Hi,
I've recently lost PIN and now I can't unlock MediaPad M2 8.0 (Model: M2-801w). Tablet is still on stock rom without any modification (custom recovery). I know there's factory reset option but I would like to save apps and all info stored in tablet. Is there any way I can bypass PIN authentication?
I can prove it's origin - no theft or any illegal stuff.
Thanks for any help.
Assuming that you are honest since I took a quick look at your post history and you seem to be a guy who does like to fiddle with his device, this guide may be able to help you. In case your custom recovery is not TWRP but something else, then it needs to be capable of accessing and deleting files on the system partitions.
Related
I may be about to buy an HTC Desire on Vodafone IE, and I was wondering: if I root the phone with the goldcard method, will it become unlocked so I can put SIM cards from other networks in it?
Not so.
"Root" just allows Su privileges, additions like custom recovery and the ability to flash any update, such as ROM, radio, etc.
"Unbranded" removes the network carriers ROM changes to a plain HTC ROM. For this you basically go through a method which enables you to flash the stock HTC ROM.
"Unlocked" opens the SIM lock your network carrier placed on the device using a [purchased] code.
The three are separate processes.
Root access via the Unrevoked method is extremely fast, stable and simple. And root has many benefits, even allowing you to take screenshots, remove default apps you don't want, theme your phone fully, save backups in forms of snapshots to revert to whenever, and so forth. The data is all there in ample depth if you search and spend a good few days reading.
-----------------------------------
- Sent via my HTC Desire -
So there's no way to unlock the phone without getting the phone network to do it, or paying some third party to do it?
If a third party can unlock the phone, then surely the process has been cracked/reverse engineered, right? Doesn't that mean I should be able to do it myself for free? Has anyone figured this out? I mean, if other people know how to do it without network approval, surely anoyone should be able to do it. All that's needed is to generate a code... right?
You can unlock your phone there are a few good guides on the forum. I suggest that you read carefully the first sticky post in the desire android development section titled ( [TUT]Complete upgrading guide(root, unroot, flashing ROM & updates) and also the second post . I didn't need to carrier unlock however the process seemed relatively simple.
FunkTrooper said:
If a third party can unlock the phone, then surely the process has been cracked/reverse engineered, right? Doesn't that mean I should be able to do it myself for free? Has anyone figured this out? I mean, if other people know how to do it without network approval, surely anoyone should be able to do it. All that's needed is to generate a code... right?
Click to expand...
Click to collapse
It isn't about "generating" the code - the 3rd party unlockers have gained access to a database of codes, so it isn't about cracking or reverse engineering anything.
Buy a code - job done!
Regards,
Dave
So... somewhere on the phone is stored the status of whether or not the phone is locked to a certain network. Does anyone know where this data is stored? Can it be modified without the need for an unlock code.
I assume this data isn't stored in any place that would normally be overwritten when rooting the phone, such as where the recovery partition or the system partition.
FunkTrooper said:
So... somewhere on the phone is stored the status of whether or not the phone is locked to a certain network. Does anyone know where this data is stored? Can it be modified without the need for an unlock code.
I assume this data isn't stored in any place that would normally be overwritten when rooting the phone, such as where the recovery partition or the system partition.
Click to expand...
Click to collapse
sorry for bumping an old thread but I would love to know the answer for these questions
http://forum.xda-developers.com/showthread.php?t=943726
Did you tried this?
I unlocked my Desire without any trouble, takes like 1min and its free. (unless you decide to donate author)
Also you dont need to burn it, i used Pendrive.
Thanks k3lcior, I don't need to unlock my phone, I was just asking about the mechanism
Thanks again
Hi all,
Quick query, i have successfully rooted my phone, but how do i protect my root, for instance if it is stolen.
I have purchased superuser elite and have the root password but presume that would not stop somebody flashing it if stolen if they knew what to do.
Personally, I drop "Cerberus" into my system apps.
If I ever found my phone missing...I'd remote wipe/track/lock...whatever I felt was necessary.
If you leave your bootloader unlocked and they know what you're doing it doesn't matter. They can always just connect your phone to their PC and fastboot flash images onto it.
If you're worried, at least use a lockscreen PW and install a security/tracking app.
pittnuma said:
Hi all,
Quick query, i have successfully rooted my phone, but how do i protect my root, for instance if it is stolen.
I have purchased superuser elite and have the root password but presume that would not stop somebody flashing it if stolen if they knew what to do.
Click to expand...
Click to collapse
Root is irrelevant in all of this. If you want the data on your device to be secure, you have to have the following:
1) A stock recovery installed;
2) A stock kernel installed;
3) USB debugging disabled in settings;
4) A locked bootloader;
5) A password set for your device.
If you have all of the above, no one should be able to access your data, and in order for them to use your device, it would require them wiping it.
Thanks, appreciated
Sent from my ARCHOS 101G9 using XDA Premium HD app
What we need is encryption, really hope someone comes up with something within not too long.
If you are looking at just protecting root from casual users, superuser elite allows for a pin code to be associated with granting/denying/root rights to applications.
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Buchez said:
I've been curious about how the Bootloader is locked down and why it's so difficult/impossible to unlock. How does the mfg get the initial load onto the device when it's manufactured?
I read that this bootloader has some 2048 encryption and that it's impossible to crack. However, I feel like there should be a way to alter the systems firmware from a PC or some kind of connection to the device.
Click to expand...
Click to collapse
The way I read it somewhere is this,
There are efuses built into the processor/motherboard/memory/whatever that the new bootloader "blows" when it is installed. These efuses are necessary pathways for the older bootloaders, hence why they won't install. I don't believe the new bootloader is "locked" per say, it just prevents earlier versions from being installed. There is also a guide somewhere on these forums to recover your device from a brick if you tried to downgrade the bootloader. The new bootloader also doesn't prevent you from installing earlier roms, as long as they are flashable from recovery. Just do not try to use Odin to revert to an earlier rom. That's what causes the bricks, and although there is a procedure to recover, it doesn't sound easy and you end up back on MJB when you're done anyway. Hope that helped.
To whoever wrote the original post I referred to above, my apologies for not giving credit.
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Buchez said:
Thanks for the reply.
I'm pretty solid with flashing ROM's and such. I have been wondering if it would be possible to use a regular PC and some cool software to reset or reformat the firmware on the system.
Here is a link to the article I was reading:
http://rootzwiki.com/news/att-locks-down-its-galaxy-s-iv-bootloader/
Say I have brand new S3 hardware right off the factory floor. How does that system get injected with the software? When the factories get damaged or "Bricked" units back and refurb them, how do they do that. I know that you can use the SD card trick to jump your phone back to life, but there has to be some master way to do this
Click to expand...
Click to collapse
I don't have an S3, I'm on the S3 section because my mom broke her phone, so this is speculation based on when I owned an Optimus G:
There are qualcomm tools that can fix a lot more than Odin and Fastboot can, apparently, and manufacturers have access to those. When I had an Atrix 4G someone told me they replace the entire board when eFuses are burned incorrectly, but that sounds really expensive. Anyway, just my 2 cents, i'm out~
My OnePlus 3 was lost/(more likely stolen) a few days back. It wasn't insured so I have accepted the fact that I probably won't get it back. I was then researching things that I could have done to prevent it from happening, and came across an app called Cerberus.
Cerberus seems to be a really cool app because you can do stuff like activate data via SMS, so if the thief disables it you can re-enable it. I know that they could also take out the SIM or clean flash a ROM, and then you're basically screwed unless there is somehow a Wi-Fi connection. If you integrate it as a system/app, it should survive a factory reset. And AFAIK, if the SIM is still in it it automatically connects to data on reboot so should be able to get info from cerberus' servers.
Is it possible to get a ROM zip, put the .apk to system/app, add cerberus_conf.xml from system/etc and put it into the stock ROM zip so it will always survive factory data reset.
By getting the .apk from their website and the cerberus_conf.xml from a temporary TWRP recovery or rooting temporarily just to make sure it is there and/or to gain access to it.
Then when that is done, re-zip the rom, relock bootloader, clean flash the ROM via adb sideload. <--- Is this part possible???
Because it is based on stock rom, would this work on a locked bootloader without root?
(I still want to use Android Pay)
I understand due to the nature of the cerberus_conf.xml file it will only work for personal use but is it theoretically possible?
Also, I haven't fully used Cerberus yet but it sounds like it could be worth it/ a lifesaver (metaphorically).
Basically the question I am asking is whether or not you can make small modifications to the system/app folder and still rezip and install successfully without having to unlock bootloader?
AlvieOP said:
Basically the question I am asking is whether or not you can make small modifications to the system/app folder and still rezip and install successfully without having to unlock bootloader?
Click to expand...
Click to collapse
I don’t really think so because If u lock bootloader on anything modified then either locking will fail or either brick ur device
Edit: after thinking a bit it may be possible but to know that it works you or someone else has to do it and report.
I once met a guy here who locked his bootloader on modified rom and his device got bricked but in case of semi stockish rom it may be possible
Any furthur insight will be helpful from the community
Dupleshwar said:
I don’t really think so because If u lock bootloader on anything modified then either locking will fail or either brick ur device
Edit: after thinking a bit it may be possible but to know that it works you or someone else has to do it and report.
I once met a guy here who locked his bootloader on modified rom and his device got bricked but in case of semi stockish rom it may be possible
Any furthur insight will be helpful from the community
Click to expand...
Click to collapse
Yeah I know that a custom ROM will brick it, but what if it is just one extra file in system?
Does anyone else know?
Hi
I'm new to the forum but have been doing a fair amount of research. I am stuck now though and would like a bit of help.
My situation is that I have a Xperia XA1 ultra (I know I should post in that device specific forum but not much seems to be happening there) I have a very specific problem that I have treated like a forensics problem.
The phone is locked by a pattern which has been guessed by another person so many times that the gatekeeper only allows one entry per day provided the phone is charged otherwise the timer resets.
It has not been rooted and ADB is disabled.
I have connected to it through fastboot and what I can gather is that it is running Android Oreo.
The system details are as follows:
Product: XA1 Ultra G3221
Build Number: 48.1.A.0.129
Chipset: Mediatek MT6757 Helio P20
Bootloader: Locked
My research has led me to the possibility of loading a recovery image into the RAM of the phone and accessing ADB that way. I tried this with a TWRP image but obviously it didn't work. There is a company called Cellebrite that claims to be able to load it's own boot/recovery image into the bootloader and gain entry that way, however the license is something like £10,000. I'm definitely not a commercial customer.
The final option for me would be to dump the memory via JTAG or chipoff, the contents would be encrypted but I found a blog where somebody had managed to find the location of the gesture.key file while the system was encrypted. I can't remember what the site was called though, it took me ages to find last time.
My main questions are does Sony sign the boot image with it's own keys or does it use the standard Android Verified Boot?
Does Sony reuse the same keys for signing across devices? Likely not but maybe
Is there a way to send specific instructions to the RAM via fastboot?
Does anybody know of an exploit that could be used?
Is there a way to extract the boot.img and recover the Sony keys?
If there any other docs, resources or ways to get the data that could help, I will gladly read and/or try them. I think this forum is probably the biggest resource one though but after a while the specific information needed gets harder to find.
The main thing is that I don't unlock the bootloader and flash anything. It's all got to be live and non data damaging.
I tried MTPwn on the off chance that it would work but nope, it was a no go.
If there was a way to utilise the mediatek exploit to gain entry from fastboot that would be excellent, or to use fastboot to dump the memory.
Thanks for reading, I hope someone can help.
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
XDHx86 said:
Your thread was quite confusing at first as I wasn't sure what to look for exactly :/
That being said, you have your phone locked and you want to unlock it. However you don't want to flash or reset your device, you don't have root permission, you don't have debugger mode on and you don't want to unlock the bootloader, correct?
Basically you're asking for the impossible...
All I can think of is FROST attack. See article for details and source code.
You can also send your device to your nearest Sony service center and they can probably fix it with no memory loss.
Other than that, you MUST hard reset your phone if you want it back.
However should you come to your mind and realize the reality of the situation where you shouldn't be picky about it then you can start with flashing custom recovery. Or using third-party programs like dr.fone.
Click to expand...
Click to collapse
Thanks for getting back to me, yes I realise it is asking for the impossible. I'll have a research around that article and see if I can find some information on how to write the program to dump the contents over USB. I tried Dr Fone but that only gave me the option of a hard reset.
My current line of attack is an exploit over USB called OATmeal, whereby a Raspberry Pi is used over OTG with a filesystem label of "../../data", it allows the filesystem of the phone to be mounted and data written off. It is a little complex and so I am struggling a bit with getting it to work. The team over at Project Zero have a good write-up of it so I'm following that and the POC at exploit-db to guide me through it.
I think I will be able to get the USB part to work but I'm not sure if I have to write a Java file to automatically run when /data is mounted, or if that's even possible.
Forenzo said:
My current line of attack is an exploit over USB called OATmeal
Click to expand...
Click to collapse
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
XDHx86 said:
Not to make you frustrated, but this is an old exploit and I highly doubt it'd work on your device, unless your device security patch is older than 9-2018.
And you can't rollback on your security patch.
You should really consider flashing TWRP or other custom recovery. You have no other option.
Click to expand...
Click to collapse
Fortunately the device hasn't been updated since around 2-2018 or 3-2018 so any exploit I can find from then onwards that I can use will be great. I really do get that the only realistic option is to unlock the bootloader and flash the recovery but the data needs to be recovered and I absolutely don't want to wipe it.
If I can't do it then it will gather dust until the end of time...
It seems that no matter what I say you won't realize the situation you are in.
I can only suggest to NEVER mess with the phone circuits or the motherboard. No matter which stupid yoututbe tutorial you saw. Those guys are douchebags who only know how to get views and don't care for whatever you/they do to your device.
Needless to say messing with the circuits or the motherboard require dexterity and experience which I'm positive you don't have.
As I said before if you send it to an authorized service center, then they can help you with it without memory loss.
Sending you device to a service center isn't an insult or an act of low self esteem. Service centers exist for a reason, and they're basically geeks who are too passionate about electronics and decided to make a living out of it.
Or maybe you can somehow use the EDL mode on the phone.
In Qualcomm devices the EDL mode is locked and can only be accessed by an authorized person who have the security code of your device. I don't know if it even exist in MTK devices.
Should you actually manage to boot into EDL mode - Assuming it exists and is unlocked - then BEWARE: EDL mode is very low level and any command can directly affect the kernel or compromise the system. Don't use commands you're not sure what do they do.
You can use EDL mode to recover the data from the phone then wipe it clean, then restore the data.
You cannot access memory with EDL mode, but you can access the current image on your device. And from which you can get the key file.
EDL mode is a very very powerful tool (Much more powerful than debugging, fastboot, or anything you may know of) as it doesn't need unlocked bootloader to use it and through which you can do anything to your device including flashing other ROMs.
Good luck on your impossible quest. Make sure to post updates should you find yourself stuck.