Hi, there!
I heard there is a method for the S8+ where you can root your phone without tripping Knox. It isn't the best root method and it has its limitations, but it would do just fine for my needs.
Is there such method for the S9+?
Thanks!
Anyone?
CapBlackShot said:
Anyone?
Click to expand...
Click to collapse
No
*Detection* said:
No
Click to expand...
Click to collapse
And no developers are planning to create one, that we know of? I only need root to make Cerberus a system app. In case the smartphone is stolen and gets hard reset, the app will still be there, hidden. But without root it seems impossible.
CapBlackShot said:
And no developers are planning to create one, that we know of? I only need root to make Cerberus a system app. In case the smartphone is stolen and gets hard reset, the app will still be there, hidden. But without root it seems impossible.
Click to expand...
Click to collapse
KNOX is an e-fuse, once tripped that's it forever, no reversing, nothing devs can do
FRP lock is your hard reset security, unless they know your Google login they cannot access the device anyway
And if they have the knowledge to flash certain firmwares and bypass the lock, your system root app wouldn't be of any use either anyway, so....
*Detection* said:
KNOX is an e-fuse, once tripped that's it forever, no reversing, nothing devs can do
FRP lock is your hard reset security, unless they know your Google login they cannot access the device anyway
And if they have the knowledge to flash certain firmwares and bypass the lock, your system root app wouldn't be of any use either anyway, so....
Click to expand...
Click to collapse
That's very interesting. Can't believe I never heard of this before.
Will the device actually get wiped and then ask for my Google account or will it ask for my Google account before getting wiped? If the first option I mentioned is true, then Cerberus will be gone and I still won't be able to locate my cellphone in case it gets stolen, I'm assuming.
CapBlackShot said:
That's very interesting. Can't believe I never heard of this before.
Will the device actually get wiped and then ask for my Google account or will it ask for my Google account before getting wiped? If the first option I mentioned is true, then Cerberus will be gone and I still won't be able to locate my cellphone in case it gets stolen, I'm assuming.
Click to expand...
Click to collapse
It will get wiped first, it asks for the Google account because it was wiped from recovery and not from inside of Android, meaning anyone could have done it
It will not allow anyone past the Google account request, similar to when iPhones are locked to iCloud, you can wipe it as many times as you like but it will always request the Google account
For example, I steal your phone with Cerberus installed, I cannot access your phone so the most likely thing I`ll try is factory reset from recovery, this will wipe the phone and request your Google account login to access it again, which I do not have
Next thing I would try (If I knew about it) was flash stock firmware over the top, which will wipe again this time removing your Cerberus app, but again it will not prevent the Google login request
Final thing I would try would be FRP bypass to get past your Google account login, and if they manage that they have access to your phone, but it is wiped and Cerberus is gone
End of the day, no mod/app will survive the phone being flashed as the system partition is replaced with stock again, and the wipe will reset the data partition where user apps and data are
Best thing to do is enable the Google security settings for find my phone, lock and erase, and enable it to send GPS of last location when the battery is getting low, that way you can track it online until it is turned off/wiped
Related
With all the talk of police being able to access your phone, I looked in to the options.
I found I could use the following options....
1) unlock password.
bypassed by: if the police dont have your PIN or unlock pattern, Google can be required to provide your email ID/PW to enable unlock
2) encrypted phone
bypassed by: I am unsure how this can be bypassed. If encryption is turned on, I know it breaks CWM, but is there any way to get by it w/o knowing the PIN? Is there any reset besides a wipe of the phone, which would clear any P.I.I. on the phone, wouldn't it?
3) recovery
bypassed by: if you cant get in to the phone, and choose instead to boot into recovery, you can get access to the phones data, but how much access? If you encrypted your data, will this bypass anything? Will the data still be encrypted.
What I would love to see possible, is a PIN for recovery that is a stand alone item with no way to reset it. I know this mean you would have to ODIN if you every forgot it, but if you are more concerned about protecting your data, than data loss, this would be a non-issue, as long as your data is protected
So, is the recovery lock even needed? does encrypting your data and your SD card get the protection needed to prevent access to your phone by authorities, even with Google's help?
I would love to see some security and developers views on this, and on how "safe" you can make your phone if you go all out.
No ideas anyone?
If not.. any ideas where I can go look for answers?
DCRocks said:
No ideas anyone?
If not.. any ideas where I can go look for answers?
Click to expand...
Click to collapse
what would kind of be an example of what your trying to hide from the cops? there is an app or a couple apps that can literally hide your data, and unless they knew the back door functionality of the apps, they would be able to access much data. i use a couple of them.
DCRocks said:
No ideas anyone?
If not.. any ideas where I can go look for answers?
Click to expand...
Click to collapse
k0nane?
Sent from my MIUI V4 Epic 4G via Tapatalk 2 beta 5
LORDFIRE00 said:
what would kind of be an example of what your trying to hide from the cops?
Click to expand...
Click to collapse
It was less about hiding specific data, and more about locking down your phone in general, as in what was possible.
I was interested in how well it could be done, what would need to be put in place, and how secure it really was.
Hi everyone. I have recently been the victim of theft for my nexus 7. I had the device locked with the pattern so there is no way that the thief could get into it unless they do a software reset from the recovery mode. The thing is, either way there is no way i would be able to recover it because if in fact they do a factory reset my lookout security would be uninstalled and my nexus would be lost forever, also if they can't get through the pattern and find a way to connect to Wi-Fi, it will still be lost forever. I have read about installing lookout in the system/app folder of a rooted device so its not easily uninstalled by normal means or factory reset. But do you think it is possible to have android lost and lookout pre-configured and installed in the system/app folder so that even if the device is factory reset, the credentials will remain?
revolva said:
Hi everyone. I have recently been the victim of theft for my nexus 7. I had the device locked with the pattern so there is no way that the thief could get into it unless they do a software reset from the recovery mode. The thing is, either way there is no way i would be able to recover it because if in fact they do a factory reset my lookout security would be uninstalled and my nexus would be lost forever, also if they can't get through the pattern and find a way to connect to Wi-Fi, it will still be lost forever. I have read about installing lookout in the system/app folder of a rooted device so its not easily uninstalled by normal means or factory reset. But do you think it is possible to have android lost and lookout pre-configured and installed in the system/app folder so that even if the device is factory reset, the credentials will remain?
Click to expand...
Click to collapse
bump
I am thinking about this same issue... how do I make Androidlost app factory-reset-proof? I'm pretty amazed that this serious issue hasn't been answered yet in all those threads I searched regarding Androidlost.
As I understood it's possible for any rooted device to put an app in system/app and it would survive a factory reset, but the question is about the setting of this particular app, and I would be very grateful if someone who managed to do this successfully will share this step-by-step
Thanks
Regardless of device encryption and fingerprint scanners and the like, couldn't someone just get your phone, boot into recovery, and factory reset it? Wouldn't that undo any security you had on device?
Yes but the actual files have been encrypted. So while they can start the device fresh and use file recovery tools to "get" the old files, they are useless.
And they would be useless to everyone after that, even you? I guess that would be pretty good. So you encrypt to protect your user data, and you fingerprint lock to make sure nobody can ever decrypt, even if they factory reset thru recovery, which will get past your fingerprint scanner but not previous encryption. That right?
Actually since lollipop you must log out of your Google account before a reset. If you just factory reset you well still have access to the device to track it out wipe your account from it.
I could be wrong here, but if you have stock recovery, a factory wipe can only be started in the phone's settings menu. If you have twrp installed, a wipe can be started with out being in the phone, but you need a password to start it.
If you do wipe the phone, it is still useless as you need the persons gmail username and password to complete the setup, so the phone is useless to all other users bar the user of the phone.
I think you can factory reset from stock recovery.
So I don't get it. I thought user data was encrypted from phone, i.e., the internal storage. If I factory reset, I don't need a Google account to start the phone up. So then couldn't I access the internal storage data with a file explorer?
You have to authorize the phone to sync with your computer so you can not get on that way either. If you do not authorize you can not push adb or anything else.
As km8j said, yes, you can factory reset the phone, but you won't be able to recover any of the encrypted data. That's why before you get rid of an old phone you should encrypt (if it wasn't) and wipe it.
jackdubl said:
I think you can factory reset from stock recovery.
So I don't get it. I thought user data was encrypted from phone, i.e., the internal storage. If I factory reset, I don't need a Google account to start the phone up. So then couldn't I access the internal storage data with a file explorer?
Click to expand...
Click to collapse
Thats not quite right. If you factory reset your phone, you do need a google account to complete the initial setup wizard. The only exception is if the user releases it from his or her's google account so it can be sold on.
But yes to complete the instillation it will ask for a google account that has been authorised and wont continue until it gets it. This happens automaticly the first time you sign in to play store.
Also factory reset will fully wipe the phone, brand new out of the box. It also wipes the users data, so if you were able to get on the phone, there would be no data to access. I really do like the way google have thought about it. Also I never keep anything on the phone that I would consider critical.
A lot of inaccurate information here. You have been able to skip that Google account setup on all android phones for the past few years. Also in basically any file system, when joy delete a file, even formatting, the content is not deleted. So while the information is not there at face value when you wipe the phone it can easily be recovered without encryption.
Sent from my Nexus 5X using Tapatalk
Yeah, that keeps confusing me. I have activated so many phones without inputting a Google account. It says "skip" right there on the screen!
Didn't Google introduce the security features with the Nexus 6 and 5.0? It locks the phone to your google account even after a factory reset but requires compatible hardware.
I haven't seen it mentioned with this year's devices but when setting up a pin on the 5x I believe it asked if I wanted to enable that feature.
Sent from my Nexus 5X using Tapatalk
jackdubl said:
Regardless of device encryption and fingerprint scanners and the like, couldn't someone just get your phone, boot into recovery, and factory reset it? Wouldn't that undo any security you had on device?
Click to expand...
Click to collapse
No. If your data is encrypted, no one can access it without your decryption key. As for access to the device, if you had set up a Google account on the device, and had a lockscreen password/pin/pattern/etc., then no one else can use the device other than you unless you remove your Google account and lockscreen password before you factory reset. This was a new feature introduced with devices that sold with 5.0+
Panzerapple said:
Actually since lollipop you must log out of your Google account before a reset. If you just factory reset you well still have access to the device to track it out wipe your account from it.
Click to expand...
Click to collapse
Yes!
Stephen said:
I could be wrong here, but if you have stock recovery, a factory wipe can only be started in the phone's settings menu.
Click to expand...
Click to collapse
With the stock recovery, you can reset either from within Android or from within the stock recovery.
jackdubl said:
So I don't get it. I thought user data was encrypted from phone, i.e., the internal storage. If I factory reset, I don't need a Google account to start the phone up. So then couldn't I access the internal storage data with a file explorer?
Click to expand...
Click to collapse
Prior to devices shipped with 5.0+, this was true. No longer.
km8j said:
A lot of inaccurate information here. You have been able to skip that Google account setup on all android phones for the past few years. Also in basically any file system, when joy delete a file, even formatting, the content is not deleted. So while the information is not there at face value when you wipe the phone it can easily be recovered without encryption
Click to expand...
Click to collapse
Yes, you can skip Google account setup. However, IF you do set up a Google account and a lockscreen password, THEN you cannot skip the Google account setup on that device after a factory reset (if you hadn't already removed the account prior to the reset).
bblzd said:
Didn't Google introduce the security features with the Nexus 6 and 5.0? It locks the phone to your google account even after a factory reset but requires compatible hardware.
I haven't seen it mentioned with this year's devices but when setting up a pin on the 5x I believe it asked if I wanted to enable that feature.
Click to expand...
Click to collapse
+1.
Is there way to bypass the pin lock screen without losing my data? I don't have Android Device Manager installed. I can't factory reset because there's baby pictures and the such that hasn't been backed up yet. Any help will be appreciated.
Johnny5iver said:
Is there way to bypass the pin lock screen without losing my data? I don't have Android Device Manager installed. I can't factory reset because there's baby pictures and the such that hasn't been backed up yet. Any help will be appreciated.
Click to expand...
Click to collapse
Sorry but no, if you forget the pin their is nothing that can be done but reset the device. Their are cloud services for backing up pictures and important documents. I recommend you use them. It's for your own good, You would be happy if you lost the phone knowing no one could access you personal stuff because you protected it with a PIN
Hi guys, here is the topic:
I am setting a trap so that if I get stolen or my phone is lost, whoever has it will be in my hands, but I need some "edges to be purposely cutted".
For this, I would like to disable FRP (factory reset protection)
For those who do not know is that protection that when giving the factory reset the system asks you to enter a google account that has been previously linked.
Click to expand...
Click to collapse
I would like to know if there is any way for me to disable this protection with my cell phone working normally (without having to format the phone for this)
(If there is no way to do this without having to format, please i would like to know how to remove even if i have to format)
Click to expand...
Click to collapse
I'm using stock rom with kernel stock, its rooted with magisk and im using recovery TWRP 3.3.0.0 offain
thanks for reading
mrkeitsuke said:
I am setting a trap so that if I get stolen or my phone is lost, whoever has it will be in my hands, but I need some "edges to be purposely cutted".
Click to expand...
Click to collapse
If you disable FRP, the thief won't be in your hands lol. The phone will be in the hands of the thief, so they'll be able to do whatever they want with it. Including re-flashing the stock ROM and using it normally, without you even noticing it. Google FRP is the thing that's doing the job you're asking. You disable it, you lose your phone if it's stolen.
marstonpear said:
If you disable FRP, the thief won't be in your hands lol. The phone will be in the hands of the thief, so they'll be able to do whatever they want with it. Including re-flashing the stock ROM and using it normally, without you even noticing it. Google FRP is the thing that's doing the job you're asking. You disable it, you lose your phone if it's stolen.
Click to expand...
Click to collapse
Google FRP don't protect me from the thief flashing stock ROM (he can via fastboot/download mode)
I Just wanna make easy to him sell after wiping data from recovery
mrkeitsuke said:
Google FRP don't protect me from the thief flashing stock ROM (he can via fastboot/download mode)
I Just wanna make easy to him sell after wiping data from recovery
Click to expand...
Click to collapse
Google FRP will NOT let the thief use your phone, even if they steal it. They can flash the stock ROM again, but they won't be able to use the device without having the credentials to your Google account. Your logic doesn't make any sense whatsoever but if that's the thing you wanna do, just log out of your Google account on your phone.
marstonpear said:
Google FRP will NOT let the thief use your phone, even if they steal it. They can flash the stock ROM again, but they won't be able to use the device without having the credentials to your Google account. Your logic doesn't make any sense whatsoever but if that's the thing you wanna do, just log out of your Google account on your phone.
Click to expand...
Click to collapse
Strange... i have do the same (flash stock rom) and... boom, i can start the phone and configure a new account like a new one smartphone.
i know that way (log out google account), but... its not worth to me now, anyway thanks for the info and help :highfive: