Phone Hacking Part 8 - The Android Power Hack

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone give people a minute to get into the um into the room okay all right well uh thanks for waiting up i appreciate it i just had to actually fix some python code for this live and now that it's working um we can actually continue make sure everything is uh can somebody uh let me know if the audio is okay before i continue please okay cool and we're live yes awesome thanks guys for joining appreciate it appreciate it yeah everything is going good going really really well thank you guys for joining all right uh what are we going to talk about today ah yes the power hack now what's interesting about this is um i mean i've showed i've showed the power hacks um in in essence a kind of i suppose um and someone actually says can we have another video on mdm bypass uh actually we're doing an mdm bypass right now like today um and uh and i'm going to show you and this is part of the power hack it's funny that you mentioned that um so what i'm going to teach you is resistance and how the resistance actually affects the modes in the device so um specifically let's talk about um uh you know the internals at least we're going to use an lg as an example we're not going to be using the same algae that we used last time we're going to be using this lg that actually has a has an mdm log it's turned off right now i'm going to turn it on i'm just going to show it to you on the screen rather than have another camera on it but when this boots up you're gonna see that there is an mdm lock on it and uh you're gonna see like some random person's photo pop up uh i don't know who it is and you know uh my wife you hand me this phone and i was like hey here's an mdm on here you know let's you want to use it for your tutorials and i said that sounds really really good so let's wait for this to boot up a little bit uh i don't know if you caught that but uh i don't know if you caught that maybe i might do it again uh but it was like a picture it's basically like a picture of a woman it comes with kind of uh there we go it's more of more clear the glare is so bad hold on let me turn these lights off or down a little bit okay that's better i think okay i think this is uh it needs a little bit more power but uh so well you know actually this is a good thing um because i want to show you i want to show you um you know what's what's going on in this in this device um okay so so we're gonna be using this lg device uh as an example i think it's uh um well i don't know actually you know we'll connect to it and we'll see what it is and um and so we're gonna actually have io running and i'm gonna switch to the terminal all right now uh i am going to plug the device in and using a 56 kilo ohm cable that i made let me actually switch over and so i made this cable and you can see it's 56 kilo ohms and these are standard right um the challenges is like how do you use them um now it's inside of the devices it tells you you know what um you know what kind of resistances you can have but uh how do you use them is they're super super important so we're going to let this boot up for a little bit and you can see actually oh let me just switch back over so we're booting we're booting and hopefully you'll see it down here so i should have just put another camera up but you should see if you can tell that there's a picture of a woman about to show up yeah and hopefully you got you caught that okay and um so the other thing too and let me switch back over there is a full-blown full-blown mdm on here okay so it is account locked and it requires a username and a password and so this is this is a full mdm lock on here um that you know i don't know i have no idea you know i have no idea i don't know anything about it so so what happens is um i'm gonna restart i'm actually gonna restart the phone okay and uh let me get a different cable that's not resistant okay so i'm gonna restart the phone you're gonna see that the vendor id and the product id actually um comes out and leaves and i've plugged in another device or another cable different cable right this isn't my proprietary cable so so i'm just going to restart the device manually and we're going to see a difference and what comes in and what comes up now i'm doing this to show you what we uh you know what we can what we can achieve by by um manipulating the uh the current to the device that which is really important um well i think i probably have a persistence and i may actually you know i'm just going to factor your reset that uh maybe i don't know if might take too long because it came back at 6 000. um yeah i'm going to take the bat i'm going to take the battery out from the back of the device and so everything's out and we're going to see if that clears our usb cache so let's plug it back in and see how we do uh yes someone's saying um only with resistance can you get into the phone and it says they're not finding you know what's the logic in this i'll get there don't worry about it don't worry don't worry there's a point to all of this and okay seems like there is a persistent cache on here but okay so anyways um all right so so let's let's let's just go through this um as is so this phone uh again it has this lock on it and uh you know let's just see if there's so adb devices there's no devices adb kill server adb devices nothing right there's no sorry let me just transfer over okay so adb devices nothing right i'm gonna do it again so you guys can see it other devices nothing all right cool now there is another thing that we can try and and what it is is i wrote a i wrote a program that's uh i call it mtp brute so i'm using the media transfer protocol in order to brute force uh the device and manipulate it uh to you know spit something out at me so what i'm gonna do is i'm gonna kind of split this screen so you can see it better and we're going to actually run my script so what's going to happen if you notice at the bottom well let me raise this up or move it okay so the bottom down here you're going to see that the device is going to come in and out so i'm using the the power controls for the usb hub to bring the device in and out and to to force an error in the device to so i can spit out some information right so if i say mtp detect right now right i'm not gonna get any information right nothing i mean i want something i wanna i want to see um something from the device and again we're just hooked in no adb nothing and this not a special cable this one is a regular cable we're good and um so we're going to run my script and you can actually see we start spitting out information hopefully okay this no no it's not working as intended hold on um i'm going to actually just factory reset this this device real quick because uh i want to make sure that we start fresh okay so factory reset the device and uh you should see this actually switch it over actually and then i need to do a restart so i'll show you what i'm doing the device and sure hopefully it will kick into the factory reset screen okay yes okay well we're indeed going into mini os mode um let me switch over so the mini os mode is giving me a factory reset status of a 2. so what i'm going to have to do is i'm going to actually have to change my factory reset status so which is pretty good i mean this is actually a good thing this is happening so i can actually show you i don't know if you've ever seen this before um and put this up to the screen it says you know factory reset status of two and um so what we're gonna do is we're gonna actually just change that and uh so what i'm going to do is going to open at send and then say at fresh frst status equals we're going to just change that to 3. so now we've changed our factory status on the phone to three right so you can see here our factory reset status is three which is meaning that we are allowed to actually factory reset the device so so this is a really important thing actually it's good that this is actually happening so i don't know if you have errors like this but now you've changed your factory resistance to three okay now um so then from here we can actually i'm going to turn off qem because i saw this come up so i'm going to go to the terminal and uh so qem and make sure it's off qm equals zero and which is uh so it's going to bring us actually back here um to give us this blue screen of death that looks like um that looks like this and then we're gonna have to change back into three it doesn't make sure that qvm is off yes it is and then we're going to do frst status three okay we set that and then so now again we've got frst status three then now we can restart the phone we should actually see a factory reset so let's do that okay so the device is actually starting and let's watch it hopefully it seems like it's probably trying to restart which this is my white powder md i don't know i haven't tried this it's like a brand new device that's uh just waiting greasy oh yeah so it is factory resetting oh you yes it the little the little guy was there a little alien or android not haley so that you you will see and of course our devices come back in so we're not at 6000 anymore we're at 1004 and then 6300 is our vendor id and our product id so this is really important oh let me switch over sorry okay so our adventure id our vendor id and our product are coming in at one zero zero four six three zero zero okay and um so this is very important so we just did a factory reset we changed the factory factory status of the device and uh so we're just starting fresh for everybody all right so you can see right here um that the android is starting and um you know installing its applications i really will have another camera next time for this like i usually do because this is frustrating um but yes uh so we're we're factory resetting all right now uh let me answer some questions while this is actually resetting and we can get to the point of this and let's actually see if our mdm is still on there because if this actually kills the mdm that's pretty nuts that's uh and it's actually saying it's finishing booting okay uh live demos are fun and uh let's say he didn't play the demo guys it happens it happens it happens uh let's see are you running another script to control the usb power yes i am and actually i don't know if you can tap the center of your screen to activate this feature so this is showing that we you know talk back settings um so what we're gonna do is just gonna i'm gonna walk through it and see what happens yes i am so i'm using uhub control and i'll show you i'll show you that um so it is a github is a github project you call uhub control and um you know we this is what i'm using to control the usb hub answer a couple more questions while this is setting up so uh the tools for android devices are on github uh so yeah um the tools like this um i this is right here in the bottom uh is io yes i'm in github in my github repository i uh forwards last jonathan data1 and uh let's see what else is at send which is what did all this good stuff up here that is in github as well uh forward slash jonathan edit data one and these are all things that i've written uh you know on my own so that you can you know use this this brute is not in there yet because i had to i modified the python but i'll actually show you what i'm doing i'll show you the code here in just a second okay and a couple more questions while we get set up yes i'm on twitch thank you cool and then um yes uh have another video from dep bypass for apple okay yes we will we'll work on um uh dep bypass for apple uh yeah it's fine next time we'll be will be cool um so this is a um device policy uh which is mdm uh is what they're talking about you know to bypass that yeah it's not a problem not a problem to do that okay so our device is being set up right now so we're using an lg i don't know what kind of lg it is but we'll get to the we'll get to understanding what it is uh shortly and let me switch back over so you can see uh right now it's just trying to configure and um you know talk to the towers and get some download some prl data i'm sure and so we are here at uh one zero zero four let me give it to the terminal uh one zero zero four six three zero zero okay now you know while it's configuring since we do have a since we do have a usb connection let's say check to see if we actually can pull anything so let's just do an mtp detect nothing all right so one thing that is really important to do is that we can actually set our lib mtp debug levels so for example uh you know if we set it to eight we can actually see a lot more information in hex if we just set it back to zero as well we're just not gonna really see much so one thing about this now i am going to run the uhub control and which is which is the binary that i'm using to to control the the usb ports and cycle them i'm actually going to show you what capabilities are and so we can we can actually take an action and we can cycle the we can cycle the port or turn off the specific port if we wanted to and turn it on if we wanted to so this is a really important thing because here's the thing you do not have to have power this is really really important you don't have to have power to the device to actually access the device okay this this is a really really important thing to understand because you have you have a rxtx and and and yes so this is this is a really big thing to note no power to the device that's okay so you can turn it off and you can start exploits this way and this is very very important now again you can actually see it i'll put this you know up later but github.com forward slash mvp forward slash uhub ctl but you do have to have a usb 3.0 hub running in order for this to work so i'm actually just going to run um in a cycle real quick and see what's happening and this is why i o is really important to right to have here that my program so just we can see that it's gonna cycle so um hopefully is it on the right port let's see so that was port three all right um cycle this and you should be able to see the device come in and out yeah okay yeah so we do see i'm going to switch over actually while i'm doing this you can set you see what's happening okay which is taking forever to configure all right so i'm going to run the i'm going to run the the uhub control again and you're going to see that we're going to actually get a yeah low battery and that's going to kick back in so we are cycling the device okay um so so uh the specific port right uh that we can target uh this this device and while it is configuring taking so long i could go because i can show you uh what's happening so if i just run uh you have control on its own um it's going to tell us that we do have something connected um you know in in each one of our slots even we can actually um power cycle the entire thing the entire hub if we wanted to which probably could be easier if you don't want to actually target you don't want to actually target you know just a just one port but uh yes so i'm gonna just cycle everything which is and then i'm gonna switch over quickly and then you can actually see you know the device come in and out in the i o that's the other good thing about this is that you know you definitely need to make sure that you see like what's happening um what's coming in and out uh the the vendor id and the product id is super important um and to to all of this and uh and the resistance um right okay so it is taking forever but you know what this is really interesting this is taking forever to actually um configure there was information on here i i didn't see what was on there but let's actually see what happens if we don't connect it don't connect the device so this is so we're on this configuration um which is actually this could be a really really good test for us um so it says configure your phone and it's just taking forever so let's actually plug in our resistance cables 56k resistance cable uh we're going to plug that in and we're going to actually restart the we're going to restart the device and so this is we're still on this we're still on this screen here and we're just going to restart manually to power off and restart and i'm going to push okay okay now let's go back to the terminal so we can actually see the device come in and out and we should actually come in at six thousand one zero zero four uh six thousand if everything goes right yes and we did okay so all this like all this with like configuration i mean what happens here is we we have engineering mode this is what we have so i mean if i can show you uh that we're probably still going to be configuring for you know another like 20 minutes or something right um android starting the apps whatever whatever but uh but let's let's just just bust through honestly you know we're on the activation screen again um and and you can see it's just annoying and like i'm so done with this so let's just does this break right through um do a t send and then p percent now we're going to come out of 6000 down here and we should go into six one fv maybe let's see just gotta wait for it maybe maybe okay six three one two we have arrived at six three one two now this is really important because uh um is we have authorized adb oops yes authorize adb now okay fine jonathan we've seen your authorized adb whatever whatever okay that's fine and but the setup of this device is so freaking annoying and these are my programs that i've written little little guys um so what we're going to do let me switch back over we're going to run these programs and let's actually see if it'll break us through and it does it gets us right to the screen and we don't have to mess with any of that setup it's just super super annoying i hate it um and so what we have done is we have literally just busted right there actually what's what's funny is um there's no mdm on this device anymore unfortunately i mean there was when you can go back in this video um but there is none anymore so it's gone i guess is that cool everybody good with that resistance power hacking current hacking maybe i should have said current hacking any questions this is a short one okay someone says um do the at commands work only by usb serial or can you do the at command connection over gsm web oh yes okay or you can enable adb yes yes yes um watch the other videos and i give you the answers everything you you're asking is yes and watch the other videos on twitter or on youtube i think um let's see someone says can you do that on macbooks macbooks are so much easier you don't need to do all this mess and i'll do a uh i'll do a macbook pro hack that works on every single macbook in the world remove apple mdm type stuff easy yes i can do that next episode actually not a problem at all um all right well i know this is kind of a short um a short one but uh essentially again let's recap so we're using 56k resistance and we're monitoring our vendor idn product id that comes in and out of the device and um you know it essentially we did have an mdm i don't i wish i would have pulled the content but it doesn't really matter anymore um we made sure that our factory uh status um was you know we came from two to uh zero and then or two to three to zero and then back to three factory status reset the device watch the video super simple um steps and uh you know we have a fully functional device so so this was mdm locked this device and now um we are um we're completely able to do whatever we want with it okay yes thanks for joining and uh until next time

Info

Channel: Jonathan Scott

Views: 207

Rating: 5 out of 5

Keywords: lg frp bypass, lg bypass, lg passcode lock bypass, lg hacking, lg enable adb, lg secret codes, lg engineering mode, lg hacks, lg bypass passcode lock, lg frp

Id: I876776zjQk

Channel Id: undefined

Length: 28min 1sec (1681 seconds)

Published: Wed Sep 22 2021