Join Us!

Huawei P9 (PRA-LX1)...
 
Notifications
Clear all

Huawei P9 (PRA-LX1) Screen Lock Bypass  

Page 1 / 2
  RSS
Thomass30
(@thomass30)
Active Member

Hello,
I have Huawei P9 Lite (PRA-LX1) with FRP Lock, USB Debugging mode disabled and locked bootloader.
Based on gsmarena it is
Android 7.0 so the device is encrypted by default
HiSilicon Kirin 650 Chipset

The device is PIN screen locked.

JTAG or Chip-off gives me encrypted raw image so it's useless.

Is this a possibility to get some user data from this model ?
Maybe some exploit for this kind of chipsets ?

(I dont have access to Cellebrite UFED)

Quote
Posted : 12/06/2018 1:18 pm
passcodeunlock
(@passcodeunlock)
Senior Member

Hello,
I have Huawei P9 Lite (PRA-LX1) with FRP Lock, USB Debugging mode disabled and locked bootloader.
Based on gsmarena it is
Android 7.0 so the device is encrypted by default
HiSilicon Kirin 650 Chipset

The device is PIN screen locked.

JTAG or Chip-off gives me encrypted raw image so it's useless.

Is this a possibility to get some user data from this model ?
Maybe some exploit for this kind of chipsets ?

(I dont have access to Cellebrite UFED)

NO, IT IS NOT USELESS, IF YOU CAN PROVIDE THE DEVICE AND A PHYSICAL DUMP OF IT'S EMMC, WE MIGHT BE ABLE TO ACCESS THE USER PARTITION DECRYPTED!!!

ReplyQuote
Posted : 14/06/2018 4:34 pm
Thomass30
(@thomass30)
Active Member

I mean its useless for me roll cuz right know I probably won't decrypt it on my own

ReplyQuote
Posted : 15/06/2018 12:04 pm
passcodeunlock
(@passcodeunlock)
Senior Member

I also wrote "we might be able to access the user data partition decrpyted". We can be 100% sure only after the success doing it is achieved )

ReplyQuote
Posted : 15/06/2018 2:24 pm
SGdata
(@sgdata)
New Member

Any updates with bypassing lockscreen on this Huawei PRA-LX18.0.0.401? Phone locked, FRP lock. Android 8.0

ReplyQuote
Posted : 13/08/2019 3:19 pm
OxygenForensics
(@oxygenforensics)
Active Member

We can offer you a workaround. 1. You can check if there is a Huawei backup on SD card. 2. If you have access to the user's PC you can also check if any HiSuite backup was made there. Both types of backups can be imported into our Oxygen Forensic Detective software. What is good about these Huawei backups is that they contain a great amount of evidence including app data, internal memory files and deleted records.

ReplyQuote
Posted : 13/08/2019 4:17 pm
SGdata
(@sgdata)
New Member

No, there is nothing more than the phone. It was never used with any computer. No SD card used ever.

ReplyQuote
Posted : 13/08/2019 5:43 pm
mshibo
(@mshibo)
Junior Member

Is it that really hard to bypass lockscreen on Huawei devices?!!
EFT Dongle team introduced a way to do that before and it's actually functional but with some circumstances.
What about other models that it EFT don't support?! Like this one

ReplyQuote
Posted : 31/08/2019 5:35 pm
passcodeunlock
(@passcodeunlock)
Senior Member

With FRP on, OEM locked and phone locked Huawei devices you can't flash nothing on the device, other then Huawei signed binaries.

The EFT dongle or similar solutions won't work, since you can't change the boot.img or the kernel.

The dload method using a microSD card IS working indeed, just once again, you need Huawei signed binaries.

We got a solution by now for opening mostly every Huawei device, just it costs some money.

ReplyQuote
Posted : 02/09/2019 3:58 pm
arcaine2
(@arcaine2)
Active Member

The EFT dongle or similar solutions won't work, since you can't change the boot.img or the kernel.

Although i never actually tried it, i think EFT uses a SystemUI method for Huawei so it "patches" system partition image and doesn't touch boot.img at all. Personally, i was unable to flash any single Huawei in fastboot with EFT.

ReplyQuote
Posted : 02/09/2019 6:56 pm
mshibo
(@mshibo)
Junior Member

The EFT dongle or similar solutions won't work, since you can't change the boot.img or the kernel.

Although i never actually tried it, i think EFT uses a SystemUI method for Huawei so it "patches" system partition image and doesn't touch boot.img at all. Personally, i was unable to flash any single Huawei in fastboot with EFT.

Yes, it uses this method actually but as I said before not all models supported. It's all about disabling SystemUI so you see no more passcode as there's no UI at all.
It just interests me how they do it as when you even do "temp bl unlock", Huawei phones executes Factory Reset operation and you can't do normal boot unless you let the phone complete it.

ReplyQuote
Posted : 05/09/2019 4:43 pm
arcaine2
(@arcaine2)
Active Member

It just interests me how they do it as when you even do "temp bl unlock", Huawei phones executes Factory Reset operation and you can't do normal boot unless you let the phone complete it.

The exploit they uses doesn't execute factory reset. I often write firmware to Huawe with DC-Phoenix tool and it has an ability to exclude some partitions, like userdata for example, and it works. I was able to fix system related errors and keep user data. That exploits temp unlocks bootloader but you're still limited to images signed by Huawei and phone stays in fastboot all the time.

There's also new method used for writing firmware directly in "firmware upgrade mode" without temp unlocking bootloader in fastboot from what i noticed. I"m not sure if it can be used to write modified system though.

Fun fact, even reading bootloader code from Huawei phones directly might lead to factory reset now. I had Y7 2018 yesterday and i used HCU Tool to read bootloader code (no root, just with default connection) and it just wiped itself the moment HCU read the code, then it wiped again once i unlocked bootloader.

ReplyQuote
Posted : 05/09/2019 8:34 pm
mshibo
(@mshibo)
Junior Member

The exploit they uses doesn't execute factory reset. I often write firmware to Huawe with DC-Phoenix tool and it has an ability to exclude some partitions, like userdata for example, and it works. I was able to fix system related errors and keep user data. That exploits temp unlocks bootloader but you're still limited to images signed by Huawei and phone stays in fastboot all the time.

I do have DC-Phoenix but never tried the Advanced mode which allow me to exclude some partitions if I wanted to but it's really precious tip that I got from you and I'll try it asap wink

There's also new method used for writing firmware directly in "firmware upgrade mode" without temp unlocking bootloader in fastboot from what i noticed. I"m not sure if it can be used to write modified system though.

Yeah, it uses "Rescue Recovery" method and I can definitely tell that it won't flash any modified binaries.

Fun fact, even reading bootloader code from Huawei phones directly might lead to factory reset now. I had Y7 2018 yesterday and i used HCU Tool to read bootloader code (no root, just with default connection) and it just wiped itself the moment HCU read the code, then it wiped again once i unlocked bootloader.

Actually, I don't understand why it does that! it happened with me before and I still can't get it for what the factory reset but I hope one day I'll understand )

ReplyQuote
Posted : 05/09/2019 10:02 pm
henrynicolas
(@henrynicolas)
New Member

In this moment test by EFT dongle pro this tool offet remove screen lock by fastboot

ReplyQuote
Posted : 28/10/2019 5:09 pm
bogus
(@bogus)
New Member

@henrynicolas

I know it has been a while but I'll take a chance.

Ok, i have EFT Pro but it supports PRA-LX1 with 8.0.0 security version only. Mine has 5.0.0 (probably) and doesn't cooparates.

Any suggestions?

 

 

ReplyQuote
Posted : 02/06/2020 2:42 pm
Page 1 / 2
Share: