Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wasted can be bypassed with fastboot #72

Open
finance8 opened this issue Dec 13, 2023 · 7 comments
Open

Wasted can be bypassed with fastboot #72

finance8 opened this issue Dec 13, 2023 · 7 comments

Comments

@finance8
Copy link

finance8 commented Dec 13, 2023
edited
Loading

There is a video on the internet how to bypass Wasted without the phone deleting itself. What now? Will there be any solution?

This is the video I found:

https://youtu.be/FUqYzA3l_Qg?si=AmTViF5FGd0l2KUc
@finance8 finance8 changed the title Wasted can be cracked Wasted can be bypassed Dec 13, 2023
@x13a
Copy link
Owner

x13a commented Dec 13, 2023 via email

@x13a
Copy link
Owner

x13a commented Dec 16, 2023 via email

@finance8
Copy link
Author

Related: https://discuss.grapheneos.org/d/7703-protection-from-xry-pro/3

On Wed, Dec 13, 2023, 19:48 lucky @.***> wrote:

I will take a look on the weekend and let you know

On Wed, Dec 13, 2023, 19:40 finance8 @.***> wrote:

There is a video on internet how to bypass Wasted without the phone

deleting itself. What now? Will there be any solution?

This is the video I found:

https://youtu.be/FUqYzA3l_Qg?si=AmTViF5FGd0l2KUc

Reply to this email directly, view it on GitHub

#72, or unsubscribe

https://github.com/notifications/unsubscribe-auth/AMXH7T7RA2YKN4O6BFZ2RR3YJHEANAVCNFSM6AAAAABATMA6RGVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAZTSOJXGY3TQNA

.

You are receiving this because you are subscribed to this thread.Message

ID: @.***>

Thank you for your promised reply. However, my question was about the app "Wasted" and the capability to actually disable the app without any kind of unlock. Will be there any solution? This may affect many people.

@x13a
Copy link
Owner

x13a commented Dec 17, 2023
edited
Loading

@finance8 No idea if something can be done for now. As I understand, they reboot the device to fastboot mode and break Wasted in it. So we have to disable fastboot to prevent raw/write access to device. It is better to ask GrapheneOS devs for this, maybe they have some ideas.

@x13a x13a pinned this issue Dec 17, 2023
@x13a x13a changed the title Wasted can be bypassed Wasted can be bypassed with fastboot Dec 17, 2023
@flawedworld
Copy link

The issue demonstrated in the video is a device issue with the firmware. It does not fall in scope of Wasted in my opinion.

Also see: https://discuss.grapheneos.org/d/10023-exploit-of-device-after-first-unlock-to-obtain-data-that-isnt-at-rest/27

@flawedworld
Copy link

https://source.android.com/docs/security/bulletin/pixel/2024-04-01
https://twitter.com/GrapheneOS/status/1775619234204197234
https://twitter.com/GrapheneOS/status/1775305179581018286

Use a supported Pixel with the April ASB with either GrapheneOS or the stock Pixel OS and you will mitigate this attack.

@x13a This is basically solved, and more improvements will come in Android 15 to prevent this style of attack from other potential vectors in future within the OS.

@flawedworld
Copy link

If you don't use a Pixel and instead use another Android device, buy a Pixel. That's the fix. I don't trust 3rd party OEMs to properly implement mitigations in firmware, let alone patch the OS properly, so that's my advice to you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@flawedworld @x13a @finance8