Remove All Ads from XDA

[REQ] Password protected boot/fastboot/recovery

759 posts
Thanks Meter: 55
Post Reply Email Thread
11th April 2010, 01:39 AM |#11  
tsouza's Avatar
Senior Member
Flag Rio de Janeiro
Thanks Meter: 50
Originally Posted by bubbahump

I've been thinking of how to 'secure' my phone's data again since I unlocked the bootloader... but this would be the way.

The feature request goes like this: Password protect the bootloader both for fastboot and getting into recovery (the option to start recovery should be password protected). A wipe is required in order to reset the password.

An additional and optional theft lock (along the lines of what the OP wants) would disable the password reset/wipe feature altogether, essentially bricking the phone if the password is unknown. Not exactly what I want (I just want my data to be safe), but should be easy enough to add both options if we have the code and can flash the SPL.

Obviously this is going nowhere if we can't flash the SPL, but there's no harm in putting this out there for Google to include in the next signed SPL.

Everyone should realize that unlocking the bootloader essentially puts all the data on your phone out there for anyone to grab without a password, given that they know a few things about fastboot/recovery. This is likely why Google forces a wipe when you originally unlock. We 'unlockers' should be given a way to get that security back.

This would be really great... an idea, if ever possible, to overcome the bricking phone by password being lost, is somehow emailing it to the registered google account... or maybe sending an sms to a known phone number that was registered before...
11th April 2010, 04:19 AM |#12  
Senior Member
Thanks Meter: 359
Originally Posted by dalingrin

A computer bios password only keeps people from changing bios settings. They can still format the hard drive.

Actually you can set an ON-BOOT password, which will prevent it from being booted at all without the password. Unfortunately, it is not that great a security measure, since you can just reset the BIOS using the jumper on the motherboard. Also, every BIOS manufacturer leaves a backdoor in case of forgotten passwords, just do a Google search for BIOS DEFAULT PASSWORDS.

But, the main thing to remember here is that we do not have a keyboard, and very limited buttons to use. So, what are you thinking of using? A combination of buttons (similar to the quick-reboot)? Or, cycling through with the volume/trackball, kind of like on a briefcase/suitcase (argh, imagine the frustration).

The next thing would be the implementation of such an idea.

If the SPL is to be modified to be password protected, we would need to source code - which I don't think is available.

If the recovery is to be password protected, it would need to have immediate access to a rewriteable portion of the internal memory for storage/retrieval of said password (as would the SPL, but first things first - gotta have the source).
11th April 2010, 06:18 PM |#13  
maedox's Avatar
OP Senior Member
Flag Oslo
Thanks Meter: 55
A simple qwerty on-screen keyboard and using the trackball to select characters would work fine. Up and down with volume keys or whatever to type in characters is not a viable option for long passwords.

It seems all this would be of no use without the possibility of flashing our own SPL, so I guess this is a bigger task than I thought at first. We all know SPL's have been hacked many times before, so I believe it can be done on the Nexus One too. But, because of the already unlocked SPL opening up flashing heaven, I am not so sure anyone is going to use any time on figuring it out.

This is what we are left with:
1. Find a way to flash a custom SPL. Piece of cake right?
2. Create an SPL with the possibility of adding password protected fastboot/recovery. Protecting boot will probably not be necessary, as it would make it impossible to trace a stolen phone.

Let me comment on the privacy issue: I am not really very concerned about the data on my phone. Of course I would not want all the pictures and videos I have shot to fall into the hands of complete strangers, but I try not to keep secret/sensitive data on my phone. It is not really very difficult to take the sdcard and put it in any other device or card reader to get all the data off of it. All the password protection in the world will never get us around some physical security. (Maybe I should make another request for encrypting the sdcard?)
What I want is to be able to somehow find the bastard(s) that took my mobile and get it back without it being wiped first. Though there is always the risk that they would not get past the unlock pattern and just throw it away right away. Let's just hope they left it powered on within network coverage.
12th April 2010, 09:59 AM |#14  
Senior Member
Thanks Meter: 82
Donate to Me
How does Android store Gmail login credentials? Are the information cookie-like (only session information) or is there an actuall password (encrypted or not, doesn't matter) stored somewhere? If the latter than that would be very bad for the security of the Gmail account (most critical apps there are Mail and Checkout). It would probably be a good idea to change the Gmail password as soon as one starts missing his Android phone.

One way of increasing the odds to get a stolen phone back would be to flash a custom ROM with an embeded and preconfigured security application that installs automatically and silently after a wipe. Not perfect because a thief could just flash another ROM but there's a greater chance of a device getting wiped than not getting wiped, right?

I guess a password in recovery would add an extra percentage to those odds too.
14th April 2010, 07:14 PM |#15  
maedox's Avatar
OP Senior Member
Flag Oslo
Thanks Meter: 55
So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe. :)
21st October 2013, 02:06 AM |#16  
thesebastian's Avatar
Senior Member
Thanks Meter: 429
Originally Posted by maedox

So much for this request. Someone moved us to Q&A, so I guess this is doomed for now. We'll just have to keep our phone safe.

Sorry for the bump. But seriously this is a must.

Any Nexus with unlocked bootloader leaves the internal memory unprotected (All your photos in DCIM folder, etc).
You just need to enter fastboot and flash a custom recovery.
26th October 2018, 04:43 PM |#17  
Junior Member
Thanks Meter: 0
Well i have a phone that has exactly what was being mentioned in this thread and i have literally tried everything everyone is saying about flashing, etc.
Post Reply Subscribe to Thread

access restriction, boot, fastboot, recovery, spl

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes