As always each platform will evolve and have methods to protect users from theft of mobile devices. Google has Factory Reset Protection, and I'd like to share my experiences with this security feature on a Tabe E (SM-T560NU)
Background:
One of my local pawn shops always has deals on broken/locked devices and I know the owner and his son, so I frequently buy items. Some I'm able to fix, others can be bypassed.
About a month ago they had a Samsung Tab E, which I believe I paid $60 for. It was FRP Locked, and based on what I read online, I was sure I could unlock it.
Well, to my dismay I found out it had the latest patches and would not work with the old USB OTG hack.
However, I did find a hack that did give me some interesting results. One hack/triuck is to enable a wifi hotspot on your phone, and connect the FRP Locked device to that hotspot. Just when it is looking for software updates, kill the connection. It will complain it can't connect and will allow you to set the date and continue setup. However, the latest patches will simply restart Setup if you have not verified your Google Account.
However, I discovered that you can manually enable certian subsets of the device to work despite having FRP Lock enabled.
Once I used the WiFi hotspot trick, I created a pattern lock using the Setup Wizard. With this enabled, the Camera icon now shows up on the lock screen which you can use to access a few apps.
I went through the setup wizard one more time to enable my default WiFi connection so all future access wouldn't need the hotspot.
You can take photos then review them, and use the Share This menu action to access other apps. Most apps only allow you to access a specific instance, for example selecting Notes will only let you create a note, you cannot go back and see other notes you created. If you choose to share via Gmail, you can click the button "learn more" and this will allow you to access Google Chrome.
Note, I watched the latest video by rootjunky and tried to long tap the gmail and although it did show me app settings, it would not give me any access to change settings or go into the phone settings itself.
You can even use the file:/// protocal.
If you download an APK, it will download, but you can't open it. If you use file:///sdcard to see the internal SD and try opening an apk you downloaded, it treats it as another instance of download and asks if you want to replace your existing copy.
By browsing to the youtube site it opened the YouTube App, but as the device is FRP locked, any attempt to sign in won't work as the device will want the original account that was used.
OTG does function, as I'm typing this post using the tablet with a USB keyboard. If I plug in a USB flash drive the drive does flash it's LED so I can assume it works. I'm working on finding the mountpoints for OTG and external SD so I can try other actions.
I'm curious if I can access the built in media player, and will try loading the SD card with video files. But if chrome treats all files accessed by the file:/// protocal as downloads that may not work.
So security isn't always 100% as I now have a semi functional tablet which for my most basic needs, works perfectly. But I'm still working on learning more about the sandbox that must be implemented on these apps.
UPDATE: After playing around with the device, I found that if I used Media Share as a share to option, it would pop up and ask if I wanted to update it as it was outdated. This took me of course to the Samsung Apps, not Google Play. At this point I could install ES Explorer and get access to Settings and QuickShortcuts which allowed me to follow RootJunky's guide for disabling FRP. Note that will only work if you have an outdated version of Media Share.
I will post a full guide on this method in a day or so (It's 9:30PM work tomorrow) and we will see how long this bypass works. For those brave enough if you combine rootjunky's method with what I posted here, you should be good.
I so took the red pill.
Chaos Storm
Background:
One of my local pawn shops always has deals on broken/locked devices and I know the owner and his son, so I frequently buy items. Some I'm able to fix, others can be bypassed.
About a month ago they had a Samsung Tab E, which I believe I paid $60 for. It was FRP Locked, and based on what I read online, I was sure I could unlock it.
Well, to my dismay I found out it had the latest patches and would not work with the old USB OTG hack.
However, I did find a hack that did give me some interesting results. One hack/triuck is to enable a wifi hotspot on your phone, and connect the FRP Locked device to that hotspot. Just when it is looking for software updates, kill the connection. It will complain it can't connect and will allow you to set the date and continue setup. However, the latest patches will simply restart Setup if you have not verified your Google Account.
However, I discovered that you can manually enable certian subsets of the device to work despite having FRP Lock enabled.
Once I used the WiFi hotspot trick, I created a pattern lock using the Setup Wizard. With this enabled, the Camera icon now shows up on the lock screen which you can use to access a few apps.
I went through the setup wizard one more time to enable my default WiFi connection so all future access wouldn't need the hotspot.
You can take photos then review them, and use the Share This menu action to access other apps. Most apps only allow you to access a specific instance, for example selecting Notes will only let you create a note, you cannot go back and see other notes you created. If you choose to share via Gmail, you can click the button "learn more" and this will allow you to access Google Chrome.
Note, I watched the latest video by rootjunky and tried to long tap the gmail and although it did show me app settings, it would not give me any access to change settings or go into the phone settings itself.
You can even use the file:/// protocal.
If you download an APK, it will download, but you can't open it. If you use file:///sdcard to see the internal SD and try opening an apk you downloaded, it treats it as another instance of download and asks if you want to replace your existing copy.
By browsing to the youtube site it opened the YouTube App, but as the device is FRP locked, any attempt to sign in won't work as the device will want the original account that was used.
OTG does function, as I'm typing this post using the tablet with a USB keyboard. If I plug in a USB flash drive the drive does flash it's LED so I can assume it works. I'm working on finding the mountpoints for OTG and external SD so I can try other actions.
I'm curious if I can access the built in media player, and will try loading the SD card with video files. But if chrome treats all files accessed by the file:/// protocal as downloads that may not work.
So security isn't always 100% as I now have a semi functional tablet which for my most basic needs, works perfectly. But I'm still working on learning more about the sandbox that must be implemented on these apps.
UPDATE: After playing around with the device, I found that if I used Media Share as a share to option, it would pop up and ask if I wanted to update it as it was outdated. This took me of course to the Samsung Apps, not Google Play. At this point I could install ES Explorer and get access to Settings and QuickShortcuts which allowed me to follow RootJunky's guide for disabling FRP. Note that will only work if you have an outdated version of Media Share.
I will post a full guide on this method in a day or so (It's 9:30PM work tomorrow) and we will see how long this bypass works. For those brave enough if you combine rootjunky's method with what I posted here, you should be good.
I so took the red pill.
Chaos Storm