2.1 Exchange/Password bypass Updated 4-7

Search This thread

networx2002

Senior Member
Nov 6, 2007
649
42
Essential Phone
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?

With 1.5 i didn't have to use a password, but with 2.1 now i do.

This works

just thought i would update with my latest info. So here is the scoop. You can disable the exchange password lock and have it survive reboot/and mail checks. To do this follow these steps:

[APP] LockPicker - disable Exchange lock screen [30-03-2010]
Hi all,

"j0bro"
Just whipped an app together that disables the Exchange lock screen as soon as the server has enforced its policy by using a background service and an observer on the system setting. This requires no polling, scripting, etc. and survives reboots/enforcements

If you want to use the pattern lock follow the next steps if not just skip the next steps., First set the lock pattern before you setup your exchange server, Then after you set your pattern lock setup your exchange and it will ask you to set your password after complete download Lockpicker in the market and install & run. Iit will bypass the Password lock and the pattern will now work.

Or


klaus27



Originally Posted by klaus27
Ok, my app is ready. I have sent it to tamburylar for testing.
Version 1.0 is ready for testing. Working with HTC Sense. Waiting for reply for Milestone support. HERE
__________________
HTC Sense or Motorola Droid with Exchange and password policy? Get rid of it: http://xdaforums.com/showthread.php?p=6044673
 
Last edited:

swornenemy

Senior Member
Jan 1, 2010
62
0
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?

This has to do with the exchange active sync policies your IT dept has implemented. I believe you can remove that option from EAS on the exchange server.

As a workaround, you can use touchdown for your exchange needs as it doesnt lock down your phone but just your exchange email.
 
Last edited:

networx2002

Senior Member
Nov 6, 2007
649
42
Essential Phone
This has to do with the exchange active sync policies your IT dept has implemented. I believe you can remove that option from EAS on the exchange server.

As a workaround, you can use touchdown for your exchange needs as it doesnt lock down your phone but just your exchange email.

Thanks,
With 1.5 i didnt have to use a password, but with 2.1 now i do.
Thanks
 

swornenemy

Senior Member
Jan 1, 2010
62
0
Thanks,
With 1.5 i didnt have to use a password, but with 2.1 now i do.
Thanks

Yeah android 2.1 is more EAS compliant and can actually do remote wipes if you ever lose your phone which is nice. I did this on my hero and it wacked everything off and would only boot into recovery. Thank god for nandroid.

Be advised that if you enter your password wrong 10 times, (provided that you are still using the built in android exchange support) it will format your phone as well.
 

swornenemy

Senior Member
Jan 1, 2010
62
0
I've got it backup, Just hate to have to unlock it all the time. :(
Wish they would let you use a pattern

I am in the same position as you. Delete your exchange account and use touchdown for your exchange mail. This way it doesnt require you to use a pin to use your phone except when accessing your exchange mail through touchdown;)
 

tamburylar

Member
Jan 7, 2007
40
0
Just thought I'd join this thread, as I was shocked to find the exchange password on 2.1 too. Personally I love the idea of password and secure wipe, but the problem is the keypad is so difficult to type passwords on it takes me forever to login. I prefer just using the sliding password. And lets face it if someone wants into your password protected phone all they need is a USB cable, laptop, and SDK and they can bypass it.

To this end I've been playing with a way to bypass the password and I have been somewhat successful. I am VERY new to this stuff I've been basically teaching myself as I go, so if there are any experts around with an interest please feel free to take this knowledge and run with it.

** DISCLAIMER ** I've no idea what this will do to your phone or your email so make sure you backup, i've had no problems with any of these settings and I've always been able to just delete the exchange account and readd it when there was a problem. That being said.. you've been warned, Backup. Also bypassing your companies pointless security measures may be dangerous and cause for termination.

To get started you'll need the SDK and working ADB. It appears all the exchange info is stored in a database file that you can read/edit with sqlite3. Here is what I've found so far:

adb shell (probably need root, not sure)
cd /data/data/com.android.providers.settings/databases
sqlite3 settings.db

Optional sqlite3 settings to make reading easier:
.headers on
.mode column all
.width 2 40

There are two tables of interest here:
select * from secure;
select * from system;

The following update commands are what I used:

update secure set value=0 where name='DevicePasswordEnabled';
** This command will turn off the DevicePasswordEnabled and let you use a slide unlock pattern, but the password is still set from before.

update system set value=0 where name='lockscreen.lockexchange.enable';
** This command is the magic, I found out by watching logcat that when you unlock your phone it does an IF check on this variable and if it's set then it requires you to enter a password. Once this is set to 0 it skips the password and will ask for your slide unlock pattern instead. If you don't have an unlock pattern it will just jump to your home screen.

update secure set value=0 where name='MaxInactivityTimeDeviceLock';
** This one isn't too critical but I found it and thought I would share it. It basically removes the Exchange requirement for a idle timeout.. mine was set to 30 mins which was perfectly reasonable, but I removed it anyway.

Now once you run these update commands the changes are "done" no need to reboot or do anything special (don't even need to quit sqlite3) if you try to unlock your phone it might ask for a password the first time but enter it and lock the phone again. When you try to unlock it now the password has been removed. WOOOT!!

Now if you recall at the begining I mentioned that I've been "somewhat" successful, this fix appears to work perfectly and survives Mail client refreshes and reboots. BUT to my dismay every morning when I wake up and unlock my phone I'm presented with the same "You must enable security settings" msg from exchange. When you click OK it resets all the changes we made and we are back to square one and have to unlock it again.

I am guessing there is some type of refresh of the Exchange provisioning. I've not found how to disable this as of yet. I'm presently playing with the files located in /data/data/com.htc.android.mail/app_config it appears to store all the provisioning data in a file called eas_provision.prefs. I've just tried to change the two changes we made in this file in the hopes that perhaps it looks here to compare against the database settings and if it finds a difference it refresh, but I have my doubts.

Unfortunately I cannot test this until morning as I've found no way to replicate whatever causes the exchange security check.

My guess however is that the mail client itself is re-requesting the security settings.. if thats the case we'd have to either "decompile the mail cient" which I don't have the expertise to do. Another option might be to try using an older mail client (assuming this is where the check is).

I hope this helps some folks out there, please share comments and questions hopefully we can find a good solution. Remember my objective isn't to bypass the security completely but utilize the slide unlock which I feel is just as secure as the password (thought I am not certain if the wipe will happen with the slide unlock).

Good Luck
 

eddieroger

Member
Nov 9, 2009
20
0
My employer is one of the paranoid companies that require the full password, so I'm also pretty interested in the answer. Changing values in the database show promise, but we'll need to see how this impacts what data is sent back to Exchange. For example, if I change the value to not requiring a lockscreen password, does Exchange know? If so, I get in trouble with Exchange admins, and they probably wipe my phone at their will. Ultimately, the device sends data back to Exchange, and the real solution is to find where the connection between Exchange and the lock screen is, and cut the cord.

For what it's worth, on the Pre this was handled in the lockscreen app and not anywhere near Exchange. The result was bypassing the lockscreen app altogether (return true; - elegant, right?), but that wouldn't meet the needs here of still having something. Once I get it reflashed with Damage's ROM tonight, I'll be playing with this.

And for the record - I'm also not trying to work around security policies enacted by my employer. This is purely for research and educational purposes. :)
 

miguelfp1

Senior Member
Sep 17, 2007
754
164
Google Pixel 7
say I wanted to go the other way, my Exchange server doesn't require a password but I want to use a pass... will following inverse instructions enable the policy?
 

daryelv

Senior Member
Oct 11, 2007
888
465
Vacaville, CA
Exchange/Password
Now with Android 2.1 it now makes me use a password word. Is there a way to bypass this as it is annoying, or maybe use a pattern instead?

With 1.5 i didn't have to use a password, but with 2.1 now i do.

My company has the security enforced on our Exchange server. Keyguard Disabler (look it up in Market) will do this, but it also disables the slide-to-unlock. You can toggle it on and off as you need it.

-Daryel
 

d11dog11

Senior Member
Apr 15, 2008
1,271
140
Installed Keyguard Disabler from the market and it works great. Well worth the buck 50. Buggy when set to auto start on boot so I just put in the password once at boot and run the app. Completely bypassed the lock enforced by my exchange server.
 

kranz68osu

Member
Nov 3, 2007
32
0
Now if you recall at the begining I mentioned that I've been "somewhat" successful, this fix appears to work perfectly and survives Mail client refreshes and reboots. BUT to my dismay every morning when I wake up and unlock my phone I'm presented with the same "You must enable security settings" msg from exchange. When you click OK it resets all the changes we made and we are back to square one and have to unlock it again.

I am guessing there is some type of refresh of the Exchange provisioning. I've not found how to disable this as of yet. I'm presently playing with the files located in /data/data/com.htc.android.mail/app_config it appears to store all the provisioning data in a file called eas_provision.prefs. I've just tried to change the two changes we made in this file in the hopes that perhaps it looks here to compare against the database settings and if it finds a difference it refresh, but I have my doubts.

Unfortunately I cannot test this until morning as I've found no way to replicate whatever causes the exchange security check.

My guess however is that the mail client itself is re-requesting the security settings.. if thats the case we'd have to either "decompile the mail cient" which I don't have the expertise to do. Another option might be to try using an older mail client (assuming this is where the check is).

I hope this helps some folks out there, please share comments and questions hopefully we can find a good solution. Remember my objective isn't to bypass the security completely but utilize the slide unlock which I feel is just as secure as the password (thought I am not certain if the wipe will happen with the slide unlock).

Good Luck

I remember from the windows mobile days that most exchange servers automatically refresh the policies each night just after midnight. I used to have a program that ran every so many minutes that looked for that policy to be set and would unset it again. Maybe we can get a DEV here to write us a program that runs in the background on android that will chech and apply your changes above at some periodic amount of time. I would donate for it.
 

networx2002

Senior Member
Nov 6, 2007
649
42
Essential Phone
I remember from the windows mobile days that most exchange servers automatically refresh the policies each night just after midnight. I used to have a program that ran every so many minutes that looked for that policy to be set and would unset it again. Maybe we can get a DEV here to write us a program that runs in the background on android that will chech and apply your changes above at some periodic amount of time. I would donate for it.

That would be nice
 

ukcatsfan

Member
Mar 10, 2010
44
0
magic answer to fixing this password stuff

i had the same problem with my work email server, i tried touchdown, didnt like. here's th eanswer people, download lockbot, the free version , from the market. use it, and if your like me, you will have no problem.

damn it feels good to finally help and not be helped by these forums. lol. hope i tworks. post back