Ok guys here is a guide for unlock/s-off/root etc while keeping your radio working, as well as getting your radio working -> http://forum.xda-developers.com/htc-10/how-to/guide-root-optionally-s-off-radio-t3373025
This week accidentally (for real, we planned on waiting until we had this PSA published first but goof'd on our build configuration, so it went live early) release SunShine for the HTC 10.
This PSA is need due to how HTC is tying in the keys for userdata encryption on newer devices and firmware. Modern device are encrypted by default, if you set a password or not. This is mostly seamless to those who don't use a password.
The way HTC encrypts the key for user data is to more or less mash up the bootloader lock status, the s-on/s-off status, and the password (for those without a password it is something like "default_password") together. Then the encrypt/decrypt the key.
What this means if you change the lock status, or the s-on/s-off status the phone can no longer decrypt your data, forcing you to wipe the device.
This will happen when you lock the device, unlock the device (which also wipes so who cares), go s-on, or go s-off. This does not matter if you use htcdev.com, SunShine, a new generation javacard, fastboot to go s-on/lock, or manually relock the device. They will all cause this to happen.
To fix this:
On stock recovery:
Do a factory reset
On TWRP:
Enter any password (doesnt matter what)
Then go to advanced, and do a format of userdata (factory reset from twrp will not fix this it must be a format).
So again, if you go s-on/s-off/lock/unlock/whatever and the phone magically is "encrypted" or "wont decrypt" or just won't work right, FORMAT userdata.
Happy Hacking
jcase said:
This week accidentally (for real, we planned on waiting until we had this PSA published first but goof'd on our build configuration, so it went live early) release SunShine for the HTC 10.
This PSA is need due to how HTC is tying in the keys for userdata encryption on newer devices and firmware. Modern device are encrypted by default, if you set a password or not. This is mostly seamless to those who don't use a password.
The way HTC encrypts the key for user data is to more or less mash up the bootloader lock status, the s-on/s-off status, and the password (for those without a password it is something like "default_password") together. Then the encrypt/decrypt the key.
What this means if you change the lock status, or the s-on/s-off status the phone can no longer decrypt your data, forcing you to wipe the device.
This will happen when you lock the device, unlock the device (which also wipes so who cares), go s-on, or go s-off. This does not matter if you use htcdev.com, SunShine, a new generation javacard, fastboot to go s-on/lock, or manually relock the device. They will all cause this to happen.
To fix this:
On stock recovery:
Do a factory reset
On TWRP:
Enter any password (doesnt matter what)
Then go to advanced, and do a format of userdata (factory reset from twrp will not fix this it must be a format).
So again, if you go s-on/s-off/lock/unlock/whatever and the phone magically is "encrypted" or "wont decrypt" or just won't work right, FORMAT userdata.
Happy Hacking
Click to expand...
Click to collapse
Wow. Awesome. Thanks man. Looking forward to getting the device!
jcase said:
This week accidentally (for real, we planned on waiting until we had this PSA published first but goof'd on our build configuration, so it went live early) release SunShine for the HTC 10.
This PSA is need due to how HTC is tying in the keys for userdata encryption on newer devices and firmware. Modern device are encrypted by default, if you set a password or not. This is mostly seamless to those who don't use a password.
The way HTC encrypts the key for user data is to more or less mash up the bootloader lock status, the s-on/s-off status, and the password (for those without a password it is something like "default_password") together. Then the encrypt/decrypt the key.
What this means if you change the lock status, or the s-on/s-off status the phone can no longer decrypt your data, forcing you to wipe the device.
This will happen when you lock the device, unlock the device (which also wipes so who cares), go s-on, or go s-off. This does not matter if you use htcdev.com, SunShine, a new generation javacard, fastboot to go s-on/lock, or manually relock the device. They will all cause this to happen.
To fix this:
On stock recovery:
Do a factory reset
On TWRP:
Enter any password (doesnt matter what)
Then go to advanced, and do a format of userdata (factory reset from twrp will not fix this it must be a format).
So again, if you go s-on/s-off/lock/unlock/whatever and the phone magically is "encrypted" or "wont decrypt" or just won't work right, FORMAT userdata.
Happy Hacking
Click to expand...
Click to collapse
Thanks
Sent from my HTC One M8 using XDA-Developers mobile app
@jcase, @beaups - Excelent job!!!!!!!
--
wysłane z HTCOne (m9) przez Tapatalk v5.8.0
Excuse my ignorance, but does this mean there is a way to root and s-off a verizon HTC 10?
klarthur said:
Excuse my ignorance, but does this mean there is a way to root and s-off a verizon HTC 10?
Click to expand...
Click to collapse
That's what I'd like to know too but sunshine site says no Verizon yet
Ndaoud360 said:
That's what I'd like to know too but sunshine site says no Verizon yet
Click to expand...
Click to collapse
Dang, that stinks. Hopefully it will soon. I went with the HTC 10 over S7 Edge specifically because I thought it would be rooted... I hope I didn't make a mistake
Sent from my LGLS990 using XDA Free mobile app
I think you can root, but there is no support (yet) for S-off.
Stephen said:
I think you can root, but there is no support (yet) for S-off.
Click to expand...
Click to collapse
Really? I hope so... I wasn't able to find anything about rooting the Verizon HTC 10 yet though... Anyone know of something?
jcase said:
This will happen when you lock the device, unlock the device (which also wipes so who cares)
Click to expand...
Click to collapse
Is it still possible to lock/unlock by editing the pg1fs partition once s-off (adding null over the HTCU flag)? If yes, do you know if this will cause the same decryption problem as using "fastboot flash unlocktoken / fastboot oem lock" ?
My Threads
klarthur said:
Really? I hope so... I wasn't able to find anything about rooting the Verizon HTC 10 yet though... Anyone know of something?
Click to expand...
Click to collapse
All I know is that you may be able to unlock bootloader if vzw doesn't lock it for us. Then root should be obtainable via normal methods. I just hope s-off comes soon. I get my 10 on Thursday if vzw is correct with their dates.
Ndaoud360 said:
All I know is that you may be able to unlock bootloader if vzw doesn't lock it for us. Then root should be obtainable via normal methods. I just hope s-off comes soon. I get my 10 on Thursday if vzw is correct with their dates.
Click to expand...
Click to collapse
Doesn't Verizon normally lock bootloaders though? And if they did lock it... what then?
klarthur said:
Doesn't Verizon normally lock bootloaders though? And if they did lock it... what then?
Click to expand...
Click to collapse
You try unlocking with htcdev website but if that fails. IDK let the professional devs here try to do something to get it unlocked for everyone it think that is how all this works
alray said:
Is it still possible to lock/unlock by editing the pg1fs partition once s-off (adding null over the HTCU flag)? If yes, do you know if this will cause the same decryption problem as using "fastboot flash unlocktoken / fastboot oem lock" ?
Click to expand...
Click to collapse
My advice is, and has always been, don't mess with pg1fs or pg2fs, particularly on some newer HTCs.
klarthur said:
Excuse my ignorance, but does this mean there is a way to root and s-off a verizon HTC 10?
Click to expand...
Click to collapse
Not yet, havent had a chance to play with one
What would happen if I tried to s-off a Verizon variant regardless of wheather it's supported or not?
TickleMeHomo69 said:
What would happen if I tried to s-off a Verizon variant regardless of wheather it's supported or not?
Click to expand...
Click to collapse
Brick?
TickleMeHomo69 said:
What would happen if I tried to s-off a Verizon variant regardless of wheather it's supported or not?
Click to expand...
Click to collapse
If you are talking about sunshine then it wont detect your phone and will say cannot obtain root or unlock bootloader. Then you can't continue...
TickleMeHomo69 said:
What would happen if I tried to s-off a Verizon variant regardless of wheather it's supported or not?
Click to expand...
Click to collapse
For sunshine, it will complain about being unable to get root
For javacard and xtc clip (Currently as of this post) it will complain about wrong version
jcase said:
For sunshine, it will complain about being unable to get root
For javacard and xtc clip (Currently as of this post) it will complain about wrong version
Click to expand...
Click to collapse
Do you know what's different about the Verizon branded version of this phone? Just that they still won't unlock the bootloader? Word is that the unlocked version works with Verizon, so I assumed the hardware was similar or the same. I didn't think it was still like previous devices where the CMDA iterations were completely different from the GSM ones.
Related
I know it's possible on Nexus devices using an app like this one.
Is it possible on the HTC One X?
The reason I want this is to prevent others from accessing my information if my phone is stolen (the screen lock is useless if the attacker knows how to enter recovery mode and extract the information directly).
Thank you!!
Nuwanda612 said:
I know it's possible on Nexus devices using an app like this one.
Is it possible on the HTC One X?
The reason I want this is to prevent others from accessing my information if my phone is stolen (the screen lock is useless if the attacker knows how to enter recovery mode and extract the information directly).
Thank you!!
Click to expand...
Click to collapse
As far as am concerned, i don't think the bootloader can be looked with a password. the phone can be wiped while in bootloader mode
aromerblz said:
As far as am concerned, i don't think the bootloader can be looked with a password. the phone can be wiped while in bootloader mode
Click to expand...
Click to collapse
I didn't mean locking the bootloader with a password. I meant locking it in the same that it's locked when you buy the phone.
What I need is a way to unlock the bootloader without wiping. On Nexus devices it's possible by using the app I linked (though you need root for it to work). I was wondering if there was an app like that one for HTC phones, or an adb command, or anything that would allow me to to unlock the bootloader without wiping. I know it's not possible without root, but maybe there is a way on a rooted phone.
Nuwanda612 said:
I didn't mean locking the bootloader with a password. I meant locking it in the same that it's locked when you buy the phone.
What I need is a way to unlock the bootloader without wiping. On Nexus devices it's possible by using the app I linked (though you need root for it to work). I was wondering if there was an app like that one for HTC phones, or an adb command, or anything that would allow me to to unlock the bootloader without wiping. I know it's not possible without root, but maybe there is a way on a rooted phone.
Click to expand...
Click to collapse
The only way HTC allows to unlock is via HTCdev.com and that will wipe the phone.
Ok so i have read many posts on XDA about bricked nexus 5x's and many others, sometimes the main probelm is the oem isnt unlocked. I myself have a Nexus 5x that is completely stock no custom recovery no root no nothing, i just update the phone, right now on Nougat 7.0 sep security update.
So my question is, should i check the OEM unlocking in the settings ? i will never install any recovery or root but i think by reading the posts, it seems like its a major problem if this is not checked, should i check it just to be safe ?
U_Midrar said:
Ok so i have read many posts on XDA about bricked nexus 5x's and many others, sometimes the main probelm is the oem isnt unlocked. I myself have a Nexus 5x that is completely stock no custom recovery no root no nothing, i just update the phone, right now on Nougat 7.0 sep security update.
So my question is, should i check the OEM unlocking in the settings ? i will never install any recovery or root but i think by reading the posts, it seems like its a major problem if this is not checked, should i check it just to be safe ?
Click to expand...
Click to collapse
If you have issues in your current state they will most likely be hardware related and unfixable via software. But even locked you can completely reinstall the OS via sideloading an OTA or using the TOT method.
Enabling OEM unlock disables Factory Reset Protection (FRP). FRP is a security feature that prevents a stolen device from being activated. There is allot of info about it online if you wish to learn more.
So you need to decide if you want FRP or the ability to flash the factory images.
Sent from my XT1650 using Tapatalk
PiousInquisitor said:
If you have issues in your current state they will most likely be hardware related and unfixable via software. But even locked you can completely reinstall the OS via sideloading an OTA or using the TOT method.
Enabling OEM unlock disables Factory Reset Protection (FRP). FRP is a security feature that prevents a stolen device from being activated. There is allot of info about it online if you wish to learn more.
So you need to decide if you want FRP or the ability to flash the factory images.
Click to expand...
Click to collapse
ok thx dude for the reply, nah i dont care about the FRP. so flashing factory images is easier right ? rather than sideloading or whatever this TOT method is...., and do most mobiles have a oem locked or unlocked ?
U_Midrar said:
ok thx dude for the reply, nah i dont care about the FRP. so flashing factory images is easier right ? rather than sideloading or whatever this TOT method is...., and do most mobiles have a oem locked or unlocked ?
Click to expand...
Click to collapse
Sure, flashing the factory images is probably slightly easier than the other methods. Note that in your case you would need to actually unlock the bootloader to flash the images. With those added steps it's probably faster to sideload.
The Allow OEM unlock toggle has been around since LP I think. An pretty sure it's in phones that shipped with LP. It didn't automagically mean that the phones bootloader can be unlocked though. It should stop disable FRP though.
Sent from my XT1650 using Tapatalk
Yes, most, I think all OEMs leave the possibility to unlock the bootloader.
By default the bootloader is locked on most OEMs (Sony, Samsung, HTC, Motorola, even Nexus devices).
For Nexus devices it's a simple one liner to unlock/lock the bootloader which will also trigger a data wipe but. On Nexus devices it doesn't void your warranty.
For most other OEMs phones you have to follow some steps and usually get some kind of code in order to unlock the bootloader the first time. This will void your warranty!
If you don't know whether or not you should unlock/lock the bootloader, the answer is: NO!
It seems you're not modifying your phones software (Custom Kernel, Custom Rom, Root etc) and you seem to have no intention doing so. So it's not needed and even less "secure" than with locked bootloader. If you do, you should know that you have to unlock the bootloader in order to change the phones software.
Why would you want to unlock the bootloader when the only reason to do so is to modify the software and you do not plan to do this?
On a stock nexus there is no need to unlock the bootloader, you can even reflash your phone with locked bootloader with the stock software image.
creambyemute said:
Yes, most, I think all OEMs leave the possibility to unlock the bootloader.
By default the bootloader is locked on most OEMs (Sony, Samsung, HTC, Motorola, even Nexus devices).
For Nexus devices it's a simple one liner to unlock/lock the bootloader which will also trigger a data wipe but. On Nexus devices it doesn't void your warranty.
For most other OEMs phones you have to follow some steps and usually get some kind of code in order to unlock the bootloader the first time. This will void your warranty!
If you don't know whether or not you should unlock/lock the bootloader, the answer is: NO!
It seems you're not modifying your phones software (Custom Kernel, Custom Rom, Root etc) and you seem to have no intention doing so. So it's not needed and even less "secure" than with locked bootloader. If you do, you should know that you have to unlock the bootloader in order to change the phones software.
Why would you want to unlock the bootloader when the only reason to do so is to modify the software and you do not plan to do this?
On a stock nexus there is no need to unlock the bootloader, you can even reflash your phone with locked bootloader with the stock software image.
Click to expand...
Click to collapse
yo dude thx for the reply, as i said in my first post, i saw some bricked nexus 5x (they didnt mod anything i think) that couldnt be repaired cause he had the option unchecked about OEM, that is why i was asking for like a safety precaution that if something goes wrong it would be okay cause oem could be unlocked then... what do u say now ? (and yea im not gonna ever mod anything in the phone, learned fom my last phone which i somehow bricked and a man fixed it for for 5$ )
U_Midrar said:
yo dude thx for the reply, as i said in my first post, i saw some bricked nexus 5x (they didnt mod anything i think) that couldnt be repaired cause he had the option unchecked about OEM, that is why i was asking for like a safety precaution that if something goes wrong it would be okay cause oem could be unlocked then... what do u say now ? (and yea im not gonna ever mod anything in the phone, learned fom my last phone which i somehow bricked and a man fixed it for for 5$ )
Click to expand...
Click to collapse
That catch is if if you checked OEM unloking and chose to not perform oem unlock command now.
When something did went wrong afterward, you are able to perform oem unlock but it will wipe your data.
There is no point for doing it.
HebeGuess said:
That catch is if if you checked OEM unloking and chose to not perform oem unlock command now.
When something did went wrong afterward, you are able to perform oem unlock but it will wipe your data.
There is no point for doing it.
Click to expand...
Click to collapse
so i shouldnt do it like just leave it be ?
F IT I DID IT
i just read this site and also got to know a bootloop can occur with OTA update so yea i have done it.
Site: http://android.wonderhowto.com/news...ting-before-modding-anything-android-0167840/
I'm not a developer, just an enthusiast. Trying to understand if having an unlocked bootloader causes my device to be vulnerable to fastboot attacks? Or is my devices data still encrypted as long as i have a password? I know booting into my twrp recovery requires my password before decryption.. but can't they just fastboot boot a twrp image and gain access to my data somehow? or no? Can someone with knowledge explain?
If they have your phone in their hand yes it is a risk. They have access to all it's contents.
How hard is it to relock your bootloader? My bootloader is unlocked and my phone was rooted (i seem to have lost my root somehow maybe through an update). I am considering relocking my bootloader so that I can try Android Pay. Is this possible and is there a tutorial?
TolaSkamp said:
How hard is it to relock your bootloader? My bootloader is unlocked and my phone was rooted (i seem to have lost my root somehow maybe through an update). I am considering relocking my bootloader so that I can try Android Pay. Is this possible and is there a tutorial?
Click to expand...
Click to collapse
Of course there are tutorials, tons of them. One quick note, you should flash the latest factory image while you are unlocked to make sure everything is fully stock. No reason to save the data, just use flash-all, since relocking will wipe it all anyway. You could also just flash a kernel such as Elemental to access Android Pay.
bobby janow said:
Of course there are tutorials, tons of them. One quick note, you should flash the latest factory image while you are unlocked to make sure everything is fully stock. No reason to save the data, just use flash-all, since relocking will wipe it all anyway. You could also just flash a kernel such as Elemental to access Android Pay.
Click to expand...
Click to collapse
Thanks for the reply. I will probably just flash the Elemental kernel and leave the bootloader unlocked, thanks. I seem to have lost my root, would I need to be rooted. I really rather not have to wipe all my data.
TolaSkamp said:
Thanks for the reply. I will probably just flash the Elemental kernel and leave the bootloader unlocked, thanks. I seem to have lost my root, would I need to be rooted. I really rather not have to wipe all my data.
Click to expand...
Click to collapse
No need to be rooted. Just boot to twrp and flash the kernel. AP with then work I believe. Try it out, I'm locked so I can't say for sure but on my 5x it works.
Doesn't Android Device Manager (or something there of) have some protection against lost/stolen phones. I recall reading that once you have your Google account sync'ed to the phone, you will need your Google account password to restart the phone even after a factory reset.
robchow said:
Doesn't Android Device Manager (or something there of) have some protection against lost/stolen phones. I recall reading that once you have your Google account sync'ed to the phone, you will need your Google account password to restart the phone even after a factory reset.
Click to expand...
Click to collapse
This is easily bypassed. It will keep the honest people out, but with minimal effort someone could get past it.
Sent from my Pixel XL using Tapatalk
Here is the Android feature I was referring to about needing Google account's password:
Factory Reset Protection (FRP)
https://support.google.com/pixelphone/answer/6172890?hl=en
Am I correct that this statement "If you have Developer options turned on, you can also turn off device protection from your device's Settings app Settings. Tap Developer options and then OEM Unlocking" relates to bootloader unlock? As such, if unlocked bootloader then this FRP isn't active? Can FRP be turned on with unlocked bootloader?
superchilpil said:
This is easily bypassed. It will keep the honest people out, but with minimal effort someone could get past it.
Click to expand...
Click to collapse
Are you suggesting that FRP is easily bypassed?
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
robchow said:
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
Click to expand...
Click to collapse
If you don't need root lock it.
Sent from my Pixel using XDA-Developers Legacy app
robchow said:
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
Click to expand...
Click to collapse
there is Android Device Manager to control phone remotely then you can erase it and keep your personal data safe.
:good:
robchow said:
I am concern about access to user data (pictures, videos, emails, app data, etc.) on my unlocked bootloader phone if phone is lost or stolen,. As I understand it, with the bootloader unlocked, one can install custom rom and thus bypass screen lock. Does this mean that with the new OS it can access the user data? Does phone being encrypted make a difference?
Click to expand...
Click to collapse
They would need to know your password to get into TWRP to decrypt the storage(assuming you're encrypted) They don't need to flash a custom rom to see your stuff, they can view it by connecting the phone to their computer and enable mtp mode in TWRP. If you are that concerned, you probably should lock your bootloader after making sure you are 100% stock.
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
noidea24 said:
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
Click to expand...
Click to collapse
No matter the path, if your data is intact they still need your pattern.
Thank you all for your input and knowledge dissemination on how a unlocked bootloader affect user data.
noidea24 said:
I really dont see any reason for concern.
Say your phone has a password, but your bootloader is unlocked, here are the only things you can really do.....
A: Use fastboot to flash twrp. however, once they get into twrp, they will still need to know your password. And twrp will not allow
mtp or adb access until it is has decrypted.
B: Use fastboot to Flash a factory image. But once they boot the phone, it will ask for the email and password
of the original account that was on the phone, and all data will be gone.
C: Use fastboot to flash a factory image without the -w paramter. All data will still be there, and they really have gained nothing.
i dont see any real risk.
Click to expand...
Click to collapse
Not using the -w parameter will keep the user data intact; understood, thank you. If that is the case, will the theft be able to access user data if user data partition is encrypted?
By removing -w even your lock screen will still be there, so no. No security concerns.
If you want it to be secure then lock your bootloader, otherwise it will be insecure. It's a trivial matter to someone knowledgeable to get into your files.
Sent from my Pixel XL using Tapatalk
superchilpil said:
If you want it to be secure then lock your bootloader, otherwise it will be insecure. It's a trivial matter to someone knowledgeable to get into your files.
Click to expand...
Click to collapse
I guess the question is how if they cannot decrypt the file system?
pcriz said:
I guess the question is how if they cannot decrypt the file system?
Click to expand...
Click to collapse
If the right person stole you're phone and wanted to waste the resources needed to decrypt the info, they could. Since it's possible, it's considered a security risk. Although let's be real. It's highly unlikely that it would ever happen. Unless you're some vip or something crazy like that.
toknitup420 said:
If the right person stole you're phone and wanted to waste the resources needed to decrypt the info, they could. Since it's possible, it's considered a security risk. Although let's be real. It's highly unlikely that it would ever happen. Unless you're some vip or something crazy like that.
Click to expand...
Click to collapse
In that case I doubt even a bootloader would matter.
pcriz said:
In that case I doubt even a bootloader would matter.
Click to expand...
Click to collapse
Yes it would. You can't access anything unless you factory reset. Then it's all gone, decrypting won't do a thing. Reset is a total wipe. Brand new device.
Sent from my Pixel using XDA-Developers Legacy app
bobby janow said:
Yes it would. You can't access anything unless you factory reset. Then it's all gone, decrypting won't do a thing. Reset is a total wipe. Brand new device.
Click to expand...
Click to collapse
I think you are missing the context of my statement. No information system is 100% impenetrable, so even with a bootloader if someone really really wanted in a system and had the means they can crack it. That's just general rule of security.
The other side of the discussion is how safe is the data. Well if you factory reset the data is plenty safe because it's wiped.
Seem what your statement is talking about is basically can someone use the phone they aquired, in that instance yes but that's also why we have insurance.
pcriz said:
I think you are missing the context of my statement. No information system is 100% impenetrable, so even with a bootloader if someone really really wanted in a system and had the means they can crack it. That's just general rule of security.
The other side of the discussion is how safe is the data. Well if you factory reset the data is plenty safe because it's wiped.
Seem what your statement is talking about is basically can someone use the phone they aquired, in that instance yes but that's also why we have insurance.
Click to expand...
Click to collapse
Well multiple things going on now. If data can be extracted from a locked bootloader device I'd like to see proof of concept. I'm not saying it can't be done.
By the time a person wiped the device you'd probably have the IMEI blacklisted so the device will be useless.
Sent from my Pixel using XDA-Developers Legacy app
bobby janow said:
Well multiple things going on now. If data can be extracted from a locked bootloader device I'd like to see proof of concept. I'm not saying it can't be done.
By the time a person wiped the device you'd probably have the IMEI blacklisted so the device will be useless.
Sent from my Pixel using XDA-Developers Legacy app
Click to expand...
Click to collapse
Data extracted from a bootloader locked device, data decrypted from an encrypted device, same argument when it comes to proof of concept.
Not to mention you realize bootloaders have been defeated before, its the whole reason bootloader bounties exist. Frankly given some of the exploits that have gotten around bootloaders, it seems in some cases defeating a boot loader would be easier than decrypting.
Every google bootloader probably has the same signed key (in relation to BL version)
pcriz said:
Data extracted from a bootloader locked device, data decrypted from an encrypted device, same argument when it comes to proof of concept.
Not to mention you realize bootloaders have been defeated before, its the whole reason bootloader bounties exist. Frankly given some of the exploits that have gotten around bootloaders, it seems in some cases defeating a boot loader would be easier than decrypting.
Every google bootloader probably has the same signed key (in relation to BL version)
Click to expand...
Click to collapse
Is it really the same thing or proof of concept? How do you extract data from a locked bootloader device even pre-decryption? Whereas if you have encrypted data then decrypting is a matter being able to hack that encryption algorithm. I see that as two distinct operations.
If you mean defeating bootloaders so you can unlock, I'm not arguing that point at all although if you recall the Samsung S4 could not be unlocked after the first firmware update no matter how much they tried. I think they were able to get around it by some other method but the bootloader was never unlocked again. (btw I have the original S4 still unlocked and never updated the firmware) The Verizon bootloader is not unlockable either on their OEM device. I'm not sure if it's possible but no one is even working on it afaik. But I digress. Even if you manage to unlock the Pixel VZW bootloader or any locked bootloader for that matter, the device is wiped clean on the unlock. So there is no data to decrypt thus making accessing it moot as far as compromising your data.
That is why I keep the bootloader locked and the oem switch off. (On my 5x since my VZW oem switch is grayed out) With a start-up pin and ADM at the ready in case it's lost I feel pretty safe storing my data on the device. Pretty safe, not perfectly safe.
bobby janow said:
Is it really the same thing or proof of concept? How do you extract data from a locked bootloader device even pre-decryption? Whereas if you have encrypted data then decrypting is a matter being able to hack that encryption algorithm. I see that as two distinct operations. )
Click to expand...
Click to collapse
You don't simply "hack an encryption algorithm", you can hypothetically "hack" or exploit a BL. That's not how it works when are you using randomly generated keys tied to the unlock method. Essentially you would need their unlock method and how it translates into the keys generated on the device.
You ask for a proof of concept, the concept of bootloader broken has been proven time and time again.
I'm still looking for am instance where a BL unlocked device has been stripped of it information and decrypted so it can be read by another device.
You could also lock your device away in a safe and it would be safer than any device created but you lose certain experiences.
Essentially your implication as I read it is this guy wide open for his data to be stolen if his bootloader is unlocked and encryption provides no protection.
pcriz said:
You ask for a proof of concept, the concept of bootloader broken has been proven time and time again.
Click to expand...
Click to collapse
No that's not what I was saying or asking. I know a bootloader can be broken and unlocked, I've seen that. The concept I was referring to was unlocking a bootloader with OEM unlock turned off and then, after unlocking it, accessing the data that was there before the unlock. That to me is the security of a locked bootloader.
pcriz said:
I'm still looking for am instance where a BL unlocked device has been stripped of it information and decrypted so it can be read by another device.
Click to expand...
Click to collapse
That would be interesting to me as well.
pcriz said:
You could also lock your device away in a safe and it would be safer than any device created but you lose certain experiences.
Click to expand...
Click to collapse
Be great on battery life too.
pcriz said:
Essentially your implication as I read it is this guy wide open for his data to be stolen if his bootloader is unlocked and encryption provides no protection.
Click to expand...
Click to collapse
Well not really. If the bootloader is unlocked then the security is compromised as far as I'm concerned. You can flash a new rom without wiping data and I'd say that would be an easy target. You'd still need to decrypt but the challenge would be multiples of easier.
But one thing I'm not entirely clear on since I'm not unlocked or rooted. Someone mentioned that you couldn't log into the phone if you don't have the proper account credentials. How exactly does that work? On my 5x I can wipe the system but keep the data intact and have full access. What am I missing?
bobby janow said:
But one thing I'm not entirely clear on since I'm not unlocked or rooted. Someone mentioned that you couldn't log into the phone if you don't have the proper account credentials. How exactly does that work? On my 5x I can wipe the system but keep the data intact and have full access. What am I missing?
Click to expand...
Click to collapse
Hello,
Do you have OEM unlock enabled?
I have an unlocked bootloader and i usually leave OEM unlock enabled. This way, when i wipe clean and want to test some features or modifications, i simply reinstall and can skip the setup part.
If OEM unlock is disabled, you'll have to add the same account used before the phone has been wiped.
Is that what you were referring to?
Cheers...
If you have no plans to root the phone is there any reason to unlock the bootloader?
It would probably break Safety net and Android pay. BUT if you're unlocked, you have ability to flash factory images. That could be beneficial something goes really bad and your device won't boot up. You're also less secure with it unlocked.
Sent from my marlin using XDA Labs
You can always lock and unlock the bootloader when you want.
I would say you should at least have the option checked on in the Developer settings.
So just in case something happened and you can't fully boot the phone. you can still get into it and unlock the bootloader and do what you need to do.
This happened to a friend of mine where something happened and couldn't fully boot and couldn't unlock bootloader cause the option was never checked.
I don't believe the unlock option stays enabled after it boots up.
I would argue why WOULDN'T you unlock the bootloader? Regardless of rooting, an unlocked bootloader is a safety net for when things go south. Phone decides to bootloop tomorrow? No big deal, flash the latest images via fastboot and start from scratch.
Sure there's the counter argument of the phone being much less secure and vulnerable in the hands of a person who is tech savvy and stole/found your device. I'm not worried about my phone being stolen so I ALWAYS unlock my bootloader.
Pain-N-Panic said:
I would argue why WOULDN'T you unlock the bootloader? Regardless of rooting, an unlocked bootloader is a safety net for when things go south. Phone decides to bootloop tomorrow? No big deal, flash the latest images via fastboot and start from scratch.
Sure there's the counter argument of the phone being much less secure and vulnerable in the hands of a person who is tech savvy and stole/found your device. I'm not worried about my phone being stolen so I ALWAYS unlock my bootloader.
Click to expand...
Click to collapse
or just flash the full OTA image without an unlocked bootloader.
mngdew said:
You can always lock and unlock the bootloader when you want.
Click to expand...
Click to collapse
Does re-locking the bootloader wipe the phone?
foosion said:
Does re-locking the bootloader wipe the phone?
Click to expand...
Click to collapse
Yes, it does. That's why you should unlock or lock the bootloader when flashing factory images.
mngdew said:
Yes, it does.
Click to expand...
Click to collapse
Thanks
mngdew said:
That's why you should unlock or lock the bootloader when flashing factory images.
Click to expand...
Click to collapse
I don't understand what you mean by this.
You have to unlock the bootloader to flash a factory image and you can eliminate the w flag so that flashing the factory image won't wipe the phone.
uicnren said:
or just flash the full OTA image without an unlocked bootloader.
Click to expand...
Click to collapse
Very true. If the phone goes into booploop due to a bad zip or whatever other reason you have a bricked device with no options to recover.
It's healthy for me to unlock my Bootloader ASAP on XDA!
Unlocking the bootloader was always the very first thing I did when I got a new phone. However, I use Android Pay all the time, and Google seems very determined to break AP for unlocked bootloaders with every new patch. Sure, someone usually finds a way to get it working again, but that sometimes takes time, and I simply use AP too much to deal with it. As long as AP won't work officially with an unlocked bootloader, mine stays locked unless I'm flashing an image, and even then, gets locked right after. Luckily, OTAs are posted by Google now, often at the same time as the Factory Images, so it hasn't really been an issue for me.
akenis said:
It would probably break Safety net and Android pay. BUT if you're unlocked, you have ability to flash factory images. That could be beneficial something goes really bad and your device won't boot up. You're also less secure with it unlocked.
Sent from my marlin using XDA Labs
Click to expand...
Click to collapse
Thank you what actually is compromised when phone is unlocked?
uicnren said:
or just flash the full OTA image without an unlocked bootloader.
Click to expand...
Click to collapse
How can you flash with a locked bootloader?
painfree said:
Thank you what actually is compromised when phone is unlocked?
Click to expand...
Click to collapse
Data?
https://www.google.com/amp/s/www.ho...unlocking-your-android-phones-bootloader/amp/
Sent from my marlin using XDA Labs
painfree said:
If you have no plans to root the phone is there any reason to unlock the bootloader?
Click to expand...
Click to collapse
If you ever contemplate going onto the Verizon network, when you first boot up after placing VZN sim into the phone,
the ability to ever unlock again is eliminated. You could relock it, but it will have the Unlock option in Developer
Option greyed out forever after that. I would unlock it maybe because of Verizon thing, but also to be able to flash factory a image in case I ever mess up the phone.
michaelbsheldon said:
If you ever contemplate going onto the Verizon network, when you first boot up after placing VZN sim into the phone,
the ability to ever unlock again is eliminated. You could relock it, but it will have the Unlock option in Developer
Option greyed out forever after that. I would unlock it maybe because of Verizon thing, but also to be able to flash factory a image in case I ever mess up the phone.
Click to expand...
Click to collapse
As long as you have the Google version it should never grey out on you at least that's how it was with the first pixels. I have Verizon I've never had it grey out.
jt3 said:
Unlocking the bootloader was always the very first thing I did when I got a new phone. However, I use Android Pay all the time, and Google seems very determined to break AP for unlocked bootloaders with every new patch. Sure, someone usually finds a way to get it working again, but that sometimes takes time, and I simply use AP too much to deal with it. As long as AP won't work officially with an unlocked bootloader, mine stays locked unless I'm flashing an image, and even then, gets locked right after. Luckily, OTAs are posted by Google now, often at the same time as the Factory Images, so it hasn't really been an issue for me.
Click to expand...
Click to collapse
This. Android Pay is pretty convenient and I always told myself I didn't need it compared to unlock+root. Wish Google would allow AP with unlocked bootloader but I can understand why they don't from a security standpoint.
Sent from my Pixel 2 XL using Tapatalk
foosion said:
Thanks
I don't understand what you mean by this.
You have to unlock the bootloader to flash a factory image and you can eliminate the w flag so that flashing the factory image won't wipe the phone.
Click to expand...
Click to collapse
When you unlock the bootloader, phone is wiped automatically.