Skip to content

Authorised Dealer – Tata Hitachi Construction Machinery Co. Pvt. Ltd. – Udaipur, Rajasthan

Boost mobile unlocked iphone: Iphones Boost Mobile : Target

[Solved] How to Unlock Boost Mobile Phone

Looking for a hack to Boost Mobile phone unlock? After reading this article, you will have a good idea on how to unlock a Boost Mobile phone for free. All Boost Mobile phones are sold unlocked, which means that only after unlocking you can cooperate with other carriers. Cell phone unlocking through Boost Mobile is free, and third-party unlocking companies will charge you for this process. We will guide you step-by-step to unlock Boost Mobile phone so you can take your phone with the operators you want.

  • Part 1. Everything About Boost Mobile Phone Unlock
  • Part 2. Top 2 Ways to Unlock Boost Mobile Phone
  • Part 3. How to Check if Boost Mobile Phone is Unlocked
  • Bonus Tip: How to Unlock iCloud Locked Boost Mobile PhoneHot

Part 1. Everything About Boost Mobile Phone Unlock

DSU Unlocking & MSL Unlocking

The term “locked” regularly refers to a device that must be utilized with Boost Mobile on the DISH Wireless organization and can’t be actuated on a contending operator’s network. An unlocked device is not, at this point locked to Boost Mobile administrations and thus clients may endeavour to initiate it on another operator’s network. There are for the most part two situations for device unlocking:

Domestic SIM Unlocking (DSU)

A device might be alluded to as “locked” if that gadget was fabricated with the programming limitations that forestall another transporter’s SIM card from being embedded into the SIM space for use on a different network. Most devices launched after February 2015 are DSU-capable – their SIM slot can be unlocked for potential usage on other operators in the United States. Even after unlocking, DISH Wireless DSU-capable devices may not work on another operator’s network. Whether an unlocked DISH Wireless phone can be used on another operator’s network is subject to that operator’s policies and network requirements.

MSL Unlocking

A device is “locked” if it is manufactured with a type of disabling software and a boost mobile phone unlock code (referred to as “Master Susidy Lock” or “MSL”). Generally, MSL locks were utilized on devices launched before February 2015. DISH Wireless can provide the MSL code to eligible consumers, while this does not mean that the phone will be able to be successfully used on any other operator domestically. Regardless of whether another operator will acknowledge and enact a device on its organization is dependent upon that operator’s strategies and compatibilities.

Unlocking Policy

For DSU-capable devices (generally devices and device models launched February 2015 or later), Boost Mobile will unlock the SIM slot for devices that are eligible. If you believe you meet the below requirements and would like to request that your DSU-capable device be unlocked, contact Boost Mobile Customer Care at 1-888-BOOST-4U.

  • The device should be SIM unlock capable.
  • Make sure that you have used your phone for at least 12 consecutive months with Boost Mobile.
  • The device has not been reported as lost or stolen.
  • Associated account is active and in good standing. (No unpaid bills)

Unlocking for Military Personnel

  • The device should be International SIM unlock capable.
  • The subscriber is an active member of a branch of the United States military.
  • The device is used for at least 12 consecutive months with Boost Mobile.
  • The device has not been reported as lost or stolen.
  • Associated account is active and in good standing. (No unpaid bills)
  • Each number associated with your military account can unlock up to two devices per year.

Part 2. Top 2 Ways to Unlock Boost Mobile Phone

Unlock Boost Mobile Phone with the help of Customer Care

As a Boost Mobile customer, if you meet above eligibility criteria, directly call Boost Mobile customer care and ask how to unlock a ZTE Boost Mobile phone or Boost Mobile LG phone, whichever brand you have. The unlocking process is as follows:

  1. Step 1. Call Boost customer care.
  2. Step 2. Ask for the unlock code.
  3. Step 3. Type unlocking code into your phone.

Unlock Boost Mobile Phone via IMEI

You can use online request form to unlock you Boost Mobile using IMEI code at DirectUnlocks.

  • Step 1. Go to the official website of DirectUnlocks.
  • Step 2. Dial *#6# on your phone to obtain your IMEI.
  • Step 3. Enter your device info and IMEI number.

  • Step 4. Submit and pay your order, then your order will start and you’ll receive confirmation within 24 hours.

By and large, customers may just take advantage of the Straight Talk unlock program once each year. In any case, exceptions are made for conveyed military personnel. On the off chance that you have satisfied the criteria outlined above and still cannot unlock your iPhone and stay confused about how to unlock iPhone straight talk. You may contact customer care to get a partial reimbursement dependent on the estimation of your device.

Part 3. How to Check if Boost Mobile Phone is Unlocked

If you have a doubt whether your device is unlocked or not, directly call Boost Mobile customer care and Boost Mobile customer service representative will review your account status and let you know if your device is unlocked or not. Or you can try inserting SIM card of another carrier. When you embed the SIM card, the name of your new transporter should show on the screen of your phone, demonstrating that your device has been opened and that you are now on the new network. This way, you can also know whether your Boost Mobile phone has been unlocked.

Bonus Tip: How to Unlock iCloud Locked Boost Mobile Phone

Unlocking a boost mobile phone seems easy now but if you have any iPhone/iPad having iCloud lock on it, you should be worried. You cannot use your device if it is iCloud locked. So here is a reward for you. UltFone Activation Unlocker is a software you can download for free on both Mac and Windows. With UltFone Activation Unlocker, iCloud activation lock can be removed and you can use your iPhone/iPad as a fresh device. You can easily bypass iCloud activation lock with this tool. Sometimes when you buy a second hand iPhone, it can be iCloud locked by the previous owner and you can unlock it without the previous owner.

Its key features include but are not limited to the followings:

  • Bypass activation lock without previous owner.
  • Unlock iCloud without Alle ID and password.
  • Turn off Find My iPhone/iPad/iPod Touch feature without password.
  • Protect your device from being tracked or locked by the previous owner.
  • Support iOS 12 to iOS 14 from iPhone 6 to iPhone X.

Free Download
For PC
Secure Download

Free Download
For Mac
Secure Download

BUY NOW

BUY NOW

Conclusion

How to unlock a boost mobile phone should not be a confusing question for you now. We have discussed various ways above to help you unlock boost mobile phone easily. Just be careful to follow all the steps in the right order. Additionally, in case that your iPhone is iCloud locked, UltFone Activation Unlocker can bypass the iCloud activation lock effortlessly within few minutes. If you have questions regarding to this article, feel free to comment and we’ll be thrilled to help you! Have a good day!

Free Download
For PC
Secure Download

Free Download
For Mac
Secure Download

BUY NOW

BUY NOW

How to Unlock a Boost Mobile Phone

  • To unlock a Boost Mobile phone, you’ll need to call the Boost Mobile Customer Care line at 1-888-266-7848.
  • Before you can unlock your phone, it needs to have been connected to your Boost Mobile account for at least a year.
  • Military personnel who are deployed overseas can unlock their Boost Mobile phones without waiting a year.

When you buy a phone directly from a cell phone carrier — for example, Boost Mobile — they partially own the device. This means that if you ever want to leave that company for another, you’ll either need to give up the phone, or go through an annoying transfer process.

However, you can skip that process and gain full ownership of your phone by unlocking it. Unlocking a phone from a carrier makes it so you can switch companies and keep the same phone.

If you’re a Boost Mobile customer, unlocking your phone just takes a phone call. Here’s how to unlock your Boost Mobile phone.

Before anything, you need to make sure that you meet Boost Mobile’s unlocking requirements. These are:

  • The phone has been active on your Boost Mobile account for at least a year.
  • Your Boost Mobile account is in “good standing,” with no past-due balances.
  • The phone hasn’t been reported as lost or stolen.

Additionally, the phone needs to be “SIM unlock capable.” You should ask about your specific phone’s capabilities when you call Boost Mobile, but in general, if the phone was made in 2015 or later it should be fine.

Your Boost Mobile account is tied to the SIM card inside your phone.

Pheelings Media/Getty Images

If your phone isn’t SIM unlock capable, Boost Mobile can provide you with an “MSL Code” which may work to unlock it instead.

Quick tip: The only exception to these rules is for active military personnel who are deployed overseas. Overseas military personnel can unlock their phones without having them active for a year, and each phone number on the account is allowed to unlock up to two devices per year.

If you meet all the requirements, call Boost Mobile’s customer support number at 1-888-266-7848. When you connect to a representative, ask for your phone to be unlocked. If you’re active overseas military personnel, you’ll also have to provide proof of your overseas deployment papers.

The unlock request can take up to two business days to process. Keep your SIM card inside of the phone until you get an email or notification that the unlock went through properly.

William Antonelli

Tech Reporter for Insider Reviews

William Antonelli (he/she/they) is a writer, editor, and organizer based in New York City. As a founding member of the Reference team, he helped grow Tech Reference (now part of Insider Reviews) from humble beginnings into a juggernaut that attracts over 20 million visits a month.
Outside of Insider, his writing has appeared in publications like Polygon, The Outline, Kotaku, and more. He’s also a go-to source for tech analysis on channels like Newsy, Cheddar, and NewsNation.
You can find him on Twitter @DubsRewatcher, or reach him by email at [email protected].

Read moreRead less

9 Ways to Unlock iPhone

Can’t get access to your iPhone back?

February 27, 2023

7 minutes to read

It is believed that Apple products are one of the highest quality and safest. First of all, this refers to a high degree of protection, which in fact often turns against the owner himself. In the case of a digital password, the device will simply be blocked after 10 incorrect entry attempts.

At the same time, the waiting time increases with each attempt: after six attempts – 1 minute, after seven – 5 minutes, after eight – 15 minutes, after nine – 1 hour.

If the “Erase data” option is enabled in the settings, after an unsuccessful 10th attempt, the deletion procedure will start.

The device itself will offer to perform a factory reset, erasing all information stored on it, which is acceptable if a backup was previously made.

1. Removing a password via iTunes

iTunes is a program that is installed not only on smartphones, but also on Apple PCs and laptops and provides access to various company services. Its main purpose is the ability to listen to music, watch movies and read, but the system also allows you to control “apple” gadgets. In other words, iTunes on a PC can be used as a conductor between the phone and the computer, which is very useful in the context of unlocking.

The method will work only in certain cases:

  • The iPhone has already connected to the PC before and considers it a trusted device;
  • Find My iPhone is disabled on your smartphone.

If all conditions are met, follow the instructions below:

  1. Connect your phone to the computer with a cable.
  2. Start iTunes.

  3. Find the tab with your model name, open the sync settings and click Restore iPhone.

  4. Confirm the action.
  5. Restart your gadget and set up your phone again.

The main thing – do not use your smartphone and do not disconnect from the PC until the reboot. Also, after launching iTunes, owners of version 8 and above must press the volume up key, then the volume down key and hold down the side lock button until the recovery mode appears. On 7 and 7+, for this purpose, you need to keep the side button and the volume up key pressed. On older versions, hold down the Home button and one of the volume buttons.

2. Via Macbook

If you use a Macbook, you can unlock even remotely through the Find My app.

  1. Launch Find My on your Mac.

    Latitude shows all Apple devices connected to the same AppleID.

  2. Select the Devices tab and find your model.
  3. Please wait while the download is completed.
  4. Click on the line with the smartphone, right-click to open the context menu, select “Erase this device” and confirm the action.

This method works on an iPhone with Find My iPhone enabled.

3. Recovery mode

First, the method is for models from 6 to XR. Secondly, the user must remember the Apple ID and have access to iCloud. It is very important to enter the correct information and carefully check the specified information before confirming it.

If you make a mistake in the data when the Find My iPhone function is active, the smartphone may become a “brick” – lose its functionality.

  1. Turn off the gadget.
  2. Put it in Recovery Mode.

    This step is carried out differently for most models. Versions 8, 8+, X and SE go into recovery mode when the lock button is pressed, models 7 and 7+ – volume down keys, earlier ones – the Home button.

  3. Connect the cellular to the PC without releasing the pressed key.

    If the PIN code entry screen starts, something has gone wrong. Turn off your smartphone and try again.

  4. After the recovery screen appears, launch iTunes on your PC.
  5. Locate the device in the list and select Restore.
  6. Confirm the action.

4. Installing a new firmware via DFU mode

DFU-mode is, in fact, a complete reinstallation of the system, which, alas, will not save your materials, but will allow you to set up your smartphone again.

If we talk about the visual difference, in the recovery mode, the indicator of connecting to a PC on iOS appears on the gadget’s screen. When DFU is enabled, the smartphone will not respond to pressing and show at least some signs of life. In this state, the iPhone will only be recognized by a laptop or desktop computer.

  1. Connect your phone to your computer and turn it off.
  2. After the screen goes blank, hold down the power button for 3 seconds.
  3. If the Home key on your smartphone is physical, while continuing to hold the power button, hold down the Home button. After 10 seconds, release the power button, and after another 5 seconds, release the home button.

    If your version of iPhone Home is touch-sensitive, then instead of “Home” hold down the volume down button.

  4. If a black screen is shown, DFU mode has been activated. If an apple appears on the screen, the procedure must be repeated again.

The iTunes interface will recognize the device and start checking for updates. In automatic mode, the firmware will be updated and access to the phone will be restored.

One may wonder how such a secure system allows such simple loopholes. Everything is very simple. Since DFU mode was created for engineering maintenance of Apple devices, it does not provide any restrictions on the number of password attempts. It turns out that conditionally any of the users can pick up the code by enumeration.

5. Reset the counter of incorrect attempts

Sometimes it happens that the password is actually not forgotten, but for some reason it does not work out to enter it correctly. If the whole problem is only exceeding the number of failed login attempts, you can reset their counter.

It is desirable that synchronization with iTunes was carried out earlier. If there are no questions with this item, then follow the further instructions:

  1. Connect iPhone via USB to PC.
  2. Launch iTunes and select the “Device” tab.
  3. Find the “sync with” button and specify the name of the gadget.
  4. Start the synchronization process and terminate it by pressing the cross.

Due to a synchronization error, a window will appear asking you to enter a code. Try not to make a mistake and indicate it correctly.

6. Recover Apple ID password

In a situation where the device is in working condition and allows access to menu items, you can go to settings and change the Apple ID password. First of all, you need to find out if you can change the settings items.

1. In the menu above, tap on your name.

2. Select Password & Security.

3. Select “Change password”.

If this method does not work, visit the service of the same name on the official Apple website and do what the system requires.

7. “Erase iPhone” remotely via the iCloud service

If iTunes requires a PC, then in the case of iCloud, you can get by with just the gadget you use. It is important that the latest iOS is installed on the smartphone and the Find My iPhone mode is enabled. The Wi-Fi network must also be active.

  1. Go to the “cloud” service and log in – we log in from a MacBook with macOS Monterey 15.2.1 software, but you can access icloud.com from any computer.

    Depending on the type of laptop, the iCloud interface may look different.

  2. Go to your account settings and on the devices tab select your iPhone model.
  3. Go to the “If the device is lost, sold, donated” menu – then you will be prompted to erase the device in various ways (follow the official instructions from Apple).

After a reboot, the model will return to factory settings and all information will be lost. However, access to the machine will be returned.

8. Service center

So, the options were tried, and the result was not achieved: the smartphone still does not want to start up and let it inside. There is only one way out – to find the box and receipt from the phone and visit the nearest service center. If there is none nearby, call tech support.

Specialists will ask for data on previous authorizations, the date when the device was purchased, the codes used, and they will also require a copy of the document that confirms that you are the direct owner of the iPhone. If all the information is available, the smartphone will be unlinked from the Apple ID, and it can be set up again.

If you don’t have the receipt on hand, contact the store where you bought your smartphone and have it restored. It is important that the paper be stamped and signed. Within a week of the unlock request, you will receive an email with a link to unlink your old account.

In cases where the phone was not bought in official stores, technical support will not be able to help.

9. Through DNS spoofing

DNS is the “domain name system” that associates a domain with an IP address. By changing the path from letter domains to numeric IPs, you can unlock your phone.

  1. Open Wi-Fi network settings.
  2. Go to advanced Wi-Fi settings and select the DNS tab in the window that opens.
  3. Select Add Server.
  4. Delete the data that is on the line above.
  5. Specify any stable DNS server (+ sign labeled IPv4 or IPv6 addresses):
  6. Enter:

    USA (104.154.51.7), Europe (104.155.28.90) or Asia (104.155.220.58).

  7. Click Save.
  8. Reboot the device.
  9. After downloading, specify the initial language settings and the Wi-Fi network where the DNS was added.

Performed actions will grant access to special functions of the smartphone. You can’t call the full-fledged iOS mode, but it’s quite suitable for resetting the password.

There is also third-party software that allows you to bypass the iPhone lock in various ways. When choosing it, always remember to be careful and use products from the official websites of the programs. They, unlike the options presented above, can lead to data leakage and other problems. It is much safer to restore access through the Apple service center or options on iOS devices.

Did you like the article?

30 ways to unlock any smartphone. Part 2 / Sudo Null IT News

In truth, the technical methods of unlocking mobile devices are not an end in itself for a computer forensic specialist. Its main task is to access data stored in memory. Therefore, if the researcher manages to extract information from the device bypassing the set PIN code or pattern password, there is usually no need to unlock it. On the other hand, if the expert still extracts data at the physical or logical levels, then he can get information that will help him unlock the device in the future. In this article Igor Mikhailov, specialist of the Group-IB Computer Forensics Laboratory, continues to talk about ways that allow forensic experts to bypass the blocking of a mobile device. The first part can be viewed here.

Important: This article is written to evaluate the security of passwords and graphic patterns used by mobile device owners. If you decide to unlock a mobile device using the described methods, remember that you perform all actions to unlock devices at your own peril and risk. When manipulating mobile devices, you can lock the device, erase user data, or cause the device to malfunction. Recommendations are also given to users on how to increase the level of protection of their devices.

Of course, the technical unlocking capabilities are closely related to the characteristics of a particular device: its manufacturer, model, operating system version, installed security updates, etc. The criminalist must take these points into account when trying to unlock a mobile device. Let’s start with Apple.

Unlocking Apple Mobile Devices

Method 21: Using GrayKey and UFED Premium Appliances

Now there are two software and hardware systems on the market designed to select PIN codes and extract data from locked Apple mobile devices.

The first device is the GrayKey from Grayshift [23]. According to the developer of the device, it can be used to recover the PIN code of almost any iPhone with any version of iOS.

This is one of the famous GrayKey images shown to the public:

Only two outputs are not enough to connect the devices under study. I’ll explain why below.

The second password cracker is Cellebrite’s UFED Premium, announced on June 14, 2019 [24].

Probably, UFED Premium can exist as a set of programs (similar to UFED 4PC) or a specialized hardware device (similar to UFED Touch).

Both devices are available only to military and police agencies in certain countries. Information about the capabilities of both complexes is limited. This is due to the fact that Apple has a strong opposition to the extraction of data from its devices and constantly introduces new developments into its products that prevent forensics from extracting data from such devices.

GreyShift and Cellebrite are known to take some time (weeks to months) to bypass Apple’s new developments that prevent access to the memory of locked mobile devices.

The PIN code of Apple mobile devices can be cracked using a brute force attack. If successful, such a password guessing takes less than a day, but it can take six months or more. Accordingly, connecting only two mobile devices to the GrayKey seriously limits the researcher’s capabilities, given that recovering PIN codes takes a long time.

Protection recommendation: Digital passwords with a length of 4-6 characters are relatively acceptable in terms of brute force. Even 7-8 digits already greatly complicate the task of password brute force, and the use of an alphanumeric strong password makes this task unsolvable in a reasonable time.

Method 22: Using the IP Box

To recover the PIN code of locked Apple mobile devices running iOS 7-8.1, you can use a family of hardware devices in the names of which, as a rule, the combination IP Box is used. There are many hardware implementations of such a device costing from hundreds to thousands of dollars. For example, a variant of such an implementation is the IP Box iPhone Password Unlock Tool [25]. This is how the result of recovering a PIN code using this device looks like:

A number of companies developing mobile forensics software have implemented this functionality in their developments. Susteen went further and implemented a similar device in the form of the Burner Breaker robotic complex (the PIN code of a locked mobile device is picked up by a robot) [26]:

The essence of the device is as follows: due to a software error in the operating system (iOS 7. x.x) , after the failed attempts to enter the PIN-code are used up, a command is sent to the device that resets the counter of the number of unsuccessful attempts. This allows the hardware complex to re-apply a certain number of new code combinations to unlock the device.

As stated by the IP Box iPhone Password Unlock Tool manufacturer, the selection of a 4-digit PIN-code of a locked Apple mobile device will take no more than 17 hours.

Security advisory: The iOS 7 device needed to be replaced a few years ago.

Method 23: PIN recovery

For younger iPhone models (up to and including the iPhone 5c), it is possible to pick up a PIN code using the brute force attack method. For example, this can be done with Cellebrite’s UFED Physical Analyzer or Elcomsoft’s iOS Forensic Toolkit.

When a device is in DFU mode, it is loaded with a series of exploits that allow it to take control of the device before it launches its own operating system.

Appearance of the iOS Physical window with data extraction and PIN recovery options for a connected iPhone 4:

When you select the “Passcode recovery” option, the PIN code of the locked device will be selected. The result of recovering the PIN looks like this:

Prospects for extracting data from blocked Apple mobile devices

On September 27, 2019, a Twitter user under the pseudonym axi0mX announced the checkm8 exploit. He exploited a vulnerability that compromised information on millions of Apple devices (from iPhone 4s to iPhone X) [27].

Due to the fact that the iPhone 4S, iPhone 5, iPhone 5C do not have a hardware capability to limit the number of attempts to guess the PIN code of a locked device, these devices are vulnerable to software that can be used to sequentially enumerate the PIN code values ​​in order to recover it .

The August release of Elcomsoft IOS Forensics Toolkit contains the implementation of such an attack for devices: iPhone 5 and iPhone 5c.

In addition, security researchers from the PANGU group reported a vulnerability in SEPROM [28] in the A8-A10 (iPhone 6, 6s, 7) chips, which, in theory, would also allow disabling PIN brute-force verification.

Security advisory: Only devices based on A12 and A13 processors (iPhone XR, XS, 11, 11Pro) can currently be considered safe devices. Do not forget that if the old vulnerable device is connected to the same iCloud with the new safe one, then through the old device you can get iCloud data from the new one.

Elcomsoft IOS Forensics Toolkit password brute force:

Method 24: use lockdown files

If an Apple mobile device was connected at least once to a computer running Windows or MacOS, then iTunes automatically created files on it to help the researcher retrieve data from the locked device.

These files are located in the following paths:

  • Mac OS X: \private\var\db\lockdown
  • Windows 2000 and XP: C:\Documents and Settings\All Users\Application Data\Apple\Lockdown
  • Windows Vista, 7, 8, and 10: C:\ProgramData\Apple\Lockdown

For successful data extraction, the researcher must move these files from the mobile device owner’s computer to their workstation (in the same folder). The data can then be extracted using any forensic tool or iTunes.

It is important to note that if an Apple mobile device is running iOS version 9or newer and has been rebooted after being blocked – the researcher will not be able to use this approach.

Security Advisory: Do not connect iOS devices to computers that do not have full disk encryption with a strong password installed.

Unlocking mobile devices running the Android operating system

For mobile devices running the Android operating system, there are a number of methods that allow you to access data without knowing the PIN or pattern. We will describe both these methods and ways to recover a PIN code or pattern.

Method 25: Unlock the device using modem AT commands

On a number of mobile devices, by default, the AT-modem can be activated. As a rule, these are mobile devices manufactured by LG Electronics Inc. in 2016-2017, but there may be devices released by other manufacturers.

This allows the examiner to control the operation of the mobile device using AT commands. For example, using these commands, you can extract a memory dump from a device that is in Firmware Update mode. Or unlock the device by issuing a single command. The use of AT commands is the most forensically correct way, as it does not change the data in the device’s memory.

To unlock the mobile device, it must appear in the Windows device list on the examiner’s computer as LGE Mobile USB Modem.

Locked LG smartphone connected to the researcher’s computer in LGE Mobile USB mode:

Then you can issue an AT command using the terminal or use specialized software (for example, “Mobile Forensic Expert”).

Displaying a locked LG smartphone in Mobile Forensic Expert:

If you click the “Unlock” button in the program interface, the device will be unlocked:

For more details on the use of AT commands in mobile forensics, see Unlocking The Screen of an LG Android Smartphone with AT Modem Commands [29].

Protection recommendation: change the device to the current one.

Method 26: Accessing rooted device data

Sometimes a rooted device may come to research, that is, a device on which the researcher already has superuser rights. On such a device, the researcher has access to all data: files and logical partitions. Thus, the researcher can extract files containing a PIN or pattern and try to restore their values ​​or delete them and thus unlock the device.

In addition to the described method, a physical dump of a mobile device, in which the researcher can find files containing a PIN code or a graphic code, can be created in the following ways:

  • Chip-off method (extraction of a memory chip and reading information from it directly)
  • JTAG method (using the Joint Test Action Group interface, which is used for program debugging)
  • using the In-System Programming (ISP) method (this method is based on reading data from the memory chip of a mobile device without desoldering it from the motherboard)
  • Emergency download of the device using the Emergency Download Mode method (for mobile devices with Qualcomm processors)
  • using a modified recovery image
  • using modified bootloader
  • using AT commands

Using exploits, the researcher can extract part of the file system of the device under investigation. If this fragment of the file system contains files containing a lock PIN or pattern, the researcher can try to restore them.

Gesture.key, settings.db, locksettings.db, gatekeeper.password.key files

PIN or pattern code information is stored in the following files located in the path /data/system/ :

  • gesture.key (gatekeeper.pattern.key in new firmware)
  • password.key (or gatekeeper.password.key)
  • locksettings.db
  • locksettings.db-wal
  • locksettings.db-shm
  • settings.db
  • settings.db-wal
  • settings.db-shm

Deleting these files or changing the hashed password values ​​in them may unlock the mobile device.

Security advisory: this method (gesture.key) is applicable to older devices where there was no separate area for storing cryptographic data and they were simply stored in the file system. In new devices, this method will not work.

Method 27: Delete the file containing the lock code

The easiest way to unlock a mobile device is to delete the file containing the lock code. To do this, USB debugging must be enabled on the device, which, unfortunately, does not always happen.

If the researcher is lucky and USB debugging is activated, he can delete the file containing the password using this sequence of commands [30]: 

 adb devices
adb shell
cd /data/system
su
rm *.key
rm *.key
adb reboot

Alternatively, enter a command that will delete the file gesture.key : 

 adb shell rm /data/system/gesture.key

After the reboot, the device will either be immediately unlocked, or a lock screen will appear, which you can simply “swipe” up or to the side.

Another way to remove a lock is to change the values ​​of database cells that contain passwords. To do this, execute the following sequence of commands [30]: 

 adb shell
cd /data/data/com.android. providers.settings/databases
sqlite3 settings.db
update system set value=0 where name='lock_pattern_autolock';
update system set value=0 where name='lockscreen.lockedoutpermanently';
.quit

An alternative option is provided by user nstorm1 on the w3bsit3-dns.com forum. He suggests entering the following sequence of commands [31]: 

 adb shell
 cd /data/data/com.android.providers.settings/databases
 sqlite3 settings.db
 update secure set value=0 where name='lockscreen.password_salt';
 update secure set value=0 where name='lockscreen.password_type';
 update secure set value=0 where name='lockscreen.lockoutattemptdeadline';
 update secure set value=0 where name='lock_pattern_visible_pattern';
 update system set value=0 where name='lockscreen.lockexchange.enable';
 .quit

Protection recommendation: same as above.

Method 28: installing custom firmware

If the researcher is unlucky and the mobile device does not have USB debugging activated, then he can try to install custom firmware in order to access files containing lock codes (passwords) or delete them.

The most popular custom firmwares are:

  • CWM Recovery (ClockworkMod Recovery) is a modified unofficial firmware that is released for most devices running Android. It has much more features than native firmware. On some devices it is installed instead of native firmware, on other devices it is installed in parallel.
  • Team Win Recovery Project (TWRP) is also a modified unofficial ROM released for most Android devices. It has much more features than native firmware. On some devices it is installed instead of native firmware, on other devices it is installed in parallel.

Some custom firmware can be installed from a microSD card. Instructions for their firmware in mobile devices can be found on the relevant Internet sites.

After flashing the CWM Recovery mobile device, you need to mount the DATA partition using the command: 

 mount /dev/nandd /data

After gaining access to the device files, you need to execute the sequence of commands described in method 27 [32].

If you managed to flash TWRP on your mobile device, then you need to go to the TWRP section called Advanced and select File Manager. Next, using the File Manager, you need to go to the data drive in the system directory, then delete files that may contain a PIN code or a pattern password (files gesture.key, settings.db, locksettings.db, gatekeeper.password.key, etc. .).

Gatekeeper.password.key, gatekeeper.pattern.key, locksettings.db, locksettings.db-wal, locksettings.db-shm files displayed in the TWRP File Manager interface:

In Samsung mobile devices, custom firmware can be flashed using the Odin program. Different versions of the program have their own instructions for flashing mobile devices.

Uploading custom firmware to Samsung SM-J710 mobile device using Odin3 program:

In mobile devices equipped with an MTK chip (for example, Meizu, Xiaomi, Lenovo, Fly, Elephone, Blackview, ZTE, Bluboo, Doogee, Oukitel, UMI and other Chinese manufacturers), custom firmware can be flashed using the SP Flash Tool [33] .

Security advisory: Use devices with full disk or per-file encryption, with Android version 9.0 and higher, with security patches from July 2020 and newer.

Method 29: Recovering a PIN from a file

If a researcher cannot retrieve a file containing a PIN or pattern code from a locked device, they can try to recover the code stored in the file.

For example, Andriller can recover the PIN stored in the gesture.key file.

Fragment of the main window of the Andriller program:

From the file containing the graphic password (gesture.key), you can extract a hash that can be decoded using rainbow tables into a sequence of digits that are the values ​​of the graphic code. An example of such extraction is given in Android Forensics: Cracking the Pattern Lock Protection [34].

Restoring a graphical pattern from file gatekeeper.pattern.key is currently difficult because there are no publicly available tools and research papers that would highlight approaches to data analysis of this file.

Method 30: using specialized software

With the help of specialized programs (or hardware and software systems – for example, UFED Premium, which was described above), you can extract the file system of the device under study, a physical dump, and also remove (and after the study – restore) the screen lock code. The illustration below shows the UFED 4PC program window with extraction options for Samsung SM-J710F. It displays the entirety of extraction methods available to the researcher. The UFED 4PC program can be considered the civilian version of UFED Premium.

Thus, the researcher can disable/restore the screen lock on the smartphone, as well as extract the device’s file system or make a full copy of the device’s memory bypassing the lock.

Security recommendation: As a rule, such software and hardware systems exploit vulnerabilities in the device’s bootloader or processor and are not available to a civilian user. At the moment, almost all Kirin, Exynos and older versions of Qualcomm processors are vulnerable.

Terminals

A smartphone today is the main source of data about the personal life of its owner. Understanding this, mobile device manufacturers are constantly improving the security of the data stored in them. From a technical point of view, the security of top iOS and Android mobile devices is at a high level. Even minor software damage to the device can lead to a complete loss of access to data stored in the device.

Many of the described methods are relevant only for older versions of iOS and Android. For example, starting from version 6.0, Android uses file system encryption, and from iOS 11.4.1, the USB Restricted Mode mechanism (a protective mechanism that disables any data exchange through the Lightning port built into the device).

The competition between mobile device manufacturers and researchers seeking access to data is akin to the competition between armor and projectile engineers. Improving the security of stored data requires researchers to study the defense mechanisms of mobile devices in more depth, which leads to curiosities. An example is the development of the Checkm8 exploit for Apple devices. Apple constantly increased the security of its mobile devices, which hindered the activities of researchers. A deep analysis of the protective mechanisms of this manufacturer led to the discovery of a vulnerability in BootROM, that is, in the device code that is responsible for the initial boot. Checkm8 allows you to get superuser rights on all Apple devices released between 2011 and 2017 (including all models from iPhone 4s to iPhone X), and for all existing versions of the iOS operating system. This vulnerability is fatal: to fix it, Apple needs to recall millions of devices around the world and replace the BootROM code in them.

Social methods of unlocking mobile devices will continue to be relevant until manufacturers develop other ways to identify device owners that prevent the use of social engineering.

If we talk about device security, then at the time of publication of the article, relatively safe devices can be considered:

  • Devices on Apple A12 and A13 processors with iOS 13.