Notifications

Clear all

Let's talk about bypassing Samsung screen lock with FRP:ON

mshibo · 2018-05-03T13:40:48Z

So, I recently had that case (Samsung J105H, Pattern Lock, FRP ON) the client needs the data from the phone.So, I went to Google and surprisingly, I could easily find a very easy solution for it.It's a modified (I believe) one-package firmware that after you flash via Odin everything will be as it was but with no lock screen at all.Here is the topic for itwe all know that you can't flash any modified images to the phone with FRP ON since the bootloader will check the signature and then refuse those images. Now we want to understand this process more and see if it's applicable to more Samsung devices.

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by RolfGutmann 7 years ago

13 Posts

8 Users

0 Reactions

5,358 Views

RSS

Thomass30

(@thomass30)

Estimable Member

Joined: 9 years ago

Posts: 110

04/05/2018 7:22 am

@mshibo
What is the difference between that " one-package firmware " that you flashed and standard firmware dependent on the device model ? Is it some modified firmware or what ?

ReplyQuote

arcaine2

(@arcaine2)

Estimable Member

Joined: 9 years ago

Posts: 239

05/05/2018 10:26 pm

Well, sboot method is kinda old now and it has been patched in a lot of devices and even for most of old devices too as they've got new updates with new security too. I used it before and it was working well but now I believe it's useless.

There 2 different issues here. Flashing older sboot would allow to use some bootloader exploit but not much beside it. It's also limited by the "binary" version since S6 which is why it's not possible to downgrade it too much but also lowers a chance to brick the device.

Flashing patched boot would allow disabling or remove usercode, enable adb and do any other nice stuff but there is FRP and engineering boot images usually only have ADB enabled (still requires authorization) and are sometimes rooted, but do not remove usercode from my experience.

This is actually weird that flashing this firmware that contain boot, recovery and system image removes the code. I checked it with the same stock firmware version, unpacked all 3 images and both boot.img and recovery.img are same as in stock firmware so it's not even an engineering rom. system.img differs (so FRP should block writing it, right?) but once unpacked there seems to be couple changes in build.prop only and those are insignificant. They changed codename, all_codenames, security_patch, and model strings to their team name (same as website address). Nothing else was changed from what i see. If it works, then it seems to be some kind of bug rather than a solution that can be used on different models or variants.

There is a box/tool (BMT PRO) that is supposedly able to patch firmware to remove usercode on couple new Samsung phones (A3 2016, J7 2016 and 2017, S7 etc) despite FRP on, OEM unlocking off and without tripping Knox. No idea if or how well it works.

ReplyQuote

RolfGutmann

(@rolfgutmann)

Noble Member

Joined: 10 years ago

Posts: 1185

07/05/2018 10:34 am

I ask myself on what assumptions I would eTrust. This post is an obstacle I know, but nobody wants to face the problem of eTrust.

Its not only my problem. Its alls problem. But pushed-aside. I want to solve it.

ReplyQuote

Page 2 / 2 Prev

Podcast: Well-Being In Digital Forensics And Policing: Insights From Hannah Bailey

Hannah Bailey shares her journey from frontline policin...

By Zoe , 4 days ago
RE: Android Forensics

Hi, Try decompressing the file using zlib in python. ...

By Dexter4n6 , 4 days ago
Interview: Neal Ysart, Co-Founder, The Coalition of Cyber Investigators

Neal Ysart shares how The Coalition of Cyber Investigat...

By Zoe , 5 days ago

8 Forums
15.7 K Topics
92.3 K Posts
15 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed