RT does not have safe mode..
Thank You,
Jamie
Windows RT doesn't support safemode. It's possible to get at with some BCD tweaks, but it's not very straightforward.
Actually, pretty easy to get to it just using msconfig (assuming you can boot into Windows first). The downside: no touchscreen drivers, no Touch Cover drivers, no support for many of the peripherals. You'll need a USB keyboard, and probably a USB hub and USB mouse as well. A less "minimal" configuration might work better.
If you think there's a reasonable chance you'll need Safe Mode in the future, I recommend adding a second boot option to the main boot list (just clone the default one) and configuring it for Safe Mode. That's probably the easiest way... but it has to be done proactively.
GoodDayToDie,
Where you say "Actually, pretty easy to get to it just using msconfig (assuming you can boot into Windows first)," what do you mean by "(assuming you can boot into Windows first)?" I can boot into windows, but I cannot login because my customer has forgot his password.
This is a reason why I have an issue with Windows 8 RT, for there is no Safe Mode by default.. Micorshaft seems to be like Apple, thus locking the OS down to where you do not have full capabilities to fix an issue with there OS. It is too bad that you cannot run typical diagnostic tools off of a disc, because of the Hardware that they chose for the tablets... Only if they would keep a traditional chipset for both Linux (android) and Microsoft (Windows 8 RT), you could do all that you could with x86 and 64bit architecture. They need to keep things simple and compatible, instead of using prioritized junk.
Sincerely,
Jamie
I mean "boot into an interactive Windows session". If you can't get past the login screen, *you* aren't really into Windows (the machine might be running it, when I said "you" I meant you, personally). That's as true for RT as for any other OS.
Out of curiosity, what would you do if the client came to you with a BitLocked laptop and said they forgot the password for that? Well, obviously you'd tell them to use the recovery key. But it turns out they ignored the advice of the BitLocker installer and never saved the recovery key anywhere. Not good, right? OK, now what if it was a smartphone, and they forgot the PIN? There's a policy in place from their employer that ten failed PIN attempts in a row will will wipe the device. Now what?
They're screwed. Just like your client is here.
Look, the default configuration of Safe Mode on x86 versions of Windows is a security liability. It's a trivilally exploitable direct-to-admin elevation of privileges... assuming you have physical access to the device. On desktops, and to a lesser extent on laptops, that's not really a concern; the assumption is that if the attacker has physical access, it's already game over. On tablets, that's much less true. Tablets are sealed devices; there's no easy way to get the hard drive (or rather, the flash memory chip) out of one. They're designed to be highly mobile, and to a certain extent are designed to be shared - certainly many of them are used at kiosks and the like. They're also both easy and attractive targets for theft. The threat model is very different.
On x86 versions of Windows, if you're concerned about a local-access attacker, you use BitLocker and you set a strong password on it. You also change the admin password, so even if somebody gets through BitLocker (or they got to your machine while it's running already), they can't trivially gain full control over it. That's because protecting against local attackers is not the expected level of protection needed, so it's not the default configuration.
On tablets, if you're *not* concerned about a local attacker, you might do things like enable Safe Mode (which, from a security perspective, is actually Unsafe Mode), or disable BitLocker key protectors (possible even if an Exchange policy forces you to turn BL on). Similarly, if you weren't worried about forgetting your password, you might use a local account and not bother to create a password reset disk (yeah, that's still possible. Nobody ever does it, but it's possible). That's because the most likely attack, by far, will be somebody who has stolen the whole device and therefore the default configuration is to provide whatever security which can be offered in the face of such a situation.
Apparently, if you are worried about local attackers but *aren't* worried about losing your password, and then you lose your password anyhow, the thing you do is go complain to an IT shop. The IT guy then comes and asks an online forum how to do his job. The forum gives him the help they can. The IT guy then rants about Microsoft when the help offered is "insufficient".
Here, pop quiz for you: Which of the following people is it the fault of that the customer can't access their account?
1) Microsoft, who provide at least five different ways to reset the password (online account, password reset disk, enabling the Admin account for normal login, creating a second Admin account, or enabling a Safe Mode boot option) plus allow you to have the tablet remember the password for you (auto-login) or use no password at all.
2) Myself and the other members of this forum, who are offering what help we can, unpaid, of our own free will, because we care enough about this OS that we'll help people adapt to it and hope for nothing more than a "thanks"?
3) You and any co-workers you might have, who despite doing this for a living, are unfamiliar with the security model of a new OS... but are willing to pile abuse on that OS and its developers when they close a security hole that you expected to find open?
4) Your customer, who ignored Microsoft's advice about using an online account (justifiable, but a nonetheless questionable decision given the intended use of RT) and also ignored or avoided good password management techniques (like using a hard-to-remember password without creating a way to change or reset it, and without writing it down anywhere)?
I'll give you a hint: it's not 1 or 2.
Oh, and you can totally run diagnostic tools. Hell, the tablet comes with a bunch of them built in, but you can also boot off USB. Yeah, they need to be compiled for ARM, but - as I just pointed out - Microsoft ships a suite of them with the tablet. They even include a tool that can solve an unrecoverably lost password: wipe the system and start again. On previous Windows versions, you'd probably to do a full re-install at that point! Think of the time saved. However, "login as admin without any password" (what the default configuration of Safe Mode allows) is *not* a diagnostic tool. It's a gaping security hole.
Also, Safe Mode is totally still available. However, much like logging in *all the time* using the built-in Administrator account (possible by default on XP and before, disabled by default on Vista and later), allowing anybody who wanted to to boot into a full-permission no-password (by default) account was deemed too dangerous on RT. I was suprised when I discovered Safe Mode missing from the RT boot menu as well... for about 5 minutes. Then the obvious reason for it clicked. I went and enabled Safe Mode on my tablet anyhow, because it *is* a potentially useful diagnostic tool... (although, since neither theTouch Cover nor touchscreen work in Safe Mode, it's actually really hard to use) but I also changed the Admin password, so for your use case it wouldn't do any good anyhow. That's OK; I have the ability to reset my own password if needed. Admittedly, MS could have taken care of this themselves by removing the ability to log into disabled accounts when using Safe Mode, instead of disablign the mode by default... but that wouldn't have done you any good either.
I think the tl;dr version of what GoodDayToDie said is as follows:
The fact that you can't get into this tablet isn't microsofts fault at all, its the customers fault for being a complete and utter moron who can't remember a password and completely ignored the fact that the windows 8/RT setup process really wants you to make an online account rather than a local one which if he had done wouldn't have left us in this position.
Safe mode is a total security liability. That's why in my school they have disabled safe mode and also password protected the bios which is setup so you can only boot from the hard disk. There is then a sensor on the case which triggers when the side panel is removed which then causes the bios to prompt for password just after the POST check on next boot. Stupidly they have soldered the screws down on some machines, hilarious watching them trying to get the machines open again, they sit there with dremels trying to cut new slots for another screw driver why they don't just remove the solder with the hot air guns and soldering irons in the workshops is beyond me.
You might be able to edit the bcd to enable safe mode, but I suspect that the tpm will fail checks and refuse to give the bitlocker key if you do that. I know it'll cause integrity checks to fail on x86/x64. If you have the bitlocker key then you can mount it in recovery and back up all the files, but you'll only have that if it's a registered ms account, or the owner went way out of his/her way to get it beforehand.
As ar as MS goes, this isn't their fault. This is your customer's fault and nobody elses. Getting rude and arguing won't solve anything. There is no real need for safe mode on RT, except for security exploits such as what you want.
I did put Safe Mode on my machine... it actually doesn't appear t upset BitLocke to do it, so long as I suspend BitLocker once, reboot, and re-enable it. The check for "has my boot process been messed with?" happens right before where you would get the boot screen. Booting an alternate option from the Windows bootloader doesn't appear to bother it at all.
GoodDayToDie said:
I did put Safe Mode on my machine... it actually doesn't appear t upset BitLocke to do it, so long as I suspend BitLocker once, reboot, and re-enable it. The check for "has my boot process been messed with?" happens right before where you would get the boot screen. Booting an alternate option from the Windows bootloader doesn't appear to bother it at all.
Click to expand...
Click to collapse
Bitlocker checks the state of the BCD before it releases the key. By suspending and restoring it you're saying that the new state is what it should be at. If you didn't suspend it and edited the BCD it should refuse to boot.