Featured

It’s a Hack! Part Deux

In today’s hack, we take a look at a slightly newer tablet than last time, and find out just how much more difficult it is to crack open an Android 7.1 “Nougat” device than it was just 2 major-OS-versions ago.

Spoiler-alert: I did NOT actually end up successfully removing the FRP lock. Instead, I insisted that the owner try harder to find the appropriate Google account info for the device. Which they did, thank God. I am currently waiting on them to set aside some time to walk through the remaining recovery steps.

N.
samsung tablet frp bypass quote easy-way
Spoiler-alert #2: THERE IS NO “EASY WAY”.

So instead of actually hacking (removing the FRP lock), this is simply a link-dump and giving credit to the sources that helped me get it back to a usable state.

Brief Overview

Now, you may be wondering, how is this useful? Well, dear reader, allow me to explain.

  • Scenario A: You need to factory-reset your tablet, but it’s been borked/bricked by some strange 3rd-party firmware or a bad update.
  • Scenario B: Like me, you’ve managed to use Odin to flash it to “factory binary” firmware (kinda like diagnostic/debug mode), but you forgot to store a backup of the actual firmware first (the one that a normal human can use).

As a reminder, the standard startup-button-combos are as follows:

  1. Recovery mode (standard): hold Home, Volume Up, and Power.
  2. Odin mode (aka firmware download/re-flash): hold Home, Volume Down, and Power.

We’ll talk about #2 first. This has a nice warning screen about how tech-y it is, so you can “abort mission” by pressing Volume Down if you made a mistake coming here. Otherwise, you hit Volume Up, and continue into “Odin mode”. From there, you use the Odin program on your PC to flash the firmware. Obviously, you need to have the tablet connected to the PC with a standard USB cable.

Recovery mode, #1, also looks kinda techy, with the black background and orange & blue text in a sort of old-school Matrix-y way, but it’s really not complicated. You have options like ‘Wipe data/factory reset’, ‘Wipe cache partition’, and ‘Reboot system now’. You navigate up and down with the Volume Up & Down buttons, and make a selection with the Power button.

What do you mean, Theoretically?

Again, I was not successful in actually removing the FRP lock (which was the goal and outcome of the previous post on this topic, albeit with the older tablet). But in theory, if you needed to go that route, this is a decent place to start from. Because if you make a mistake or “brick” the tablet, restoring the stock firmware should get you back to square 1, where you can try ‘hacking’ at it again.

Lesson 1

Always always always. ALWAYS. ALWAYS. Correctly sign out of and wipe your devices when you’re done with them (giving them away, throwing them out, selling them, etc). It never gets any easier trying to recover that stuff or work-around it to “break into” a device that you’ve turned into an expensive paperweight by forgetting your owner-login info.

This means, while your tablet is still on and accessible to you (i.e. you can unlock it, use it, get into Settings, etc.) — use the Settings menu to do the wipe/reset!! It varies slightly between devices, but it’s generally under Security somewhere. Just Google “<your device name> factory reset”.

Lesson 2

Get your account recovery options up-to-date and keep them that way. Same for your loved ones and relatives. Spouse, parents, etc. By setting up and maintaining proper account recovery options (alternate emails, phone numbers, 2-factor authentication), you can be reasonably secure and still able to work on someone else’s behalf in terms of device ownership and recovery.

If you’re not sure what I mean, drop me a line on Facebook, Twitter, or right here in the comments.

That’s all for now folks! Stay safe out there.

Featured

Help! Outlook Keeps Asking for Password!

Yes, my friends, occasionally the world of tech will spill into this blog as well. But this is not related to my career at all; this is something I experienced while helping out a family member. And I thought I would share the frustration — and the solution.

The Problem

He has a Microsoft account, based on a Hotmail address. There are 3 devices: his phone, an old laptop running Office 2013, and a new laptop running Office 365. He has some work email accounts, which all remained working fine, plus the personal email — that being the Hotmail account in question.

One day, he does.. something. Let’s say he forgot the password, or perhaps typed it incorrectly too many times. This leads to a slight spiral of confusing actions, involving a password reset and a recovery code, which he faithfully, per instruction, prints on a physical piece of paper (not that we ever needed it). However, something is still amiss.

downward spiral staircase
down, down, down we go!

Outlook 2013 is now continually prompting him for his password, for the Hotmail account. Strangely, also, this old machine still lets him log on to Windows with the old password, even though it’s running Windows 10 under the MS account (not a local user account).

His phone still receives and sends emails just fine — he didn’t even have to re-enter the password there, as far as I know. Also strange. Or perhaps he did re-enter it at some point shortly after he re-set it, but forgot to mention it. Who knows. The point is, he can’t get his personal emails in Outlook anymore, on the old laptop.

Nor the new one, as it turns out. He just hadn’t tried it until I got there. So during my troubleshooting efforts, we turned on the Surface and discovered it, too, in Outlook 365, continually begged for his password, which we of course entered correctly, to no avail.

I tried a lot of troubleshooting, including repairing the account in Outlook’s account properties, removing it and re-registering it, and even removing it from Windows entirely, followed by setting it up again. None of that worked of course.

The Solution

The actual solution is rather boring, as it turns out. It just took us forever to arrive at it, because MS in no way made it at all obvious, nor provided any direction toward it, until I actually asked for help with Outlook’s support-chat snap-in. The agent replied next-day, which meant I had to tell my uncle to literally let his Surface sit out, open, on, logged-in, all night. Thank God for TeamViewer, is all I can say.

What we found out, thanks to the agent, is that he (the user, not the agent) had somehow enabled Two-Step Verification. This was NOT OBVIOUS anywhere. What it means, apparently, is that after you enter your password, you’ll need a security code that either gets texted to you or uses the MS Authenticator apon your smartphone. This is very similar to Two-Factor Auth, but not exactly the same.

red apple and green apple
Apple-to-apple…ish

So where do you go to check on this? Again, not obvious. Go to your MS account page in a browser — https://account.microsoft.com/. Then click on ‘Security’, of course. Then.. uhh.. wait, there are only 3 big buttons here. “Change password”, “Update your security Info”, and “Review recent activity”. Well those don’t sound like what I want. Maybe the 2nd one, kinda? Nope.

Read the fine-print. I mean it’s not “fine print” like super-dinky legal jargon, but small enough compared to those big 3 buttons that most people would overlook it. Right underneath it says this:

Done with the basics? Explore more security options to help keep your account secure.

MS Clippy

Yep, there you go. Once you click that link, ‘Two-step verification’ is the 2nd option on the list. So, once we disabled that, he was back in business — his current (recently changed) password was now the only thing needed to configure/re-connect all Outlook apps to his Hotmail account.

But Why?

More specifically, why is this a thing? Well, 2-factor authentication is actually a very good practice, security-wise. For example, when you log in to your bank’s website from a computer that you don’t normally use to do so, they generally want to text/call/email you with a “security code” to make sure it’s really you. Awesome! That means if someone guessed your password, they still couldn’t get in, because if you got that text/call/email while you yourself weren’t logging in to do some banking, you’d say “Not today, Satan!” and deny that sucker.

Now, let’s take the Microsoft account. Sure, it probably has some pretty important stuff — billing info, for one thing, if you’ve ever bought anything from them, like Office 365, or a game on the Xbox. But even if not, there’s still a lot of your personal info there. Plus, your email itself can be used for nefarious purposes, such as.. oh right, that banking example! If you hadn’t set up your phone as a “2-factor auth” contact-point, they might be using your email to send you those security-codes. And if you’re no longer the only pair of eyeballs on your inbox.. Ruh-roh.

scooby-doo ruh-roh
Jinkies!

So is this “Two-step verification” thing with your MS account all bad? No, of course not. Like anything, consider it holistically with the rest of your online presence and identity management. If you’re particularly worried about hackers, and you understand the trade-offs, go ahead and use it. If you’re fairly confident in your password strength, and you don’t have a ton of ‘risky’ information/connections involved in the account, maybe it’s overkill.

I personally use the MS Authenticator app, because I work in IT and it’s something I’m accustomed to. I have a lot of devices, and I know that the risk of me losing one is higher than most. But this family member’s situation is much more limited and much simpler. Therefore, we decided, he can live just fine without it; all he needs to remember is his password.