Reply
Thread Tools
Posts: 2 | Thanked: 8 times | Joined on Feb 2014
#1
Hi,
Due I forgot device lock number I figured how you can ask on correct device lock or reset it.

For this purpose is there app /usr/lib/qt5/plugins/devicelock/encpartition

Arguments:
Code:
--is-set lockcode
--check-code <oldcode>
--clear-code <oldcode>
--is-clear-device-set ???
--unset-clear-device ???
--imei <something>
--clear-code <oldcode>
--set-code <oldcode> <newcode>
--set-config-key ???
--developermode ????
--clear-device <oldcode>
True/False are returned via exit code where 0 - success, 1 - fail
else as standard output.

Configuration is stored at directory /usr/share/lipstick/devicelock/ and encrypted/hash key is stored at /usr/share/lipstick/devicelock/.devicelock.enc, quite interesting are stored texts at binary file encpartition:
41414141, 42424241, 123456789012345 and /dev/block/platform/msm_sdcc.1/by-name/QOTP . More on http://www.onlinedisassembler.com/odaweb/4fDoTf/0

Unfortunately still don't know how reset device lock without sending to repair facility or brute-force.

Test all numbers with length 5 takes less than 3 hours on the phone with utilizing 20% of CPU.
Attached Files
File Type: zip FindDeviceLock.zip (14.9 KB, 306 views)
 

The Following 5 Users Say Thank You to ivir For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#2
Originally Posted by ivir View Post
Unfortunately still don't know how reset device lock without sending to repair facility or brute-force.
Boot while pressing volume down, telnet to the device and one of the options should allow you to wipe it clean/reset to factory settings
 

The Following User Says Thank You to szopin For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#3
Thanks for the bugreport. I'll have to implement slowdown between attempts to make brute force slower.

It's recomended to have 8-10 digit lockcode to make developer mode bruteforcing to take months untill fix arrives.

In the future we would appriciate that if you find weakness in system that you would contact security@jolla.com before posting it publically, so we would have time make a fix for it.

Last edited by rainisto; 2014-02-06 at 17:24.
 

The Following 5 Users Say Thank You to rainisto For This Useful Post:
Posts: 2 | Thanked: 8 times | Joined on Feb 2014
#4
Originally Posted by szopin View Post
Boot while pressing volume down, telnet to the device and one of the options should allow you to wipe it clean/reset to factory settings
Thank you, but reset to factory settings request devicelock code.

Code:
[CLEANUP] Starting cleanup!
[CLEANUP] Umounting top volume...
[CLEANUP] Deleting /mnt
[CLEANUP] Cleanup done.
Mounting /dev/mmcblk0p28 on /mnt
sh: unlock: unknown operand

Type your devicelock code and press [ENTER] key:
(please note that the typed numbers won't be shown for security reasons)
So even if I have enabled developer mode there isn't way to restore to factory state without devicelock. Latest update only increase number attemps from 3 to 5.
 

The Following 3 Users Say Thank You to ivir For This Useful Post:
Guest | Posts: n/a | Thanked: 0 times | Joined on
#5
--imei hmmm sounds interresting ......
 
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#6
Originally Posted by ivir View Post
Thank you, but reset to factory settings request devicelock code.

Code:
[CLEANUP] Starting cleanup!
[CLEANUP] Umounting top volume...
[CLEANUP] Deleting /mnt
[CLEANUP] Cleanup done.
Mounting /dev/mmcblk0p28 on /mnt
sh: unlock: unknown operand

Type your devicelock code and press [ENTER] key:
(please note that the typed numbers won't be shown for security reasons)
So even if I have enabled developer mode there isn't way to restore to factory state without devicelock. Latest update only increase number attemps from 3 to 5.
Oh wow, that's a surprise. My understanding was that lock code is needed for extra features like unlocking bootloader and in cases of forgotten lock code you could still reset it back to factory state (with loss of data, so data protection is kinda in place). Thanks, good to know
 

The Following 3 Users Say Thank You to szopin For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#7
Originally Posted by szopin View Post
Oh wow, that's a surprise. My understanding was that lock code is needed for extra features like unlocking bootloader and in cases of forgotten lock code you could still reset it back to factory state (with loss of data, so data protection is kinda in place). Thanks, good to know
Its queried for anti-theft, so if your phone is stolen then they cannot just wipe it clean and start using it. So remembering your lockcode is quite important.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
 

The Following 3 Users Say Thank You to rainisto For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#8
Originally Posted by rainisto View Post
Its queried for anti-theft, so if your phone is stolen then they cannot just wipe it clean and start using it. So remembering your lockcode is quite important.
Is Jolla going to check every device that is sent to them for reflash in the european IMEI DB of stolen phones? Or users should inform Jolla about the theft? Is Jolla able to recover data, or just reflash?
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Posts: 1,067 | Thanked: 2,383 times | Joined on Jan 2012 @ Finland
#9
Originally Posted by szopin View Post
Is Jolla going to check every device that is sent to them for reflash in the european IMEI DB of stolen phones? Or users should inform Jolla about the theft?
You report theft to your local police, and they will report imei to operators imei db, and they will use blocklist depending what country you are in.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
 

The Following 2 Users Say Thank You to rainisto For This Useful Post:
Posts: 2,076 | Thanked: 3,268 times | Joined on Feb 2011
#10
Originally Posted by rainisto View Post
You report theft to your local police, and they will report imei to operators imei db, and they will use blocklist depending what country you are in.
Yeah, that's what usually happens and why stolen phones from europe end up in India and Africa (at least that's what I heard), it seems Jollas are going to make an extra step in Helsinki on the way there, are you going to utilise this occasion to return the Jollas to the owner?

edit: however interesting concept and actual anti-theft measure this looks like not really implementable, problems with identifying the real owner will get only bigger once second hand market revves up

Last edited by szopin; 2014-02-06 at 18:28.
 

The Following 2 Users Say Thank You to szopin For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 01:35.