±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36125
New Yesterday: 1 Visitors: 124

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Huawei P9 (PRA-LX1) Screen Lock Bypass

Discussion of forensic issues related to all types of mobile phones and underlying technologies (GSM, GPRS, UMTS/3G, HSDPA, LTE, Bluetooth etc.)
Subforums: Mobile Telephone Case Law
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page Previous  1, 2 
  

mshibo
Member
 

Re: Huawei P9 (PRA-LX1) Screen Lock Bypass

Post Posted: Aug 31, 19 16:35

Is it that really hard to bypass lockscreen on Huawei devices?!!
EFT Dongle team introduced a way to do that before and it's actually functional but with some circumstances.
What about other models that it EFT don't support?! Like this one  
 
  

passcodeunlock
Senior Member
 

Re: Huawei P9 (PRA-LX1) Screen Lock Bypass

Post Posted: Sep 02, 19 14:58

With FRP on, OEM locked and phone locked Huawei devices you can't flash nothing on the device, other then Huawei signed binaries.

The EFT dongle or similar solutions won't work, since you can't change the boot.img or the kernel.

The dload method using a microSD card IS working indeed, just once again, you need Huawei signed binaries.

We got a solution by now for opening mostly every Huawei device, just it costs some money.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

arcaine2
Senior Member
 

Re: Huawei P9 (PRA-LX1) Screen Lock Bypass

Post Posted: Sep 02, 19 17:56

- passcodeunlock

The EFT dongle or similar solutions won't work, since you can't change the boot.img or the kernel.


Although i never actually tried it, i think EFT uses a SystemUI method for Huawei so it "patches" system partition image and doesn't touch boot.img at all. Personally, i was unable to flash any single Huawei in fastboot with EFT.  
 
  

mshibo
Member
 

Re: Huawei P9 (PRA-LX1) Screen Lock Bypass

Post Posted: Sep 05, 19 15:43

- arcaine2
- passcodeunlock

The EFT dongle or similar solutions won't work, since you can't change the boot.img or the kernel.


Although i never actually tried it, i think EFT uses a SystemUI method for Huawei so it "patches" system partition image and doesn't touch boot.img at all. Personally, i was unable to flash any single Huawei in fastboot with EFT.


Yes, it uses this method actually but as I said before not all models supported. It's all about disabling SystemUI so you see no more passcode as there's no UI at all.
It just interests me how they do it as when you even do "temp bl unlock", Huawei phones executes Factory Reset operation and you can't do normal boot unless you let the phone complete it.  
 
  

arcaine2
Senior Member
 

Re: Huawei P9 (PRA-LX1) Screen Lock Bypass

Post Posted: Sep 05, 19 19:34

- mshibo

It just interests me how they do it as when you even do "temp bl unlock", Huawei phones executes Factory Reset operation and you can't do normal boot unless you let the phone complete it.


The exploit they uses doesn't execute factory reset. I often write firmware to Huawe with DC-Phoenix tool and it has an ability to exclude some partitions, like userdata for example, and it works. I was able to fix system related errors and keep user data. That exploits temp unlocks bootloader but you're still limited to images signed by Huawei and phone stays in fastboot all the time.

There's also new method used for writing firmware directly in "firmware upgrade mode" without temp unlocking bootloader in fastboot from what i noticed. I"m not sure if it can be used to write modified system though.

Fun fact, even reading bootloader code from Huawei phones directly might lead to factory reset now. I had Y7 2018 yesterday and i used HCU Tool to read bootloader code (no root, just with default connection) and it just wiped itself the moment HCU read the code, then it wiped again once i unlocked bootloader.  
 
  

mshibo
Member
 

Re: Huawei P9 (PRA-LX1) Screen Lock Bypass

Post Posted: Sep 05, 19 21:02

The exploit they uses doesn't execute factory reset. I often write firmware to Huawe with DC-Phoenix tool and it has an ability to exclude some partitions, like userdata for example, and it works. I was able to fix system related errors and keep user data. That exploits temp unlocks bootloader but you're still limited to images signed by Huawei and phone stays in fastboot all the time.

I do have DC-Phoenix but never tried the Advanced mode which allow me to exclude some partitions if I wanted to but it's really precious tip that I got from you and I'll try it asap Wink

There's also new method used for writing firmware directly in "firmware upgrade mode" without temp unlocking bootloader in fastboot from what i noticed. I"m not sure if it can be used to write modified system though.


Yeah, it uses "Rescue Recovery" method and I can definitely tell that it won't flash any modified binaries.

Fun fact, even reading bootloader code from Huawei phones directly might lead to factory reset now. I had Y7 2018 yesterday and i used HCU Tool to read bootloader code (no root, just with default connection) and it just wiped itself the moment HCU read the code, then it wiped again once i unlocked bootloader.

Actually, I don't understand why it does that! it happened with me before and I still can't get it for what the factory reset but I hope one day I'll understand Smile  
 

Page 2 of 2
Page Previous  1, 2