Seva's notes

Wisdom, Awareness, Responsibility :)

Archive for the ‘mobile’ Category

Xiomi POCO F1 Locked with Numeric Keyboard (solved)

leave a comment »

I’ve got my Xiaomi Pocophone F1 Global version in September 2018. The main pros were the price, the feature set, the responsiveness of the development team, the speed of releasing the software updates, and especially the sweet security compliance with my employer’s policies.

Speaking of which, one of the security requirements was that the device must be locked with a complex password. Pattern or PIN was not enough. Nevertheless, I needed to type the password only after reboots, which were very rare, thanks to phone and OS stability.

Yesterday I was excited to find that a new version of MIUI based on Android Pie (9.0) has been launched globally and landed on my phone. I upgraded the phone with no hesitations, as always…

The unpleasant surprise hit me when the installation was complete. My employer’s security team has not yet certified Android Pie, so the phone kept rebooting after logging in. My obvious reaction was to wipe out the data and remove the employer’s software until it’s certified. Ouch, that was a mistake.

After wiping out the data, the device was left locked to the existing Google account. And the Google account was locked with the phone protection password. Wiping the data did not annihilate that relation. So when proceeded with the fresh MIUI setup of the phone, it asked to confirm the phone protection password. I had the password memorized password perfectly, but there was a roadblock: the text field to type the password was numeric. Meaning, it allowed only to tap numbers. And here my saga began.

My 1st approach was to find an open a text field, type my password there and then paste it to the protection password field. I found my way via the WiFi setup wizard, where I hit “show password” button and could type and copy the unlock password. However that didn’t help, since the numeric field was not only disallowing typing non-numeric characters but also filtering them out on pasting.

The 2nd approach was to follow the conventional phone unlock process with MiFlash Unlock utility. However, that required linking the device to account retroactively in Developer Options, which I could not complete since device Settings were not accessible. For the same reason, full firmware reinstall would not work – it required changing “OEM Unlocking” flag in Developer Options.

The 3rd approach was the less straightforward “FRP bypass” method. In few words, the method is to exploit a variety of sideways in the setup process to access external sites and install specific APKs that help triggering system APIs to run system calls directly. I managed to reach Youtube, Google and even download a few different apps with that method, but none of them really helped.

Finally, after a few more random frictions, I found my way through. In very brief, I reached out from WiFi setup to Phone Calling app to Contacts to GMail to Exchange account setup to Certificate storage, that allowed me to change the device password-locking properties without entering the password. Posted my step-by-step guide here:

After resetting the password protection to Pattern, I went back and successfully finalized the MIUI setup process.

Written by Seva

2018-12-16 (December 16) at 12:14:30

Posted in hardware, mobile, past, software

Android adware removal story

leave a comment »

Yesterday started getting random spam ads on my OnePlus 2​:

  • overlay ads of certain popular junk games,
  • fake desktop icons linking to Google Play Store of same games,
  • fake missed calls linking to there.

It was virtually impossible to figure out the responsible processes without additional tools, mainly due to the hiding tactics of the adware.

To start I tried few most popular adware removers from the store, but they either didn’t detect anything, or crashed during the scan (maybe the adware killed them while they were running).

The first success was brought by Addons Detector (with all advanced detectors enabled). After another fake icon appearance it traced it to (“Search”) which comes with AirPush component.


Then I googled and found the package at AVG Threat Labs Android App Reports and used AVG to find one more malware process (“Processor”) which was reported to have AirPlus in it.

The processes were installed as system apps. So the easiest way out was to use Titanium Backup Root Pro I already had installed (my phone is rooted).

After that I tried to dig further to understand how these processes appeared on my phone in the first place. I didn’t install any new apps recently, neither run any updates on root enabled apps. So the adware probably was here, but didn’t expose itself for few months.

I’m very conservative to give root access to software without trust research, but don’t rule out the chance that the junk could be injected with one of the few Aptoide originated apps I experimented with few months ago.

However, since AVG also identified 2 preinstalled bloatware apps to come with other dirty ad frameworks, my current hypothesis is that AirPush crap was on the phone from the very beginning, patiently waiting for its time to activate.

Written by Seva

2015-12-09 (December 9) at 05:33:07