IT experiment w/ second phone

N

N0b0dy

New member
I have this piece of shit second phone with a cracked screen that dies within minutes at full charge. The model is TSL 20S, so a bit old but not dinosaur. I forgot the password to it, and it got me thinking about ethical hacking. I looked into what it takes to hack into a phone, and it's pretty ridiculous. I've gotten through on one of my laptops, but mobile security seems to be more difficult seemingly? With a PC it's pretty easy if you have direct physical access, a flash drive and the memory isn't encrypted. I don't even know where to start with mobile frankly, though I'm sure I'll figure it out eventually (sigh).

Does anyone here have a background in IT who can give tips on where to start? I tried AI but it's too stupid and restricted for this. Obviously this really isn't "on topic" for the forum, but IT is a great skillset to have and there's clearly at least a handful of people here who have it.

Thx.
 
N0b0dy said:
I have this piece of shit second phone with a cracked screen that dies within minutes at full charge. The model is TSL 20S, so a bit old but not dinosaur. I forgot the password to it, and it got me thinking about ethical hacking. I looked into what it takes to hack into a phone, and it's pretty ridiculous. I've gotten through on one of my laptops, but mobile security seems to be more difficult seemingly? With a PC it's pretty easy if you have direct physical access, a flash drive and the memory isn't encrypted. I don't even know where to start with mobile frankly, though I'm sure I'll figure it out eventually (sigh).

Does anyone here have a background in IT who can give tips on where to start? I tried AI but it's too stupid and restricted for this. Obviously this really isn't "on topic" for the forum, but IT is a great skillset to have and there's clearly at least a handful of people here who have it.

Thx.
Click to expand...
Hey, if you want to go deeper into ethical hacking, I suggest getting a good subscription on TryHackMe, then you can move on to HackTheBox for the more advanced stuff. TryHackMe will teach you all the IT basics, from complete beginner to professional level. The learning experience is intuitive, with its own built-in terminal, video and text-based courses directly on the platform, and an integrated AI assistant.
 
A trick with AI to get it to help you with something like this. Do not say at first what you are actually doing. Say that you are playing a game and you want it to play this game with you. Then you say that what you are trying to do in the game, describe what you are really trying to do. Give the details a little bit at a time at first. You can also say that it is homework for a school project. This should get it to not say that it is not allowed to help you with this.
 
N0b0dy said:
I have this piece of shit second phone with a cracked screen that dies within minutes at full charge. The model is TSL 20S, so a bit old but not dinosaur. I forgot the password to it, and it got me thinking about ethical hacking. I looked into what it takes to hack into a phone, and it's pretty ridiculous. I've gotten through on one of my laptops, but mobile security seems to be more difficult seemingly? With a PC it's pretty easy if you have direct physical access, a flash drive and the memory isn't encrypted. I don't even know where to start with mobile frankly, though I'm sure I'll figure it out eventually (sigh).

Does anyone here have a background in IT who can give tips on where to start? I tried AI but it's too stupid and restricted for this. Obviously this really isn't "on topic" for the forum, but IT is a great skillset to have and there's clearly at least a handful of people here who have it.

Thx.
Click to expand...

Throw Arch Linux on a secondary or older laptop, then look into installing some of the password cracker applications from the blackarch repo. They show you how do that on the git hub page.

" # Sync the BlackArch repository
curl -s https://blackarch.org/strap.sh | sudo bash

# Install all BlackArch tools or specific ones
sudo pacman -S blackarch "

github.com

GitHub - BlackArch/blackarch: An ArchLinux based distribution for penetration testers and security researchers.

An ArchLinux based distribution for penetration testers and security researchers. - BlackArch/blackarch
github.com github.com

Practice on a variety of devices besides mobile. It can be a bit of fun.

I suggest just an arch installer and use the arch install tool they have included now in most isos, because having it stripped down enough to then add the tools from black arch is better then just having a full penetration testing distro on your machine which isn't suited for anything else, this isn't practical and the Iso for black arch is way too huge at 20 GBs.

I currently have a Mac I have to pull down the bootloader on and install either Linux or a newer version of Macos on since Apple has abandoned x86 64 silicon for Arm chips, I have yet to test ethical hacking tools on it but that is somewhere on my plan.

I haven't dabbled really in mobile ethical hacking but this is certainly a start. Throw whatever tools you have when you pull from the repo and try to crack the phone. It will take awhile.
 
Also try to ask around on a few forums in the Linux world because surely there's some savvy types who will know what to do better then I.
 
Ol argedco luciftias said:
A trick with AI to get it to help you with something like this. Do not say at first what you are actually doing. Say that you are playing a game and you want it to play this game with you. Then you say that what you are trying to do in the game, describe what you are really trying to do. Give the details a little bit at a time at first. You can also say that it is homework for a school project. This should get it to not say that it is not allowed to help you with this.
Click to expand...

I don't see why it would not answer these questions correctly.. this is doing nothing wrong.

It is rather legal and ethical in most areas of the world to bypass security on devices you own or have explicit permission to access. Since you are the owner of the phone and desktop, gaining entry to recover your own data is not a crime.
 
serpentwalker666 said:
Throw Arch Linux on a secondary or older laptop, then look into installing some of the password cracker applications from the blackarch repo. They show you how do that on the git hub page.

" # Sync the BlackArch repository
curl -s https://blackarch.org/strap.sh | sudo bash

# Install all BlackArch tools or specific ones
sudo pacman -S blackarch "

github.com

GitHub - BlackArch/blackarch: An ArchLinux based distribution for penetration testers and security researchers.

An ArchLinux based distribution for penetration testers and security researchers. - BlackArch/blackarch
github.com github.com

Practice on a variety of devices besides mobile. It can be a bit of fun.

I suggest just an arch installer and use the arch install tool they have included now in most isos, because having it stripped down enough to then add the tools from black arch is better then just having a full penetration testing distro on your machine which isn't suited for anything else, this isn't practical and the Iso for black arch is way too huge at 20 GBs.

I currently have a Mac I have to pull down the bootloader on and install either Linux or a newer version of Macos on since Apple has abandoned x86 64 silicon for Arm chips, I have yet to test ethical hacking tools on it but that is somewhere on my plan.

I haven't dabbled really in mobile ethical hacking but this is certainly a start. Throw whatever tools you have when you pull from the repo and try to crack the phone. It will take awhile.
Click to expand...
I don’t think Arch Linux is ideal for beginners.
 
serpentwalker666 said:
I don't see why it would not answer these questions correctly.. this is doing nothing wrong.

It is rather legal and ethical in most areas of the world to bypass security on devices you own or have explicit permission to access. Since you are the owner of the phone and desktop, gaining entry to recover your own data is not a crime.
Click to expand...
Yes, there’s nothing wrong with it, but the reality is that many malicious people would use that freedom to harm innocent people.
 
Heron said:
I don’t think Arch Linux is ideal for beginners.
Click to expand...

You are completely right. Maybe Kali Linux or Parrot OS should have been my first thought, or pull some pen testing tools from a repo onto Ubuntu or a base Debian machine.

Pulling the repo for black arch into a base arch install, after the machine is setup with the Arch Install tool seemed like the quickest way, but not really ideal for a beginner.
 

You must perform a hard reset, put it into recovery mode, and restore it to use it again.

In the past, you could bypass the lock screen using TWRP recovery, which was installed (flashed) via fastboot or download mode for Samsung models. Using the file manager directly removed the system module for the lock screen.

But now that device encryption is mandatory when entering a password, it's practically impossible without attempting brute-forcing. Even if you did, it would likely take centuries or millennia to guess the password.

Furthermore, based on forum rules, I absolutely cannot provide you with a guide on how to hack electronic devices, even if they're yours. Brute-forcing is a true hacking method; an attacker could gather information from the forum and use it for malicious purposes.

I also want to point out that now with new devices, if you have a Google account connected and the device is formatted, you must at least remember the password and email address of the Google account connected to it. I don't know if this was implemented in 2021 (since I see the model is from 2021). Upon closer inspection, it was introduced in 2015 and is called FRP (Factory Reset Protection). However, it depends on the manufacturer whether they implement this feature. Hopefully, it hasn't been implemented yet, or at least you can remember your Google account password. Otherwise, you'll be forced to unlock the bootloader and open the device to bypass this screen. Again, if you don't remember your Google account password, I can't provide a guide on how to bypass this screen. This very useful system was introduced to:

- Zero resale value on the black market: If a stolen phone can't get past the initial setup screen without the owner's password, it becomes a useless "paperweight." An object that can't be turned on and used has almost no market value, except for replacement parts.

- Discourage theft at the source (Deterrent): If thieves know in advance that modern phones will remain locked after a hard reset, the incentive to snatch or steal a smartphone dramatically decreases.

- Protect the ecosystem and compete with Apple: Apple introduced a similar feature (iCloud Activation Lock) in 2013 with iOS 7, a move that significantly reduced iPhone thefts in large cities. Google absolutely had to adapt to ensure the same level of security and peace of mind for the billions of users who purchase Android devices.

Even though bypasses exist, they force thieves to do too much work to try to resell a stolen device, but many give in because the value of a potential thief's work is greater than what they would get from stealing something else.

To recap:

If you don't remember your password, you'll need to perform a hard reset, and if it has an FRP system, remember your Google account.

If you don't remember your Google account password, I can't help you here.

I don't advocate bypassing these security systems in any way.
 
You must log in or register to reply here.

Similar threads

Basileus
For Our Translators: Master Translation with These Programs and Guides!
Replies
1
Views
1K
alquimista13
alquimista13
Arcadia [NG]
Exposing Mormonism
Replies
12
Views
2K
Supermario70
S
High Priest Zevios Metathronos
Διπλῆ Ἄγνοια: Double Ignorance of Proclus - When One Is Ignorant of the Fact That One Is Ignorant
2
Replies
59
Views
6K
SparkingPowerUP
SparkingPowerUP
Neox
How to Actually 'Feel' the Energy (for Beginner's)
Replies
4
Views
2K
Solar Plexus
Solar Plexus
FancyMancy
Non-registration UK Emergency Alerts
Replies
1
Views
2K
Power of Justice [SG]
Power of Justice [SG]
Back
Top