2

I have stock xiaomi mi 8 without any additions. I changed my password, and after 3 days of not typing it, I realized that I forgot the new password. I know some words etc, which are there, but I can not guess it.

Is there any way how to make backup? Through the xiaomi mi, or some other service? I thought that it is possible through google, but not anymore. Kinda bummer.

I did not know that security on android moved so much. :-)

Is there any way to save the data and guess the password on some, I don't know, emulator/etc?

peterh
  • 926
  • 10
  • 27
Dalton
  • 121
  • 2
  • no, there is no way to by-pass (besides bruteforcing). check micloud or https://photos.google.com or drive.google.com for backups, or try to remember screen lock, not much you can do. make sure you remember your mi account + google account + passwords before doing factory reset, you will need both to unlock FRP afterwards. you can double check from https://www.google.com/android/devicemanager – alecxs Feb 15 '21 at 00:32
  • So that's why all the people have stupid swipe screen locks I know mi account, etc, I know that I can just wipe the data, but I think that I have the also something recent what I don't wanna lose. Isn't there some way with adb/fastboot/fastboot some ROM from SD card? Or how do you bruteforce it? I am sure that I could put together some words and numbers into some kind of cracker to guess the password but I don't know how. But as you say about frp and other anti theft tools I guess there is no other way. – Dalton Feb 15 '21 at 01:40
  • OTG adapter connected with Teensy might work. But you are facing two problems. battery can not charged in OTG mode therefore you need some smart code to resume brute force. timeout is increased up to 1 day on wrong attempts – alecxs Feb 15 '21 at 09:32
  • first link claims there is a trick to by-pass gatekeeper timeout via emergency dialer (Oppo device) but i doubt this is true... https://android.stackexchange.com/search?q=brute+force&tab=newest – alecxs Feb 15 '21 at 09:34
  • there is a hint in this thread how to get EDL authorized. assuming you achieve read/write access in EDL mode there is an (old) exploit example how to flash TWRP on locked bootloader which might work on other devices, too. assuming your device is encrypted with FDE default_password TWRP will decrypt your userdata partition without knowing lock screen password. in that case you can backup your data or even reset screen lock – alecxs Feb 15 '21 at 09:52
  • As you pointed out that "old" exploit. Isn't there something like kali linux pack of tools tinkering with mobile phones? I'm lost in all the acronyms :D EDL (okay Emergency Download Mode), DFE. But without changing the recovery mode, I think any method is useles. Fastboot is good just for wiping the phone, but with locked bootloader - nothing. And the xiaomi recovery 3.0 can help me just with wiping the phone. Connecting to mi assistant isn't connecting phone. Don't know why there is the option for connecting :D – Dalton Feb 15 '21 at 15:14
  • Regarding the OPPO brute force, I don't have pin, I have text password. – Dalton Feb 15 '21 at 15:15
  • FDE = full-disk encryption - nearly all Xiaomi devices are still encrypted with 'default_password' so TWRP decryption is the easiest task. biggest two challenges are to figure out if splash screen hack is still unpatched in aboot + EDL authorization. if you're seriously interested you should start with the latter one https://android.stackexchange.com/q/226838 – alecxs Feb 15 '21 at 19:53
  • I wanted to develop on android, system grew to big proportions xD ... I'm interested, but I gave up. I found some backup and realized that i'd lose maybe just some weeks of photos. But I guess I gave up right before the end :X Thank you for the link and the effort! I'll definitely tinker with it and try the to get into EDL. If it will work flawlessly I'll beat into the wall that I'm lazy quitter in front of the silver plate. At the weekend I'll add comment. .. Curious what they have in NSA. – Dalton Feb 17 '21 at 22:21

0 Answers0