Hello,
I very recently had to remove the FRP lock on a client's Motorola G4 Plus because he had forgot his email and password (EXTREMELY common with old people getting smartphones). I have some experience with dirtycow, Samsung modem commands injection (using Realterm) and other bypass methods. Dirtycow was not working since this phone had security update from December 2016 so I had to use an online service with remote USB support. This service required me to enter Motorola's "Factory Mode" from the boot menu.
My question is: does anyone has experience with this special mode? Is there some literature regarding special commands, COM port settings or else when in this mode, or is everything kept private by the people who provide the service? Any basic information on what it does/how it works?
For what its worth, here's how the process went:
-Connected remotely with USB Redirector
-Booted into bootloader and activated "Factory Mode". Phone boots into OS but seems to operate in a special mode.
-Technician does something. I reboot into bootloader and boot again in factory mode.
-Technician somehow is able to enable ADB in 2nd "Factory Mode" boot. (this was not possible when I had access to Settings menu through "Talkback hack")
-Reboot again in normal mode and FRP seems to be removed. Setup has been bypassed, phone boots directly to Google Now Launcher.
What did he do? What does this "Factory mode" unlocks that permits him to enable ADB and completely bypass the Setup and Google Account verification? Did he erase the PERSIST partition? Did he inject app data from an already finished Setup?
Anyways, I am currently looking into it and will open another thread when I have more information.
Thank you!
I very recently had to remove the FRP lock on a client's Motorola G4 Plus because he had forgot his email and password (EXTREMELY common with old people getting smartphones). I have some experience with dirtycow, Samsung modem commands injection (using Realterm) and other bypass methods. Dirtycow was not working since this phone had security update from December 2016 so I had to use an online service with remote USB support. This service required me to enter Motorola's "Factory Mode" from the boot menu.
My question is: does anyone has experience with this special mode? Is there some literature regarding special commands, COM port settings or else when in this mode, or is everything kept private by the people who provide the service? Any basic information on what it does/how it works?
For what its worth, here's how the process went:
-Connected remotely with USB Redirector
-Booted into bootloader and activated "Factory Mode". Phone boots into OS but seems to operate in a special mode.
-Technician does something. I reboot into bootloader and boot again in factory mode.
-Technician somehow is able to enable ADB in 2nd "Factory Mode" boot. (this was not possible when I had access to Settings menu through "Talkback hack")
-Reboot again in normal mode and FRP seems to be removed. Setup has been bypassed, phone boots directly to Google Now Launcher.
What did he do? What does this "Factory mode" unlocks that permits him to enable ADB and completely bypass the Setup and Google Account verification? Did he erase the PERSIST partition? Did he inject app data from an already finished Setup?
Anyways, I am currently looking into it and will open another thread when I have more information.
Thank you!
