Remove All Ads from XDA

[Q] Password Protect Bootloader/Recovery?

88 posts
Thanks Meter: 10
By marclais, Member on 20th January 2011, 02:18 PM
Post Reply Email Thread
16th December 2015, 11:38 AM |#101  
aarongillion63's Avatar
Senior Member
Flag Grand Rapids MI
Thanks Meter: 132
Donate to Me
Arrow It's almost 2016 now! Recent advancements + how to secure your phone
This is the first result on Google search for "password protect bootloader", I'd like to pitch in some options (with links) for those who are dedicated to read to the 10th page.

First and foremost, password protected recovery is here, it's called Philz Touch and it works with 50+ Samsung phones, LG G2 or various Optimus phones, Nexus, Moto G/X, HTC One, and Xperia devices.

Because this is the 10th page, you probably know that locking recovery alone won't leave you worry-free.
I'd like to share some nearly uncrackable scenarios you can set up on different brand-name phones, even considering our limitations of not being able to add passwords to our bootloaders.

Because the topic is about protecting our phones, I can safely assume you won't want get a specific phone to get the protection you want. So I organized my findings by phone, but I recommend you read all of them!

First, for those who are stock, unrooted, and carrier-locked bootloader (Verizon, Sprint, AT&T, *not* T-mobile!) :
There was a post in this thread about carrier-locked-bootloader phones being protected, this is partially true. Here's the summary: you can't flash custom recovery if the phone is carrier locked, has a passcode, and USB Debugging is turned off. Your thief will need ADB or a custom recovery to bypass your lockscreen (gesture.key). Of course this doesn't mean your data is protected from an FBI investigation. To get maximum protection in this category, you should turn on Device Encryption. There are really no downsides on a completely stock device, it doesn't actually make your phone slower, it only makes boot slower and bulk file transfer slower. Device encryption only goes to sh!t when you have custom recovery and wanting to make full device backups. It's a hit-or-miss with TWRP and Philz trying to access encrypted filesystem. With an unrooted phone, backup your pictures and text messages often, to an SD card/USB drive, or use a backup service. I don't trust backup services, but I also don't like losing vacation pictures. If bite comes to chew, I would use a Tasker profile to detect when your DCIM Pictures directory receives a new file (changes size) and upload that file to Dropbox or a personal cloud. That covers data integrity, let's cover device. Have a GPS Locator installed such as Lookout or AVG, and use Android Device Manager. You can set up those apps to e-mail you pictures from the front camera, detect when SIM card is removed, and remote wipe, all without root--just device administrator rights. All 'n all you may not get your device back, but you may get a picture of the thief, and if you're on the lookout you may be able to find your device on ebay based on IMEI (always take note of that info!), purchase it, receive it, then backcharge him and report ebay ID, address, paypal account to authorities. If it's Craiglist then you can meet up and give him a nosejob. It will be worth it after messaging so many people on what the IMEI number is.

Those who rock their rooted LG G2, Oneplus One/Two, Optimus G, Xperia Z, Moto G, Moto X, Galaxy S6, Galaxy Note 5, HTC One, Nexus 5, or other sealed battery phone:
You guys have it easy. Your sealed battery provides a strong basis to work against. For immediate protection, install a GPS Locator such as Lookout, AVG, ADM, Prey, and/or Cerberus, then install Xposed framework and install Advanced Power Menu. This mod allows you to hide power off and airplane mode options in the lockscreen, preventing thieves from turning off your phone. However, some sealed phones have a 10/15 second hard reboot key combo, which APM+ has accounted for. Instead of disabling the options on the lockscreen, you can instead have a "Fake Power Off" animation that tricks your thieves into thinking the phone is off. This can give you the upper hand when it matters most: the first hour of theft. On top of all of that, have Philz Touch recovery installed and password protected (you're already rooted, and you should be making backups), if you're still worried, apply some additional devilish tactics mentioned below! And please, have USB Debugging turned off when you're not using it!

Those who sport their rooted Galaxy S3 thru S5, Note 2 thru Note 4, Galaxy Nexus, LG G3-G4, Redmi Note 2, Oppo Find, or any other removable battery phone:
This is where we have to get aggressive. The thief can just pull the battery out at any time. This is where I'm going to share my tactical Galaxy-owner ideas, I hope you guys enjoy. To cover the basis, have a GPS Locator installed, and also have Advanced Power Menu (mentioned above) installed. You never know what kind of dumb@ss will actually give up there. 2nd base, install Philz recovery and password protect it. (Don't forget to unlock your bootloader). Now here's the meat of this operation: we're gonna use Tasker to display a ransom message. Install Tasker, create a profile: SMS Received, any number, text contains "{secret password}-ransom" --> Action: Show Scene - Fullscreen Overlay. "Call {this number} to return phone, cash will be rewarded". Make sure you selected overlay! Overlays will cover the lockscreen and are NOT dismissible by the home button. They cannot be focused, tapped or dismissed. That's how screen dimmer apps work. It's just a semi-transparent overlay (you can make that in Tasker in 3 minutes btw) that lets screen taps go right through it to the app/lockscreen underneath. Anyway, that is the "nice" version of the ransom. Professional thieves are gonna laugh at that, so we need a little more meat. Everyone has a phone case right? 3rd base: have a phone case with a close-range NFC tag hidden inside it, and have phone detect when case is removed! After installing this mod, have Tasker change the ransom message after case removal, this gets dirty: Task caseRemoval: Show Scene "Ransom2" -- Large text: "(Paraphrase) You've messed with the wrong guy! You have 6 minutes to call {this number} or the phone will be rendered unusable. Removing the battery will also brick the phone permanently. A "device stolen" message will appear every time you start the phone and no reset menus will be available." -> Activate Shell "su dd if=/sdcard/death.img of=/dev/block/platform/msm_sdcc.1/by-name/boot" Let's stop for a second. The shell command I just wrote, given you have a dummy .img file in memory, will f**k your bootloader when ran. This dummy .img file can be ANYTHING. Just take any file nearby, like a large .jpg photo from your DCIM folder, and rename it to an .img. Of course it will not display the image, because it is not binary. But it will hard-brick your phone. You should have a backup of your bootloader saved for when you get the phone back via "dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/sdcard/backup.img", you should also have another SMS Received profile to disable the ransom in case you can't draw your lock pattern underneath to get the phone unlocked without seeing the lockscreen. That's Tasker profile "Phone Unlocked" or "SMS Received {password unlock}" then "Close Scene: Ransom". You'll also want a battery level text label in your scene, just in case the phone is close to dying. You may have to modify the shell commands to reflect the actual partitions ex. "mmcblk0p7" (check this guide). I have not implemented this Tasker profile yet but now that I took the time to write it I am thoroughly motivated to get this running, HA! I will include Tasker exports when I am done.

There's only one loophole left with the galaxy devices. Either you don't notice that your phone is missing for too long, or you're all in a no-service area. Well, this one is for the hardware folks! If you're into soldering, you may want to try this cruel trick: reverse the data I/O pins on the microUSB socket, with some fine soldering. Then splice your cable and reverse the I/O wires on your cable! That way, you can still use OTG and transfer data, but only your special cable will work! Realize that the charge wires are separate, any charger will work with the phone. Just data transfer will not!

Still paranoid? Every other Android phone has a Windows autorun driver installation ISO that runs when you first plug your phone into your computer. My Galaxy Note II does, as well as my various LG phones. If you can't catch the thief via Android, then I can hook you up with a copy/paste autorun ISO that, when run, grabs the thief's registered info on his computer and sends it to you so you can send it to authorities. PM me if you're interested, I will have to compile on a per-user basis so the driver installer matches the phone and sends info to *your* e-mail.

I will probably fan this out into another thread, but let's see what you guys think.

Hit thanks if you liked the freakshow

From one paranoid dude to another,
The Following 6 Users Say Thank You to aarongillion63 For This Useful Post: [ View ] Gift aarongillion63 Ad-Free
5th January 2016, 02:15 PM |#102  
Thanks Meter: 1
This recovery may stall password?
You can not access the recovery than the password?
11th March 2016, 11:08 AM |#103  
xploited's Avatar
Senior Member
Thanks Meter: 328
Originally Posted by aarongillion63

This is the first result on Google search for "password protect bootloader", I'd like to pitch in some options (with links) for those who are dedicated to read to the 10th page.

Holy sh** bro. You put a lot of thought in this and gave more than enough ideas for protecting our phones.
11th March 2016, 03:11 PM |#104  
lulli1's Avatar
Senior Member
Thanks Meter: 343
@aarongillion63: wow... not bad! But what about the bootmenu on every nexus5? you can enter it by pressing and holding a combination of hardware buttons. from there you can access the phone via adb. and the other point is: even a nexus5 can be pulled out the battery. you can lift the back cover and do it as well as on every other phone. what we need is a password protected bootmenu. so there is no way to the custom recovery as well.
12th March 2016, 12:40 AM |#105  
zelendel's Avatar
Senior Moderator / Mod. Cttee. Retired - The Dark Knight
Flag Watching from the Shadows
Thanks Meter: 18,117
Originally Posted by lulli1

@aarongillion63: wow... not bad! But what about the bootmenu on every nexus5? you can enter it by pressing and holding a combination of hardware buttons. from there you can access the phone via adb. and the other point is: even a nexus5 can be pulled out the battery. you can lift the back cover and do it as well as on every other phone. what we need is a password protected bootmenu. so there is no way to the custom recovery as well.

There will always be a way around any locks. To be honest it is a waste of time
11th November 2016, 07:05 PM |#106  
Sudarshankakoty's Avatar
Senior Member
Thanks Meter: 20
Originally Posted by zelendel

Good luck as it would need to boot before anything else and we can see the issues with this. There will never be a fool proof way to lock your phone if lost. It will be as simple as loading up the bootloader and flash a stock rom which will wipe the recovery.

No there is not alot of interest in this as to be honest if the info you have on your phone is that important then its simple. Don't loose your phone.

You can't stop social engineering. Everything which is made can also be broken. Anything hidden can be monitored. Have fun ☺
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes