FRP bypass Pixel w/ USB Debugging OFF

Search This thread

El_Yarus

New member
Jun 14, 2017
3
0
Hello, guys, a man is trying to sell me pixel with partly bypassed frp (without google services and working only "back " button). Can I make at least all screen buttons working and why I can't install a custom Rom?
 

milan187

Senior Member
Apr 15, 2015
1,126
401
Why are you using nova launcher. Those of you using the nova launcher could just use the pixel launcher. Just launch it from quick shortcut maker and becomes a proper Google pixel.

Nova is still better in every way. You can even have Goolge Now and customize any part of the launcher. The most important to me is the backup and restore function of my home screen setup, which Google fails to do.
 
  • Like
Reactions: kgpeace30

raouf1996

Senior Member
Mar 20, 2015
74
6
hi guys i have google pixel locked with 5 dec 2016 security and im using laucher to accesss but i have just the back button working Can I make at least all screen buttons working and any solution for the lockscreen notification??????????

---------- Post added at 02:52 AM ---------- Previous post was at 02:48 AM ----------

and can i enable usb debugging to access to my storage from PC or there is a other way?
 

Jank4AU

Inactive Recognized Contributor
Nov 2, 2010
3,657
2,153
Alabama
Hello, guys, a man is trying to sell me pixel with partly bypassed frp (without google services and working only "back " button). Can I make at least all screen buttons working and why I can't install a custom Rom?

@El_Yarus - I'd stay far away from this sale if I were you. You're just going to have more headaches and find you're unable to do all sorts of things you wish you could. You'll also have trouble offloading the device to anyone else when you're done torturing yourself with it. Just my two cents.
 

mr.leolad

New member
Jun 23, 2017
2
0
Hi,
Everyone learns the lesson only after they fall. Just like I bought a Google pixel with android 7.1.1 and January 5th 2017 security patch with FRP. He started saying that this is done easily and he forgot the ID he logged in from. Even 'Forgot your password doesn't work for him.
Anyhow, I have a Google pixel with android 7.1.1 and January 5th 2017 android security patch. Is there a way to remove the FRP?
 

TonikJDK

Senior Member
Dec 9, 2012
2,788
1,466
Google Pixel 6 Pro
Hi,
Everyone learns the lesson only after they fall. Just like I bought a Google pixel with android 7.1.1 and January 5th 2017 security patch with FRP. He started saying that this is done easily and he forgot the ID he logged in from. Even 'Forgot your password doesn't work for him.
Anyhow, I have a Google pixel with android 7.1.1 and January 5th 2017 android security patch. Is there a way to remove the FRP?

No
 

kent11971

New member
Jun 10, 2017
2
0
Please help me!!!(((((bypass Pixel XL Android 7.1.1 patch level 5 march 2017
 
Last edited:

minni1986

Member
May 20, 2008
26
1
Bumping this thread

I have a Pixel XL, May 2017 Security, 7.1.2

Hoping there will be some way to bypass FRP
 

[email protected]

New member
Jul 1, 2017
1
0
hi guys .I can't put my phone In download mod and I don't have the factory reset option in the settings......after last factory reset I saw that.any ideas?????I have s8 plus Android 7.0
 

daniel4653

Senior Member
Jul 10, 2010
9,405
2,969
Southern California
Can FRP be bypassed on the attached build?
696ba7e0227229d980dd98d9bcd50ce7.jpg


Sent from my SM-G950U using Tapatalk

---------- Post added at 06:04 PM ---------- Previous post was at 06:02 PM ----------

Herehttp://cloud.tapatalk.com/s/59696a2908a43/Screenshot_20170714-180149.png?


Sent from my SM-G950U using Tapatalk
 

heros_45

Member
Apr 11, 2012
45
15
I read all the messages and I have a question. Is the FRP disabled when the bootloader is unlocked? For it to work, should the bootloader be locked?

I'm interested in having the FRP work on my device
 

droid4lif3

Senior Member
Mar 17, 2013
108
21
Los Angeles
Can FRP be bypassed on the attached build?
696ba7e0227229d980dd98d9bcd50ce7.jpg


Sent from my SM-G950U using Tapatalk

---------- Post added at 06:04 PM ---------- Previous post was at 06:02 PM ----------

Herehttp://cloud.tapatalk.com/s/59696a2908a43/Screenshot_20170714-180149.png?


Sent from my SM-G950U using Tapatalk

I read all the messages and I have a question. Is the FRP disabled when the bootloader is unlocked? For it to work, should the bootloader be locked?

I'm interested in having the FRP work on my device

Keep it locked, if it's unlocked anyone can flash a custom recovery flash a custom rom and have a new phone
 

heros_45

Member
Apr 11, 2012
45
15
Keep it locked, if it's unlocked anyone can flash a custom recovery flash a custom rom and have a new phone

I know. But in my Nexus 6, even if I installed a custom rom, I marked that "had been modified and that I had to enter my Google account", which is a good idea. But in my old Oneplus 3 I never asked for my Google account and it happened to me with my current Pixel. The similarity is that the bootloader is unlocked.
 

ciocu

Member
Mar 7, 2007
41
6
Bucharest, Romania
guys, I'm also stuck with a Frp locked pixel XL on april 2017 security patch.. and I just discovered this YouTube video which has an "interesting description", along with a link to a Facebook page, also pretty much interesting..
I'll post both YouTube & Facebook links, I'm not sure it's legit, or even possible, plus that I don't have the phone with me to find out..

https://m.facebook.com/ismail.amzdak
https://m.facebook.com/story.php?story_fbid=1554314207972861&id=100001828919221
https://youtu.be/jJVr8QwNf9A

What do you think?
 
Last edited:
  • Like
Reactions: pupilov

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    Android O Developer Preview

    You must update to the Android O developer preview doing so from an earlier version should maintain access to a launcher (that you've previously installed to work around FRP), following the update here's how to bypass FRP (ymmv):

    Download the following two APKs from rootjunkysdl:
    Android_5_Google_Account_Manager.apk
    com.rootjunky.frpbypass-1.0.apk

    Once both apps are installed just run the bypass app from a launcher, click the three dots in the corner and select browser sign-in. Sign into a google account and then reboot and run through initial setup. You should no longer have the issue of having to verify an old account.

    Wanted to add that this worked for me on July security patch and OPP4 OTA 170623 from google: https://developer.android.com/preview/download-ota.html
    Success has also been had by a user who update to O and was on the June patch (see post below).
    Security patches less than June or greater than July are as of yet untested by me. If you are on any other patch level please consider going from your patch to July then to the O dev preview., the 7.1.2 rollback OTA floating around did not work for me, so if you are running an incompatible security patch you may not be able to flash the proper patch after upgrading to O.

    Feel free to PM me, I might take a little while to respond by will try to answer you quickly. Thanks!
    7
    Hey guys, new here, sorry can't post in recoveries section.

    I recently bought a Pixel off ebay and the guy that sold it to me bought it off Gumtree. The original seller left all his stuff on it and the guy i bought it off couldn't even access the phone because it had a passcode lock on it. He tried contacting the owner but he never responded (yayyy).

    Then there's me, because I'm smart and was like I CAN JUST FACTORY RESET IT, which kicked in the FRP. Unfortunately Google has had fun developing this phone to be super secure and although I no longer have a passcode to worry about, I can't bypass the FRP and I don't know the original owner's account details.

    Here's some details:
    USB Debugging is OFF
    Only option I have on ADB is sideload
    Bootloader is LOCKED
    Phone is NOT ROOTED
    Currently running 7.1.1
    Phone is CARRIER unlocked (I can receive calls and use my data when trying to log into my gmail, which doesnt work because I have to use original account).

    Is there any solution to bypass this? Much appreciated. I tried to go through google because I bought the phone off ebay and so the FRP prevents them as I didn't buy it directly off google. Am trying to track down the original owners details via my ebay seller to hopefully force the owner to comply. Any way I can get around this would be amazing.

    I came up with a way to remove FRP for this device. I currently have the only video up on youtube so it should be easy to find. I cant post links yet so just search google or youtube for "google pixel frp bypass" and it will come up. It involves the use of a USB-C OTG adapter and the dirtycow exploit. It actually works for a truly universal frp bypass for every device vulnerable to the device. The entire process is done on a bootloader locked, usb debugging off, no internet connection and no other device (besides the usb). Enjoy, it took me weeks to figure it out lol.
    5
    Hey guys, Hi @airtrack

    It is time to tell you the bypassing welcome screen on DP4. First of all you should connect your phone to wi-fi. When you are on welcome screen, you should go to the step where phone asks you to connect to a wireless network. Once you get connected and your phone starts to checking out some things, you should go all the way back to the welcome screen. After that you should tap to vision settings.

    -Hit to the talkback, switch the talkback on. Hit okay when it asks you to "Use Talkback?"
    -When it brings you to talkback tutorial draw an L with your finger on your touchscreen.
    -It will pop up "Global Context Menu". Tap to "Talkback Settings". It will cover the "Talkback Settings" with a green frame. When it covered with a green frame, you should tap twice on it to open it up. This is how to use talkback. Tap only for 1 time, a button will be covered with green frame. When it gets covered, you will get it to work with tapping twice, easy-peasy.
    -When you open "Talkback Settings", you should swipe down WITH TWO FINGERS to find "Help & Feedback".(tap to cover with green frame, tap twice to enter to it)
    -After opening the "Help & Feedback", you'll see a list contains "About Switch Access for Android". Open it(tap to cover with green frame, tap twice to enter to it).
    -When you enter to to "About Switch Access for Android", you'll see a youtube video link. Tap it to open it, when video's name appears as "Switch Access for Android", tap on the letters to cover it with green frame, tap twice and you'll now open up the Youtube app.
    -When Youtube app opens, it'll start to play video. You should minimize the video with swyping with two fingers.
    -Once it minimized, you'll see the Youtube App's home screen and you'll see three dots on top right corner(tap to cover with green frame, tap twice to enter to it).
    -When the menu open's up, you should open "Terms & privacy policy" (I'm not gonna mention (tap to cover with green frame, tap twice to enter to it) anymore haha).
    -Boom! You opened up Chrome. You can now download&install sidebar lite app with google. And do the rest I suppose. It is already 01:17 am here, I hope I didn't miss a part. Good luck! :)

    Mv3bZ2.png

    Q7o0nG.png

    XXrjgj.png

    bGda00.png

    dGAaJr.png

    5Q13vl.png

    Akdvbr.png

    0BoaZo.png

    4Mv3nJ.png

    JlyMGj.png

    29VRzO.png

    BA517G.png

    ZEPaoz.png

    okRa4q.png
    4
    Moderator Information,

    Thread has been cleaned, remember advertising paid unlock services is against xda forum rules.

    Also all posts should be made in English as well.
    4
    I've been trying to figure a way to enable USB Debugging/Developer Options so I can downgrade Kernel via Factory Image or Custom ROM. You mentioned temp-root, any chance that this would help with say Google phones that allow OEM unlocking? I was able to get to dev settings via the app "Quick Settings", but it says "This user does not have permissions". I've also just been looking for a terminal command to enable USB Debugging/OEM Unlock, but all the guides I find are about going to "about phone" which does nothing it seems till after you sign in to phone.

    Nice to know your trying, yea I had a feeling that what I figured out would really only make existing OTG methods easier, but, when another exploit becomes available, I bet this will be the "new" method. Still requires a BT headset tho, might be easier for some to get an OTG adapter.

    This is something that is just not going to happen, there is no option for enabling debugging via command line on Nougat. You can open up Developer Options sure, but while in FRP state you will always see "not available for this user" and there is no way around that. This is because Google assigns an internal value based on the current state of the phone, including factors like if Setup Wizard has been passed, if an owner has been registered and a few other factors I'm forgetting. The value of FRP is -2, if you take GoogleLoginService.apk & .odex, decompile and combine you'll have the entire Google Account Manager files. Though Google has gotten smarter and all of their core apps interact with each other to some degree so it's impossible without their closed source dependencies to recreate a mirrored version of their apps. There are open source alternatives like microG but I haven't gotten it to work for this purpose. Take all the files and revert them to their java source and look at com/google/android/gsf/LoginStatus.java and you'll see the values I mentioned.

    Downgrading isn't going to be possible either, the only flashing thats possible is from stock recovery and adb sideload and you can only flash a factory image or OTA that's either the same firmware you currently have or newer. With the recent discovery of fastboot boot mode data leakage possible on Nexus 6 and 6P < January 2017 sec patch Google has removed all fastboot commands without OEM unlock, so fastboot has now been patched out and another dead end. While it's possible to extract a majority of the rootfs from initrd (ramdisk) from factory images, doing any modifications will trip the flag when trying to sideload because the phone stores the proper hashed value it's expecting in an inaccessible partition and the flash will fail. Besides, why would you want to downgrade the kernel? If adb is enabled then there's far quicker methods to complete than flashing a different kernel. Adb "shell" user has much more privileges than a terminal emulator user so if adb was possible while FRP locked a bypass would be finished. Google knows this, which is why conveniently native adb commands have been removed since FRP locks have been around since 5.1.1 Lollipop, and they've only gotten better at locking that away with each new update. I've got a working version of adb and fastboot that work on arm64 so terminal emulator commands work with it, but it's too old a version so it was before they implemented the need for RSA handshakes and thus the device will never see itself as a connection like back in the day.

    I've found another app that uses the option for authenticating a Google sign in like Google Account Manager does, except it's only compatible with a certain manufacturer brand (I'm specifically not saying which), and I've successfully removed the branding to allow installation across all devices. Even this does not work. While a successful sign in is possible, and it even creates a name under Users inside Settings, it still isn't enough for a bypass because attempting to sign in afterwards will forever prompt the error "Device password recently reset. Please allow 24 hours before attempting to allow password change to take effect." Factory reset through settings or any other activity doesn't remove what the phones remember considering FRP, this is because there is a block partition aptly named FRP and Google has moved it to the untouchable SoC, so no amount of factory resets is going to make a difference until that FRP value is reverted.

    I've successfully found a way to re-enable the stock Web Sign in option from older versions of Google Account Manager, but because of that value not being what a regular user is supposed to be considered, each attempt to sign in throws an error stating "Couldn't communicate with Google Servers, please try again later." The file that handles this is com/google/android/gms/auth/firstparty/Status.java and the file com/google/android/gsf/login/LoginActivity.java uses the values stored in Status.java to decide whether or not to finish the full sign in and use the intent found in GoogleLoginService.apk's AndroidManifest.xml to prompt DMAgent to authenticate the new account. There are 5 OAuth2 keys used to authenticate a new Google account found in res/xml/Authenticator.xml (I think this is the name, the location is correct but I'm going off memory here lol) and these keys include LOCATION_SETTINGS found in com.google.android.maps preferences and a 4 others I can't remember right now. The only way to authenticate a new account is to make use of these keys and abuse Oauth2 since the sign in activity is just a URI redirect back into localhost to see if the keys match.

    Sooooo yeah, a bit lengthy, but my point is thinking basic methods to bypass is so far out the window. It's going to take something very intuitive to complete methods from here on out.