Hello,
I have an interesting project. My company does not use a BYOD setup for company devices, we actually purchase and deploy devices for our end users. This ensures that we have full control over the devices, how they are being used and allows for ease of support and Asset Tracking. I've always been a fan of Nexus devices simply because they are so clean out of the box (little/no bloatware). The latest generation also has the Finger Print sensor which will make using the devices much easier and more secure for our end users.
Now...we have around 250 devices in service (Galaxy S3's) that will need to be upgraded. I have been experimenting with the Nexus and I have been able to Unlock the bootloader, run a temporary Custom Recovery and take a Nandroid backup "image" of the device. This image has all of the software, settings and layout we need on the device. I then wiped everything out and restored the image successfully with only one issue...I can't figure out how to Relock the bootloader on the 5X without wiping out my loaded Nandroid image.
I've tried several ADB Commands, but they all show "Lock bootloader and factory reset phone". Is there a way to relock the bootloader without factory resetting the device? My Nandroid image was taken with stock Marshmallow.
Thanks!
ideaman924 said:
I'm pretty sure relocking the bootloader will automatically start the wiping process. No way around it, it's purely for made out of the bootloader.
You could always leave them unlocked though.
나의 Nexus 5X 의 Tapatalk에서 보냄
Click to expand...
Click to collapse
That's a massive security risk. If want your files, all I have to do is boot into the bootloader, flash twrp, boot from the bootloader to twrp, and all of your personal files are mine.
Sent from my Nexus 5X using Tapatalk
PiousInquisitor said:
That's a massive security risk. If want your files, all I have to do is boot into the bootloader, flash twrp, boot from the bootloader to twrp, and all of your personal files are mine.
Sent from my Nexus 5X using Tapatalk
Click to expand...
Click to collapse
Agreed, I don't want to leave them Unlocked for the reasons you outlined. Relocked, they will then be secured behind a Finger Print password. I found apps that could do this, but only for older Nexus models. I may be out of luck for the 5X/6P and imaging. I don't know of any other method of backup that is as all encompassing as Nandroid.
eggdashure said:
Agreed, I don't want to leave them Unlocked for the reasons you outlined. Relocked, they will then be secured behind a Finger Print password. I found apps that could do this, but only for older Nexus models. I may be out of luck for the 5X/6P and imaging. I don't know of any other method of backup that is as all encompassing as Nandroid.
Click to expand...
Click to collapse
you can leave the bootloader unlocked but still encrypt the userdata, which would keep the data secure (even with the pin request upon boot). if the phone was stolen, the recovery and bootloader could be accessed and thus the userdata could be wiped, but not unencrypted and accessed.
is this not sufficient for your needs?
2x4 said:
you can leave the bootloader unlocked but still encrypt the userdata, which would keep the data secure (even with the pin request upon boot). if the phone was stolen, the recovery and bootloader could be accessed and thus the userdata could be wiped, but not unencrypted and accessed.
is this not sufficient for your needs?
Click to expand...
Click to collapse
I believe flashing the factory images without wiping userdata would wipeout the security including the password protection. At that point you could load twrp and access the storage.
Sent from my Nexus 5X using Tapatalk
PiousInquisitor said:
I believe flashing the factory images without wiping userdata would wipeout the security including the password protection. At that point you could load twrp and access the storage.
Sent from my Nexus 5X using Tapatalk
Click to expand...
Click to collapse
As far as I know, Factory images would only affect the system partition. User data is separately encrypted, so the only way to access them is with the password regardless of the rom. You might not even be able to access the data if you flash another rom to system
2x4 said:
As far as I know, Factory images would only affect the system partition. User data is separately encrypted, so the only way to access them is with the password regardless of the rom. You might not even be able to access the data if you flash another rom to system
Click to expand...
Click to collapse
Indeed. I guess that unless the kernel or system are granted permission to read/write to the /data folder during boot then there probably isnt a way to get to your personal files while encrypted.
Maybe you can contact Google and depending on how many devices you want to purchase, they could set you up with a custom bootloader that could be re-locked.
Yeah, Termination requests are never a good thing!
With only 250 devices max, I doubt Google would do anything for us. Thanks for the thoughts and ideas everyone! Looks like we may be doing these by hand again. :crying:
https://play.google.com/store/apps/details?id=net.segv11.bootunlocker&hl=en
peachpuff said:
https://play.google.com/store/apps/details?id=net.segv11.bootunlocker&hl=en
Click to expand...
Click to collapse
Won't do what the OP wants. Even states so in the description.
Its just not possible at this time.
peachpuff said:
https://play.google.com/store/apps/details?id=net.segv11.bootunlocker&hl=en
Click to expand...
Click to collapse
From the app details:
"Nexus 6 and newer devices contain security measures in their bootloaders, connected with factory-reset protection. These measures make it very difficult to use root to lock/unlock the bootloader, and as a result it is unlikely that Nexus 6, Nexus 9, Nexus 5X and Nexus 6P will ever be supported."
Sent from my Nexus 5X using Tapatalk
Woops missed that part, thought that if it worked on my n5 it would work on other nexus' too. Damn google and its security...
Related
I am yet another victim to dead pixels and pretty bad screen bleed so I will be returning my Nexus 7 to Walmart and picking up a new one from OfficeMax.
Should I relock my bootloader and unroot or just format data and leave it up to Walmart? I assume they are just going to send it back to Asus. What are the chances that there will be any kind of trouble since my warranty is technically void since I unlocked the bootloader and rooted it.
Thanks ahead of time.
If it were me I would unroot it and relock the bootloader just to be safe.
Im looking to unroot mines as well but dont know where to get the files to flash back to stock through fastboot, any help is appreciated...thnx
nyjohn said:
Im looking to unroot mines as well but dont know where to get the files to flash back to stock through fastboot, any help is appreciated...thnx
Click to expand...
Click to collapse
stock system.img is here:
https://mega.co.nz/#!PBIiEbBJ!bKpdHxegOVlde12nsu_ulEyRq7UsANLLQab1IZjLIGc
"fastboot flash system system.img"
should do it i think
Nbsss said:
stock system.img is here:
https://mega.co.nz/#!PBIiEbBJ!bKpdHxegOVlde12nsu_ulEyRq7UsANLLQab1IZjLIGc
"fastboot flash system system.img"
should do it i think
Click to expand...
Click to collapse
Has anyone done this successfully?
rumatt said:
Has anyone done this successfully?
Click to expand...
Click to collapse
Me lol
I ended up restoring my device to stock everything, formatting data, and relocking my bootloader. Wasn't a problem at all returning it.
AFAIK Google has yet to release the stock image for the N7 2013.
danvee said:
AFAIK Google has yet to release the stock image for the N7 2013.
Click to expand...
Click to collapse
Yep, but a few minutes on Google or XDA search will yield you some images dumped from real-life Flo units, so you're good on that front for now.
cyberprodigy said:
I am yet another victim to dead pixels and pretty bad screen bleed so I will be returning my Nexus 7 to Walmart and picking up a new one from OfficeMax.
Should I relock my bootloader and unroot or just format data and leave it up to Walmart? I assume they are just going to send it back to Asus. What are the chances that there will be any kind of trouble since my warranty is technically void since I unlocked the bootloader and rooted it.
Thanks ahead of time.
Click to expand...
Click to collapse
Always do your own data formatting to be on the safe side. It's not like companies will maliciously steal your data, but mistakes happen and people can be careless. With Nexus devices, by the way, your warranty is basically protected so long as you go back to stock.
Rirere said:
Yep, but a few minutes on Google or XDA search will yield you some images dumped from real-life Flo units, so you're good on that front for now.
Click to expand...
Click to collapse
Is it a true system image? A true system image will overwrite or recreate all partitions. IDK if these will do that...
danvee said:
Is it a true system image? A true system image will overwrite or recreate all partitions. IDK if these will do that...
Click to expand...
Click to collapse
...a true system image will do no such thing. You do know what an image is, right? It's an exact copy of the state of storage media at the time of the image's creation. If you flash any image-- stock, modified, whatever-- it will overwrite whatever you tell it to overwrite.
You're mixing up the images with the flash-all script Google is nice and includes for you in their downloads.
rumatt said:
Has anyone done this successfully?
Click to expand...
Click to collapse
I just did it because I'm sending both my original with all the screen issues (backlight bleeding, dead pixels) along with the "replacement" that was on the charger for about three hours and then decided to up and die all together back for a refund. The image flashed just fine so the device is now relocked and hopefully I can get my money back.
joshtheitguy said:
I just did it because I'm sending both my original with all the screen issues (backlight bleeding, dead pixels) along with the "replacement" that was on the charger for about three hours and then decided to up and die all together back for a refund. The image flashed just fine so the device is now relocked and hopefully I can get my money back.
Click to expand...
Click to collapse
question....if you're rooted on stock ROM and just relock the bootloader....doesn't that wipe everything anyway? isn't that a security feature of unlocking and relocking the bootloader? or will it retain root.
Ed 115 said:
question....if you're rooted on stock ROM and just relock the bootloader....doesn't that wipe everything anyway? isn't that a security feature of unlocking and relocking the bootloader? or will it retain root.
Click to expand...
Click to collapse
It only wipes it when you unlock so locking it after changing anything will give you a device with a locked boot loader in the condition it was when you relocked it.
Factory images have been released by the way...
Sent from my Nexus 10 using Tapatalk 4
I've just upgraded to 4.4 here on my Nexus 7 which has broken Kingsoft office which I require for my work.
Whilst I wait for a fix from Kingsoft, is there any way to roll back to 4.3 without voiding my warranty?
Thanks in advance.
Try quick office. It's free and works fine.
If you still want to roll back, you can do without voiding warranty
Download the one click factory restore from here
http://liciousroms.com/nexus7Gen2_restore.html
and some instructions and info here
http://forum.xda-developers.com/showthread.php?t=2381582
also your bootloader needs to unlocked for it to work and you will lose your data if you unlock the bootloader now.
There might be better options though. Wait for someone more knowledgeable to reply.
littleromeo said:
Try quick office. It's free and works fine.
If you still want to roll back, you can do without voiding warranty
Download the one click factory restore from here
http://liciousroms.com/nexus7Gen2_restore.html
and some instructions and info here
http://forum.xda-developers.com/showthread.php?t=2381582
also your bootloader needs to unlocked for it to work and you will lose your data if you unlock the bootloader now.
There might be better options though. Wait for someone more knowledgeable to reply.
Click to expand...
Click to collapse
Thanks for that. The reason I need to use Kingsoft is because I need the data validation function on the spreadsheets with drop down boxes for what's allowed.
Cheers
mattburley said:
I've just upgraded to 4.4 here on my Nexus 7 which has broken Kingsoft office which I require for my work.
Whilst I wait for a fix from Kingsoft, is there any way to roll back to 4.3 without voiding my warranty?
Click to expand...
Click to collapse
You can rollback to 4.3 system software however if you try to keep your user data your system will hang at boot. If you have a backup of your 4.3 user data then that is not a big deal. Alternatively if you wipe data factory reset from recovery that will get things working again.
You do need to unlock your bootloader and flash the factory images though.
sfhub said:
You can rollback to 4.3 system software however if you try to keep your user data your system will hang at boot. If you have a backup of your 4.3 user data then that is not a big deal. Alternatively if you wipe data factory reset from recovery that will get things working again.
You do need to unlock your bootloader and flash the factory images though.
Click to expand...
Click to collapse
Thanks both.
So if I follow the instructions on http://forum.xda-developers.com/showthread.php?t=2381582 I should be OK? Or do I need to unlock the bootloader? If so how do I do that?
Cheers
mattburley said:
Thanks both.
So if I follow the instructions on http://forum.xda-developers.com/showthread.php?t=2381582 I should be OK? Or do I need to unlock the bootloader? If so how do I do that?
Cheers
Click to expand...
Click to collapse
You need to have the bootloader unlocked to flash anything unsigned. Currently the only thing Google sends out that is signed are the OTAs. There is no OTA from KRT16S/O back to JSS15*, so your only option is to use a factory restore. Since the factory restores shipped so far are not signed, you need to unlock bootloader.
You can unlock the bootloader here:
http://forum.xda-developers.com/showthread.php?t=2379618
During the process of unlocking bootloader, the system will wipe your userdata and sdcard for security reasons.
The post you reference assumes your bootloader is already unlocked.
So, you got two options left.
You need to unlock the bootloader under both methods. Remember it wipes user data completely.
After unlocking you can either flash the factory image for 4.3 or use the one click factory restore.
Personally I feel one click factory restore is easier
littleromeo said:
So, you got two options left.
You need to unlock the bootloader under both methods. Remember it wipes user data completely.
After unlocking you can either flash the factory image for 4.3 or use the one click factory restore.
Personally I feel one click factory restore is easier
Click to expand...
Click to collapse
If the bootloader is already unlocked, could I revert to 4.3 without losing data ?
lapocompris said:
If the bootloader is already unlocked, could I revert to 4.3 without losing data ?
Click to expand...
Click to collapse
Yes, but I may be mistaken but unlocking the boot loader may constitute as voiding the warranty as well.
You would have to unlock it, which will wipe, downgrade to 4.3, then relock it to make it look stock.
Thanks guys I'm back on 4.3. How do I re-lock the boot loader?
Matt
lapocompris said:
If the bootloader is already unlocked, could I revert to 4.3 without losing data ?
Click to expand...
Click to collapse
You can get back to the 4.3 ROM w/o wiping user data (as a result of the unlock)
However the 4.3 ROM will not boot (will hang at X animation) with your user data once the 4.4 upgrade process has completed on your user data, so you will probably end up wiping user data anyway to get the boot to complete.
---------- Post added at 12:26 PM ---------- Previous post was at 12:25 PM ----------
mattburley said:
Thanks guys I'm back on 4.3. How do I re-lock the boot loader?
Matt
Click to expand...
Click to collapse
Boot to bootloader (Power+VolDown)
in command prompt in your SDKs platform-tools directory
fastboot oem lock
Unlike unlocking, you will NOT have to wipe user data when locking.
Locking just sets a flag so it is very fast.
However, I would leave it unlocked if I were you and you are not selling it or getting warranty work done. If you ever need to unlock again you are going to be in the same boat of losing all of your data.
Rick
mattburley said:
I've just upgraded to 4.4 here on my Nexus 7 which has broken Kingsoft office which I require for my work.
Whilst I wait for a fix from Kingsoft, is there any way to roll back to 4.3 without voiding my warranty?
Thanks in advance.
Click to expand...
Click to collapse
latest version is compatible with kitkat
Let me ask a question. I've got my bootloader unlocked and I've downloaded the stock 4.3.2 from the Google Developer's site. If I don't want to do the one click restore can someone point me in the right direction for a good step by step? I've looked at a couple of different ones but none looked right or I'm not reading things correctly. To be honest I can't find the one I read from a couple of days ago. It addresses dealing with the tarball you get when you download the image from Google, but I'm really really bad about not using bookmarks. So I'm kinda stuck at this point now. Thanks in advanced.
Found it
Is it ok to pay bills, check bank account etc on a device that's unlocked and rooted? Or once you do that to the device you loose all security?
Thanks
Sent from my Pixel XL using XDA-Developers Legacy app
jblack41510 said:
Is it ok to pay bills, check bank account etc on a device that's unlocked and rooted? Or once you do that to the device you loose all security?
Thanks
Sent from my Pixel XL using XDA-Developers Legacy app
Click to expand...
Click to collapse
I wouldn't do it, at least not outside my home wifi. Your bank probably has certain protections but your data is exposed if you lose the device or it gets stolen. That being said, I have done it with no untoward effects, but that was before hacking became so prevalent. Be curious to see what others have to say.
So it's only really a threat if I loose my device?
Is there any security issue using while in possession of the device?
Sent from my Pixel XL using XDA-Developers Legacy app
jblack41510 said:
So it's only really a threat if I loose my device?
Is there any security issue using while in possession of the device?
Click to expand...
Click to collapse
Root is not an additional threat if you lose your phone. If you lose your phone to a pro you are toast, root or not. If they are not a pro root makes zero difference. Assuming you have a pin password on the phone. If you don't you are of course toast.
The danger of root is you. If you muck it up by installing unknown software, turning off encryption, stuff like that...that is where you will get in trouble.
Thanks for the reply
I know what can happen if I loose the phone. My main concern is the phones security while in my possession.
So as long as I don't install unknown software and apps while unlocked and rooted, then my information should be just as safe as if I wasn't unlocked and rooted?
I do have a few apps I have Installed from unknown sources that I use. Mostly the popular ones... Adaway and viper4andriod.
Do any of these security apps like cm, Norton, bitdefender etc. really work?
Sent from my Pixel XL using XDA-Developers Legacy app
jblack41510 said:
Thanks for the reply
I know what can happen if I loose the phone. My main concern is the phones security while in my possession.
So as long as I don't install unknown software and apps while unlocked and rooted, then my information should be just as safe as if I wasn't unlocked and rooted?
I do have a few apps I have Installed from unknown sources that I use. Mostly the popular ones... Adaway and viper4andriod.
Do any of these security apps like cm, Norton, bitdefender etc. really work?
Sent from my Pixel XL using XDA-Developers Legacy app
Click to expand...
Click to collapse
I've always been rooted and I use banking and pay apps on occasion, I mean all this is anecdotal so take it with a grain of salt because we can't predict the future of what exploits bring and no one knows your habits when it comes to mobile devices.
I dont put a lot of stake in to those apps you mentioned, they make money off of fear.
Keep your device up to date, don't download programs you are uncertain of, make sure you have a lock screen and pattern. At this point its a difference of 6 or 7 pad locks on the front door.
V
jblack41510 said:
Thanks for the reply
I know what can happen if I loose the phone. My main concern is the phones security while in my possession.
So as long as I don't install unknown software and apps while unlocked and rooted, then my information should be just as safe as if I wasn't unlocked and rooted?
I do have a few apps I have Installed from unknown sources that I use. Mostly the popular ones... Adaway and viper4andriod.
Do any of these security apps like cm, Norton, bitdefender etc. really work?
Click to expand...
Click to collapse
I dont consider those apps to be unknown. They come from here, have been around forever and are very popular. Adaway was on the store until Google changed the rules.
Based on what you are doing you are fine..
And I agree with thw poster above, the commercial security programs are next to useless.
And keep your phone up to date. A phone not up to date on security patches scares me far more than a rooted phone.
Do your thing you are fine.
TonikJDK said:
Root is not an additional threat if you lose your phone. If you lose your phone to a pro you are toast, root or not. If they are not a pro root makes zero difference. Assuming you have a pin password on the phone. If you don't you are of course toast.
The danger of root is you. If you muck it up by installing unknown software, turning off encryption, stuff like that...that is where you will get in trouble.
Click to expand...
Click to collapse
How are you toast with a locked bootloader, pin startup? Pro or not. Unlocked bl, flash without data wipe -w, and data is exposed. Most don't use a startup pin. I'm not questioning your knowledge just looking for the explanation.
Sent from my Pixel using XDA-Developers Legacy app
bobby janow said:
How are you toast with a locked bootloader, pin startup? Pro or not. Unlocked bl, flash without data wipe -w, and data is exposed. Most don't use a startup pin. I'm not questioning your knowledge just looking for the explanation.
Click to expand...
Click to collapse
What do you mean most don't use a start up pin? You set a pin/pattern period and the device is encrypted.
That means even if I flash factory without the -w my device won't let me in without me using my pin or pattern. Maybe I am missing some thing? Of course I flash this thing at least once every 60 days and I have literally had the same pin since my first boot up when it encrypted the file system.
Even of you reset the device unless you have the email for the original owner you can't get in.
I should have been more clear when I said 'pro'. I mean a real pro. Hackers got into a locked iPhone in the San Bernardo shooter case. Those same hackers took a run at Android and found a way to hijack an MDM system and remotely reset the pin. None of us need to worry about those kinds of attacks if we lose our phone, but the bottom line is that if you lose physical control of any device, phone, computer, tablet, your data is toast if the right person takes a run at it.
pcriz said:
What do you mean most don't use a start up pin? You set a pin/pattern period and the device is encrypted.
That means even if I flash factory without the -w my device won't let me in without me using my pin or pattern. Maybe I am missing some thing? Of course I flash this thing at least once every 60 days and I have literally had the same pin since my first boot up when it encrypted the file system.
Even of you reset the device unless you have the email for the original owner you can't get in.
Click to expand...
Click to collapse
I'm not 100% on this so bear with me. I was under the assumption that with an unlocked bootloader FRP (factory reset protection) was non functional. By startup pin I meant there is an option when setting a pin to either have it ask for the pin before anything at all happens and one to get into the device once it boots up. Most people use the latter but not the former because it's a pain. Personally, I set both with a locked bootloader so I'm pretty much in the clear. But with an unlocked bootloader and no startup pin (vs login pin) it's my understanding that you are wide open to data theft if you device is stolen.
---------- Post added at 07:16 AM ---------- Previous post was at 07:11 AM ----------
TonikJDK said:
I should have been more clear when I said 'pro'. I mean a real pro. Hackers got into a locked iPhone in the San Bernardo shooter case. Those same hackers took a run at Android and found a way to hijack an MDM system and remotely reset the pin. None of us need to worry about those kinds of attacks if we lose our phone, but the bottom line is that if you lose physical control of any device, phone, computer, tablet, your data is toast if the right person takes a run at it.
Click to expand...
Click to collapse
That I agree with. Although banking apps will ask for verification from an unknown IP address or device. The hackers that got into a locked iPhone were paid millions by us. (the government) I doubt that if your bootloader is locked and the device is lost those same hackers will be paid that kind of money for your pics of the wife and kids. But once again, I was under the assumption that unlocked the task is much, much easier.
bobby janow said:
I'm not 100% on this so bear with me. I was under the assumption that with an unlocked bootloader FRP (factory reset protection) was non functional. By startup pin I meant there is an option when setting a pin to either have it ask for the pin before anything at all happens and one to get into the device once it boots up. Most people use the latter but not the former because it's a pain. Personally, I set both with a locked bootloader so I'm pretty much in the clear. But with an unlocked bootloader and no startup pin (vs login pin) it's my understanding that you are wide open to data theft if you device is stolen.
Click to expand...
Click to collapse
So when I set up my device out the box there was no options to change frp, it asks if you want to set up a finger print and when you click yes it prompts for either a pin or pattern first.
There is no option for start up pin. Once you have a pin or pattern the device is encrypted. As per Google's policy once that happens, unless I remove the pin every power up requires a pin, if you don't use your device for say like 8 hours it requires a pin, otherwise it's a finger print.
No where can I set the pin not to activate upon boot. You either have a pin/pattern or you don't have one.
You can flash this thing all day but without my pattern you aren't getting in and I have been unlocked and rooted since November.
FRP is currently unbeatable unlocked or not. Other than the aforementioned 'pros' I guess.
There is no boot pin on Android, but there is a 'Sim Lock' that you can turn on. It is in the security settings and keeps your phone from connecting to the internet or doing much of anything until you enter it after a reboot. Alarms and so on will not work either. Even with a fingerprint set, when you reboot you still have to enter the pin.
pcriz said:
So when I set up my device out the box there was no options to change frp, it asks if you want to set up a finger print and when you click yes it prompts for either a pin or pattern first.
There is no option for start up pin. Once you have a pin or pattern the device is encrypted. As per Google's policy once that happens, unless I remove the pin every power up requires a pin, if you don't use your device for say like 8 hours it requires a pin, otherwise it's a finger print.
No where can I set the pin not to activate upon boot. You either have a pin/pattern or you don't have one.
You can flash this thing all day but without my pattern you aren't getting in and I have been unlocked and rooted since November.
Click to expand...
Click to collapse
Ok, I have 2 devices, a 5x and a Pixel and I use them both. On the 5x (Android O, locked bootloader) when I am asked to enter a PIN then the question is, " You can further protect this device by requiring your PIN before it starts up. ... Require PIN to start your device?" That is different than after you startup. I don't think on (7.1.2) the Pixel that question is asked.
Nonetheless, if you unlock the bootloader and have root (obviously I can't test this) can you flash a factory image with the -w and get in without your pin? What if you flash an image without the -w switch? Without FRP protection, as with an unlocked bootloader, don't you feel your device is less secure whether it be copying your data via adb or allowing the device to be used in case of theft or loss? Now perhaps I drank the Koolaid, but I know that if I ever lose either of my devices they are totally useless to the next person. Can you say the same thing?
---------- Post added at 07:42 AM ---------- Previous post was at 07:39 AM ----------
TonikJDK said:
FRP is currently unbeatable unlocked or not. Other than the aforementioned 'pros' I guess.
There is no boot pin on Android, but there is a 'Sim Lock' that you can turn on. It is in the security settings and keeps your phone from connecting to the internet or doing much of anything until you enter it after a reboot. Alarms and so on will not work either. Even with a fingerprint set, when you reboot you still have to enter the pin.
Click to expand...
Click to collapse
Are you sure FRP is usable with an unlocked bootloader?
edit: I was referring to this article: http://www.androidpolice.com/2015/0...evice-protection-feature-and-how-do-i-use-it/
I just reread it and they have edited it about midway through the article. It does seem that unlocking the bootloader will not disable FRP although there are conflicting reports. Now what about root? lol
bobby janow said:
Ok, I have 2 devices, a 5x and a Pixel and I use them both. On the 5x (Android O, locked bootloader) when I am asked to enter a PIN then the question is, " You can further protect this device by requiring your PIN before it starts up. ... Require PIN to start your device?" That is different than after you startup. I don't think on (7.1.2) the Pixel that question is asked.
Nonetheless, if you unlock the bootloader and have root (obviously I can't test this) can you flash a factory image with the -w and get in without your pin? What if you flash an image without the -w switch? Without FRP protection, as with an unlocked bootloader, don't you feel your device is less secure whether it be copying your data via adb or allowing the device to be used in case of theft or loss? Now perhaps I drank the Koolaid, but I know that if I ever lose either of my devices they are totally useless to the next person. Can you say the same thing?
---------- Post added at 07:42 AM ---------- Previous post was at 07:39 AM ----------
Are you sure FRP is usable with an unlocked bootloader?
edit: I was referring to this article: http://www.androidpolice.com/2015/0...evice-protection-feature-and-how-do-i-use-it/
I just reread it and they have edited it about midway through the article. It does seem that unlocking the bootloader will not disable FRP although there are conflicting reports. Now what about root? lol
Click to expand...
Click to collapse
You have two paths. You flash firmware and get presented with the initial setup screen. You will get to a point where you have to log in with the last email used in the device. Unless you have my email and password you get no further.
Otherwise the device will boot to lock screen requesting your PIN. Please explain to me how you get around this? Adb is setup to only work on my machine and you can't revoke creditentials without being in the OS.
I don't know how many different ways to say it, I guess my question is can you detail a way someone can use my device if I lose it?
pcriz said:
You have two paths. You flash firmware and get presented with the initial setup screen. You will get to a point where you have to log in with the last email used in the device. Unless you have my email and password you get no further.
Otherwise the device will boot to lock screen requesting your PIN. Please explain to me how you get around this? Adb is setup to only work on my machine and you can't revoke creditentials without being in the OS.
I don't know how many different ways to say it, I guess my question is can you detail a way someone can use my device if I lose it?
Click to expand...
Click to collapse
I don't know but I'm not a hacker nor have I researched it. So you are implying that even flashing a custom rom you cannot get into the device without a Google password? I find that intriguing to say the least. No custom roms bypass FRP?
My question to you is do you feel as safe with an unlocked bootloader as you would with it locked?
bobby janow said:
I don't know but I'm not a hacker nor have I researched it. So you are implying that even flashing a custom rom you cannot get into the device without a Google password? I find that intriguing to say the least. No custom roms bypass FRP?
My question to you is do you feel as safe with an unlocked bootloader as you would with it locked?
Click to expand...
Click to collapse
If a custom recovery can't bypass the encryption why would a rom be any different. Not to mention you cannot flash a rom without getting into twrp, twrp cannot decrypt the file system without a pin or pattern. I feel even safer because rooted I can utilize apps that can work to protect me at the system level. I can block ads at the system level.
Its like saying you have a door with 5 padlocks, but wouldnt you feel safer with six?
I'd feel safer not using a mobile phone at all but here we are.
pcriz said:
If a custom recovery can't bypass the encryption why would a rom be any different. Not to mention you cannot flash a rom without getting into twrp, twrp cannot decrypt the file system without a pin or pattern. I feel even safer because rooted I can utilize apps that can work to protect me at the system level. I can block ads at the system level.
Its like saying you have a door with 5 padlocks, but wouldnt you feel safer with six?
I'd feel safer not using a mobile phone at all but here we are.
Click to expand...
Click to collapse
That's another story for another day, but I do agree. I can't test any of this, but from days long ago wasn't there a way to boot twrp, go into file manager and delete some files or copy them? Also on a quick search there are a couple of ways to bypass FRP which I will not describe or link to here. And with an unlocked bootloader you can flash any factory image that has the exploit still unpatched.
I guess I just don't see why an unlocked bootloader is such a plus these days. I know you need it for root, but other than ad blocking (which I still get with dns66 unrooted) why allow a hacker to "possibly" compromise your system? I don't know, perhaps I'm getting old and slightly tired of flashing. Needless to say, this is an interesting conversation and certainly thought provoking.
bobby janow said:
That's another story for another day, but I do agree. I can't test any of this, but from days long ago wasn't there a way to boot twrp, go into file manager and delete some files or copy them? Also on a quick search there are a couple of ways to bypass FRP which I will not describe or link to here. And with an unlocked bootloader you can flash any factory image that has the exploit still unpatched.
I guess I just don't see why an unlocked bootloader is such a plus these days. I know you need it for root, but other than ad blocking (which I still get with dns66 unrooted) why allow a hacker to "possibly" compromise your system? I don't know, perhaps I'm getting old and slightly tired of flashing. Needless to say, this is an interesting conversation and certainly thought provoking.
Click to expand...
Click to collapse
There is also the story where Google paid a group of hackers 50 grand when they ran an exploit on a bootloader locked device that allowed them access to data on it. So even given that scenario with a locked bootloader and them not even having to touch the device, they were able access information on it.
Furthermore this is a doomsday scenario of one someone has to have my device, two they have to have the know how, 3 an image that can bypass the security checks that exist outside of the rom that is still allowed to boot without setting off tamper flags.
Also as far as removing files using twrp, again it cannot decrypt the filesystem without pin pattern so when you view the files in the twrp browser they are a bunch of folders with gibberish names and any attempt to make changes fails.
Not unlocking your bootloader is a choice. But let's not pretend that you open yourself up to a world of stolen data and exploits by unlocking it and rooting. That's the kind of scare tactics apps like AVG use to scare people into downloading them and paying for protection that is only good if you don't get attacked at the system level.
I saw the same links for frp bypass but here is the catcher. Unless fastboot is how they are passing it, they can just as easily do it on any device. Not just the bootloader unlocked ones.
pcriz said:
There is also the story where Google paid a group of hackers 50 grand when they ran an exploit on a bootloader locked device that allowed them access to data on it. So even given that scenario with a locked bootloader and them not even having to touch the device, they were able access information on it.
Furthermore this is a doomsday scenario of one someone has to have my device, two they have to have the know how, 3 an image that can bypass the security checks that exist outside of the rom that is still allowed to boot without setting off tamper flags.
Also as far as removing files using twrp, again it cannot decrypt the filesystem without pin pattern so when you view the files in the twrp browser they are a bunch of folders with gibberish names and any attempt to make changes fails.
Not unlocking your bootloader is a choice. But let's not pretend that you open yourself up to a world of stolen data and exploits by unlocking it and rooting. That's the kind of scare tactics apps like AVG use to scare people into downloading them and paying for protection that is only good if you don't get attacked at the system level.
I saw the same links for frp bypass but here is the catcher. Unless fastboot is how they are passing it, they can just as easily do it on any device. Not just the bootloader unlocked ones.
Click to expand...
Click to collapse
Yes, it was in fastboot (I'm pretty sure) and only on an unlocked bootloader of which I'm sure. If the exploit does indeed work then a locked bootloader would be the protection and an unlocked one would mean those padlocks you have are useless. But that's a big "if" and I'm not about to try it. I'm not of the mindset that my data is protected even locked. Bottom line don't lose the device to a person in the know.
I still feel better having a locked bootloader as no one can do anything with my device no matter their skill levels. I just call, blacklist the IMEI, and scrounge up some money for a replacement with no worries. Besides, I use AP all the time and I'm not about to jump through hoops after each Google server update to get it to work again with hiding root. But that is just a personal preference and not really part of this discussion.
As for TWRP, I do remember that there was a way to delete a couple of .key files in order to remove the need to use a password. But that was some time ago before all this security stuff went into effect I believe. But as to the OP question, I believe there is more danger with an unlocked bootloader and root than without. However, if you need root for some reason just make sure you know what you are doing before you do it.
I have a Pixel XL runing Android 8.0 beta. I restarted my phone and it asks for a passord. I don't know the password and was wondering what is the best way to recover it?
Thanks in advance.
rschonfelder said:
I have a Pixel XL runing Android 8.0 beta. I restarted my phone and it asks for a passord. I don't know the password and was wondering what is the best way to recover it?
Thanks in advance.
Click to expand...
Click to collapse
If you're bootloader is unlocked temp boot into twrp. Delete locksettings.db. That will get you in. Then just create a new pin.
If you didn't create a password in the first place and aren't using a stolen phone you should contact Pixel Support and see if there is a default password the phone might have set up but I haven't heard of that happening to anyone who was on stock and not using a custom recovery. If you are using a custom recovery and are rooted then the previous suggestion might work but I'm pretty sure you need to have root access to get to that file.
jhs39 said:
If you didn't create a password in the first place and aren't using a stolen phone you should contact Pixel Support and see if there is a default password the phone might have set up but I haven't heard of that happening to anyone who was on stock and not using a custom recovery. If you are using a custom recovery and are rooted then the previous suggestion might work but I'm pretty sure you need to have root access to get to that file.
Click to expand...
Click to collapse
You don't need root. Just need an unlocked bootloader.
toknitup420 said:
You don't need root. Just need an unlocked bootloader.
Click to expand...
Click to collapse
To delete the password file? I would have thought for security reasons that would be placed in the root directory. No wonder Google flashes a warning on its phones that your phone is not secure when the bootloader is unlocked--it really isn't. According to you if anyone steals your phone and you have the bootloader unlocked they can easily bypass any password, pin or fingerprint requirement you set up by simply deleting a file. If that's actually true there's a giant easily exploitable flaw with Android security.
jhs39 said:
To delete the password file? I would have thought for security reasons that would be placed in the root directory. No wonder Google flashes a warning on its phones that your phone is not secure when the bootloader is unlocked--it really isn't. According to you if anyone steals your phone and you have the bootloader unlocked they can easily bypass any password, pin or fingerprint requirement you set up by simply deleting a file. If that's actually true there's a giant easily exploitable flaw with Android security.
Click to expand...
Click to collapse
Yeah they have to physically take you're phone and know how to boot it to twrp to do it though. And based on these threads I see on here everyday. There's no chance of that happening.
rschonfelder said:
I have a Pixel XL runing Android 8.0 beta. I restarted my phone and it asks for a passord. I don't know the password and was wondering what is the best way to recover it?
Thanks in advance.
Click to expand...
Click to collapse
Did you find the phone somewhere or is it yours legitimately? Are you trying to break into another device to get information off it? If you're honest about your intentions you really should explain accurately.
If it's a startup pin you can't bypass that. I hope for owner's sake the bootloader is locked including you if it's yours.
Sent from my Pixel using XDA-Developers Legacy app
toknitup420 said:
Yeah they have to physically take you're phone and know how to boot it to twrp to do it though. And based on these threads I see on here everyday. There's no chance of that happening.
Click to expand...
Click to collapse
People who have posted on XDA in the past have seemed very likely to be phone thieves trying to get information about bypassing security on a locked phone so I wouldn't underestimate a phone thief. It's not like XDA is hard to find or a secret.
jhs39 said:
People who have posted on XDA in the past have seemed very likely to be phone thieves trying to get information about bypassing security on a locked phone so I wouldn't underestimate a phone thief. It's not like XDA is hard to find or a secret.
Click to expand...
Click to collapse
That's not what I meant at all. Lol. I was being a wise ass regarding all the people that on xda that can't get twrp working. I dunno if you look in the Q&A section all that often but it's riddled with people that can't get things working on this phone. It was merely a facsicous comment. On a more serious note. The ability to remove the pin from an unlocked phone is nothing more than the fault of the person who owns the phone. Not a security flaw from Google. You're bootloader doesn't come unlocked stock, and if you have a pin with a locked bootloader then you needn't worry.
toknitup420 said:
That's not what I meant at all. Lol. I was being a wise ass regarding all the people that on xda that can't get twrp working. I dunno if you look in the Q&A section all that often but it's riddled with people that can't get things working on this phone. It was merely a facsicous comment. On a more serious note. The ability to remove the pin from an unlocked phone is nothing more than the fault of the person who owns the phone. Not a security flaw from Google. You're bootloader doesn't come unlocked stock, and if you have a pin with a locked bootloader then you needn't worry.
Click to expand...
Click to collapse
I misinterpreted your comment then but a lot of people on XDA obviously like to flash their phones and on the Nexus 6P thread you were told by the person who wrote the flashing guides that the absolute first thing you should do with that phone when you got it was to unlock the bootloader. As for getting TWRP to work on the Pixel a lot of experienced flashers including myself have found it challenging to get TWRP to work on this particular phone. Google didn't make Pixels easy to flash on--particularly compared with their earlier Nexus devices. That said I honestly had no idea unlocking the bootloader made the phone that insecure so I sincerely thank you for the heads up.
huh
toknitup420 said:
If you're bootloader is unlocked temp boot into twrp. Delete locksettings.db. That will get you in. Then just create a new pin.
Click to expand...
Click to collapse
Don't you need the pin to even get into TWRP to delete the file?
Raegoul said:
Don't you need the pin to even get into TWRP to delete the file?
Click to expand...
Click to collapse
Ah yes I forgot about this. This trick only works on decrypted devices. Decrypted devices don't require a password or pattern to enter twrp. Pixel is encrypted by default so yes you would need the password in order to access twrp. GLO. I completely forgot about that.
toknitup420 said:
If you're bootloader is unlocked temp boot into twrp. Delete locksettings.db. That will get you in. Then just create a new pin.
Click to expand...
Click to collapse
Won't it ask for the password when op starts twrp. And if op doesn't have it it cannot decrypt the file system to delete the file you mentioned.
Edit:
NVM saw someone mentioned it
No offense to the OP, but I'm going to call it and say we probably shouldn't be saying anymore. I have never heard of someone setting up their device and then not knowing what their password is. Not saying it's not possible, but if you're on XDA, with a Pixel device on Android O, that means; a) you flashed it and should know your way around some key things on Android, b) you stole the phone, or c) you're trying to break into your significant other's device, and last but not least d) you bought it on Swappa or Cracklist or wherever and the seller didn't wipe it.
People forget their passwords ALL the time... ask my lady if you want!
Erikbronx said:
People forget their passwords ALL the time... ask my lady if you want!
Click to expand...
Click to collapse
Buy her a pen and a pad. No excuses in this day and age.
Sent from my Pixel using XDA-Developers Legacy app
Can't you just go to google.com/android/devicemanager and log in with your google account and unlock it there?
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Update: I have returned my device to Google and they processed a replacement
i am just curious, how were planning on flashing a rom with locked bootloader?
ram4ufriends said:
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Click to expand...
Click to collapse
Yea, I think you may have turned it into a fancy paperweight. Been there, done that. You should have waited to uncheck OEM unlocking until after you locked the bootloader, which wiped your phone. About the only thing I can suggest is to try and run Deuces script to see if you can rescue your device. Best of luck to you.
https://forum.xda-developers.com/pi...ol-deuces-bootloop-recovery-flashing-t3704761
ram4ufriends said:
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Click to expand...
Click to collapse
Sorry for your loss, but you indeed have a fancy paperweight.
However I wonder if there isnt the QCom USB mode or something like that that exist on older devices, where you can access the phone partitions at a lower level and then restore whatever partitions is broken.
Paradoxxx said:
Sorry for your loss, but you indeed have a fancy paperweight.
However I wonder if there isnt the QCom USB mode or something like that that exist on older devices, where you can access the phone partitions at a lower level and then restore whatever partitions is broken.
Click to expand...
Click to collapse
With the new partitioning no idea if it still works. But OP has nothing to loose anyway i guess.
gee2012 said:
With the new partitioning no idea if it still works. But OP has nothing to loose anyway i guess.
Click to expand...
Click to collapse
Yeah at that point... Not sure what is Google saying about that. Maybe RMA it ?
Saying something like that should work.
"I was using my device, and suddenly it froze and nothing responded. It suddenly rebooted and shown this error message."
gee2012 said:
With the new partitioning no idea if it still works. But OP has nothing to loose anyway i guess.
Click to expand...
Click to collapse
Sorry didn't get, What do you mean by OP has nothing to loose?
Badger50 said:
Yea, I think you may have turned it into a fancy paperweight. Been there, done that. You should have waited to uncheck OEM unlocking until after you locked the bootloader, which wiped your phone. About the only thing I can suggest is to try and run Deuces script to see if you can rescue your device. Best of luck to you.
https://forum.xda-developers.com/pi...ol-deuces-bootloop-recovery-flashing-t3704761
Click to expand...
Click to collapse
How did you recover your devices from that state earlier when you did the same thing?
ram4ufriends said:
Sorry didn't get, What do you mean by OP has nothing to loose?
Click to expand...
Click to collapse
since your phone is now essentially a brick, you can try just about anything without worry of bricking your phone.
ram4ufriends said:
I was on 8.1 with Flash Kernel installed using images...I wanted to get back to stock...so unchecked OEM Unlocking in Developer Options, went to bootloader and locked bootloader using fastoboot flashing lock..and now I am getting "Can't find valid operating system. The device will not start". I can't unlock the bootloader now as I unchecked OEM unlocking in Developer Options and can't flash factory images also as it says Flashing is not allowed in Lock State, Did I brick the device?
Click to expand...
Click to collapse
You cannot flash full images, but you can still flash OTAs... download the full OTA instead, and install (sideload) it from the stock recovery. Be sure to select the SAME build number you were on to begin with- eg. If you were on 8.1, use the 8.1 OTA. There will be a mode there for "Apply update from ADB". You put the phone into "sideload mode" and then send the OTA to the phone via adb. This will work regardless whether you have usb debugging enabled or not. Follow the directions given on the included link.
ram4ufriends said:
How did you recover your devices from that state earlier when you did the same thing?
Click to expand...
Click to collapse
I didn't. They are still paperweights sitting in a drawer!
I got the same message yesterday after doing... God knows what. I can't even remember what went wrong.
My first thought was to flash a factory image. But it didn't helped at first. Probably, because i was trying to flash another factory image and not the one that came as stock on my phone.
So if you don't remember, which image it was, try all of them Hopefully, you'll get your phone booted again.
My first reaction was, is this april fools day? Is this an xda style joke? unchecked oem unlock?
dontbeweakvato said:
My first reaction was, is this april fools day? Is this an xda style joke? unchecked oem unlock?
Click to expand...
Click to collapse
Meh...you know how it is bro....**it happens!
Call google and just tell them your device wont boot all of a sudden; they will probably ask you to factory restore in the recovery, say the phone wont get past the google image. They will RMA that boy for you. You totally bricked. For future reference if you unlock the bootloader, dont waste your time trying to lock it again. Should have just fastboot flashed a factory image in the bootloader and called it a day. Having a unlocked bootloader doesn't effect you in anyway negatively.
ArminasAnarion said:
Call google and just tell them your device wont boot all of a sudden; they will probably ask you to factory restore in the recovery, say the phone wont get past the google image. They will RMA that boy for you. You totally bricked. For future reference if you unlock the bootloader, dont waste your time trying to lock it again. Should have just fastboot flashed a factory image in the bootloader and called it a day. Having a unlocked bootloader doesn't effect you in anyway negatively.
Click to expand...
Click to collapse
Why is this Google's problem? This guy is at fault. Google shouldn't have to pay for it.
This is part of the reason these phones are so expensive.
Sent from my taimen using XDA Labs
mitchdickson said:
Why is this Google's problem? This guy is at fault. Google shouldn't have to pay for it.
This is part of the reason these phones are so expensive.
Sent from my taimen using XDA Labs
Click to expand...
Click to collapse
Well I never said it was the moral thing to do haha; but this guys best bet is to call Google and see if they will RMA it. They RMA'ed my Nexus 6p after the Android 7 twrp brick; and I told them my pone wouldn't boot anymore; they asked me to go to recovery and factory restore, I told them I couldn't boot into recovery and they RMA'ed it. It was my fault for the brick but they didn't care.
ArminasAnarion said:
Well I never said it was the moral thing to do haha; but this guys best bet is to call Google and see if they will RMA it. They RMA'ed my Nexus 6p after the Android 7 twrp brick; and I told them my pone wouldn't boot anymore; they asked me to go to recovery and factory restore, I told them I couldn't boot into recovery and they RMA'ed it. It was my fault for the brick but they didn't care.
Click to expand...
Click to collapse
Did you tell them it was your fault for the brick?
Sent from my taimen using XDA Labs
mitchdickson said:
Did you tell them it was your fault for the brick?
Sent from my taimen using XDA Labs
Click to expand...
Click to collapse
I told them I had an unlocked boot-loader and installed twrp. I had to send them back my old phone and they put a $500 hold on my account, once they received the device and determined the issue was real, they released the hold on my account. In that period of time they could have determined "Oh he bricked the device with twrp" lets charge him $500 for a new one, but they didn't. I mean whats wrong with calling Google and seeing if they will RMA it; sure the OP made a bad mistake but you have not because you ask not.
ArminasAnarion said:
I told them I had an unlocked boot-loader and installed twrp. I had to send them back my old phone and they put a $500 hold on my account, once they received the device and determined the issue was real, they released the hold on my account. In that period of time they could have determined "Oh he bricked the device with twrp" lets charge him $500 for a new one, but they didn't. I mean whats wrong with calling Google and seeing if they will RMA it; sure the OP made a bad mistake but you have not because you ask not.
Click to expand...
Click to collapse
What's wrong with it? You're telling him to call Google and say that for some reason, all the sudden his device won't boot.
This is why I don't fault Verizon for selling bootloader locked phones.
Sent from my taimen using XDA Labs